enhanced storage architecture jim bovee, scott lee senior sde, senior sde devices & storage...
TRANSCRIPT
Enhanced Storage Architecture
Jim Bovee, Scott LeeSenior SDE, Senior SDEDevices & Storage [email protected], [email protected]
Agenda
• What Is Enhanced Storage?
• Enhanced Storage Architecture
• Enhanced Storage Extensibilities
• Guidance and Resources
What Is Enhanced Storage?
What Is Enhanced Storage?
• New platform for storage hardware enhancements.
• Bus and protocol agnostic.
• Extensible to support proprietary hardware.
Key Enhanced Storage Features
• Native Windows experience for certificate- and password- protected USB storage devices.
• Infrastructure to discover and support proprietary hardware enhancements either through a driver or user-mode API.
Enhanced Storage Architecture
Enhanced Storage Architecture
Interface Layer (APIs, IOCTLs, UMDF Drivers)
Transport Layer (Standard Protocols)e.g. IEEE 1667
Storage Device (Hardware and Firmware)e.g. USB drive firmware
Microsoft Application
sApplicatio
n to System Channel
3rd party
Extensions
3rd party Applicatio
ns
System to
Device Chann
el
Abstraction Layer
Enhanced Storage Architecture
Device Firmware
Vendor Silos
Standard Silos
Host Boundary
Kernel Boundary
Kernel Storage StackBus Drivers (i.e. usbstor)
IEEE 1667 Silo Drivers
Password Silo, Certificate Silo
3rd Party Silo
Drivers
Enhanced Storage APIs
Enhanced Storage
Shell Extension
3rd Party Vertical
Application
UMDF
Process Boundary
ISV Applicatio
n
IEEE 1667 Overview
ACT (Addressable Command Target)
Probe Silo Password Silo
User Data Area
• Mapping to SCSI means LUN = ACT
• ACT must minimally have a probe silo
Certificate Silo
Capabilities Discovery Capabilities Extensibility
Storage Model
Other Silos
• Silo Model is extensible
IEEE 1667 Silo Support Roadmap
Future
Probe PasswordCertificat
eProposed
Silo X
Vista , Windows 7
Proposed Silo Y
Enhanced Storage Extensibilities
Enhanced Storage Extensibilities• Extend by defining a new IEEE 1667 silo.
• Provide device experience with bundled software.
• Communicate to device through silo driver or raw command API.
• Can participate in Enhanced Storage authorization process and expose device-specific features in My Computer.
Advantages of Silo Driver vs. Raw Command
Silo Driver Raw Command API
Access and transaction control. Rudimentary enforcement.
Participate in authorization and UI.
No participation in authorization and UI.
Context menu action verbs in My Computer
No context menu action verbs in My Computer
Translation/validation layer. Raw commands sent directly to device.
Recommendation: Use Silo Driver approach for best Windows experience
Extensibility Example – USB Digital Clock with Storage
• Digital Clock features
• Set alarm
• Display time
• Query when the time or alarm was last set
Extensible Silo Development Process1. Choose a provisional Silo Type Identifier (STID) for
initial development.
2. Define the commands, payloads, status code, etc.
3. Implement hardware prototype.
4. Decide on Windows support for the silo based on desired user experience.
• Raw Silo Command
• Silo Driver
5. Implement Windows host support
6. Contact 1667 Working Group for an official STID.
Enhanced Storage – Example UI
Enhanced Storage – Example UI
Enhanced Storage – Example UI
Enhanced Storage – Example UI
Guidance and Resources
Hardware Design Guidance
• Enhanced Storage device discovery process requirements
• SCSI inquiry
• INC_512 support
• Silo authorization requirements
• Assumes authentication is equivalent to authorization
• Read access to logical block address (LBA) in Not Provisioned state
Call to Action
• Develop and submit hardware for validation.
• Evaluate IEEE 1667 and use this protocol to implement hardware enhancements.
Resources
• Enhanced Storage Program
• Provide early access to binaries and tools.
• Email: [email protected]
• IEEE 1667
• http://www.ieee1667.com
Related Sessions
Session Day / Time
Enhanced Storage Device and Application Development Tues. 9:45-10:45 andWed. 2:45-3:45
IEEE 1667 Password Silo Tues. 1:30-2:30 and Wed. 11-12
IEEE 1667 Certificate Silo Tues. 2:45-3:45 andWed. 1:30-2:30
Questions?
Appendix
Enhanced Storage V1 ScenariosScenario Description Vista Next Release
of WindowsIHV Customized Device Application Extensibility
Extensible infrastructure for internal and external partners to grow and build device experiences within Windows.
Full support Full support
Protecting USB-attached Storage with Password Authentication
A standard password allow/restrict access experience that is native to Windows for USB flash drives and USB external storage.
Password based authentication experience using shell extension
Full support
Protecting USB-attached Storage with Certificate Authentication
Allow/restrict access capability based on certificates, such as domain/user account information.
Certificate based authentication experience using shell extension,APIs for Provisioning
Group Policy support and provisioning tools.
Group Policies and Device Management (detail instead of category)
Enabling enterprises to configure and secure devices to work seamlessly in their corporate environment, but are secure when taken outside.
Group Policies for Certificates, Password, and Device ID.