Browse Prior Art Database

Secure method to power-on SAN controller nodes belonging to a cluster (Wake on Fibre)

IP.com Disclosure Number: IPCOM000021444D
Original Publication Date: 2004-Jan-19
Included in the Prior Art Database: 2004-Jan-19
Document File: 1 page(s) / 42K

Publishing Venue

IBM

Abstract

Secure method to power-on SAN attached nodes belonging to a cluster (Wake on Fibre)

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 1 of 1

Secure method to power-on SAN controller nodes belonging to a cluster (Wake on Fibre)

One of the elements of the 'Storage Area Network Volume Controller' from IBM* is a cluster of 'nodes'. These nodes are computers connected to a Storage Area Network (SAN) . They communicate with each other using the same Fibre Channel switch that connects them to the SAN. As part of routine maintenance these nodes may need to be powered on or off by another node in the cluster. The process of powering off a node is implemented by sending a particular message to the node, which will in turn power itself off. The problem starts when powering on the node as no software is running and we cannot communicate with the node. As all the nodes in the cluster are connected to a Local Area Network (LAN) it would be possible to use the 'Wake on LAN' feature found on some LAN adapters, however this has security implications as anyone with access to the LAN could potentially awake the node and attack it.

    This disclosure describes a system that can be used to power on the nodes securely through the Fibre Channel SAN. This system may resemble 'Wake On LAN' but, although being similar in principle, it is a new idea as the problem that it solves and the technique used to fix it are different.

    The nodes are each equipped with one or more Fibre Channel host bus adapters (HBAs), which are connected to the PCI bus on one side and to the Fibre Channel switch on the other. The idea is to use a custom Fibre Channel frame to send a special message to one of these HBAs in order for it to power-on the node.

    The main advantage of using this system is that it provides an increase in security. A potential attacker has to have a physical connection to the SA...