Referring to
In one aspect, a method to offload encryption processing in a storage area network (SAN) system includes determining whether a host is performing at a first performance level, offloading encryption processing to a processor if the host is not performing at a first performance level and performing encryption processing at the host if the host is performing at a first performance level.
In another aspect, an apparatus to offload encryption processing in a storage area network (SAN) system includes circuitry configured to determine whether a host is performing at a first performance level, offload encryption processing to a processor if the host is not performing at a first performance level and perform encryption processing at the host if the host is performing at a first performance level.
In a further aspect, an article includes a machine-readable medium that stores executable instructions to offload encryption processing in a storage area network (SAN) system. The instructions cause a machine to determine whether a host is performing at a first performance level, offload encryption processing to a processor if the host is not performing at a first performance level and perform encryption processing at the host if the host is performing at a first performance level.
Described herein is an approach to offload encryption processing in a storage area network (SAN). While the description herein shows a single host and a single storage array for simplicity it is to be understood that the SAN may include multiple hosts and storage arrays and that any one (or more than one) of the hosts may offload encryption processing. While the description focuses on encryption processing it is understood that encryption processing includes decrypting data also.
Referring to
The host 12 determines whether the host has a minimum processing bandwidth available to perform encryption processing. For example, the host 12 determines a utilization parameter value. If the utilization parameter value is less than a predetermined threshold value for the host 12, the host performs the encryption processing. If the utilization parameter value is greater than a predetermined threshold value for the host 12, the processor 22 performs the encryption processing. In one embodiment, a decision to offload encryption is made for each IO transaction.
In one embodiment, the processor 22 performs the encryption processing until it no longer has the bandwidth processing available to support encryption. For example, the processor 22 has a primary purpose of, for example, duplication processing and encryption processing is a secondary or lesser priority. If the processor 22 determines that a utilization parameter value at the processor 22 is greater than a predetermined threshold value for the processor 22, the processor 22 sends encryption processing back to the host 12. In another embodiment, the processor 22 performs encryption on an IO transaction.
In other embodiments, the decision to offload encryption processing may be made for each IO transaction. For example,
Referring to
Referring to
The driver 510 detects automatically the availability of encryption processors for offloading. In one example, the driver 510 detects the availability of encryption processors, and offloads data arriving to storage arrays selected by a user using the GUI 512. After an IO transaction is detected by the driver 510, the driver checks a performance parameter at the host 12. The driver 510 determines based on the performance parameter whether to redirect the IO transaction to an offload encryption device (e.g., the processor 22) or perform encryption processing at the host 12 using the encryption module 514. If the IO transaction is directed to the processor 22 for encryption processing, the processor 22 performs encryption processing on the data in the IO transaction writes the encrypted data to the storage array and returns an IO transaction status to the host 12. If the host 12 performs the encryption processing, the driver 510 will send the IO transaction to the encryption module 514. For example, the driver 510 receives the IO transactions before the encryption module 514 so that the driver 510 can direct them to the processor 22 for offload encryption processing or direct them to the encryption module 514. If the processor 22 is unavailable, driver 510 can offload encryption processing to another processor (not shown). If all processors designated for offload encryption processing are unavailable, the IO transaction will flow directly to the encryption module 514 and encrypted by the host 12.
The processes described herein (e.g., processes 100, 200, 300 and 400) are not limited to use with the hardware and software of
The system may be implemented, at least in part, via a computer program product, (e.g., in a machine-readable storage device, for execution by, or to control the operation of, data processing apparatus (e.g., a programmable processor, a computer, or multiple computers)). Each such program may be implemented in a high level procedural or object-oriented programming language to communicate with a computer system. However, the programs may be implemented in assembly or machine language. The language may be a compiled or an interpreted language and it may be deployed in any form, including as a stand-alone program or as a module, component, subroutine, or other unit suitable for use in a computing environment. A computer program may be deployed to be executed on one computer or on multiple computers at one site or distributed across multiple sites and interconnected by a communication network. A computer program may be stored on a storage medium or device (e.g., CD-ROM, hard disk, or magnetic diskette) that is readable by a general or special purpose programmable computer for configuring and operating the computer when the storage medium or device is read by the computer to perform the processes (e.g., process 100, 200, 300 or 300). The processes may also be implemented as a machine-readable storage medium, configured with a computer program, where upon execution, instructions in the computer program cause the computer to operate in accordance with the processes.
The processes described herein are not limited to the specific embodiments described herein. For example, the processes 100, 200, 300 and 400 are not limited to the specific processing order of the processing blocks in
The system described herein is not limited to use with the hardware and software described above. The system may be implemented in digital electronic circuitry, or in computer hardware, firmware, software, or in combinations thereof.
Processing blocks in
Processors suitable for the execution of a computer program include, by way of example, both general and special purpose microprocessors, and any one or more processors of any kind of digital computer. Generally, a processor will receive instructions and data from a read-only memory or a random access memory or both. Elements of a computer include a processor for executing instructions and one or more memory devices for storing instructions and data.
Elements of different embodiments described herein may be combined to form other embodiments not specifically set forth above. Other embodiments not specifically described herein are also within the scope of the following claims.
Number | Name | Date | Kind |
---|---|---|---|
5170480 | Mohan et al. | Dec 1992 | A |
5388254 | Betz et al. | Feb 1995 | A |
5499367 | Bamford et al. | Mar 1996 | A |
5864837 | Maimone | Jan 1999 | A |
5879459 | Gadgil et al. | Mar 1999 | A |
5990899 | Whitten | Nov 1999 | A |
6042652 | Hyun et al. | Mar 2000 | A |
6065018 | Beier et al. | May 2000 | A |
6143659 | Leem | Nov 2000 | A |
6148340 | Bittinger et al. | Nov 2000 | A |
6174377 | Doering et al. | Jan 2001 | B1 |
6174809 | Kang et al. | Jan 2001 | B1 |
6203613 | Gates et al. | Mar 2001 | B1 |
6260125 | McDowell | Jul 2001 | B1 |
6270572 | Kim et al. | Aug 2001 | B1 |
6272534 | Guha | Aug 2001 | B1 |
6287965 | Kang et al. | Sep 2001 | B1 |
6314447 | Lea et al. | Nov 2001 | B1 |
6467023 | DeKoning et al. | Oct 2002 | B1 |
6574657 | Dickinson | Jun 2003 | B1 |
6621493 | Whitten | Sep 2003 | B1 |
6804676 | Bains, II | Oct 2004 | B1 |
6947981 | Lubbers et al. | Sep 2005 | B2 |
7043610 | Horn et al. | May 2006 | B2 |
7076620 | Takeda et al. | Jul 2006 | B2 |
7111197 | Kingsbury et al. | Sep 2006 | B2 |
7117327 | Hirakawa et al. | Oct 2006 | B2 |
7120768 | Mizuno et al. | Oct 2006 | B2 |
7130975 | Suishu et al. | Oct 2006 | B2 |
7139927 | Park et al. | Nov 2006 | B2 |
7159088 | Hirakawa et al. | Jan 2007 | B2 |
7167963 | Hirakawa et al. | Jan 2007 | B2 |
7222136 | Brown et al. | May 2007 | B1 |
7296008 | Passerini et al. | Nov 2007 | B2 |
7328373 | Kawamura et al. | Feb 2008 | B2 |
7360113 | Anderson et al. | Apr 2008 | B2 |
7415723 | Pandya | Aug 2008 | B2 |
7426618 | Vu et al. | Sep 2008 | B2 |
7516287 | Ahal et al. | Apr 2009 | B2 |
7519625 | Honami et al. | Apr 2009 | B2 |
7519628 | Leverett | Apr 2009 | B1 |
7546485 | Cochran et al. | Jun 2009 | B2 |
7577867 | Lewin et al. | Aug 2009 | B2 |
7606940 | Yamagami | Oct 2009 | B2 |
7627612 | Ahal et al. | Dec 2009 | B2 |
7627687 | Ahal et al. | Dec 2009 | B2 |
7757057 | Sangapu et al. | Jul 2010 | B2 |
20020129168 | Kanai et al. | Sep 2002 | A1 |
20030061537 | Cha et al. | Mar 2003 | A1 |
20030110278 | Anderson | Jun 2003 | A1 |
20030196147 | Hirata et al. | Oct 2003 | A1 |
20040117614 | Minnick et al. | Jun 2004 | A1 |
20040205092 | Longo et al. | Oct 2004 | A1 |
20040250032 | Ji et al. | Dec 2004 | A1 |
20040254964 | Kodama et al. | Dec 2004 | A1 |
20050015663 | Armangau et al. | Jan 2005 | A1 |
20050028022 | Amano | Feb 2005 | A1 |
20050049924 | DeBettencourt et al. | Mar 2005 | A1 |
20050172092 | Lam et al. | Aug 2005 | A1 |
20050273655 | Chow et al. | Dec 2005 | A1 |
20060031647 | Hirakawa et al. | Feb 2006 | A1 |
20060047996 | Anderson et al. | Mar 2006 | A1 |
20060064416 | Sim-Tang | Mar 2006 | A1 |
20060107007 | Hirakawa et al. | May 2006 | A1 |
20060117211 | Matsunami et al. | Jun 2006 | A1 |
20060161810 | Bao | Jul 2006 | A1 |
20060195670 | Iwamura et al. | Aug 2006 | A1 |
20060212462 | Heller et al. | Sep 2006 | A1 |
20070055833 | Vu et al. | Mar 2007 | A1 |
20070162513 | Lewin et al. | Jul 2007 | A1 |
20070180304 | Kano | Aug 2007 | A1 |
20070198602 | Ngo et al. | Aug 2007 | A1 |
20070198791 | Iwamura et al. | Aug 2007 | A1 |
20070220311 | Lewin et al. | Sep 2007 | A1 |
20070266053 | Ahal et al. | Nov 2007 | A1 |
20080082591 | Ahal et al. | Apr 2008 | A1 |
20080082592 | Ahal et al. | Apr 2008 | A1 |
20080082770 | Ahal et al. | Apr 2008 | A1 |
20090089351 | Belgaied et al. | Apr 2009 | A1 |
Number | Date | Country |
---|---|---|
1154356 | Nov 2001 | EP |
WO 00 45581 | Aug 2000 | WO |