Abstract: A method and apparatus for securing networks, focusing on application in Fibre Channel networks. A combination of unique security techniques are combined to provide overall network security. Responsibility for security in the network is assigned to one or more designated entities. The designated entities deploy management information throughout the network to enhance security by modifying the capabilities and operational permissions of the devices participating in the network. For example, through network control: logical management access or physical I/O access may be limited on a per device or per I/O basis; and all devices and ports in the network operate only with other approved devices and ports. These designated entities can better manage network security by exploiting a unique link authentication system as well as a unique push-model secure distributed time service.

Abstract: An port expander Fibre Channel switch presents F_ports to form a first Fibre Channel fabric and N_ports to a second Fibre Channel fabric to appear as node devices. The port expander may be used to connect a plurality of blade servers to a Fibre Channel fabric. Fabric events engendered by the insertion or removal of hot-pluggable devices are handled by the port expander and “event storms” on the Fibre Channel fabric are avoided. The port expander presents the blade servers to the FC fabric as a virtualized N_port.

Abstract: The snapshot capability moving into the SAN fabric and being provided as a snapshot service. A well-known address is utilized to receive snapshot commands. Each switch in the fabric connected to a host contains a front end or service interface to receive the snapshot command. Each switch of the fabric connected to a storage device used in the snapshot process contains a write interceptor module which cooperates with hardware in the switch to capture any write operations which would occur to the snapshot data area. The write interceptor then holds these particular write operations until the original blocks are transferred to a snapshot or separate area so that the original read data is maintained. Should a read operation occur to the snapshot device and the original data from requested location has been relocated, a snapshot server captures these commands and redirects the read operation to occur from the snapshot area.

Abstract: The snapshot capability moving into the SAN fabric and being provided as a snapshot service. A well-known address is utilized to receive snapshot commands. Each switch in the fabric connected to a host contains a front end or service interface to receive the snapshot command. Each switch of the fabric connected to a storage device used in the snapshot process contains a write interceptor module which cooperates with hardware in the switch to capture any write operations which would occur to the snapshot data area. The write interceptor then holds these particular write operations until the original blocks are transferred to a snapshot or separate area so that the original read data is maintained. Should a read operation occur to the snapshot device and the original data from requested location has been relocated, a snapshot server captures these commands and redirects the read operation to occur from the snapshot area.

Abstract: The snapshot capability moving into the SAN fabric and being provided as a snapshot service. A well-known address is utilized to receive snapshot commands. Each switch in the fabric connected to a host contains a front end or service interface to receive the snapshot command. Each switch of the fabric connected to a storage device used in the snapshot process contains a write interceptor module which cooperates with hardware in the switch to capture any write operations which would occur to the snapshot data area. The write interceptor then holds these particular write operations until the original blocks are transferred to a snapshot or separate area so that the original read data is maintained. Should a read operation occur to the snapshot device and the original data from requested location has been relocated, a snapshot server captures these commands and redirects the read operation to occur from the snapshot area.

Abstract: The snapshot capability moving into the SAN fabric and being provided as a snapshot service. A well-known address is utilized to receive snapshot commands. Each switch in the fabric connected to a host contains a front end or service interface to receive the snapshot command. Each switch of the fabric connected to a storage device used in the snapshot process contains a write interceptor module which cooperates with hardware in the switch to capture any write operations which would occur to the snapshot data area. The write interceptor then holds these particular write operations until the original blocks are transferred to a snapshot or separate area so that the original read data is maintained. Should a read operation occur to the snapshot device and the original data from requested location has been relocated, a snapshot server captures these commands and redirects the read operation to occur from the snapshot area.

Abstract: A network configuration device or entity has control of defined management and security functions in the network, or in many embodiments, in a Fibre Channel fabric. The network configuration device may control many functions. Foremost, it may control the recognition, operation and succession procedure for network configuration entities. It may also control user configurable options for the network, rules for interaction between other entities in the network, rules governing management-level access to the network, and rules governing management-level access to individual devices in the network. In addition, the network configuration entity may exploit policy sets to implement its control.

Abstract: A network configuration device or entity has control of defined management and security functions in the network, or in many embodiments, in a Fibre Channel fabric. The network configuration device may control many functions. Foremost, it may control the recognition, operation and succession procedure for network configuration entities. It may also control user configurable options for the network, rules for interaction between other entities in the network, rules governing management-level access to the network, and rules governing management-level access to individual devices in the network. In addition, the network configuration entity may exploit policy sets to implement its control.

Abstract: A network configuration device or entity has control of defined management and security functions in the network, or in many embodiments, in a Fibre Channel fabric. The network configuration device may control many functions. Foremost, it may control the recognition, operation and succession procedure for network configuration entities. It may also control user configurable options for the network, rules for interaction between other entities in the network, rules governing management-level access to the network, and rules governing management-level access to individual devices in the network. In addition, the network configuration entity may exploit policy sets to implement its control.

Abstract: A method and apparatus for securing networks, focusing on application in Fibre Channel networks. A combination of unique security techniques are combined to provide overall network security. Responsibility for security in the network is assigned to one or more designated entities. The designated entities deploy management information throughout the network to enhance security by modifying the capabilities and operational permissions of the devices participating in the network. For example, through network control: logical management access or physical I/O access may be limited on a per device or per I/O basis; and all devices and ports in the network operate only with other approved devices and ports. These designated entities can better manage network security by exploiting a unique link authentication system as well as a unique push-model secure distributed time service.

Abstract: A secure and distributed time service is discussed for use in a network. In particular, the invention relates to Fibre Channel networks and the secure distribution of time service using a push model. In order to distribute time on a push model, one entity assumes responsibility for time in the network. Other entities in the network receive periodic time updates and check the validity of their own time by gauging the elapsed time since the previous time update. The time service is secured using by applying a unique combination of encryption techniques.

Abstract: An isolation switch blade Fibre Channel switch presents F_ports to form a first Fibre Channel fabric and N_ports to a second Fibre Channel fabric to appear as node devices. The isolation switch blade may be used to connect a plurality of blade servers to a Fibre Channel fabric. Fabric events engendered by the insertion or removal of hot-pluggable devices are handled by the isolation switch blade and “event storms” on the Fibre Channel fabric are avoided. The isolation switch blade presents the blade servers to the FC fabric as a virtualized N_port.