Browse Prior Art Database

(BC) - Authentication and access control of blade users to chassis management functions in blade chassis systems

IP.com Disclosure Number: IPCOM000021330D
Original Publication Date: 2004-Jan-14
Included in the Prior Art Database: 2004-Jan-14
Document File: 2 page(s) / 55K

Publishing Venue

IBM

Abstract

Registration for services from a management entity: In a BladeChassis system, a structured list for user management entity authorization and function access control is created and maintained in the chassis management entity by an administrator with blade chassis management authority. The entries of the list will be based on management services offered by the provider and those made available to specific user entities based on service agreement, separate management service/function options, resources currently allocated to the user, etc. The management entity uses this list to perform user entity authorization and access control for access to provided management functions .

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 53% of the total text.

Page 1 of 2

(BC) - Authentication and access control of blade users to chassis management functions in blade chassis systems

This invention claims:

    Registration for services from a management entity In a blade/chassis systems, a management entity provides for various chassis management functions and for system management entities to have access and overall control of these chassis management functions. As shown in figure 1, the communication between system management entities and chassis management entity is generally over a very secure network to which external users' management systems have no direct access. There are cases, such as outsourcing (server farms, etc.) where there is value to the user (lessee) of the blade resources to have access to specific management facilities within the chassis management entity. The physical connectivity can be provided from user management security zone (zone 5 in figure 1) to the (internal) chassis management security zone (zone 2 in figure 1), via profiles (security rules) implemented in the chassis (embedded) switch. This is represented by the double arrow in the Embedded Switch in figure 1. Once the cpability for physical (secure) access to the chassis management entity has been established, there is still need for secure access to the functions provided by the chassis management entity to external users' management systems. This level of security is the subject of this publication as described in the following paragraphs.

 User "D a ta " System

1: Internal C hassis M anagem ent R egion

In te rn a l B a c k p la n e

System Mgt System

C h assis

  Chassis M anagem ent

Blade 1

Blade "N"

E m b e d d e d

Switch

3: EEntity xternal C hassis M anagem ent R egion

2: Internal C hassis M anagem ent R egion

S w itc h C o n fig u re d

R egulated Flow B etw een R egions

5: U ser M anagem ent R egion

4: User Data Region

  User "M g t" System s

1

[This page contains 3 pictures or other non-text objects]

Page 2 of 2

     Figure 1- User Management System Path to Internal Chassis Management In a blade chassis system, a method for user authentication, function access control, and functional access of management and administrative services is illustrated, comprising the steps of
1) a user representation of the accepted user requesting entities,
2) a user representation of the authorization control for each user entity capable of requesting service(s),
3) a user representation of the functions allowable (access control) for each acceptabl...