enhanced storage architecture jim bovee, scott lee senior sde, senior sde devices & storage...

Enhanced Storage Architecture

Jim Bovee, Scott LeeSenior SDE, Senior SDEDevices & Storage TechnologiesJim.Bovee@microsoft.com, scolee@microsoft.com

Agenda

• What Is Enhanced Storage?

• Enhanced Storage Architecture

• Enhanced Storage Extensibilities

• Guidance and Resources

What Is Enhanced Storage?

What Is Enhanced Storage?

• New platform for storage hardware enhancements.

• Bus and protocol agnostic.

• Extensible to support proprietary hardware.

Key Enhanced Storage Features

• Native Windows experience for certificate- and password- protected USB storage devices.

• Infrastructure to discover and support proprietary hardware enhancements either through a driver or user-mode API.

Enhanced Storage Architecture

Enhanced Storage Architecture

Interface Layer (APIs, IOCTLs, UMDF Drivers)

Transport Layer (Standard Protocols)e.g. IEEE 1667

Storage Device (Hardware and Firmware)e.g. USB drive firmware

Microsoft Application

sApplicatio

n to System Channel

3rd party

Extensions

3rd party Applicatio

ns

System to

Device Chann

el

Abstraction Layer

Enhanced Storage Architecture

Device Firmware

Vendor Silos

Standard Silos

Host Boundary

Kernel Boundary

Kernel Storage StackBus Drivers (i.e. usbstor)

IEEE 1667 Silo Drivers

Password Silo, Certificate Silo

3rd Party Silo

Drivers

Enhanced Storage APIs

Enhanced Storage

Shell Extension

3rd Party Vertical

Application

UMDF

Process Boundary

ISV Applicatio

n

IEEE 1667 Overview

ACT (Addressable Command Target)

Probe Silo Password Silo

User Data Area

• Mapping to SCSI means LUN = ACT

• ACT must minimally have a probe silo

Certificate Silo

Capabilities Discovery Capabilities Extensibility

Storage Model

Other Silos

• Silo Model is extensible

IEEE 1667 Silo Support Roadmap

Future

Probe PasswordCertificat

eProposed

Silo X

Vista , Windows 7

Proposed Silo Y

Enhanced Storage Extensibilities

Enhanced Storage Extensibilities• Extend by defining a new IEEE 1667 silo.

• Provide device experience with bundled software.

• Communicate to device through silo driver or raw command API.

• Can participate in Enhanced Storage authorization process and expose device-specific features in My Computer.

Advantages of Silo Driver vs. Raw Command

Silo Driver Raw Command API

Access and transaction control. Rudimentary enforcement.

Participate in authorization and UI.

No participation in authorization and UI.

Context menu action verbs in My Computer

No context menu action verbs in My Computer

Translation/validation layer. Raw commands sent directly to device.

Recommendation: Use Silo Driver approach for best Windows experience

Extensibility Example – USB Digital Clock with Storage

• Digital Clock features

• Set alarm

• Display time

• Query when the time or alarm was last set

Extensible Silo Development Process1. Choose a provisional Silo Type Identifier (STID) for

initial development.

2. Define the commands, payloads, status code, etc.

3. Implement hardware prototype.

4. Decide on Windows support for the silo based on desired user experience.

• Raw Silo Command

• Silo Driver

5. Implement Windows host support

6. Contact 1667 Working Group for an official STID.

Enhanced Storage – Example UI

Enhanced Storage – Example UI

Enhanced Storage – Example UI

Enhanced Storage – Example UI

Guidance and Resources

Hardware Design Guidance

• Enhanced Storage device discovery process requirements

• SCSI inquiry

• INC_512 support

• Silo authorization requirements

• Assumes authentication is equivalent to authorization

• Read access to logical block address (LBA) in Not Provisioned state

Call to Action

• Develop and submit hardware for validation.

• Evaluate IEEE 1667 and use this protocol to implement hardware enhancements.

Resources

• Enhanced Storage Program

• Provide early access to binaries and tools.

• Email: enh_stor@microsoft.com

• IEEE 1667

• http://www.ieee1667.com

• 1667stor@microsoft.com

Related Sessions

Session Day / Time

Enhanced Storage Device and Application Development Tues. 9:45-10:45 andWed. 2:45-3:45

IEEE 1667 Password Silo Tues. 1:30-2:30 and Wed. 11-12

IEEE 1667 Certificate Silo Tues. 2:45-3:45 andWed. 1:30-2:30

Questions?

Appendix

Enhanced Storage V1 ScenariosScenario Description Vista Next Release

of WindowsIHV Customized Device Application Extensibility

Extensible infrastructure for internal and external partners to grow and build device experiences within Windows.

Full support Full support

Protecting USB-attached Storage with Password Authentication

A standard password allow/restrict access experience that is native to Windows for USB flash drives and USB external storage.

Password based authentication experience using shell extension

Full support

Protecting USB-attached Storage with Certificate Authentication

Allow/restrict access capability based on certificates, such as domain/user account information.

Certificate based authentication experience using shell extension,APIs for Provisioning

Group Policy support and provisioning tools.

Group Policies and Device Management (detail instead of category)

Enabling enterprises to configure and secure devices to work seamlessly in their corporate environment, but are secure when taken outside.

Group Policies for Certificates, Password, and Device ID.