WO2016103416A1 - Storage system, storage device and access control method - Google Patents

Storage system, storage device and access control method Download PDF

Info

Publication number
WO2016103416A1
WO2016103416A1 PCT/JP2014/084379 JP2014084379W WO2016103416A1 WO 2016103416 A1 WO2016103416 A1 WO 2016103416A1 JP 2014084379 W JP2014084379 W JP 2014084379W WO 2016103416 A1 WO2016103416 A1 WO 2016103416A1
Authority
WO
WIPO (PCT)
Prior art keywords
layer
request
host computer
access
storage device
Prior art date
Application number
PCT/JP2014/084379
Other languages
French (fr)
Japanese (ja)
Inventor
中川 弘隆
匡人 仁科
Original Assignee
株式会社日立製作所
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 株式会社日立製作所 filed Critical 株式会社日立製作所
Priority to PCT/JP2014/084379 priority Critical patent/WO2016103416A1/en
Publication of WO2016103416A1 publication Critical patent/WO2016103416A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures

Definitions

  • the present invention relates to a storage system, a storage apparatus, and an access control method.
  • a plurality of virtual servers are constructed on a single physical host computer, and a configuration is used in which images of virtual servers and usage data are stored in a storage device. With this configuration, the data of one or a plurality of virtual servers is collected in one logical volume of the storage device.
  • Patent Document 1 discloses a technology in which one logical volume of a storage device is divided into a plurality of virtual volumes on a host computer, and data used by a virtual server is stored for each virtual volume.
  • Patent Document 2 discloses a technology that accepts only a request from a WWN (World Wide Name) registered at the time of fabric login as LU access restriction via In-band such as SAN (Storage Area Network). Yes.
  • WWN World Wide Name
  • SAN Storage Area Network
  • a plurality of logical volumes (LU: Logical Unit) are grouped into a plurality of logical groups (LU Configurate), and a logical path is set for a representative logical volume (ALU: Administrative Logical Unit) in the logical group.
  • the host computer issues an I / O (Input / Output) command specifying an identifier of a logical volume (SLU: Subsidy Logical Unit) other than the ALU in the logical group to which the logical path belongs, and the storage device receives the received I / O. Distributes I / O processing to the SLU specified by the command.
  • Conglomerate LU Structure such a configuration of the storage apparatus is referred to as “Conglomerate LU Structure”.
  • a storage device of Conglomerate LU Structure it is possible to assign a logical volume of the storage device in units of virtual servers by assigning one or more SLUs to one virtual server on the host computer.
  • the plurality of virtual volumes of the technique disclosed in Patent Document 1 is one logical volume in the storage apparatus, and the functions of the storage apparatus are controlled in units of logical volumes. Therefore, in the configuration of the storage device disclosed in Patent Document 1, for example, when the local copy function or the remote copy function provided in the storage device is used, the logical volume divided into a plurality of virtual volumes becomes a copy unit. An extra cost is incurred for copying the data of the virtual volume that does not need to be copied.
  • the Conglomerate LU Structure is not assumed, so the access to the logical volume in which the logical path is set in the storage device is limited, and the SLU that is not the ALU in which the logical path is set. The technology for restricting access is not disclosed.
  • an object of the present invention is to make it possible to restrict access to SLUs in a hierarchical configuration of ALUs and SLUs.
  • a typical storage system is a storage system in which one or a plurality of host computers and storage devices are connected, and the storage devices are associated in a hierarchical manner.
  • a configuration controller that includes a first layer LU and a second layer LU, distributes the second layer LU to one or more logical groups, and associates the logical group with the first layer LU; Receiving the access request in which the first layer LU and the second layer LU are designated from the host computer, and distributing the access request to the logical group associated with the designated first layer LU.
  • the access to the second layer LU is provided with an input / output control unit for limiting access to be processed in the access to the designated second layer LU.
  • the storage device is connected to the host computer, and host computers that can access the LU of the first layer are registered, and only access from the registered host computer is performed.
  • a connection I / F to be permitted is further provided.
  • FIG. It is a figure which shows the example of the flowchart of the process which extracts allocated ALU. It is a figure which shows the example of the flowchart of a process which determines the new path
  • FIG. It is a figure which shows the example of the flowchart of the process which determines the new paths 2 and 3.
  • FIG. It is a figure which shows the example of the flowchart of a process which binds SLU to the designated ALU.
  • the information of each embodiment will be described using the expression “table”. However, the information is not necessarily a table, and may be expressed by a data structure other than a table.
  • “program” is the subject of the description, but the program is executed by the processor, and the processing determined using the memory and communication port is the same as that for the processor as the subject. .
  • the processing obtained by executing the program by the processor is the same as the processing by the dedicated hardware, and part or all of the processing may be realized by the dedicated hardware. For this reason, an object is described using the expression “unit”. However, a part or all of these “units” may be a program executed by a processor, or a part or all of them are dedicated hardware. There may be.
  • the program may be installed by a program distribution server or a computer-readable storage medium.
  • FIG. 1 is a diagram illustrating an example of the configuration of a storage system according to the first embodiment.
  • the storage apparatus 2000 includes a logical partitioning unit that divides a logical volume into a plurality of logical partitions (hereinafter, BG: bind group 2600), an I / O control unit (input / output control unit) corresponding to the Congregate LU Structure, A logical volume 2210 is provided from the logical port 2110 to the host computer 1000 connected via the SAN 4000.
  • BG bind group 2600
  • I / O control unit input / output control unit
  • the logical port 2110 is a generic name in the case where the logical ports (I / F: InterFace) 2110a, 2110b, etc. are represented without distinction, and in the following description, the alphabetical symbols are omitted to represent the generic name.
  • the logical volume 2210 is a generic name for the ALUs 2210a, 2210b, and the SLUs 2210c to 2210g, which are represented without distinction.
  • the ALU 2210h is a generic name for representing the ALUs 2210a, 2210b, etc. without distinction.
  • the SLU 2210i is a generic name for representing each of the SLUs 2210c to 2210g without distinction.
  • the storage apparatus 2000 is connected to the management computer 3000 via a management network 5000 represented by a LAN (Local Area Network).
  • the storage apparatus 2000 provides the management computer 3000 with each configuration management table provided in the storage apparatus 2000 and a management API (Application Program Interface) provided by the configuration control unit.
  • a management API Application Program Interface
  • an ALU 2210a and an ALU 2210b whose ALU attributes are set by the storage administrator exist as two logical volumes 2210.
  • One BG (bind group) 2600a is assigned to the ALU 2210a by the storage administrator, and one ALU 2210b is assigned to the ALU 2210b.
  • Two BG2600b are allocated.
  • Three SLUs 2210c to 2210e are assigned to the BG 2600a, and two SLUs 2210f and 2210g are assigned to the BG 2600b by the storage administrator.
  • the storage administrator assigns ALU 2210a to HGs (host groups) 2111a and 2111c included in the logical port 2110a, and assigns ALU 2210b to HGs 2111b and 2111d.
  • the HG 2111a and 2111c register a WWN for identifying an HBA (Host ⁇ Bus Adapter) included in one or a plurality of host computers 1000a belonging to the business A.
  • the HGs 2111b and 2111d are registered with the business B.
  • the WWN of the HBA that one or more host computers 1000b to which it belongs is registered.
  • three virtual servers operate on the host computer 1000a belonging to the job A, and SLU 2210c, SLU 2210d, and SLU 2210e are assigned to each of the three virtual servers.
  • two virtual servers operate on the host computer 1000b belonging to the business B, and each of the two virtual servers can be assigned SLU 2210f and SLU 2210g, respectively.
  • Each SLU 2210 stores data (virtual server image data, usage data, etc.) of the virtual server to which each SLU 2210 is assigned.
  • the management computer 3000 is connected to the host computer 1000 via the management network 5000, can acquire configuration information of the host computer 1000, and can receive a storage management operation request from the host computer 1000.
  • a storage administrator who manages the storage apparatus 2000 can recognize the configuration information of the storage apparatus 2000 and the host computer 1000 via the storage apparatus management program 3110, and further transmits a configuration change instruction to each apparatus. be able to.
  • FIG. 2 is a diagram showing an example of the configuration of the storage apparatus 2000.
  • the storage apparatus 2000 includes an FEPK (Front End PacKage) 2100 that is a host I / F unit, an MPPK (Micro Processor PacKage) 2200 that is a control unit, a CMPK (Cache Memory PacKage) 2300 that is a shared memory unit, and a disk I / F.
  • FEPK Front End PacKage
  • MPPK Micro Processor PacKage
  • CMPK Cache Memory PacKage
  • One or a plurality of BEPKs (BackEnd PacKage) 2400, an HDD (Hard Disk Drive) 2700 as an example of a storage device, and a management server 2500 are provided.
  • the internal network 2800 connects the FEPK 2100, MPPK 2200, CMPK 2300, BEPK 2400, and the management server 2500 to each other. Through the internal network 2800, each MP 2240 of the MPPK 2200 can communicate with any of the FEPK 2100, CMPK 2300, and BEPK 2400.
  • the FEPK 2100 has a plurality of logical ports 2110 each serving as a host I / F. Further, the logical port 2110 has a plurality of host groups 2111, and only a login request from the WWN registered in the host group 2111 at the time of login processing to the logical port 2110 via the SAN 4000 (usually referred to as fabric login). It has a function to accept.
  • the BEPK 2400 has a plurality of disk I / Fs 2410.
  • the disk I / F 2410 is connected to the HDD 2700 via, for example, a cable, and is also connected to the internal network 2800, and mediates a data transfer process between the internal network 2800 side and the HDD 2700 to be read or written. .
  • the CMPK 2300 includes a data cache memory 2310 and a control information memory 2320.
  • the cache memory 2310 and the control information memory 2320 may be volatile memories, for example, DRAM (Dynamic Random Access Memory).
  • the cache memory 2310 temporarily stores (caches) data to be written to the HDD 2700, or temporarily stores (caches) data read from the HDD 2700.
  • the control information memory 2320 stores a logical port management table T1000, a logical volume management table T2000, and a bind management table T3000 as information necessary for control, for example, configuration information of the logical volume 2210 and BG2600.
  • the MPPK 2200 includes a plurality of MPs (Micro Processors) 2240, an LM (Local Memory) 2220, and a bus 2230 that connects these.
  • the MP 2240 is a processor that is also used in a computer or the like, and becomes a logical partition unit, an I / O control unit, a configuration control unit, or the like by operating according to a program stored in the LM 2220.
  • the LM 2220 stores a part of control information for I / O control stored in the control information memory 2320.
  • the management server 2500 is a computer having an application for transmitting an operation request from the management computer 3000 to a control program loaded from the control information memory 2320 to the LM 2220 and executed by the MP 2240.
  • the management server 2500 can also have each program that the management computer 3000 has.
  • the control information memory 2320 stores information handled by the logical partitioning unit and the I / O control unit.
  • the storage device management program 3110 on the management computer 3000 can acquire information stored in the control information memory 2320 via the management server 2500.
  • the logical partitioning unit distributes a logical volume 2210 (also referred to as LDEV: Logical Device), which is a logical storage area provided by the BEPK 2400, to the BG 2600.
  • the logical partitioning unit assigns an identifier (BIND GROUP ID) that can uniquely identify the BG2600 in the device to the configuration information of the logical volume 2210 registered in the BG2600, and stores it in the control information memory 2320 as the logical volume management table T2000. To do.
  • FIG. 3 is a diagram showing an example of the configuration of the host computer 1000.
  • the host computer 1000 is a computer including a processor 1100, a memory 1200, an HBA (HostHBus) Adapter) 1300, a Hyper Visor unit 1400, an output unit 1600, an input unit 1700, a management port 1800 that is a network I / F, and the like.
  • the host computer 1000 is, for example, a personal computer, a workstation or a main frame.
  • the memory 1200 stores a business application 1210, a storage management program 1220, and an OS (Operating System).
  • the Hyper-Visor unit 1400 is a resource (logical processor, logical memory, logical network I / F, etc.) obtained by abstracting hardware resources (hardware resources: processor 1100, memory 1200, network I / F 1800, etc.) of the host computer 1000. And the abstracted resource is allocated to a virtual server (virtual machine). Alternatively, the Hyper-Visor unit 1400 logically divides the hardware resources (processor 1100, memory 1200, network I / F 1800, etc.) included in the host computer 1000, and divides the logically divided hardware resources into virtual servers. (Logical partition: Logical Partition) may also be assigned.
  • Each virtual server operates on the host computer 1000 based on the resources allocated by the Hyper-Visor unit 1400, and executes the OS and the business application 1210.
  • the processor 1100 performs overall control of the host computer 1000, and operates according to each program by executing the business application 1210 stored in the memory 1200 or a program of an alternate path (not shown). For example, the processor 1100 issues a read access request or a write access request as an access request to the storage apparatus 2000 by executing the business application 1210.
  • the memory 1200 is used for storing programs and the like, and is also used as a work memory for the processor 1100.
  • the HBA 1300 performs protocol control during communication with the storage apparatus 2000.
  • protocol control data and commands according to, for example, a fiber channel protocol are transmitted and received between the host computer 1000 and the storage apparatus 2000.
  • the raw device 1310 corresponds to the ALU 2210h of the storage apparatus 2000, and is a device that substitutes for access to the ALU 2210h in the host computer 1000.
  • the virtual volume 1320 corresponds to the SLU 2210 i of the storage apparatus 2000 and is a device that substitutes for access to the SLU 2210 i in the host computer 1000.
  • the raw device 1310 is a device for reducing overhead by executing I / O processing without temporarily copying data to a page cache (not shown) when the Hyper-Visor unit 1400 is accessed. Used as
  • the volume identifier acquired by the HBA 1300 needs to be a globally unique value, and is formed by a combination of the serial number (device serial number) of the storage device 2000 and the local volume identifier of the logical volume 2210 in the storage device 2000, for example.
  • the storage system 2000 has a function of responding to the identifier of the ALU 2210h in response to the response of the volume identifier.
  • the Hyper-Visor unit 1400 uses the SLU 2210i associated with the ALU 2210h corresponding to the raw device 1310 as one virtual volume 1320, and each application such as an OS (Operating System) or a business application 1210 executed on the host computer 1000 or the virtual server. To provide.
  • OS Operating System
  • a business application 1210 executed on the host computer 1000 or the virtual server.
  • the Hyper-Visor unit 1400 extracts the corresponding ALU 2210h and SLU 2210i for the I / O command to the virtual volume 1320 issued from each application or OS, and assigns the identifiers of the ALU 2210h and SLU 2210i to the I / O command.
  • a command is issued to the raw device 1310.
  • the input unit 1700 includes, for example, a keyboard, a switch, a pointing device, a microphone, and the like.
  • the output unit 1600 includes a monitor display and a speaker.
  • the storage management program 1220 transmits an operation request for the logical volume 2210 such as SLU 2210i allocation or deallocation from the business application 1210 or the OS to the storage apparatus management program 3110 included in the management computer 3000 via the management network 5000. be able to. Furthermore, the storage management program 1220 can also send a logical volume operation request to the configuration control unit of the storage apparatus 2000 via the SAN 4000.
  • FIG. 4 is a diagram showing an example of the configuration of the management computer 3000.
  • the management computer 3000 includes a memory 3100, a processor 3200, a storage medium 3300, a network I / F 3400, an output unit 3600, and an input unit 3700.
  • the processor 3200 performs overall control of the management computer 3000 and executes the storage device management program 3110 or the host computer management program 3120 loaded in the memory 3100, whereby various storage devices and host computer configurations are configured.
  • the management operation request is transmitted to the storage apparatus 2000 and the host computer 1000 via the network I / F 3400 and the management network 5000.
  • the memory 3100 stores a storage device management table T4000 and a host computer management table T5000 as control information used by the storage device management program 3110 and the host computer management program 3120.
  • the storage administrator can input an operation request to the input unit 3700 such as a keyboard or a mouse, and can acquire an execution result via the output unit 3600 such as a display or a speaker.
  • a storage medium 3300 such as an HDD or SD stores a storage device management program 3110, a host computer management program 3120, and an execution log of each control program.
  • FIG. 5 is a diagram showing an example of the logical port management table T1000 provided in the storage apparatus 2000.
  • the logical port management table T1000 is referred to during I / O control processing, ALU allocation processing, and bind group allocation processing executed by the storage apparatus 2000, and further managed via the management network 5000 by the API provided by the management server 2500. It is also accessed from the storage device management program 3110 provided in the computer 3000.
  • the logical port management table T1000 includes a column T1010 for registering an identifier that can identify the logical port 2110 in the apparatus, a column T1020 for registering the WWN of the logical port 2110, and a host group 2111 included in the logical port 2110. Registers a field T1030 for registering an identifier uniquely identifiable within a local range under 2110, and a WWN (HOSTHWWN) of a connection source (host computer or a virtual server of the host computer) that permits fabric login in the host group 2111.
  • a column T1040 and a column T1050 for registering the unique identifier of the ALU assigned to the host group 2111 in the apparatus.
  • the storage system 2000 enables fabric login to the logical port 2110 from the connection source (host computer or virtual server) having HOST WWN registered in the column T1040.
  • the connection source (host computer or virtual server) having HOST WWN registered in T1040 can recognize the ALU registered in the column T1050.
  • the LUN (Logical Unit Number) in the column T1050 is the ID of the raw device 1310, and the ALU ID is an identifier in the storage apparatus 2000, whereas the LUN is an identifier used by the host computer 1000. Therefore, a plurality of different host computers can use the same LUN (for example, 243).
  • FIG. 6 is a diagram showing an example of the logical volume management table T2000 included in the storage apparatus 2000.
  • the logical volume management table T2000 is referred to and registered by a logical volume configuration control unit and a bind group configuration control unit (both not shown) included in the storage apparatus 2000. These control units are provided by the management server 2500.
  • the information of the logical volume management table T2000 is provided based on the request from the API to be updated, and the registration information is updated.
  • the logical volume management table T2000 includes a column T2010 for registering an identifier that can uniquely identify a logical volume (LDEV) within the apparatus, a column T2020 for registering the capacity of the logical storage area of the LDEV, and a physical storage area to which the LDEV belongs.
  • the column T2040 may include information indicating an ALU or information indicating an SLU. Since the ALU is not an LDEV that actually stores data, there is no physical storage area information in the ALU column T2030, and the capacity of the ALU column T2020 is 0.
  • the column T2030 may include an identifier of a parity group of RAID (Redundant Arrays of Inexpensive Disks) as a physical storage area.
  • FIG. 7 is a diagram illustrating an example of the bind management table T3000 included in the storage apparatus 2000.
  • the bind management table T3000 is registered by a bind configuration control unit (not shown) included in the storage apparatus 2000, and is referred to during I / O control.
  • the bind management table T3000 includes a column T3010 for registering an identifier that can uniquely identify an ALU within the apparatus (LDEV ID is used in the example of FIG. 7), and a column for registering a bitmap indicating a list of LDEVs that are in a bound state. It consists of T3020.
  • FIG. 8 is a diagram showing an example of the storage device management table T4000 included in the management computer 3000.
  • the storage device management table T4000 is registered when the storage device management program 3110 included in the management computer 3000 detects the storage device 2000 connected to the management network 5000.
  • This detection timing is a manual detection timing or an automatic detection timing by SLP (ServiceSLocation Protocol).
  • the storage device management table T4000 includes a column T4010 for registering an identifier that can uniquely identify the storage device 2000 under the storage device management program 3110, a column T4020 for registering an identifier that can uniquely identify the storage device 2000 globally,
  • the column T4030 is used to register the IP address of the management server 2500 for connecting to the management server 2500 of the storage apparatus 2000 via the management network 5000.
  • the column T4020 may be information configured by a combination of a vendor name, a model, and a manufacturing number.
  • FIG. 9 is a diagram showing an example of the host computer management table T5000 included in the management computer 3000.
  • the host computer management table T5000 is registered when the host computer management program 3120 detects the host computer 1000 on the management network 5000. This detection is manual detection or automatic detection by SLP.
  • the host computer management program 3120 registers the host name in the column T5010, and registers the IP address of the management port 1800 of the host computer 1000 in the column T5030.
  • the host computer management program 3120 acquires the configuration information of the host computer 1000 via the management network 5000, and registers the WWN of the HBA 1300 included in the host computer 1000 in the column T5020. Thereafter, the host computer management program 3120, through the storage device management program 2110, based on the HOST HBA WWN registered in the column T5020, the configuration information of the ALU assigned to the HOST HBA WWN from the managed storage device 2000 Are registered in the column T5070 from the column T5040.
  • the columns T5040 to T5070 are updated periodically or manually by the storage administrator, or when a configuration change notification of the host computer is received from the SLP.
  • an identifier obtained by combining the identifier of the logical port 2110 registered in the column T1010 of the logical port management table T1000 and the local identifier of the host group 2111 registered in the column T1030 may be registered. .
  • the I / O control unit included in the storage apparatus 2000 in the Cluster LUN Structure will be described with reference to FIG. 10, FIG. 11, and FIG.
  • the REPORT LUN command will be described with reference to FIGS.
  • a SCSI command for acquiring a list of LUNs provided in a logical path from the host computer 1000 via the SAN 4000 has been defined, and this is called a REPORT LUN command.
  • the REPORT LUN command C1000 includes a SELECT REPORT code, and the LUN to be acquired can be specified by type (normal LUN, ALU, SLU).
  • type normal LUN, ALU, SLU
  • the REPORT LUN command C1000 in which the SELECT REPORT code is designated as ALU is issued from the host computer 1000 to the logical path LUN0
  • the I / O control unit included in the storage apparatus 2000 accepts this, Referring to port management table T1000, HOST GROUP to which logical path LUN0 belongs is extracted from column T1030, ALU registered in HOST GROUP is extracted from column T1050, and an ALU list is returned in response C2000 shown in FIG. .
  • the number of extracted ALUs is the value of LUN LIST LENGTH of the response C2000, and the LUN given to the extracted ALU (value in parentheses in the column T1050) is LUNLULIST, and the order is returned.
  • the relationship between the ALU ID and the LUN of the ALU will be described with reference to FIG.
  • the LUN designation of the data read / write (READ / WRITE) SCSI command is expressed by 2 bytes in the ADMINISTRATION ELEMENT part shown in FIG.
  • the ALU ID is expressed by 2 bytes. Since the LUN only needs to be unique within the host group, a single 2-byte ID is assigned to one ALU within the host group. Therefore, a 2-byte ID (LUN) is returned as C2000 LUN LIST.
  • the I / O control unit performs the same processing as the ALU as already described.
  • the number of SLUs bound to the extracted ALU that is, the number of bits in which the value of the SLU bitmap T3020 is 1
  • the LDEV ID corresponding to the bit for which the value of the SLU bitmap T3020 is 1 is sequentially responded as LUN LIST.
  • the LDEV ID is the SLU ID
  • the SLU ID corresponds to the SUBSIDIARY ELEMENT part shown in FIG. 12 and is 6 bytes, so the SLU ID is responded as it is.
  • FIG. 13 is a diagram showing a flowchart F1000 that is an example of READ / WRITE processing to the SLU in the I / O control unit included in the storage apparatus 2000.
  • the host computer 1000 or virtual server transmits a SCSI command specifying the ALU and SLU to the storage apparatus 2000.
  • the logical port 2110 of the storage apparatus 2000 receives the SCSI command, and extracts the designated ALU (designated ALU) and the designated SLU (designated SLU) (step F1010).
  • an I / O control program is loaded into the LM 2220 and transmitted to the MP 2240.
  • the MP 2240 operating as the I / O control unit checks the presence / absence of the designated ALU with reference to the column T1050 of the logical port management table T1000 (step F1020).
  • the MP 2240 notifies the requesting host computer 1000 (or virtual server) that there is no ALU (step F1040) and ends the process.
  • the MP 2240 refers to the logical volume management table T2000 and extracts the LDEV ID of the designated SLU.
  • the MP 2240 loads the bind management table T3000 into the LM 2220 (Step F1030) and refers to it to determine whether or not the designated SLU is bound to the designated ALU (Step F1050). If not bound, SLU unassigned is notified to the requesting host computer 1000 (or virtual server) (step F1060), and the process is terminated.
  • the MP 2240 executes designated READ / WRITE processing such as data writing to the logical volume, and returns the result to the requesting host computer 1000 (or virtual server) (step F1070). End the process.
  • designated SLU is bound to the designated ALU, that is, when the bit of the designated SLU for the designated ALU is 1 in the bind management table T3000, the READ / WRITE specified by accepting the command is specified. It is characterized by processing.
  • the storage apparatus 2000 has a first-layer ALU and a second-layer SLU that are hierarchically associated with each other. Then, the configuration control unit of the storage apparatus 2000 distributes the SLU to one or a plurality of logical groups (bind groups), and associates the bind groups with the ALUs.
  • the input / output control unit of the storage apparatus 2000 receives an access request in which the ALU and the SLU are designated from the host computer 1000, the input / output control unit processes the access to be processed in the access to the designated SLU.
  • the control is limited to the access to the SLU distributed to the bind group associated with. Therefore, the storage device 2000 can restrict access to the SLU in a hierarchical configuration of the ALU and the SLU (Conglomerate LU Structure).
  • FIG. 14 is a diagram showing a flowchart F2000 as an example of ALU creation processing in the configuration control unit (not shown) provided in the storage apparatus 2000.
  • the storage device management program 3110 on the management computer 3000 receives an ALU creation instruction from the storage administrator, and sends an instruction to the API provided by the management server 2500.
  • the management server 2500 analyzes the API request, transmits an instruction to the configuration control unit, and the ALU creation process is started after the configuration control unit accepts the instruction.
  • the MP 2240 operating as the configuration control unit first refers to the logical volume management table T2000 to check whether there is a free LDEVDEID (step F2010), and if the LDEV ID is saturated, notifies the management computer 3000 of LDEV shortage. (Step F2020) and the process ends. If there is an empty LDEV ID, the bind management table T3000 is referred to, and it is confirmed that the number of ALUs is less than the upper limit (step F2030). If the number of ALUs is the upper limit, the saturation of the ALU number is sent to the management computer 3000. Notification is made (step F2050) and the process is terminated.
  • the upper limit value of the number of ALUs may be specified at the time of shipment based on the specifications of the storage device 2000, or may be set in the storage device 2000 by the storage administrator using the storage device management program 3110. Is recorded in the control information memory 2320 in the storage apparatus 2000. If the number of ALUs is less than the upper limit, the MP 2240 selects an empty LDEVDEID (step F2040), registers the selected LDEV ID in the column T2010 of the logical volume management table T2000, and stores the selected LDEV ID in the column T2040 indicating the attribute of the LDEV. The attribute is registered (step F2060), and the process is terminated.
  • the ALU Since the data stored in the host computer 1000 is written in the logical storage area indicated by the SLU, the ALU does not have a logical storage area. Therefore, when the column T2040 of the logical volume management table T2000 has an ALU attribute, the value of T2020 indicating the logical storage capacity is 0, and the value of the column T2030 indicating the physical storage area is blank.
  • FIG. 15 is a diagram illustrating a flowchart F3000 that is an example of ALU allocation processing in the configuration control unit included in the storage apparatus 2000.
  • the storage administrator inputs an ALU allocation instruction specifying the ALU and host group to the storage apparatus management program 3110 on the management computer 3000, and the storage apparatus management program 3110 instructs the API provided by the management server 2500.
  • the ALU allocation process is started when an ALU allocation instruction arrives from the management server 2500 to the configuration control unit of the storage apparatus 2000.
  • the MP 2240 operating as the configuration control unit extracts the designated ALU (designated ALU) and the designated host group (designated host group) from the input data (step F3010).
  • the ALU is specified by the ALU ID
  • the host group is specified by a pair of PORT ID and HOST ID, that is, the format of the column T5050 shown in FIG.
  • the MP 2240 refers to the logical port management table T1000, extracts the number of existing ALUs for the host group from the column T1050, and confirms that the number of ALUs assigned to the host group is less than the upper limit number. (Step 3030).
  • the upper limit number of ALUs that can be allocated to the host group is determined by the specifications of the storage apparatus 2000 and is set at the time of shipment of the apparatus, or may be set by the storage administrator using the storage apparatus management program 3110. These are recorded in the control information memory 2320.
  • the management computer 3000 is notified that the allocation upper limit number to the host group is exceeded (step F3050), and the process is terminated. If the ALU allocation number is less than the upper limit, PROCESS A (step F3040) shown in FIG. 16 is executed.
  • PROCESS A is a process for examining the relationship between a host group to which a designated ALU has already been assigned (existing host group) and the designated host group.
  • the host WWN registered in the existing host group is registered in the designated host group. If it is different from the host WWN, it is determined that the designated ALU is assigned to a different host transaction, and the ALU assignment instruction is rejected. Details will be described with reference to FIG.
  • the MP 2240 initializes a variable i serving as a counter to 0 (step F3041), extracts all host groups to which the designated ALU is assigned from the logical port management table T1000, and applies to all the extracted host groups. , The processing from step F3042 to step F3047 is executed.
  • the MP 2240 extracts the host WWN registered in the extracted host group from the column T1040 of the logical port management table T1000 (step F3042) and compares it with the host WWN registered in the designated host group (step F3043). If the host WWN is different, the counter i is incremented by one (step F3046). If the registered host WWN is the same, the process proceeds to step F3047. When the processing from step F3042 to step F3047 is completed for all the extracted host groups, the value of the counter i is confirmed (step F3048), and if the counter i is greater than 0, it is assigned to a different host transaction. Is sent to the management computer 3000 to prompt the host group to be reviewed (step F3049), and the process is terminated.
  • Step F3060 is a process of assigning the designated ALU to the designated host group.
  • the MP 2240 registers the designated ALU ID in the specified host group column T1050 of the logical port management table T1000, and further responds with SCSI INQUIRY.
  • ALU LUN for registration is registered, the designated ALU ID is registered in the column T3010 of the bind management table T3000, the bitmap in which all the bits are 0 is registered in the column T3020, and the processing ends.
  • ALU LUNs are numbered sequentially from number 243.
  • the host computer 1000 having the host WWN registered in the designated host group can recognize the ALU via the SAN 4000.
  • the designated ALU is connected to the connection destination. It is possible to form a raw device.
  • creation of a bind group is explained.
  • an LDEV to be registered in the created bind group needs to be created in advance. That is, the storage administrator inputs an LDEV creation request specifying an ID indicating a physical storage area and a logical storage capacity to the storage apparatus management program 3110.
  • the storage apparatus management program 3110 uses the LDEV creation API provided by the management server 2500 to transmit the request instruction to the configuration control unit included in the storage apparatus 2000.
  • the configuration control unit Upon receiving the instruction, the configuration control unit registers the ID of the new LDEV in the column T2010 of the logical volume management table T2000, secures a logical storage area with the specified capacity in the specified physical storage area, and creates a logical volume. To do.
  • the configuration control unit registers the capacity specified in the column T2020, registers the ID of the physical storage area specified in the column T2030, and registers the new logical volume in the request source.
  • the LDEV ID is returned and the LDEV creation process is terminated. At this time, the columns L2040 and T2050 of the new LDEV ID are blank.
  • the storage administrator inputs a bind group creation request specifying the bind group ID and one or more LDEV IDs to be registered in the new bind group to the storage apparatus management program 3110.
  • the storage apparatus management program 3110 uses a bind group creation API provided by the management server 2500.
  • the configuration control unit included in the storage apparatus 2000 receives a bind group creation request from the management server 2500 and starts creation processing.
  • the configuration control unit extracts the bind group ID and the LDEV ID from the request, registers a value indicating the SLU attribute in the designated LDEV ID column T2040 in the logical volume management table T2000, The designated bind group ID is registered in the column T2050, and the process is terminated. The same process is performed when an LDEV is added to the bind group.
  • FIG. 17 is a diagram illustrating an example of a path from the logical ports 2110j and 2110k to the SLU 2210m in the storage apparatus 2000.
  • the following description shows a case where the ALU 2210k routed through the new routes 1 to 3 is different from the ALU 2210j routed through the existing route.
  • the ALU consumes the LDEV ID but does not have a logical storage area or a cache memory area. Therefore, since the ALU does not become Single Point Failure, it is not necessary to take a redundant configuration.
  • the new route 1 is a route that reaches the bind group 2600j via the same logical port 2110j and host group 2111j as the existing route. Therefore, even if a new path 1 is added, the redundancy does not change both physically and logically, load distribution is not performed, and an extra LLU ID of the ALU is consumed. The setting instruction must be rejected.
  • the new route 2 is a route that reaches the bind group 2600j via the logical port 2110k and the host group 2111k different from the existing route.
  • the host WWN registered in the host group 2111k through which the new route 2 passes and the host WWN registered in the host group 2111j through which the existing route passes are the same.
  • the configuration of the existing route and the new route 2 is a dual port configuration for the host computer 1000 (or virtual server) having the host WWN registered in the host groups 2111j and 2111k, and has the effect of improving the redundancy of the storage area network. Obtainable.
  • the new route 3 is a route that reaches the bind group 2600j via the logical port 2110k and the host group 2111m different from the existing route.
  • the host WWN registered in the host group 2111m through which the new route 3 passes and the host WWN registered in the host group 2111j through which the existing route passes are different. Since the setting of the new route 3 is to assign the SLU 2210m in the bind group 2600j to the new host computer (or virtual server), when setting the new route 3, the administrator having security authority determines whether or not the setting can be made. There is a need to prompt.
  • Bind group assignment processing including the above restrictions will be described with reference to FIG. 18, FIG. 19, and FIG.
  • the storage administrator inputs a bind group assignment request specifying a bind group ID and an ALU ID to the storage apparatus management program 3110.
  • the configuration control unit included in the storage apparatus 2000 receives this allocation request via the management server 2500, and starts and executes bind group allocation processing.
  • the case where the bind group 2600j is not assigned to the ALU 2210k in FIG. 17 at the start of the bind group assignment process will be described as an example.
  • the configuration control unit extracts the bind group ID and the ALU ID from the received request (step F4010), and extracts all the host groups to which the designated ALU is assigned from the logical port management table T1000, that is, the column T1050. All the host group IDs in the column T1030 of the row where the designated ALU ID is registered are extracted, and the extracted host group group is set as a set HG1 (step F4020). Next, the number of elements in the set HG1 is calculated. If the number of elements in the HG1 is 0, the designated ALU is not allocated to the host computer 1000 on the SAN 4000. The management computer 3000 is notified of an ALU unallocation notification prompting the user (F4040), and the process is terminated.
  • the configuration control unit refers to the logical volume management table T2000, extracts the existing ALUs to which the designated bind group is assigned, and sets the extracted ALUs as the set A1 (Ste F4050).
  • Step F4050 referring to the logical port management table T1000, a host group to which an ALU belonging to the set A1 is assigned is extracted, and the extracted host group group is set as a set HG2 (step F4060).
  • the host group IDs of the host groups included in the set HG1 and the set HG2 include the PORT ID.
  • the configuration control unit notifies that the SLU overlaps distribution (step F4080), and asks the requesting storage administrator whether the setting is possible. Specifically, the configuration control unit requests an input of whether or not SLU overlap distribution is possible as a request to the management server 2500, and waits for the process in step F4090 until an input is obtained.
  • step F4100 the configuration control unit ends the bind group assignment process.
  • step F4100 the process proceeds to step F4110.
  • step F4110 the host WWN registered in the host groups of the set HG1 and the set HG2 is extracted, the host WWN group of the set HG1 is set as a set H1, and the host WWN group of the set HG2 is set as a set H2.
  • step F4120 it is confirmed whether the set H1 is a subset of the set H2 (step F4120).
  • the configuration control unit advances the processing to step F4160.
  • the set H1 is not a subset of the set H2, since it corresponds to the new path 3 described with reference to FIG. 17, in order to notify the requesting storage administrator to allocate the SLU in the specified bind group to the new host.
  • the management computer 3000 is notified (step F4130), and the management computer 3000 (storage administrator) having security authority is requested to determine whether or not the specified bind group can be assigned to the specified ALU (step F4140).
  • the input value y is 1, and when the storage group is not possible, the input value y is 0. If the input value y is 0 in step F4150, the configuration control unit ends the bind group assignment process.
  • the configuration control unit registers the ID of the designated bind group in the designated ALU column T2050 of the logical volume management table T2000, and designates the designated bind group (for example, ALU 2210k) in the designated bind group (ALU 2210k). For example, bind group 2600j) is assigned (step F4160), and the process is terminated.
  • the bind management table T3000 may be updated.
  • FIGS. 22 to 24 are diagrams showing examples of flowcharts of processing for binding an SLU to an ALU, that is, setting an SLU to be accessed via the ALU.
  • FIG. 21 is a diagram showing a flowchart F5000a that is an example of the binding process when the storage administrator designates the SLU and the ALU.
  • the bind process is a process performed by the configuration control unit included in the storage apparatus 2000.
  • the storage administrator transmits a bind request specifying the SLU and ALU to the storage apparatus management program 3110, and the configuration control unit receives the bind request via the management server 2500 and starts the bind process.
  • the configuration control unit extracts the designated SLU ID and ALU ID (step F5010a), refers to the logical volume management table T2000, and extracts the bind group assigned to the specified ALU. That is, the bind group ID of the column T2050 in the row where the designated ALU ID is registered in the column T2010 is extracted, and the extracted bind group group is set as a set B (step F5020a). Further, referring to the logical volume management table T2000, the bind group to which the designated SLU belongs is extracted, and the extracted bind group group is set as a set b1 (step F5030a).
  • the configuration control unit checks whether any element of the set b1 is included in the set B (step F5040a). If included, the configuration control unit designates the specified SLU with the bitmap in the specified ALU column T3020 of the bind management table T3000. The bit corresponding to is set to 1 (step F5050a), and the process is terminated. If it is not included, it is notified that binding is not possible (step F5060a), and the process ends.
  • FIGS. 22 to 24 are diagrams showing a flowchart F5000b which is an example of processing when the bind destination ALU is not designated.
  • a flowchart F5000b is processing of the storage apparatus management program 3110 of the management computer 3000, and is executed by the processor 3200.
  • the storage administrator specifies the host computer or virtual server (specified host computer) to which the SLU is assigned, the SLU, and the ALL-ALU flag (any one in the case of 0, all ALUs that can be bound in the case of 1).
  • the bind request is transmitted to the storage apparatus management program 3110 to start processing.
  • the storage apparatus management program 3110 extracts the host ID and SLU ID (designated SLU ID) of the allocation destination from the request (Step F5010b).
  • the logical volume management table T2000 is acquired from the storage apparatus 2000 via the API provided by the management server 2500, and the bind group to which the designated SLU belongs is extracted, that is, the column T2050 in the row where the designated SLU ID is registered in the column T2010.
  • the bind group is extracted and b2 is set as the extracted bind group (step F5020b).
  • the storage system management program 3110 refers to the host management table T5000, extracts the host group to which the designated host computer belongs, and sets the extracted host group group as a set H3 (step F5030b).
  • the ALU assigned to the host group of the set H3 is extracted, and the extracted ALU group is set as a set A2 (step F5040b).
  • Step F5050b for each element a in the set A2, the storage apparatus management program 3110 executes Step F5050b to Step F5090b.
  • step F5060b it is confirmed whether or not the bind group b2 is included in the bind group assigned to the element a. If not included, the process proceeds to step F5090b. If included, the element a is registered in the bind list L (step S5060b). F5070b). Next, the value of the designated ALL-ALU flag is confirmed (step F5080b). If the value is 0, the process proceeds to step F5100b. If the value is 1, the process proceeds to step F5090b.
  • step F5100b the storage apparatus management program 3110 confirms the number of elements in the bind list L, and if the number of elements is 0, notifies that there is no ALU that can be bound (step F5130b), and ends the process.
  • the number of elements is larger than 0, an instruction to bind the designated SLU to the ALU registered in the bind list L is transmitted to the configuration control unit included in the storage apparatus 2000 (step F5110b), and it is confirmed that the bind process has been normally completed. After that, the requester is notified of the ALU in the bind list L (step F5140b), and the process is terminated.
  • the configuration control unit included in the storage apparatus 2000 refers to the bind management table T3000, confirms the SLU bind status to the ALU designated to be deregistered, and at least one SLU that is bound. Is present, it rejects the ALU deallocation request. If there is no bound SLU, the configuration control unit deletes the designated ALU from the column T1050 corresponding to the deallocation target host group in the logical port management table T1000.
  • the configuration control unit of the storage apparatus 2000 refers to the bind management table T3000, confirms the presence of an SLU binding to the ALU designated for deletion, and further refers to the logical port management table T1000. Then, it is confirmed whether the designated ALU is allocated to any of the host groups.
  • the configuration control unit included in the storage apparatus 2000 deletes the designated ALU from the logical volume management table T2000 when there is no SLU binding to the designated ALU and the designated ALU is not allocated to any of the host groups. .
  • the configuration control unit included in the storage apparatus 2000 rejects the ALU deletion when the SLU binding exists or an ALU is assigned to any host group.
  • the configuration control unit included in the storage apparatus 2000 extracts the SLU and ALU specified in the unbind request, and sets the value of the bit indicated by the specified ALU and the specified SLU to 0 in the bind management table T3000. To do. If no ALU is specified in the unbind request, all bit values indicated by the specified SLU are set to 0 in the bind management table T3000 regardless of the ID of the column T3010. As a result, access to the designated SLU from the host computer 1000 on the SAN 4000 can be canceled with a single instruction.
  • the host computer can access only the SLU bound to the ALU.
  • the host computer 1000b belonging to the business B shown in FIG. 1 can access the SLUs 2210f and 2210g, but can be limited so that it cannot access the SLUs 2210c to 2210e.
  • the virtual server operating on the host computer can be restricted in the same access as the host computer. Since the operation for changing the limitation is not executed unless the permission of the storage administrator is obtained, an erroneous operation or the like is prevented. Furthermore, by allocating the SLU to the virtual server, no extra cost is generated in the control of the logical volume unit.
  • the SLU binding depends on the business application provided in the host computer 1000 and the operation of the Hyper-Visor unit 1400, it may be requested from the host computer 1000 via the SAN, that is, in-band.
  • the SAN that is, in-band.
  • a configuration for performing bind / unbind with In-band will be described.
  • FIG. 25 is a diagram illustrating an example of the configuration of the storage system according to the second embodiment.
  • the storage device 2000 includes a logical device (CMD: CoMandMDevice) 2900 for receiving a storage management operation request via In-band.
  • the CMD 2900 is assigned to the logical port 2110n and can be recognized from the host computer 1000n.
  • the local ID in the logical port 2110n of the host group 2111n that provides the CMD 2900 is fixed to FF, but the host group 2111n may be any host group set by the storage administrator.
  • CMD2900 is normally distributed as a LUN, it needs to be separated from the host group to which the ALU belongs. This is because the SCSI command for operating the storage apparatus 2000 is a vendor-unique command, and the Hyper-Visor unit 1400 on the host computer 1000n may not support the vendor-unique command.
  • FIG. 26 is a diagram illustrating an example of the configuration of the host computer 1000n according to the second embodiment.
  • the host computer 1000n includes a storage management program 1220 in the memory 1200n.
  • the storage management program 1220 has processing for transmitting a vendor-unique SCSI command to the raw device 1310n to which the CMD 2900 is connected.
  • the storage management program 1220 receives an SLU bind request from the business application 1210 or the host administrator via the input unit 1700, converts it into a vendor-unique SCSI command, and transmits the created command to the raw device 1310n.
  • the CMD 2900 of the storage apparatus 2000 Upon receiving the command, the CMD 2900 of the storage apparatus 2000 extracts the designated SLU and ALU, requests the configuration control unit included in the storage apparatus 2000 to instruct the bind and unbind processing, and the configuration control unit binds. And unbind processing is executed.
  • the raw device 1310p is a device different from the raw device 1310n, and is the same as the raw device 1310 described with reference to FIG. 3, and the ALU 2210p is the same as the ALU 2210h.
  • the storage management program 1220 receives an SLU bind request from the business application 1210 or the host administrator via the input unit 1700, converts it to a vendor-unique SCSI command, and then converts the created command to the raw device 1310p (Example 1). To the raw device 1310).
  • the ALU 2010p of the storage apparatus 2000 ALU 2210h of the first embodiment
  • receives the command it extracts the specified SLU and ALU, and binds and unbinds specified to the configuration control unit provided in the storage apparatus 2000. The process is requested, and the configuration control unit executes bind and unbind processes.
  • the storage management program 1220 in the second embodiment accepts only bind and unbind operation instructions and rejects other operation requests of the storage apparatus 2000. Operations other than bind and unbind should be performed by a storage administrator who is familiar with the operation of the storage apparatus 2000. As a result, operations from a host administrator or business program that has not mastered the operation of the storage apparatus 2000 can be suppressed, and human error or access to unassigned SLUs can be prevented.
  • the binding between ALU and SLU can be changed according to the request from the host computer. As a result, it is possible to quickly cope with a change in the configuration of the virtual server on the host computer.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Human Computer Interaction (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

A storage system that connects one or more host calculators and a storage device, wherein said storage device comprises first layer logical units (LUs) and second layer LUs that are mapped hierarchically to each other, a configuration control unit for dividing the second layer LUs into one or more logical groups and mapping the logical groups to the first layer LUs, and an input/output control unit for receiving an access request in which the first layer LUs and the second layer LUs are specified and limiting the access to be processed among the accesses to the specified second layer LUs to the access to the second layer LUs divided into the logical groups that are mapped to the specified first layer LUs, and said host calculator transmits the access request to the storage device.

Description

ストレージシステム、ストレージ装置およびアクセス制御方法Storage system, storage device, and access control method
 本発明はストレージシステム、ストレージ装置およびアクセス制御方法に関するものである。 The present invention relates to a storage system, a storage apparatus, and an access control method.
 ホスト計算機の仮想化技術の進展により、一つの物理ホスト計算機上に複数の仮想サーバが構築され、仮想サーバのイメージおよび利用データをストレージ装置に格納する構成が用いられている。この構成で、一つもしくは複数の仮想サーバのデータは、ストレージ装置の一つの論理ボリュームに集約されていた。 With the progress of virtualization technology for host computers, a plurality of virtual servers are constructed on a single physical host computer, and a configuration is used in which images of virtual servers and usage data are stored in a storage device. With this configuration, the data of one or a plurality of virtual servers is collected in one logical volume of the storage device.
 特許文献1では、ストレージ装置の一つの論理ボリュームをホスト計算機上で複数の仮想ボリュームに区分けし、仮想サーバが用いるデータを前記仮想ボリューム毎に収める技術が開示されている。 Patent Document 1 discloses a technology in which one logical volume of a storage device is divided into a plurality of virtual volumes on a host computer, and data used by a virtual server is stored for each virtual volume.
 また、特許文献2では、SAN(Storage Area Network)などのIn-band経由でのLUアクセス制限として、ファブリックログイン時に登録されたWWN(World Wide Name)からの要求のみを受理する技術が開示されている。 Patent Document 2 discloses a technology that accepts only a request from a WWN (World Wide Name) registered at the time of fabric login as LU access restriction via In-band such as SAN (Storage Area Network). Yes.
特開2012-079245号公報JP 2012-079245 A 特開2004-227154号公報JP 2004-227154 A
 ストレージ装置において、複数の論理ボリューム(LU:Logical Unit)が複数の論理グループ(LU Conglomerate)に纏められ、論理グループ内の代表的な論理ボリューム(ALU:Administrative Logical Unit)に論理パスが設定されるとする。ホスト計算機は、論理パスが属する論理グループ内のALU以外の論理ボリューム(SLU:Subsidiary Logical Unit)の識別子を指定したI/O(Input/Output)コマンドを発行し、ストレージ装置は受信したI/Oコマンドで指定されたSLUへI/O処理を分配する。以下、このようなストレージ装置の構成を、Conglomerate LU Stractureという。 In a storage device, a plurality of logical volumes (LU: Logical Unit) are grouped into a plurality of logical groups (LU Configurate), and a logical path is set for a representative logical volume (ALU: Administrative Logical Unit) in the logical group. And The host computer issues an I / O (Input / Output) command specifying an identifier of a logical volume (SLU: Subsidy Logical Unit) other than the ALU in the logical group to which the logical path belongs, and the storage device receives the received I / O. Distributes I / O processing to the SLU specified by the command. Hereinafter, such a configuration of the storage apparatus is referred to as “Conglomerate LU Structure”.
 Conglomerate LU Stractureのストレージ装置では、ホスト計算機上の一つの仮想サーバに対して、一つもしくは複数のSLUを割当てることにより、仮想サーバ単位にストレージ装置の論理ボリュームを割り当てることが可能となる。 In a storage device of Conglomerate LU Structure, it is possible to assign a logical volume of the storage device in units of virtual servers by assigning one or more SLUs to one virtual server on the host computer.
 特許文献1に開示された技術の複数の仮想ボリュームは、ストレージ装置内では一つの論理ボリュームであり、ストレージ装置が具備する機能は論理ボリューム単位で制御する。そのため、特許文献1に開示されたストレージ装置の構成において、例えばストレージ装置が具備するローカルコピー機能やリモートコピー機能を用いると、複数の仮想ボリュームに区分けされている論理ボリュームがコピー単位となり、本来はコピーされる必要のない仮想ボリュームのデータがコピーされる分の余剰コストが生じる。特許文献1及び特許文献2では、Conglomerate LU Stractureを想定していないため、ストレージ装置において論理パスが設定された論理ボリュームへのアクセス制限をするに留まり、論理パスが設定されたALUではないSLUへのアクセス制限をする技術は開示されていない。 The plurality of virtual volumes of the technique disclosed in Patent Document 1 is one logical volume in the storage apparatus, and the functions of the storage apparatus are controlled in units of logical volumes. Therefore, in the configuration of the storage device disclosed in Patent Document 1, for example, when the local copy function or the remote copy function provided in the storage device is used, the logical volume divided into a plurality of virtual volumes becomes a copy unit. An extra cost is incurred for copying the data of the virtual volume that does not need to be copied. In Patent Literature 1 and Patent Literature 2, the Conglomerate LU Structure is not assumed, so the access to the logical volume in which the logical path is set in the storage device is limited, and the SLU that is not the ALU in which the logical path is set. The technology for restricting access is not disclosed.
 そこで、本発明の目的は、ALUとSLUの階層化された構成において、SLUへのアクセス制限を可能とすることにある。 Therefore, an object of the present invention is to make it possible to restrict access to SLUs in a hierarchical configuration of ALUs and SLUs.
 上記課題を解決するために、本発明に係る代表的なストレージシステムは、一つもしくは複数のホスト計算機とストレージ装置を接続したストレージシステムであって、前記ストレージ装置は、階層的に対応付けられた第一層のLUと第二層のLUを具備し、前記第二層のLUを一つもしくは複数の論理グループに分配し、前記論理グループと前記第一層のLUとを対応付ける構成制御部と、前記ホスト計算機から前記第一層のLUと前記第二層のLUが指定されたアクセス要求を受信し、前記指定された第一層のLUに対応付けられた前記論理グループに分配された前記第二層のLUへのアクセスに、前記指定された第二層のLUへのアクセスの中で処理するアクセスを限定する入出力制御部を具備することを特徴とする。 In order to solve the above problems, a typical storage system according to the present invention is a storage system in which one or a plurality of host computers and storage devices are connected, and the storage devices are associated in a hierarchical manner. A configuration controller that includes a first layer LU and a second layer LU, distributes the second layer LU to one or more logical groups, and associates the logical group with the first layer LU; Receiving the access request in which the first layer LU and the second layer LU are designated from the host computer, and distributing the access request to the logical group associated with the designated first layer LU. The access to the second layer LU is provided with an input / output control unit for limiting access to be processed in the access to the designated second layer LU.
 また、本発明に係るストレージシステムは、前記ストレージ装置が、前記ホスト計算機と接続し、前記第一層のLUにアクセス可能なホスト計算機がそれぞれ登録され、前記登録されたホスト計算機からのアクセスのみを許可する接続I/Fをさらに具備することを特徴とする。 Further, in the storage system according to the present invention, the storage device is connected to the host computer, and host computers that can access the LU of the first layer are registered, and only access from the registered host computer is performed. A connection I / F to be permitted is further provided.
 本発明によれば、ALUとSLUの階層化された構成において、SLUへのアクセス制限が可能である。 According to the present invention, it is possible to restrict access to SLUs in a hierarchical configuration of ALUs and SLUs.
ストレージシステムの構成の例を示す図である。It is a figure which shows the example of a structure of a storage system. ストレージ装置の構成の例を示す図である。It is a figure which shows the example of a structure of a storage apparatus. ホスト計算機の構成の例を示す図である。It is a figure which shows the example of a structure of a host computer. 管理計算機の構成の例を示す図である。It is a figure which shows the example of a structure of a management computer. 論理ポート管理テーブルの構成の例を示す図である。It is a figure which shows the example of a structure of a logical port management table. 論理ボリューム管理テーブルの構成の例を示す図である。It is a figure which shows the example of a structure of a logical volume management table. バインド管理テーブルの構成の例を示す図である。It is a figure which shows the example of a structure of a binding management table. ストレージ装置管理テーブルの構成の例を示す図である。It is a figure which shows the example of a structure of a storage apparatus management table. ホスト計算機管理テーブルの構成の例を示す図である。It is a figure which shows the example of a structure of a host computer management table. Report LUNコマンドの例を示す図である。It is a figure which shows the example of a Report LUN command. Report LUNコマンドの応答の例を示す図である。It is a figure which shows the example of the response of Report LUN command. SCSIコマンドのLUN指定の例を示す図である。It is a figure which shows the example of LUN specification of a SCSI command. SCSIコマンドを処理するフローチャートの例を示す図である。It is a figure which shows the example of the flowchart which processes a SCSI command. ALUを作成する処理のフローチャートの例を示す図である。It is a figure which shows the example of the flowchart of a process which produces ALU. ALUをホストグループへ割当てる処理のフローチャートの例を示す図である。It is a figure which shows the example of the flowchart of the process which allocates ALU to a host group. 新たなホストグループへの割当てを判定する処理のフローチャートである。It is a flowchart of the process which determines the allocation to a new host group. 論理ポートからSLUまでの経路の例を示す図である。It is a figure which shows the example of the path | route from a logical port to SLU. 割当て済みALUを抽出する処理のフローチャートの例を示す図である。It is a figure which shows the example of the flowchart of the process which extracts allocated ALU. 新規経路1を判定する処理のフローチャートの例を示す図である。It is a figure which shows the example of the flowchart of a process which determines the new path | route 1. FIG. 新規経路2、3を判定する処理のフローチャートの例を示す図である。It is a figure which shows the example of the flowchart of the process which determines the new paths 2 and 3. FIG. 指定されたALUへSLUをバインドする処理のフローチャートの例を示す図である。It is a figure which shows the example of the flowchart of a process which binds SLU to the designated ALU. 要求元ホスト計算機に割当てられたALUを抽出する処理のフローチャートの例を示す図である。It is a figure which shows the example of the flowchart of the process which extracts ALU allocated to the request origin host computer. 抽出されたALUの中から、バインドグループを割当てられたALUを検出する処理のフローチャートの例を示す図である。It is a figure which shows the example of the flowchart of a process which detects ALU to which the bind group was allocated from the extracted ALU. 検出されたALUへSLUをバインドする処理のフローチャートの例を示す図である。It is a figure which shows the example of the flowchart of a process which binds SLU to the detected ALU. バインドを操作するホスト計算機を有するストレージシステムの構成の例を示す図である。It is a figure which shows the example of a structure of the storage system which has a host computer which operates bind. バインドを操作するホスト計算機の構成の例を示す図である。It is a figure which shows the example of a structure of the host computer which operates bind.
 以下、図面を用いて実施例を説明する。 Hereinafter, examples will be described with reference to the drawings.
 なお、以後の説明では「テーブル」という表現にて各実施例の情報を説明するが、これらの情報は必ずしもテーブルである必要は無く、テーブル以外のデータ構造で表現されてもよい。また、「プログラム」を主語として説明を行う場合もあるが、プログラムはプロセッサによって実行されることで定められた処理をメモリおよび通信ポートを用いながら行うため、プロセッサを主語とした説明と同じである。 In the following description, the information of each embodiment will be described using the expression “table”. However, the information is not necessarily a table, and may be expressed by a data structure other than a table. In some cases, “program” is the subject of the description, but the program is executed by the processor, and the processing determined using the memory and communication port is the same as that for the processor as the subject. .
 また、プログラムをプロセッサが実行して得られる処理は、専用ハードウェアによる処理と同じであり、その一部または全てを専用ハードウェアによって実現されてもよい。このため、「部」という表現にて物について説明するが、これらの「部」はその一部または全てがプロセッサによるプログラムの実行であってもよいし、その一部または全てが専用ハードウェアであってもよい。 Further, the processing obtained by executing the program by the processor is the same as the processing by the dedicated hardware, and part or all of the processing may be realized by the dedicated hardware. For this reason, an object is described using the expression “unit”. However, a part or all of these “units” may be a program executed by a processor, or a part or all of them are dedicated hardware. There may be.
 また、プログラムは、プログラム配布サーバや、計算機が読み取り可能な記憶メディアによって、インストールされてもよい。 Also, the program may be installed by a program distribution server or a computer-readable storage medium.
 図1は、実施例1のストレージシステムの構成の例を示す図である。ストレージ装置2000は、論理ボリュームを複数の論理的な区画(以下、BG:バインドグループ2600)に区分けする論理分割部と、Conglomerate LU Stractureに対応するI/O制御部(入出力制御部)と、構成制御部を具備しており、論理ポート2110からSAN4000を介して接続されるホスト計算機1000へ論理ボリューム2210を提供する。 FIG. 1 is a diagram illustrating an example of the configuration of a storage system according to the first embodiment. The storage apparatus 2000 includes a logical partitioning unit that divides a logical volume into a plurality of logical partitions (hereinafter, BG: bind group 2600), an I / O control unit (input / output control unit) corresponding to the Congregate LU Structure, A logical volume 2210 is provided from the logical port 2110 to the host computer 1000 connected via the SAN 4000.
 ここで、論理ポート2110は論理ポート(I/F:InterFace)2110a、2110bなどそれぞれを区別なく表す場合の総称であり、以下の説明でも符号のアルファベットを省略して総称を表す。また、論理ボリューム2210はALU2210a、2210bとSLU2210c~2210gなどそれぞれを区別なく表す場合の総称である。ALU2210hは、ALU2210a、2210bなどそれぞれを区別なく表す場合の総称である。SLU2210iは、SLU2210c~2210gなどそれぞれを区別なく表す場合の総称である。 Here, the logical port 2110 is a generic name in the case where the logical ports (I / F: InterFace) 2110a, 2110b, etc. are represented without distinction, and in the following description, the alphabetical symbols are omitted to represent the generic name. Further, the logical volume 2210 is a generic name for the ALUs 2210a, 2210b, and the SLUs 2210c to 2210g, which are represented without distinction. The ALU 2210h is a generic name for representing the ALUs 2210a, 2210b, etc. without distinction. The SLU 2210i is a generic name for representing each of the SLUs 2210c to 2210g without distinction.
 また、ストレージ装置2000は、LAN(Local Area Network)に代表される管理ネットワーク5000を介して、管理計算機3000に接続する。ストレージ装置2000は、管理計算機3000に、ストレージ装置2000が具備する各構成管理テーブルと構成制御部が提供する管理API(Application Program Interface)を提供する。 The storage apparatus 2000 is connected to the management computer 3000 via a management network 5000 represented by a LAN (Local Area Network). The storage apparatus 2000 provides the management computer 3000 with each configuration management table provided in the storage apparatus 2000 and a management API (Application Program Interface) provided by the configuration control unit.
 図1では、ALU属性がストレージ管理者により設定されたALU2210aとALU2210bが二つの論理ボリューム2210として存在し、ALU2210aには一つのBG(バインドグループ)2600aがストレージ管理者により割当てられ、ALU2210bには一つのBG2600bが割当てられている。BG2600aには三つのSLU2210c~2210eが割り当てられ、BG2600bには二つのSLU2210f、2210gがストレージ管理者によって割り当てられている。また、ストレージ管理者により論理ポート2110aが具備するHG(ホストグループ)2111a、2111cには、ALU2210aが割当てられ、HG2111b、2111dには、ALU2210bが割当てられている。 In FIG. 1, an ALU 2210a and an ALU 2210b whose ALU attributes are set by the storage administrator exist as two logical volumes 2210. One BG (bind group) 2600a is assigned to the ALU 2210a by the storage administrator, and one ALU 2210b is assigned to the ALU 2210b. Two BG2600b are allocated. Three SLUs 2210c to 2210e are assigned to the BG 2600a, and two SLUs 2210f and 2210g are assigned to the BG 2600b by the storage administrator. Further, the storage administrator assigns ALU 2210a to HGs (host groups) 2111a and 2111c included in the logical port 2110a, and assigns ALU 2210b to HGs 2111b and 2111d.
 さらに、HG2111a、2111cには、業務Aに属する一つまたは複数のホスト計算機1000aが具備するHBA(Host Bus Adapter)を識別するためのWWNが登録されており、HG2111b、2111dには、業務Bに属する一つまたは複数のホスト計算機1000bが具備するHBAのWWNが登録されている。そして、例えば、業務Aに属するホスト計算機1000a上で3つの仮想サーバが動作し、3つの仮想サーバそれぞれはSLU2210cとSLU2210dとSLU2210eをそれぞれ割り当てられる。また、例えば、業務Bに属するホスト計算機1000b上で2つの仮想サーバが動作し、2つの仮想サーバそれぞれはSLU2210fとSLU2210gをそれぞれ割り当てられることが可能である。各SLU2210には、それぞれのSLU2210が割り当てられた仮想サーバのデータ(仮想サーバのイメージデータや利用データ等)が格納される。 Further, the HG 2111a and 2111c register a WWN for identifying an HBA (Host が Bus Adapter) included in one or a plurality of host computers 1000a belonging to the business A. The HGs 2111b and 2111d are registered with the business B. The WWN of the HBA that one or more host computers 1000b to which it belongs is registered. Then, for example, three virtual servers operate on the host computer 1000a belonging to the job A, and SLU 2210c, SLU 2210d, and SLU 2210e are assigned to each of the three virtual servers. Further, for example, two virtual servers operate on the host computer 1000b belonging to the business B, and each of the two virtual servers can be assigned SLU 2210f and SLU 2210g, respectively. Each SLU 2210 stores data (virtual server image data, usage data, etc.) of the virtual server to which each SLU 2210 is assigned.
 管理計算機3000は、管理ネットワーク5000を介して、ホスト計算機1000に接続し、ホスト計算機1000の構成情報を取得することができ、さらに、ホスト計算機1000からのストレージ管理操作要求を受信することができる。ストレージ装置2000を管理対象とするストレージ管理者は、ストレージ装置管理プログラム3110を介してストレージ装置2000と、ホスト計算機1000の構成情報を認識することができ、さらに、各装置へ構成変更指示を送信することができる。 The management computer 3000 is connected to the host computer 1000 via the management network 5000, can acquire configuration information of the host computer 1000, and can receive a storage management operation request from the host computer 1000. A storage administrator who manages the storage apparatus 2000 can recognize the configuration information of the storage apparatus 2000 and the host computer 1000 via the storage apparatus management program 3110, and further transmits a configuration change instruction to each apparatus. be able to.
 以下では、ストレージ装置管理プログラム3110による、ALUとSLUおよびBGの設定と、その設定に基づいたストレージ装置2000におけるI/O制御について説明する。まず、各装置の構成について説明する。 Hereinafter, setting of ALU, SLU, and BG by the storage apparatus management program 3110 and I / O control in the storage apparatus 2000 based on the setting will be described. First, the configuration of each device will be described.
 図2は、ストレージ装置2000の構成の例を示す図である。ストレージ装置2000は、ホストI/F部であるFEPK(FrontEnd PacKage)2100と、制御部であるMPPK(Micro Processor PacKage)2200と、共有メモリ部であるCMPK(Cache Memory PacKage)2300と、ディスクI/F部であるBEPK(BackEnd PacKage)2400と、記憶装置の一例としてのHDD(ハードディスクドライブ)2700と、管理サーバ2500とを、それぞれ一つまたは複数具備する。 FIG. 2 is a diagram showing an example of the configuration of the storage apparatus 2000. The storage apparatus 2000 includes an FEPK (Front End PacKage) 2100 that is a host I / F unit, an MPPK (Micro Processor PacKage) 2200 that is a control unit, a CMPK (Cache Memory PacKage) 2300 that is a shared memory unit, and a disk I / F. One or a plurality of BEPKs (BackEnd PacKage) 2400, an HDD (Hard Disk Drive) 2700 as an example of a storage device, and a management server 2500 are provided.
 内部ネットワーク2800は、FEPK2100とMPPK2200とCMPK2300とBEPK2400と管理サーバ2500とを互いに接続する。内部ネットワーク2800により、MPPK2200の各MP2240は、FEPK2100、CMPK2300、BEPK2400のいずれに対しても通信可能となっている。 The internal network 2800 connects the FEPK 2100, MPPK 2200, CMPK 2300, BEPK 2400, and the management server 2500 to each other. Through the internal network 2800, each MP 2240 of the MPPK 2200 can communicate with any of the FEPK 2100, CMPK 2300, and BEPK 2400.
 FEPK2100は、それぞれがホストI/Fとなる複数の論理ポート2110を有する。また、論理ポート2110は、複数のホストグループ2111を有し、SAN4000を経由した論理ポート2110へのログイン(通常、ファブリックログインと称す)処理時に、ホストグループ2111に登録されたWWNからのログイン要求のみを受理する機能を有す。 The FEPK 2100 has a plurality of logical ports 2110 each serving as a host I / F. Further, the logical port 2110 has a plurality of host groups 2111, and only a login request from the WWN registered in the host group 2111 at the time of login processing to the logical port 2110 via the SAN 4000 (usually referred to as fabric login). It has a function to accept.
 BEPK2400は、複数のディスクI/F2410を有する。ディスクI/F2410は、例えば、ケーブルを介してHDD2700と接続されるとともに、内部ネットワーク2800と接続されており、内部ネットワーク2800側とHDD2700との間におけるリード又はライト対象のデータの受け渡し処理を仲介する。 The BEPK 2400 has a plurality of disk I / Fs 2410. The disk I / F 2410 is connected to the HDD 2700 via, for example, a cable, and is also connected to the internal network 2800, and mediates a data transfer process between the internal network 2800 side and the HDD 2700 to be read or written. .
 CMPK2300は、データ用のキャッシュメモリ2310と制御情報用メモリ2320を有する。キャッシュメモリ2310と制御情報用メモリ2320は、揮発メモリ、例えば、DRAM(Dynamic Random Access Memory)であってもよい。キャッシュメモリ2310は、HDD2700にライトするデータを一時的に格納(キャッシュ)し、或いはHDD2700からリードしたデータを一時的に格納(キャッシュ)する。制御情報用メモリ2320は、制御に必要な情報、例えば、論理ボリューム2210やBG2600などの構成情報として、論理ポート管理テーブルT1000と、論理ボリューム管理テーブルT2000と、バインド管理テーブルT3000を格納する。 The CMPK 2300 includes a data cache memory 2310 and a control information memory 2320. The cache memory 2310 and the control information memory 2320 may be volatile memories, for example, DRAM (Dynamic Random Access Memory). The cache memory 2310 temporarily stores (caches) data to be written to the HDD 2700, or temporarily stores (caches) data read from the HDD 2700. The control information memory 2320 stores a logical port management table T1000, a logical volume management table T2000, and a bind management table T3000 as information necessary for control, for example, configuration information of the logical volume 2210 and BG2600.
 MPPK2200は、複数のMP(Micro Processor)2240と、LM(Local Memory)2220と、これらを接続するバス2230とを有する。MP2240は、計算機などでも使用されるプロセッサであり、LM2220に格納されたプログラムにしたがって動作することにより、論理分割部、I/O制御部、構成制御部などになる。LM2220は、制御情報用メモリ2320に格納されているI/O制御のための制御情報の一部を格納している。 
 管理サーバ2500は、制御情報用メモリ2320からLM2220にロードされMP2240により実行されている制御プログラムへ、管理計算機3000からの操作要求を伝達するためのアプリケーションを有する計算機である。管理計算機3000が有する各プログラムを、管理サーバ2500は有することもできる。 The MPPK 2200 includes a plurality of MPs (Micro Processors) 2240, an LM (Local Memory) 2220, and a bus 2230 that connects these. The MP 2240 is a processor that is also used in a computer or the like, and becomes a logical partition unit, an I / O control unit, a configuration control unit, or the like by operating according to a program stored in the LM 2220. The LM 2220 stores a part of control information for I / O control stored in the control information memory 2320.
The management server 2500 is a computer having an application for transmitting an operation request from the management computer 3000 to a control program loaded from the control information memory 2320 to the LM 2220 and executed by the MP 2240. The management server 2500 can also have each program that the management computer 3000 has.
 制御情報用メモリ2320には、論理分割部とI/O制御部が取り扱う情報が格納されている。管理計算機3000上のストレージ装置管理プログラム3110は、管理サーバ2500を介して、制御情報用メモリ2320に格納された情報を取得することができる。 The control information memory 2320 stores information handled by the logical partitioning unit and the I / O control unit. The storage device management program 3110 on the management computer 3000 can acquire information stored in the control information memory 2320 via the management server 2500.
 論理分割部は、BEPK2400が提供する論理記憶領域となる論理ボリューム2210(LDEV:Logical Deviceとも称す)をBG2600に分配する。論理分割部は、BG2600に登録する論理ボリューム2210の構成情報に、BG2600を装置内で一意に識別可能な識別子(BIND GROUP ID)を付与し、制御情報用メモリ2320に論理ボリューム管理テーブルT2000として保管する。 The logical partitioning unit distributes a logical volume 2210 (also referred to as LDEV: Logical Device), which is a logical storage area provided by the BEPK 2400, to the BG 2600. The logical partitioning unit assigns an identifier (BIND GROUP ID) that can uniquely identify the BG2600 in the device to the configuration information of the logical volume 2210 registered in the BG2600, and stores it in the control information memory 2320 as the logical volume management table T2000. To do.
 図3は、ホスト計算機1000の構成の例を示す図である。ホスト計算機1000は、プロセッサ1100、メモリ1200、HBA(Host Bus Adapter)1300、Hyper Visor部1400、出力部1600、入力部1700、ネットワークI/Fである管理ポート1800などを備えた計算機である。ホスト計算機1000は、例えば、パーソナルコンピュータや、ワークステーションまたはメインフレームなどである。メモリ1200は、業務アプリケーション1210、ストレージ管理プログラム1220、OS(Operating System)を格納している。 FIG. 3 is a diagram showing an example of the configuration of the host computer 1000. The host computer 1000 is a computer including a processor 1100, a memory 1200, an HBA (HostHBus) Adapter) 1300, a Hyper Visor unit 1400, an output unit 1600, an input unit 1700, a management port 1800 that is a network I / F, and the like. The host computer 1000 is, for example, a personal computer, a workstation or a main frame. The memory 1200 stores a business application 1210, a storage management program 1220, and an OS (Operating System).
 Hyper Visor部1400は、ホスト計算機1000が有するハードウェアリソース(ハードウェア資源:プロセッサ1100、メモリ1200、ネットワークI/F1800等)を抽象化したリソース(論理プロセッサ、論理メモリ、論理ネットワークI/F等)に変換し、その抽象化したリソースを仮想サーバ(仮想マシン)に割り当てる。または、Hyper Visor部1400は、ホスト計算機1000が有するハードウェアリソース(プロセッサ1100、メモリ1200、ネットワークI/F1800等)を論理的に分割し、その論理的に分割されたハードウェアリソースを、仮想サーバ(論理区画:Logical Partition)に割り当てても良い。 The Hyper-Visor unit 1400 is a resource (logical processor, logical memory, logical network I / F, etc.) obtained by abstracting hardware resources (hardware resources: processor 1100, memory 1200, network I / F 1800, etc.) of the host computer 1000. And the abstracted resource is allocated to a virtual server (virtual machine). Alternatively, the Hyper-Visor unit 1400 logically divides the hardware resources (processor 1100, memory 1200, network I / F 1800, etc.) included in the host computer 1000, and divides the logically divided hardware resources into virtual servers. (Logical partition: Logical Partition) may also be assigned.
 各仮想サーバは、Hyper Visor部1400により割り当てられたリソースに基づいてホスト計算機1000上で動作し、OSや業務アプリケーション1210を実行する。 Each virtual server operates on the host computer 1000 based on the resources allocated by the Hyper-Visor unit 1400, and executes the OS and the business application 1210.
 プロセッサ1100は、ホスト計算機1000全体を統括制御し、メモリ1200に格納された業務アプリケーション1210または図示を省略した交替パスのプログラムを実行することにより、各プログラムに応じて動作する。例えば、プロセッサ1100は、業務アプリケーション1210を実行することで、ストレージ装置2000に対してアクセス要求として、例えば、リードアクセス要求またはライトアクセス要求を発行する。メモリ1200は、プログラムなどを記憶するために用いられるほか、プロセッサ1100のワークメモリとしても用いられる。 The processor 1100 performs overall control of the host computer 1000, and operates according to each program by executing the business application 1210 stored in the memory 1200 or a program of an alternate path (not shown). For example, the processor 1100 issues a read access request or a write access request as an access request to the storage apparatus 2000 by executing the business application 1210. The memory 1200 is used for storing programs and the like, and is also used as a work memory for the processor 1100.
 HBA1300は、ストレージ装置2000との通信時におけるプロトコル制御を行う。HBA1300が、プロトコル制御を行うことで、ホスト計算機1000とストレージ装置2000との間において、例えばファイバチャネルプロトコルに従ったデータやコマンドの送受信が行われる。 The HBA 1300 performs protocol control during communication with the storage apparatus 2000. When the HBA 1300 performs protocol control, data and commands according to, for example, a fiber channel protocol are transmitted and received between the host computer 1000 and the storage apparatus 2000.
 ローデバイス1310は、ストレージ装置2000のALU2210hに対応し、ホスト計算機1000の中においてALU2210hへのアクセスの代わりとなるデバイスである。仮想ボリューム1320は、ストレージ装置2000のSLU2210iに対応し、ホスト計算機1000の中においてSLU2210iへのアクセスの代わりとなるデバイスである。ローデバイス1310は、Hyper Visor部1400がアクセスされた際に、ページキャッシュ(図示せず)に一旦データをコピーする処理を行うことなく、I/O処理を実行し、オーバーヘッドを低減するためのデバイスとして用いられる。 The raw device 1310 corresponds to the ALU 2210h of the storage apparatus 2000, and is a device that substitutes for access to the ALU 2210h in the host computer 1000. The virtual volume 1320 corresponds to the SLU 2210 i of the storage apparatus 2000 and is a device that substitutes for access to the SLU 2210 i in the host computer 1000. The raw device 1310 is a device for reducing overhead by executing I / O processing without temporarily copying data to a page cache (not shown) when the Hyper-Visor unit 1400 is accessed. Used as
 HBA1300が取得するボリューム識別子は、グローバルユニークな値である必要があり、例えばストレージ装置2000のシリアル番号(装置製番)とストレージ装置2000内の論理ボリューム2210のローカルボリューム識別子の組合せで形成される。実施例1では、ストレージ装置2000は、ボリューム識別子の応答に対して、ALU2210hの識別子を応答する機能を具備する。 The volume identifier acquired by the HBA 1300 needs to be a globally unique value, and is formed by a combination of the serial number (device serial number) of the storage device 2000 and the local volume identifier of the logical volume 2210 in the storage device 2000, for example. In the first embodiment, the storage system 2000 has a function of responding to the identifier of the ALU 2210h in response to the response of the volume identifier.
 Hyper Visor部1400は、ローデバイス1310に対応するALU2210hに関連付けられたSLU2210iを、一つの仮想ボリューム1320として、ホスト計算機1000または仮想サーバで実行されるOS(Operating System)や業務アプリケーション1210などの各アプリケーションに提供する。 The Hyper-Visor unit 1400 uses the SLU 2210i associated with the ALU 2210h corresponding to the raw device 1310 as one virtual volume 1320, and each application such as an OS (Operating System) or a business application 1210 executed on the host computer 1000 or the virtual server. To provide.
 Hyper Visor部1400は、各アプリケーションやOSから発行された仮想ボリューム1320へのI/Oコマンドに対して、該当するALU2210hとSLU2210iを抽出し、I/OコマンドにALU2210hとSLU2210iの識別子を付与してローデバイス1310にコマンドを発行する。 The Hyper-Visor unit 1400 extracts the corresponding ALU 2210h and SLU 2210i for the I / O command to the virtual volume 1320 issued from each application or OS, and assigns the identifiers of the ALU 2210h and SLU 2210i to the I / O command. A command is issued to the raw device 1310.
 入力部1700は、例えば、キーボード、スイッチやポインティングデバイス、マイクロフォンなどから構成される。出力部1600は、モニタディスプレイやスピーカなどから構成される。 The input unit 1700 includes, for example, a keyboard, a switch, a pointing device, a microphone, and the like. The output unit 1600 includes a monitor display and a speaker.
 また、ストレージ管理プログラム1220は、業務アプリケーション1210やOSからのSLU2210i割当てや割当て解除などの論理ボリューム2210に対する操作要求を、管理ネットワーク5000経由で、管理計算機3000が具備するストレージ装置管理プログラム3110に送信することができる。さらに、ストレージ管理プログラム1220は、SAN4000を介して、ストレージ装置2000が具備する構成制御部に論理ボリュームの操作要求を送信することもできる。 In addition, the storage management program 1220 transmits an operation request for the logical volume 2210 such as SLU 2210i allocation or deallocation from the business application 1210 or the OS to the storage apparatus management program 3110 included in the management computer 3000 via the management network 5000. be able to. Furthermore, the storage management program 1220 can also send a logical volume operation request to the configuration control unit of the storage apparatus 2000 via the SAN 4000.
 図4は、管理計算機3000の構成の例を示す図である。管理計算機3000は、メモリ3100と、プロセッサ3200と、記憶媒体3300と、ネットワークI/F3400と、出力部3600と、入力部3700と、を有する。管理計算機3000は、プロセッサ3200が、管理計算機3000全体を統括制御し、メモリ3100にロードされたストレージ装置管理プログラム3110またはホスト計算機管理プログラム3120を実行することにより、各種のストレージ装置およびホスト計算機の構成管理操作要求を、ネットワークI/F3400と管理ネットワーク5000経由で、ストレージ装置2000およびホスト計算機1000へ送信する。 FIG. 4 is a diagram showing an example of the configuration of the management computer 3000. The management computer 3000 includes a memory 3100, a processor 3200, a storage medium 3300, a network I / F 3400, an output unit 3600, and an input unit 3700. In the management computer 3000, the processor 3200 performs overall control of the management computer 3000 and executes the storage device management program 3110 or the host computer management program 3120 loaded in the memory 3100, whereby various storage devices and host computer configurations are configured. The management operation request is transmitted to the storage apparatus 2000 and the host computer 1000 via the network I / F 3400 and the management network 5000.
 また、メモリ3100には、ストレージ装置管理プログラム3110とホスト計算機管理プログラム3120が用いる制御情報として、ストレージ装置管理テーブルT4000、ホスト計算機管理テーブルT5000が格納される。ストレージ管理者は、キーボードやマウスなどの入力部3700に操作要求を入力し、ディスプレイやスピーカなどの出力部3600を介して実行結果を取得することができる。HDDやSDなどの記憶媒体3300には、ストレージ装置管理プログラム3110やホスト計算機管理プログラム3120と各制御プログラムの実行ログが格納されている。 The memory 3100 stores a storage device management table T4000 and a host computer management table T5000 as control information used by the storage device management program 3110 and the host computer management program 3120. The storage administrator can input an operation request to the input unit 3700 such as a keyboard or a mouse, and can acquire an execution result via the output unit 3600 such as a display or a speaker. A storage medium 3300 such as an HDD or SD stores a storage device management program 3110, a host computer management program 3120, and an execution log of each control program.
 図5は、ストレージ装置2000が具備する論理ポート管理テーブルT1000の例を示す図である。論理ポート管理テーブルT1000は、ストレージ装置2000が実行するI/O制御処理時やALU割当て処理およびバインドグループ割当て処理時に参照され、さらに、管理サーバ2500が提供するAPIにより、管理ネットワーク5000を介して管理計算機3000が具備するストレージ装置管理プログラム3110からもアクセスされる。 FIG. 5 is a diagram showing an example of the logical port management table T1000 provided in the storage apparatus 2000. The logical port management table T1000 is referred to during I / O control processing, ALU allocation processing, and bind group allocation processing executed by the storage apparatus 2000, and further managed via the management network 5000 by the API provided by the management server 2500. It is also accessed from the storage device management program 3110 provided in the computer 3000.
 論理ポート管理テーブルT1000は、論理ポート2110を装置内で識別可能な識別子を登録する欄T1010と、論理ポート2110のWWNを登録する欄T1020と、論理ポート2110が具備するホストグループ2111を、論理ポート2110下のローカルな範囲で一意に特定可能な識別子を登録する欄T1030と、ホストグループ2111でファブリックログインを許可する接続元(ホスト計算機またはホスト計算機の仮想サーバ)のWWN(HOST WWN)を登録する欄T1040と、ホストグループ2111に割当てられたALUの、装置内で唯一となる識別子を登録する欄T1050から構成される。 The logical port management table T1000 includes a column T1010 for registering an identifier that can identify the logical port 2110 in the apparatus, a column T1020 for registering the WWN of the logical port 2110, and a host group 2111 included in the logical port 2110. Registers a field T1030 for registering an identifier uniquely identifiable within a local range under 2110, and a WWN (HOSTHWWN) of a connection source (host computer or a virtual server of the host computer) that permits fabric login in the host group 2111. A column T1040 and a column T1050 for registering the unique identifier of the ALU assigned to the host group 2111 in the apparatus.
 ストレージ装置2000は、論理ポート管理テーブルT1000を参照することにより、欄T1040に登録されたHOST WWNを有する接続元(ホスト計算機または仮想サーバ)から当該論理ポート2110にファブリックログインすることを可能とし、欄T1040に登録されたHOST WWNを有する接続元(ホスト計算機または仮想サーバ)は欄T1050に登録されたALUを認識することが可能となる。ここで、欄T1050のLUN(Logical Unit Number)はローデバイス1310のIDであり、ALU IDがストレージ装置2000内の識別子であるのに対し、LUNはホスト計算機1000が使用する識別子である。このため、異なる複数のホスト計算機は同じLUN(例えば243)を使用することも可能である。 By referring to the logical port management table T1000, the storage system 2000 enables fabric login to the logical port 2110 from the connection source (host computer or virtual server) having HOST WWN registered in the column T1040. The connection source (host computer or virtual server) having HOST WWN registered in T1040 can recognize the ALU registered in the column T1050. Here, the LUN (Logical Unit Number) in the column T1050 is the ID of the raw device 1310, and the ALU ID is an identifier in the storage apparatus 2000, whereas the LUN is an identifier used by the host computer 1000. Therefore, a plurality of different host computers can use the same LUN (for example, 243).
 図6は、ストレージ装置2000が具備する論理ボリューム管理テーブルT2000の例を示す図である。論理ボリューム管理テーブルT2000は、ストレージ装置2000が具備する論理ボリューム構成制御部、バインドグループ構成制御部(いずれも、図示せず)が参照および情報登録を行い、これら制御部は、管理サーバ2500が提供するAPIからの要求に基づいて論理ボリューム管理テーブルT2000の情報を提供し、さらに登録情報を更新する。 FIG. 6 is a diagram showing an example of the logical volume management table T2000 included in the storage apparatus 2000. The logical volume management table T2000 is referred to and registered by a logical volume configuration control unit and a bind group configuration control unit (both not shown) included in the storage apparatus 2000. These control units are provided by the management server 2500. The information of the logical volume management table T2000 is provided based on the request from the API to be updated, and the registration information is updated.
 論理ボリューム管理テーブルT2000は、論理ボリューム(LDEV)を装置内で一意に特定可能な識別子を登録する欄T2010と、LDEVの論理記憶領域の容量を登録する欄T2020と、LDEVが属する物理記憶領域を装置内で一意に示す識別子を登録する欄T2030と、LDEVの属性を登録するT2040と、LDEVが属するバインドグループを装置内で一意に示す識別子を登録するT2050により構成される。 The logical volume management table T2000 includes a column T2010 for registering an identifier that can uniquely identify a logical volume (LDEV) within the apparatus, a column T2020 for registering the capacity of the logical storage area of the LDEV, and a physical storage area to which the LDEV belongs. A field T2030 for registering an identifier uniquely indicated in the apparatus, a T2040 for registering an LDEV attribute, and a T2050 for registering an identifier uniquely indicating the bind group to which the LDEV belongs in the apparatus.
 欄T2040はALUを示す情報あるいはSLUを示す情報を含んでもよく、ALUは実際にデータを記憶するLDEVではないため、ALUの欄T2030に物理記憶領域の情報はなく、ALUの欄T2020の容量は0である。欄T2030は物理記憶領域としてRAID(Redundant Arrays of Inexpensive Disks)のパリティグループの識別子を含んでもよい。 The column T2040 may include information indicating an ALU or information indicating an SLU. Since the ALU is not an LDEV that actually stores data, there is no physical storage area information in the ALU column T2030, and the capacity of the ALU column T2020 is 0. The column T2030 may include an identifier of a parity group of RAID (Redundant Arrays of Inexpensive Disks) as a physical storage area.
 図7は、ストレージ装置2000が具備するバインド管理テーブルT3000の例を示す図である。バインド管理テーブルT3000は、ストレージ装置2000が具備するバインド構成制御部(図示せず)によって登録され、I/O制御の際に参照される。バインド管理テーブルT3000は、ALUを装置内で一意に特定可能な識別子(図7の例ではLDEV IDを利用)を登録する欄T3010と、バインド状態となるLDEVの一覧を示すビットマップを登録する欄T3020から構成される。 FIG. 7 is a diagram illustrating an example of the bind management table T3000 included in the storage apparatus 2000. The bind management table T3000 is registered by a bind configuration control unit (not shown) included in the storage apparatus 2000, and is referred to during I / O control. The bind management table T3000 includes a column T3010 for registering an identifier that can uniquely identify an ALU within the apparatus (LDEV ID is used in the example of FIG. 7), and a column for registering a bitmap indicating a list of LDEVs that are in a bound state. It consists of T3020.
 欄T3020の値が0~16777215はLDEV IDであり、その下の欄の各ビットT3025は、一つのSLUに対応している。例えば、SLUとしてLDEV ID=00005がALU ID=000000にバインドされていると、図7に示したバインド管理テーブルT3000では右から6番目のビットが1となる。このビットT3025は、ストレージ装置2000のバインド構成制御部により登録され、I/O制御時に参照される。 In the column T3020, the values 0 to 16777215 are LDEV IDs, and each bit T3025 in the column below corresponds to one SLU. For example, if LDEV ID = 00005 is bound to ALU ID = 000000 as an SLU, the sixth bit from the right is 1 in the bind management table T3000 shown in FIG. This bit T3025 is registered by the bind configuration control unit of the storage apparatus 2000 and is referred to during I / O control.
 図8は、管理計算機3000が具備するストレージ装置管理テーブルT4000の例を示す図である。ストレージ装置管理テーブルT4000は、管理計算機3000が具備するストレージ装置管理プログラム3110が管理ネットワーク5000に接続されたストレージ装置2000を検出した際に登録される。この検出のタイミングは、手動による検出のタイミングまたはSLP(Service Location Protocol)による自動検出のタイミングである。 FIG. 8 is a diagram showing an example of the storage device management table T4000 included in the management computer 3000. The storage device management table T4000 is registered when the storage device management program 3110 included in the management computer 3000 detects the storage device 2000 connected to the management network 5000. This detection timing is a manual detection timing or an automatic detection timing by SLP (ServiceSLocation Protocol).
 ストレージ装置管理テーブルT4000は、ストレージ装置2000をストレージ装置管理プログラム3110下で一意に特定可能な識別子を登録する欄T4010と、ストレージ装置2000をグローバルで一意に特定可能な識別子を登録する欄T4020と、ストレージ装置2000の管理サーバ2500に管理ネットワーク5000を介して接続するための管理サーバ2500のIPアドレスを登録する欄T4030から構成される。欄T4020は、ベンダ名と型式と製造番号の組み合わせで構成された情報であってもよい。 The storage device management table T4000 includes a column T4010 for registering an identifier that can uniquely identify the storage device 2000 under the storage device management program 3110, a column T4020 for registering an identifier that can uniquely identify the storage device 2000 globally, The column T4030 is used to register the IP address of the management server 2500 for connecting to the management server 2500 of the storage apparatus 2000 via the management network 5000. The column T4020 may be information configured by a combination of a vendor name, a model, and a manufacturing number.
 図9は、管理計算機3000が具備するホスト計算機管理テーブルT5000の例を示す図である。ホスト計算機管理テーブルT5000は、ホスト計算機管理プログラム3120がホスト計算機1000を管理ネットワーク5000上で検知した際に登録される。この検知は手動検知もしくはSLPによる自動検出である。ホスト計算機管理プログラム3120は、ホスト計算機1000を検知した際に、ホスト名を欄T5010に登録し、ホスト計算機1000の管理ポート1800のIPアドレスを欄T5030に登録する。 FIG. 9 is a diagram showing an example of the host computer management table T5000 included in the management computer 3000. The host computer management table T5000 is registered when the host computer management program 3120 detects the host computer 1000 on the management network 5000. This detection is manual detection or automatic detection by SLP. When detecting the host computer 1000, the host computer management program 3120 registers the host name in the column T5010, and registers the IP address of the management port 1800 of the host computer 1000 in the column T5030.
 さらに、ホスト計算機管理プログラム3120は、管理ネットワーク5000を介して、ホスト計算機1000の構成情報を取得し、ホスト計算機1000が具備するHBA1300のWWNを欄T5020に登録する。その後、ホスト計算機管理プログラム3120は、ストレージ装置管理プログラム2110を介して、欄T5020に登録されたHOST HBA WWNを基に、管理下にあるストレージ装置2000からHOST HBA WWNに割当てられたALUの構成情報を取得し、欄T5040から欄T5070に登録する。 Further, the host computer management program 3120 acquires the configuration information of the host computer 1000 via the management network 5000, and registers the WWN of the HBA 1300 included in the host computer 1000 in the column T5020. Thereafter, the host computer management program 3120, through the storage device management program 2110, based on the HOST HBA WWN registered in the column T5020, the configuration information of the ALU assigned to the HOST HBA WWN from the managed storage device 2000 Are registered in the column T5070 from the column T5040.
 ここで、欄T5040から欄T5070は、定期的もしくはストレージ管理者による手動、またはSLPからホスト計算機の構成変更通知を受信した時に更新される。また、欄T5050には、論理ポート管理テーブルT1000の欄T1010に登録された論理ポート2110の識別子と、欄T1030に登録されたホストグループ2111のローカルな識別子とを組み合わせた識別子が登録されてもよい。 Here, the columns T5040 to T5070 are updated periodically or manually by the storage administrator, or when a configuration change notification of the host computer is received from the SLP. In the column T5050, an identifier obtained by combining the identifier of the logical port 2110 registered in the column T1010 of the logical port management table T1000 and the local identifier of the host group 2111 registered in the column T1030 may be registered. .
 次に、Conglomerate LUN Stractureにおけるストレージ装置2000が具備するI/O制御部について、図10、図11、図12を用いて説明する。まず、REPORT LUNコマンドについて図10、図11を用いて説明する。従来、ホスト計算機1000から、SAN4000を介して、論理パスにて提供されているLUNの一覧を取得するSCSIコマンドが規定されており、これをREPORT LUNコマンドと呼ぶ。 Next, the I / O control unit included in the storage apparatus 2000 in the Cluster LUN Structure will be described with reference to FIG. 10, FIG. 11, and FIG. First, the REPORT LUN command will be described with reference to FIGS. Conventionally, a SCSI command for acquiring a list of LUNs provided in a logical path from the host computer 1000 via the SAN 4000 has been defined, and this is called a REPORT LUN command.
 Conglomerate LUN Stractureでは、図10に示すように、REPORT LUNコマンドC1000にSELECT REPORTのコードが組み込まれており、取得するLUNを種類別(通常LUN,ALU,SLU)で指定可能となる。例えば、ホスト計算機1000から論理パスのLUN0に向けてSELECT REPORTコードがALUとして指定されたREPORT LUNコマンドC1000が発行された場合、ストレージ装置2000が具備するI/O制御部はこれを受理すると、論理ポート管理テーブルT1000を参照し、論理パスのLUN0が属するHOST GROUPを欄T1030から抽出し、当該HOST GROUPに登録されたALUを欄T1050から抽出し、図11に示した応答C2000でALU一覧を返す。 As shown in FIG. 10, in the “Conglomerate LUN Structure”, the REPORT LUN command C1000 includes a SELECT REPORT code, and the LUN to be acquired can be specified by type (normal LUN, ALU, SLU). For example, when the REPORT LUN command C1000 in which the SELECT REPORT code is designated as ALU is issued from the host computer 1000 to the logical path LUN0, the I / O control unit included in the storage apparatus 2000 accepts this, Referring to port management table T1000, HOST GROUP to which logical path LUN0 belongs is extracted from column T1030, ALU registered in HOST GROUP is extracted from column T1050, and an ALU list is returned in response C2000 shown in FIG. .
 具体的には、抽出されたALUの個数が応答C2000のLUN LIST LENGTHの値とされ、抽出されたALUに付与されたLUN(欄T1050の括弧内の値)がLUN LISTとされて順序応答される。 Specifically, the number of extracted ALUs is the value of LUN LIST LENGTH of the response C2000, and the LUN given to the extracted ALU (value in parentheses in the column T1050) is LUNLULIST, and the order is returned. The
 ALU IDとALUのLUNの関係について図12を用いて説明する。データ読書き(READ/WRITE)のSCSIコマンドのLUN指定は、図12に示したADMINISTRATIVE ELEMENT部位の2バイトで表現される。実施例1では、ALU IDは2バイトで表現される。また、LUNは、ホストグループ内で唯一となれば良いため、一つのALUに対して、ホストグループ内で唯一となる2バイトのIDが付与されている。よって、C2000のLUN LISTとして、2バイトのID(LUN)が応答される。 The relationship between the ALU ID and the LUN of the ALU will be described with reference to FIG. The LUN designation of the data read / write (READ / WRITE) SCSI command is expressed by 2 bytes in the ADMINISTRATION ELEMENT part shown in FIG. In the first embodiment, the ALU ID is expressed by 2 bytes. Since the LUN only needs to be unique within the host group, a single 2-byte ID is assigned to one ALU within the host group. Therefore, a 2-byte ID (LUN) is returned as C2000 LUN LIST.
 次に、例えば論理パスのLUN0に向けてのREPORT LUNコマンドC1000において、SELECT REPORTコードがSLUとして指定された場合、I/O制御部は、既に説明したALUとして指定された場合と同じようにALUを抽出し、さらに、バインド管理テーブルT3000を参照して、抽出されたALUにバインドされているSLUの個数、すなわち、SLUビットマップT3020の値が1となるビット数をLUN LIST LENGTHの値とし、SLUビットマップT3020の値が1となるビットに該当するLDEV IDをLUN LISTとして順次応答する。ここで、LDEV IDがSLU IDであり、SLU IDは、図12に示したSUBSIDIARY ELEMENT部に該当し、6バイトであるので、SLU IDをそのまま応答する。 Next, for example, when the SELECT REPORT code is designated as SLU in the REPORT コ マ ン ド LUN command C1000 toward LUN 0 of the logical path, the I / O control unit performs the same processing as the ALU as already described. Further, referring to the bind management table T3000, the number of SLUs bound to the extracted ALU, that is, the number of bits in which the value of the SLU bitmap T3020 is 1, is set as the value of LUN LIST LENGTH, The LDEV ID corresponding to the bit for which the value of the SLU bitmap T3020 is 1 is sequentially responded as LUN LIST. Here, the LDEV ID is the SLU ID, and the SLU ID corresponds to the SUBSIDIARY ELEMENT part shown in FIG. 12 and is 6 bytes, so the SLU ID is responded as it is.
 図13は、ストレージ装置2000が具備するI/O制御部におけるSLUへのREAD/WRITE処理の例であるフローチャートF1000を示す図である。図12を用いて説明したように、ホスト計算機1000(または仮想サーバ)は、ALUとSLUを指定したSCSIコマンドを、ストレージ装置2000に送信する。ストレージ装置2000の論理ポート2110は、SCSIコマンドを受信し、指定されたALU(指定ALU)と指定されたSLU(指定SLU)を抽出する(ステップF1010)。ストレージ装置2000において、I/O制御のプログラムがLM2220にロードされ、MP2240に伝達される。I/O制御部として動作するMP2240は、指定されたALUの有無を論理ポート管理テーブルT1000の欄T1050を参照して確認する(ステップF1020)。 FIG. 13 is a diagram showing a flowchart F1000 that is an example of READ / WRITE processing to the SLU in the I / O control unit included in the storage apparatus 2000. As described with reference to FIG. 12, the host computer 1000 (or virtual server) transmits a SCSI command specifying the ALU and SLU to the storage apparatus 2000. The logical port 2110 of the storage apparatus 2000 receives the SCSI command, and extracts the designated ALU (designated ALU) and the designated SLU (designated SLU) (step F1010). In the storage apparatus 2000, an I / O control program is loaded into the LM 2220 and transmitted to the MP 2240. The MP 2240 operating as the I / O control unit checks the presence / absence of the designated ALU with reference to the column T1050 of the logical port management table T1000 (step F1020).
 ステップF1020でALUが存在しない場合、MP2240は、ALUが存在しないことを要求元のホスト計算機1000(または仮想サーバ)に通知し(ステップF1040)処理を終了する。ALUが存在する場合、MP2240は、論理ボリューム管理テーブルT2000を参照し、指定SLUのLDEV IDを抽出する。MP2240は、バインド管理テーブルT3000をLM2220にロードして(ステップF1030)参照し、指定ALUに指定SLUがバインドされているかを判定する(ステップF1050)。バインドされていない場合、SLU未割当てを要求元のホスト計算機1000(または仮想サーバ)に通知し(ステップF1060)処理を終了する。 If there is no ALU in step F1020, the MP 2240 notifies the requesting host computer 1000 (or virtual server) that there is no ALU (step F1040) and ends the process. When the ALU exists, the MP 2240 refers to the logical volume management table T2000 and extracts the LDEV ID of the designated SLU. The MP 2240 loads the bind management table T3000 into the LM 2220 (Step F1030) and refers to it to determine whether or not the designated SLU is bound to the designated ALU (Step F1050). If not bound, SLU unassigned is notified to the requesting host computer 1000 (or virtual server) (step F1060), and the process is terminated.
 SLUがバインドされている場合、MP2240は、論理ボリュームへのデータ書込みなど指定されたREAD/WRITE処理を実行し、要求元のホスト計算機1000(または仮想サーバ)に結果を返して(ステップF1070)、処理を終了する。このように、指定ALUに指定SLUがバインドされている場合、つまり、バインド管理テーブルT3000にて、指定ALUに対する指定SLUのビットが1である場合に、コマンドを受理して指定されたREAD/WRITE処理を行うことが特徴である。 If the SLU is bound, the MP 2240 executes designated READ / WRITE processing such as data writing to the logical volume, and returns the result to the requesting host computer 1000 (or virtual server) (step F1070). End the process. As described above, when the designated SLU is bound to the designated ALU, that is, when the bit of the designated SLU for the designated ALU is 1 in the bind management table T3000, the READ / WRITE specified by accepting the command is specified. It is characterized by processing.
 ストレージ装置2000は、階層的に対応付けられた第一層のALU及び第二層のSLUを有する。そして、ストレージ装置2000の構成制御部は、SLUを一つもしくは複数の論理グループ(バインドグループ)に分配し、前記バインドグループとALUとを対応付ける。また、ストレージ装置2000の入出力制御部は、ホスト計算機1000からALUとSLUが指定されたアクセス要求を受信すると、前記指定されたSLUへのアクセスの中で処理するアクセスを、前記指定されたALUに対応付けられたバインドグループに分配されたSLUへのアクセスに限定する制御を行う。したがって、ストレージ装置2000は、ALUとSLUの階層化された構成(Conglomerate LU Stracture)において、SLUへのアクセス制限が可能である。 The storage apparatus 2000 has a first-layer ALU and a second-layer SLU that are hierarchically associated with each other. Then, the configuration control unit of the storage apparatus 2000 distributes the SLU to one or a plurality of logical groups (bind groups), and associates the bind groups with the ALUs. When the input / output control unit of the storage apparatus 2000 receives an access request in which the ALU and the SLU are designated from the host computer 1000, the input / output control unit processes the access to be processed in the access to the designated SLU. The control is limited to the access to the SLU distributed to the bind group associated with. Therefore, the storage device 2000 can restrict access to the SLU in a hierarchical configuration of the ALU and the SLU (Conglomerate LU Structure).
 図14は、ストレージ装置2000が具備する構成制御部(図示せず)における、ALU作成処理の例であるフローチャートF2000を示す図である。ALU作成処理は、管理計算機3000上のストレージ装置管理プログラム3110がストレージ管理者からのALUの作成指示を受け、管理サーバ2500が提供するAPIに指示を送信する。管理サーバ2500は、APIのリクエストを解析し、構成制御部に指示を送信し、構成制御部が指示を受理してからALU作成処理が開始される。 FIG. 14 is a diagram showing a flowchart F2000 as an example of ALU creation processing in the configuration control unit (not shown) provided in the storage apparatus 2000. In the ALU creation process, the storage device management program 3110 on the management computer 3000 receives an ALU creation instruction from the storage administrator, and sends an instruction to the API provided by the management server 2500. The management server 2500 analyzes the API request, transmits an instruction to the configuration control unit, and the ALU creation process is started after the configuration control unit accepts the instruction.
 構成制御部として動作するMP2240は、まず、論理ボリューム管理テーブルT2000を参照し、空きLDEV IDが有るか確認し(ステップF2010)、LDEV IDが飽和している場合、LDEV不足を管理計算機3000に通知して(ステップF2020)処理を終了する。空きLDEV IDが存在すると、バインド管理テーブルT3000を参照し、ALU数が上限値未満であることを確認し(ステップF2030)、ALU数が上限値である場合、ALU数の飽和を管理計算機3000に通知し(ステップF2050)処理を終了する。 The MP 2240 operating as the configuration control unit first refers to the logical volume management table T2000 to check whether there is a free LDEVDEID (step F2010), and if the LDEV ID is saturated, notifies the management computer 3000 of LDEV shortage. (Step F2020) and the process ends. If there is an empty LDEV ID, the bind management table T3000 is referred to, and it is confirmed that the number of ALUs is less than the upper limit (step F2030). If the number of ALUs is the upper limit, the saturation of the ALU number is sent to the management computer 3000. Notification is made (step F2050) and the process is terminated.
 ここでALU数の上限値は、ストレージ装置2000の仕様に基づいて出荷時に指定されている場合と、ストレージ管理者がストレージ装置管理プログラム3110を用いてストレージ装置2000に設定する場合があり、上限値は、ストレージ装置2000内の制御情報用メモリ2320に記録されている。ALU数が上限値未満である場合、MP2240は、空きLDEV IDを選出し(ステップF2040)、論理ボリューム管理テーブルT2000の欄T2010に選出LDEV IDを登録し、当該LDEVの属性を示す欄T2040にALU属性であることを登録し(ステップF2060)処理を終了する。 Here, the upper limit value of the number of ALUs may be specified at the time of shipment based on the specifications of the storage device 2000, or may be set in the storage device 2000 by the storage administrator using the storage device management program 3110. Is recorded in the control information memory 2320 in the storage apparatus 2000. If the number of ALUs is less than the upper limit, the MP 2240 selects an empty LDEVDEID (step F2040), registers the selected LDEV ID in the column T2010 of the logical volume management table T2000, and stores the selected LDEV ID in the column T2040 indicating the attribute of the LDEV. The attribute is registered (step F2060), and the process is terminated.
 ホスト計算機1000が格納するデータは、SLUが示す論理記憶領域に書き込まれるため、ALUは論理記憶領域を持たない。このため、論理ボリューム管理テーブルT2000の欄T2040がALU属性である場合、論理記憶容量を示すT2020の値は0となり、物理記憶領域を示す欄T2030の値は空白となる。 Since the data stored in the host computer 1000 is written in the logical storage area indicated by the SLU, the ALU does not have a logical storage area. Therefore, when the column T2040 of the logical volume management table T2000 has an ALU attribute, the value of T2020 indicating the logical storage capacity is 0, and the value of the column T2030 indicating the physical storage area is blank.
 次に、ALUをホスト計算機1000(または仮想サーバ)から認識可能とするためのALU割当て処理について図15を用いて説明する。図15は、ストレージ装置2000が具備する構成制御部における、ALU割当て処理の例であるフローチャートF3000を示す図である。ALU割当て処理は、ストレージ管理者が管理計算機3000上のストレージ装置管理プログラム3110にALUとホストグループを指定したALU割当て指示を入力し、ストレージ装置管理プログラム3110が管理サーバ2500の提供するAPIへ指示を送信し、管理サーバ2500からストレージ装置2000が具備する構成制御部にALU割当て指示が到達した時点でALU割当て処理が開始される。 Next, ALU allocation processing for making an ALU recognizable from the host computer 1000 (or virtual server) will be described with reference to FIG. FIG. 15 is a diagram illustrating a flowchart F3000 that is an example of ALU allocation processing in the configuration control unit included in the storage apparatus 2000. In the ALU allocation process, the storage administrator inputs an ALU allocation instruction specifying the ALU and host group to the storage apparatus management program 3110 on the management computer 3000, and the storage apparatus management program 3110 instructs the API provided by the management server 2500. The ALU allocation process is started when an ALU allocation instruction arrives from the management server 2500 to the configuration control unit of the storage apparatus 2000.
 構成制御部として動作するMP2240は、入力データから指定されたALU(指定ALU)と指定されたホストグループ(指定ホストグループ)を抽出する(ステップF3010)。ここで、ALUはALU IDで指定されており、ホストグループはPORT IDとHOST GROUP IDの組、すなわち図9に示した欄T5050の形式で指定される。次に、MP2240は、論理ポート管理テーブルT1000を参照し、当該ホストグループに既存のALUの数を欄T1050から抽出し、当該ホストグループに割当てられているALUが上限数未満であることを確認する(ステップ3030)。 The MP 2240 operating as the configuration control unit extracts the designated ALU (designated ALU) and the designated host group (designated host group) from the input data (step F3010). Here, the ALU is specified by the ALU ID, and the host group is specified by a pair of PORT ID and HOST ID, that is, the format of the column T5050 shown in FIG. Next, the MP 2240 refers to the logical port management table T1000, extracts the number of existing ALUs for the host group from the column T1050, and confirms that the number of ALUs assigned to the host group is less than the upper limit number. (Step 3030).
 ここで、ホストグループに割当て可能なALUの上限数は、ストレージ装置2000の仕様により定められ装置出荷時に設定されている場合と、ストレージ管理者がストレージ装置管理プログラム3110を用いて設定する場合があり、何れも制御情報用メモリ2320に記録されている。ALU割当て数が上限値である場合、ホストグループへの割り当て上限数を越えることを管理計算機3000に通知し(ステップF3050)処理を終了する。ALU割当て数が上限値未満である場合、図16に示すPROCESS A(ステップF3040)を実行する。 Here, the upper limit number of ALUs that can be allocated to the host group is determined by the specifications of the storage apparatus 2000 and is set at the time of shipment of the apparatus, or may be set by the storage administrator using the storage apparatus management program 3110. These are recorded in the control information memory 2320. When the ALU allocation number is the upper limit value, the management computer 3000 is notified that the allocation upper limit number to the host group is exceeded (step F3050), and the process is terminated. If the ALU allocation number is less than the upper limit, PROCESS A (step F3040) shown in FIG. 16 is executed.
 PROCESS Aは、指定ALUが既に割当てられているホストグループ(既存ホストグループ)と、指定ホストグループとの関連を調べる処理であり、既存ホストグループに登録されているホストWWNが指定ホストグループに登録されているホストWWNと異なる場合、異なるホスト業務への指定ALU割当てと判断して、ALU割当て指示を拒絶する。詳しくは図16を参照して説明する。 PROCESS A is a process for examining the relationship between a host group to which a designated ALU has already been assigned (existing host group) and the designated host group. The host WWN registered in the existing host group is registered in the designated host group. If it is different from the host WWN, it is determined that the designated ALU is assigned to a different host transaction, and the ALU assignment instruction is rejected. Details will be described with reference to FIG.
 MP2240は、まず、カウンタとなる変数iを0に初期化し(ステップF3041)、論理ポート管理テーブルT1000から、指定ALUが割当てられている全てのホストグループを抽出し、抽出したホストグループ全てに対して、ステップF3042からステップF3047の処理を実行する。 First, the MP 2240 initializes a variable i serving as a counter to 0 (step F3041), extracts all host groups to which the designated ALU is assigned from the logical port management table T1000, and applies to all the extracted host groups. , The processing from step F3042 to step F3047 is executed.
 MP2240は、抽出したホストグループに登録されているホストWWNを論理ポート管理テーブルT1000の欄T1040から抽出し(ステップF3042)、指定ホストグループに登録されているホストWWNと比較し(ステップF3043)、登録ホストWWNが異なる場合、カウンタiを1つ増やす(ステップF3046)。登録ホストWWNが同じ場合、ステップF3047に進む。抽出した全てのホストグループに対して、ステップF3042からステップF3047の処理を終えると、カウンタiの値を確認し(ステップF3048)、カウンタiが0より大きければ、異なるホスト業務への割り当てとなることを管理計算機3000に通知してホストグループの見直しを促し(ステップF3049)処理を終了する。 The MP 2240 extracts the host WWN registered in the extracted host group from the column T1040 of the logical port management table T1000 (step F3042) and compares it with the host WWN registered in the designated host group (step F3043). If the host WWN is different, the counter i is incremented by one (step F3046). If the registered host WWN is the same, the process proceeds to step F3047. When the processing from step F3042 to step F3047 is completed for all the extracted host groups, the value of the counter i is confirmed (step F3048), and if the counter i is greater than 0, it is assigned to a different host transaction. Is sent to the management computer 3000 to prompt the host group to be reviewed (step F3049), and the process is terminated.
 カウンタiが0であれば、図15に示すステップF3060に進む。ステップF3060は、指定ホストグループに指定ALUを割当てる処理であり、具体的には、MP2240が、論理ポート管理テーブルT1000の指定ホストグループの欄T1050に指定ALU IDを登録し、さらに、SCSI INQUIRYで応答するためのALU用LUNを登録し、バインド管理テーブルT3000の欄T3010に、指定ALU IDを登録し、欄T3020に全ビットが0となるビットマップを登録し、処理を終了する。 If the counter i is 0, the process proceeds to step F3060 shown in FIG. Step F3060 is a process of assigning the designated ALU to the designated host group. Specifically, the MP 2240 registers the designated ALU ID in the specified host group column T1050 of the logical port management table T1000, and further responds with SCSI INQUIRY. ALU LUN for registration is registered, the designated ALU ID is registered in the column T3010 of the bind management table T3000, the bitmap in which all the bits are 0 is registered in the column T3020, and the processing ends.
 尚、本実施例では、ALU用LUNは243番から順次採番する。構成制御部のALU割当て処理により、指定ホストグループに登録されているホストWWNを有するホスト計算機1000はSAN4000を介してALUを認識することが可能となり、ホスト計算機1000上では、指定ALUを接続先とするローデバイスを形成することが可能となる。 In this embodiment, ALU LUNs are numbered sequentially from number 243. By the ALU allocation processing of the configuration control unit, the host computer 1000 having the host WWN registered in the designated host group can recognize the ALU via the SAN 4000. On the host computer 1000, the designated ALU is connected to the connection destination. It is possible to form a raw device.
 ここで、バインドグループの作成について説明する。バインドグループ作成の前提条件として、作成するバインドグループに登録するLDEVは事前に作成される必要がある。つまり、ストレージ管理者は、ストレージ装置管理プログラム3110に物理記憶領域を示すIDと論理記憶容量を指定したLDEV作成要求を入力する。ストレージ装置管理プログラム3110は、管理サーバ2500が提供するLDEV作成APIを利用して、ストレージ装置2000が具備する構成制御部にその要求の指示を送信する。 Here, creation of a bind group is explained. As a precondition for creating a bind group, an LDEV to be registered in the created bind group needs to be created in advance. That is, the storage administrator inputs an LDEV creation request specifying an ID indicating a physical storage area and a logical storage capacity to the storage apparatus management program 3110. The storage apparatus management program 3110 uses the LDEV creation API provided by the management server 2500 to transmit the request instruction to the configuration control unit included in the storage apparatus 2000.
 構成制御部は指示を受信すると、論理ボリューム管理テーブルT2000の欄T2010に新規LDEVのIDを登録し、指定された物理記憶領域内に指定された容量の論理記憶領域を確保し、論理ボリュームを作成する。論理ボリュームの作成が正常に処理されると、構成制御部は、欄T2020に指定された容量を登録し、欄T2030に指定された物理記憶領域のIDを登録し、要求元に新規論理ボリュームのLDEV IDを返してLDEV作成処理を終了する。この際、新規LDEV IDの欄T2040と欄T2050は空白となる。 Upon receiving the instruction, the configuration control unit registers the ID of the new LDEV in the column T2010 of the logical volume management table T2000, secures a logical storage area with the specified capacity in the specified physical storage area, and creates a logical volume. To do. When creation of the logical volume is processed normally, the configuration control unit registers the capacity specified in the column T2020, registers the ID of the physical storage area specified in the column T2030, and registers the new logical volume in the request source. The LDEV ID is returned and the LDEV creation process is terminated. At this time, the columns L2040 and T2050 of the new LDEV ID are blank.
 ストレージ管理者は、ストレージ装置管理プログラム3110にバインドグループIDと新規バインドグループに登録する一つ以上のLDEV IDを指定したバインドグループ作成要求を入力する。ストレージ装置管理プログラム3110は、管理サーバ2500が提供するバインドグループ作成APIを利用する。ストレージ装置2000が具備する構成制御部は、管理サーバ2500からバインドグループ作成要求を受信して、作成処理が開始される。 The storage administrator inputs a bind group creation request specifying the bind group ID and one or more LDEV IDs to be registered in the new bind group to the storage apparatus management program 3110. The storage apparatus management program 3110 uses a bind group creation API provided by the management server 2500. The configuration control unit included in the storage apparatus 2000 receives a bind group creation request from the management server 2500 and starts creation processing.
 具体的には、構成制御部が、要求からバインドグループIDとLDEV IDを抽出し、論理ボリューム管理テーブルT2000に、指定LDEV IDの欄T2040にSLU属性であることを示す値を登録し、さらに、欄T2050に指定バインドグループIDを登録し処理を終了する。バインドグループにLDEVを追加する場合も上記と同じ処理となる。 Specifically, the configuration control unit extracts the bind group ID and the LDEV ID from the request, registers a value indicating the SLU attribute in the designated LDEV ID column T2040 in the logical volume management table T2000, The designated bind group ID is registered in the column T2050, and the process is terminated. The same process is performed when an LDEV is added to the bind group.
 図17は、ストレージ装置2000内の論理ポート2110j、2110kからSLU2210mまでの経路の例を示す図である。ここで、一つのバインドグループ2600jに既存経路があり、バインドグループ2600jに新規経路を追加する場合の制限について説明する。以下の説明では、新規経路1~3で経由するALU2210kが、既存経路で経由するALU2210jと異なる場合を示す。ALUは、LDEV IDを消費するが、論理記憶領域やキャッシュメモリ領域を持たない。よって、ALUは、Single Point Failureとはならないので、冗長構成をとる必要がない。 FIG. 17 is a diagram illustrating an example of a path from the logical ports 2110j and 2110k to the SLU 2210m in the storage apparatus 2000. Here, there will be described restrictions when there is an existing route in one bind group 2600j and a new route is added to the bind group 2600j. The following description shows a case where the ALU 2210k routed through the new routes 1 to 3 is different from the ALU 2210j routed through the existing route. The ALU consumes the LDEV ID but does not have a logical storage area or a cache memory area. Therefore, since the ALU does not become Single Point Failure, it is not necessary to take a redundant configuration.
 新規経路1は、既存経路と同じ論理ポート2110j及びホストグループ2111jを経由してバインドグループ2600jに到達する経路となっている。そのため、新規経路1を追加しても、物理的にも論理的にも冗長度が変わらず、さらに負荷分散ともならず、余分なALUのLDEV IDを消費するので、新規経路1のような構成の設定指示は拒絶される必要がある。 The new route 1 is a route that reaches the bind group 2600j via the same logical port 2110j and host group 2111j as the existing route. Therefore, even if a new path 1 is added, the redundancy does not change both physically and logically, load distribution is not performed, and an extra LLU ID of the ALU is consumed. The setting instruction must be rejected.
 新規経路2は、既存経路と異なる論理ポート2110k及びホストグループ2111kを経由してバインドグループ2600jに到達する経路となっている。ここで、新規経路2が経由するホストグループ2111kに登録されているホストWWNと、既存経路が経由するホストグループ2111jに登録されているホストWWNは、同一であるとする。既存経路と新規経路2の構成は、ホストグループ2111j、2111kに登録されているホストWWNを有するホスト計算機1000(または仮想サーバ)にとって、ポート二重化構成となり、ストレージエリアネットワークの冗長度を向上する効果を得ることができる。 The new route 2 is a route that reaches the bind group 2600j via the logical port 2110k and the host group 2111k different from the existing route. Here, it is assumed that the host WWN registered in the host group 2111k through which the new route 2 passes and the host WWN registered in the host group 2111j through which the existing route passes are the same. The configuration of the existing route and the new route 2 is a dual port configuration for the host computer 1000 (or virtual server) having the host WWN registered in the host groups 2111j and 2111k, and has the effect of improving the redundancy of the storage area network. Obtainable.
 新規経路3は、既存経路と異なる論理ポート2110k及びホストグループ2111mを経由してバインドグループ2600jに到達する経路となっている。ここで、新規経路3が経由するホストグループ2111mに登録されているホストWWNと、既存経路が経由するホストグループ2111jに登録されているホストWWNは、異なるとする。新規経路3の設定は、新規ホスト計算機(または仮想サーバ)へバインドグループ2600j内のSLU2210mを割当てることとなるため、新規経路3を設定する際は、セキュリティ権限を有する管理者に設定可否の判断を促す必要がある。 The new route 3 is a route that reaches the bind group 2600j via the logical port 2110k and the host group 2111m different from the existing route. Here, it is assumed that the host WWN registered in the host group 2111m through which the new route 3 passes and the host WWN registered in the host group 2111j through which the existing route passes are different. Since the setting of the new route 3 is to assign the SLU 2210m in the bind group 2600j to the new host computer (or virtual server), when setting the new route 3, the administrator having security authority determines whether or not the setting can be made. There is a need to prompt.
 上記制限を含んだバインドグループ割当て処理について図18、図19、図20を用いて説明する。バインドグループ割り当て処理は、ストレージ管理者がストレージ装置管理プログラム3110にバインドグループIDとALU IDを指定したバインドクループ割り当て要求を入力する。ストレージ装置2000が具備する構成制御部は、この割当要求を管理サーバ2500経由で受信し、バインドグループ割当て処理を開始・実行する。以下の説明では、バインドグループ割当て処理の開始時において、図17のALU2210kにはバインドグループ2600jが未割当てである場合を例として説明する。 Bind group assignment processing including the above restrictions will be described with reference to FIG. 18, FIG. 19, and FIG. In the bind group assignment process, the storage administrator inputs a bind group assignment request specifying a bind group ID and an ALU ID to the storage apparatus management program 3110. The configuration control unit included in the storage apparatus 2000 receives this allocation request via the management server 2500, and starts and executes bind group allocation processing. In the following description, the case where the bind group 2600j is not assigned to the ALU 2210k in FIG. 17 at the start of the bind group assignment process will be described as an example.
 まず、構成制御部は、受信した要求からバインドグループIDとALU IDを抽出し(ステップF4010)、論理ポート管理テーブルT1000から指定ALUが割当てられている全てのホストグループを抽出し、すなわち、欄T1050で指定ALU IDが登録されている行の欄T1030のホストグループID全てを抽出し、抽出したホストグループ群を集合HG1とする(ステップF4020)。次に、集合HG1の要素数を算出し、HG1の要素数が0の場合、SAN4000上にあるホスト計算機1000に指定ALUが割当てられていない状態であるため、ALU割当て処理を要求元のストレージ管理者に促すALU未割当て通知を管理計算機3000に通知し(F4040)、処理を終了する。 First, the configuration control unit extracts the bind group ID and the ALU ID from the received request (step F4010), and extracts all the host groups to which the designated ALU is assigned from the logical port management table T1000, that is, the column T1050. All the host group IDs in the column T1030 of the row where the designated ALU ID is registered are extracted, and the extracted host group group is set as a set HG1 (step F4020). Next, the number of elements in the set HG1 is calculated. If the number of elements in the HG1 is 0, the designated ALU is not allocated to the host computer 1000 on the SAN 4000. The management computer 3000 is notified of an ALU unallocation notification prompting the user (F4040), and the process is terminated.
 集合HG1の要素数が1以上である場合、構成制御部は、論理ボリューム管理テーブルT2000を参照し、指定バインドグループが割当てられている既存ALUを抽出し、抽出したALU群を集合A1とする(ステップF4050)。次に、論理ポート管理テーブルT1000を参照し、集合A1に属するALUが割当てられているホストグループを抽出し、抽出したホストグループ群を集合HG2とする(ステップF4060)。なお、集合HG1と集合HG2に含まれるホストグループのホストグループIDはPORT IDを含む。 When the number of elements of the set HG1 is 1 or more, the configuration control unit refers to the logical volume management table T2000, extracts the existing ALUs to which the designated bind group is assigned, and sets the extracted ALUs as the set A1 ( Step F4050). Next, referring to the logical port management table T1000, a host group to which an ALU belonging to the set A1 is assigned is extracted, and the extracted host group group is set as a set HG2 (step F4060). The host group IDs of the host groups included in the set HG1 and the set HG2 include the PORT ID.
 集合HG2と集合HG1の要素に同じホストグループがあるか確認し(ステップF4070)、集合HG2と集合HG1に同じホストグループが存在する場合、図17を用いて説明した新規経路1に該当するため、構成制御部はSLU重複配布となることを通知し(ステップF4080)、要求元のストレージ管理者に設定可否を伺う。具体的には、構成制御部が、管理サーバ2500への要求として、SLU重複配布の可否入力を要求し、入力が得られるまで処理をステップF4090で待機する。 It is confirmed whether the same host group exists in the elements of the set HG2 and the set HG1 (step F4070). If the same host group exists in the set HG2 and the set HG1, it corresponds to the new path 1 described with reference to FIG. The configuration control unit notifies that the SLU overlaps distribution (step F4080), and asks the requesting storage administrator whether the setting is possible. Specifically, the configuration control unit requests an input of whether or not SLU overlap distribution is possible as a request to the management server 2500, and waits for the process in step F4090 until an input is obtained.
 要求元のストレージ装置管理プログラム3110は、SLU重複配布可否入力要求を受けると、SLU重複配布であることと入力フォームを出力部1600に表示する。要求者であるストレージ管理者が入力フォームに可否を入力し、許可の場合は入力値x=1となり、不可の場合は入力値x=0となる。ストレージ装置管理プログラム3110は管理サーバ2500からの入力要求に応答し、管理サーバ2500は構成制御部に入力値xを応答する。 When the requesting storage apparatus management program 3110 receives the SLU duplicate distribution permission input request, it displays on the output unit 1600 that it is SLU duplicate distribution and an input form. The storage administrator who is the requester inputs approval / disapproval on the input form. If the permission is granted, the input value x = 1, and if not, the input value x = 0. The storage apparatus management program 3110 responds to the input request from the management server 2500, and the management server 2500 responds with the input value x to the configuration control unit.
 ステップF4100にてxが1でない場合、構成制御部は、バインドグループ割当て処理を終了する。ステップF4100にてxが1の場合、ステップF4110に進む。ステップF4110では、集合HG1と集合HG2のホストグループに登録されたホストWWNを抽出し、集合HG1のホストWWN群を集合H1とし、集合HG2のホストWWN群を集合H2とする。次に、集合H1が集合H2の部分集合であるか確認する(ステップF4120)。 If x is not 1 in step F4100, the configuration control unit ends the bind group assignment process. When x is 1 in step F4100, the process proceeds to step F4110. In step F4110, the host WWN registered in the host groups of the set HG1 and the set HG2 is extracted, the host WWN group of the set HG1 is set as a set H1, and the host WWN group of the set HG2 is set as a set H2. Next, it is confirmed whether the set H1 is a subset of the set H2 (step F4120).
 ここで、集合H1が集合H2の部分集合となると、図17を用いて説明した新規経路2に該当するため、構成制御部はステップF4160に処理を進める。集合H1が集合H2の部分集合でない場合、図17を用いて説明した新規経路3に該当するため、指定バインドグループ内のSLUを新規ホストへ割当てることを要求元のストレージ管理者に通知するために管理計算機3000に通知し(ステップF4130)、セキュリティ権限を有する管理計算機3000(ストレージ管理者)に、指定バインドグループの指定ALUへの割り当て可否を要求する(ステップF4140)。 Here, when the set H1 becomes a subset of the set H2, since it corresponds to the new route 2 described with reference to FIG. 17, the configuration control unit advances the processing to step F4160. When the set H1 is not a subset of the set H2, since it corresponds to the new path 3 described with reference to FIG. 17, in order to notify the requesting storage administrator to allocate the SLU in the specified bind group to the new host. The management computer 3000 is notified (step F4130), and the management computer 3000 (storage administrator) having security authority is requested to determine whether or not the specified bind group can be assigned to the specified ALU (step F4140).
 セキュリティ権限を有するストレージ管理者が、管理計算機3000のストレージ装置管理プログラム3110を介してバインドグループ割当てを許可すると、入力値yは1となり、不可の場合は、入力値yは0となる。ステップF4150にて入力値yが0の場合、構成制御部は、バインドグループ割当て処理を終了する。 When the storage administrator having security authority permits the bind group assignment via the storage device management program 3110 of the management computer 3000, the input value y is 1, and when the storage group is not possible, the input value y is 0. If the input value y is 0 in step F4150, the configuration control unit ends the bind group assignment process.
 ステップF4150にて入力値yが1の場合、構成制御部は、論理ボリューム管理テーブルT2000の指定ALUの欄T2050に指定バインドグループのIDを登録して、指定ALU(例えばALU2210k)に指定バインドグループ(例えばバインドグループ2600j)を割当て(ステップF4160)、処理を終了する。ステップF4160でバインド管理テーブルT3000は更新されてもよい。 When the input value y is 1 in step F4150, the configuration control unit registers the ID of the designated bind group in the designated ALU column T2050 of the logical volume management table T2000, and designates the designated bind group (for example, ALU 2210k) in the designated bind group (ALU 2210k). For example, bind group 2600j) is assigned (step F4160), and the process is terminated. In step F4160, the bind management table T3000 may be updated.
 図21と図22~24は、SLUをALUへバインドする、すなわち、ALU経由でアクセスするSLUを設定する処理のフローチャートの例を示す図である。 21 and FIGS. 22 to 24 are diagrams showing examples of flowcharts of processing for binding an SLU to an ALU, that is, setting an SLU to be accessed via the ALU.
 図21は、ストレージ管理者がSLUとALUを指定した場合のバインド処理の例であるフローチャートF5000aを示す図である。バインド処理はストレージ装置2000具備する構成制御部が行う処理である。ストレージ管理者はSLUとALUを指定したバインド要求をストレージ装置管理プログラム3110に送信し、構成制御部はバインド要求を管理サーバ2500経由で受信してバインド処理を開始する。 FIG. 21 is a diagram showing a flowchart F5000a that is an example of the binding process when the storage administrator designates the SLU and the ALU. The bind process is a process performed by the configuration control unit included in the storage apparatus 2000. The storage administrator transmits a bind request specifying the SLU and ALU to the storage apparatus management program 3110, and the configuration control unit receives the bind request via the management server 2500 and starts the bind process.
 構成制御部は、バインド要求に対して、指定されたSLU IDとALU IDを抽出し(ステップF5010a)、論理ボリューム管理テーブルT2000を参照して、指定されたALUに割当てられたバインドグループを抽出し、すなわち、欄T2010で指定ALU IDが登録されている行の欄T2050のバインドグループIDを抽出し、抽出したバインドグループ群を集合Bとする(ステップF5020a)。さらに、論理ボリューム管理テーブルT2000を参照して、指定されたSLUが所属するバインドグループを抽出し、抽出したバインドグループ群を集合b1とする(ステップF5030a)。 In response to the bind request, the configuration control unit extracts the designated SLU ID and ALU ID (step F5010a), refers to the logical volume management table T2000, and extracts the bind group assigned to the specified ALU. That is, the bind group ID of the column T2050 in the row where the designated ALU ID is registered in the column T2010 is extracted, and the extracted bind group group is set as a set B (step F5020a). Further, referring to the logical volume management table T2000, the bind group to which the designated SLU belongs is extracted, and the extracted bind group group is set as a set b1 (step F5030a).
 構成制御部は、集合b1の何れかの要素が集合Bに含まれているか確認し(ステップF5040a)、含まれている場合、バインド管理テーブルT3000の指定ALUの欄T3020にあるビットマップで指定SLUに該当するビットを1とし(ステップF5050a)、処理を終了する。含まれていない場合、バインド不可を通知し(ステップF5060a)、処理を終了する。 The configuration control unit checks whether any element of the set b1 is included in the set B (step F5040a). If included, the configuration control unit designates the specified SLU with the bitmap in the specified ALU column T3020 of the bind management table T3000. The bit corresponding to is set to 1 (step F5050a), and the process is terminated. If it is not included, it is notified that binding is not possible (step F5060a), and the process ends.
 図22~24は、バインド先ALUが指定されていない場合の処理の例であるフローチャートF5000bを示す図である。フローチャートF5000bは管理計算機3000のストレージ装置管理プログラム3110の処理であり、プロセッサ3200により実行される。ストレージ管理者が、SLUを割当てる先のホスト計算機または仮想サーバ(指定ホスト計算機)とSLUとALL ALUフラグ(0の場合、任意の一つ、1の場合、バインド可能な全ALUとなる)を指定したバインド要求を、ストレージ装置管理プログラム3110に送信して処理が開始される。 FIGS. 22 to 24 are diagrams showing a flowchart F5000b which is an example of processing when the bind destination ALU is not designated. A flowchart F5000b is processing of the storage apparatus management program 3110 of the management computer 3000, and is executed by the processor 3200. The storage administrator specifies the host computer or virtual server (specified host computer) to which the SLU is assigned, the SLU, and the ALL-ALU flag (any one in the case of 0, all ALUs that can be bound in the case of 1). The bind request is transmitted to the storage apparatus management program 3110 to start processing.
 ストレージ装置管理プログラム3110は、要求から割当て先のホストIDとSLU ID(指定SLU ID)を抽出する(ステップF5010b)。管理サーバ2500が提供するAPIを介してストレージ装置2000から論理ボリューム管理テーブルT2000を取得し、指定SLUが属するバインドグループを抽出し、すなわち、欄T2010で指定SLU IDが登録されている行の欄T2050のバインドグループを抽出し、抽出したバインドグループをb2とする(ステップF5020b)。 The storage apparatus management program 3110 extracts the host ID and SLU ID (designated SLU ID) of the allocation destination from the request (Step F5010b). The logical volume management table T2000 is acquired from the storage apparatus 2000 via the API provided by the management server 2500, and the bind group to which the designated SLU belongs is extracted, that is, the column T2050 in the row where the designated SLU ID is registered in the column T2010. The bind group is extracted and b2 is set as the extracted bind group (step F5020b).
 そして、ストレージ装置管理プログラム3110は、ホスト管理テーブルT5000を参照して、指定ホスト計算機が属するホストグループを抽出し、抽出したホストグループ群を集合H3とする(ステップF5030b)。集合H3のホストグループに割当てられたALUを抽出し、抽出したALU群を集合A2とする(ステップF5040b)。 Then, the storage system management program 3110 refers to the host management table T5000, extracts the host group to which the designated host computer belongs, and sets the extracted host group group as a set H3 (step F5030b). The ALU assigned to the host group of the set H3 is extracted, and the extracted ALU group is set as a set A2 (step F5040b).
 次に、集合A2の各要素aについて、ストレージ装置管理プログラム3110は、ステップF5050bからステップF5090bを実行する。ステップF5060bにて、要素aに割当てられたバインドグループにバインドグループb2が含まれているか確認し、含まれない場合、ステップF5090bに進み、含まれる場合、要素aをバインドリストLに登録する(ステップF5070b)。次に、指定されたALL ALUフラグの値を確認し(ステップF5080b)、値が0の場合、ステップF5100bに進み、値が1の場合、ステップF5090bに進む。 Next, for each element a in the set A2, the storage apparatus management program 3110 executes Step F5050b to Step F5090b. In step F5060b, it is confirmed whether or not the bind group b2 is included in the bind group assigned to the element a. If not included, the process proceeds to step F5090b. If included, the element a is registered in the bind list L (step S5060b). F5070b). Next, the value of the designated ALL-ALU flag is confirmed (step F5080b). If the value is 0, the process proceeds to step F5100b. If the value is 1, the process proceeds to step F5090b.
 ステップF5100bで、ストレージ装置管理プログラム3110は、バインドリストLの要素数を確認し、要素数が0の場合、バインド可能なALUが存在しないことを通知し(ステップF5130b)、処理を終了する。要素数が0より大きい場合、バインドリストLに登録されたALUに指定SLUをバインドする指示をストレージ装置2000が具備する構成制御部に送信し(ステップF5110b)、バインド処理が正常終了したことを確認したのち、バインドリストLのALUを要求者に通知して(ステップF5140b)処理を終了する。 In step F5100b, the storage apparatus management program 3110 confirms the number of elements in the bind list L, and if the number of elements is 0, notifies that there is no ALU that can be bound (step F5130b), and ends the process. When the number of elements is larger than 0, an instruction to bind the designated SLU to the ALU registered in the bind list L is transmitted to the configuration control unit included in the storage apparatus 2000 (step F5110b), and it is confirmed that the bind process has been normally completed. After that, the requester is notified of the ALU in the bind list L (step F5140b), and the process is terminated.
 ALUの割り当てを解除する場合、ストレージ装置2000が具備する構成制御部は、バインド管理テーブルT3000を参照し、解除の指定されたALUへのSLUバインド状態を確認し、一つでもバインドされているSLUが存在すると、ALU割り当て解除要求を拒絶する。バインドされているSLUが存在しない場合、構成制御部は、論理ポート管理テーブルT1000の割当て解除対象ホストグループに対応する欄T1050から指定ALUを削除する。 When deallocating an ALU, the configuration control unit included in the storage apparatus 2000 refers to the bind management table T3000, confirms the SLU bind status to the ALU designated to be deregistered, and at least one SLU that is bound. Is present, it rejects the ALU deallocation request. If there is no bound SLU, the configuration control unit deletes the designated ALU from the column T1050 corresponding to the deallocation target host group in the logical port management table T1000.
 ALUを削除する場合、ストレージ装置2000が具備する構成制御部は、バインド管理テーブルT3000を参照し、削除の指定されたALUへのSLUバインドの存在を確認し、さらに、論理ポート管理テーブルT1000を参照し、全ホストグループのいずれかに、指定ALUが割当てられているか確認する。ストレージ装置2000が具備する構成制御部は、指定ALUへのSLUバインドが無く、さらに、全ホストグループのいずれにも、指定ALUが割当てられていない場合、論理ボリューム管理テーブルT2000から指定ALUを削除する。ストレージ装置2000が具備する構成制御部は、SLUバインドが存在する、もしくは、いずれかのホストグループにALUが割当てられている場合、ALU削除を拒絶する。 When deleting an ALU, the configuration control unit of the storage apparatus 2000 refers to the bind management table T3000, confirms the presence of an SLU binding to the ALU designated for deletion, and further refers to the logical port management table T1000. Then, it is confirmed whether the designated ALU is allocated to any of the host groups. The configuration control unit included in the storage apparatus 2000 deletes the designated ALU from the logical volume management table T2000 when there is no SLU binding to the designated ALU and the designated ALU is not allocated to any of the host groups. . The configuration control unit included in the storage apparatus 2000 rejects the ALU deletion when the SLU binding exists or an ALU is assigned to any host group.
 SLUをアンバインドする場合、ストレージ装置2000が具備する構成制御部は、アンバインド要求に指定されたSLUとALUを抽出し、バインド管理テーブルT3000において指定ALUと指定SLUが示すビットの値を0とする。ここで、アンバインド要求にALUが指定されていない場合、バインド管理テーブルT3000において、欄T3010のIDにかかわりなく、指定SLUが示す全てのビットの値を0とする。これにより、SAN4000上のホスト計算機1000からの指定SLUへのアクセスを一度の指示で解除することができる。 When unbinding an SLU, the configuration control unit included in the storage apparatus 2000 extracts the SLU and ALU specified in the unbind request, and sets the value of the bit indicated by the specified ALU and the specified SLU to 0 in the bind management table T3000. To do. If no ALU is specified in the unbind request, all bit values indicated by the specified SLU are set to 0 in the bind management table T3000 regardless of the ID of the column T3010. As a result, access to the designated SLU from the host computer 1000 on the SAN 4000 can be canceled with a single instruction.
 以上で説明したように、ALUにバインドされたSLUへのみホスト計算機はアクセス可能となる。これにより、例えば図1に示した業務Bに属するホスト計算機1000bはSLU2210f、2210gへアクセス可能できるが、SLU2210c~2210eへアクセスできないように限定することが可能である。また、ホスト計算機上で動作する仮想サーバもホスト計算機と同じアクセスの限定が可能である。この限定を変更する操作は、ストレージ管理者の許可を得なければ実行されないため、誤操作などが防止される。さらに、仮想サーバへSLUを割り当てることにより、論理ボリューム単位の制御において余剰コストが発生しない。 As described above, the host computer can access only the SLU bound to the ALU. Thereby, for example, the host computer 1000b belonging to the business B shown in FIG. 1 can access the SLUs 2210f and 2210g, but can be limited so that it cannot access the SLUs 2210c to 2210e. In addition, the virtual server operating on the host computer can be restricted in the same access as the host computer. Since the operation for changing the limitation is not executed unless the permission of the storage administrator is obtained, an erroneous operation or the like is prevented. Furthermore, by allocating the SLU to the virtual server, no extra cost is generated in the control of the logical volume unit.
 SLUのバインドは、ホスト計算機1000が具備する業務アプリケーションやHyper Visor部1400の動作に依存するため、ホスト計算機1000からSAN経由で要求される、つまりIn-bandで要求される場合がある。実施例2では、In-bandでバインド/アンバインドを実施する構成について説明する。 Since the SLU binding depends on the business application provided in the host computer 1000 and the operation of the Hyper-Visor unit 1400, it may be requested from the host computer 1000 via the SAN, that is, in-band. In the second embodiment, a configuration for performing bind / unbind with In-band will be described.
 図25は、実施例2のストレージシステムの構成の例を示す図である。実施例1との差異は、ストレージ装置2000にIn-band経由でストレージ管理操作要求を受けるための論理デバイス(CMD:CoMmand Deviceと呼ぶ)2900が具備されていることである。CMD2900は論理ポート2110nに割当てられており、ホスト計算機1000nから認識可能である。 FIG. 25 is a diagram illustrating an example of the configuration of the storage system according to the second embodiment. A difference from the first embodiment is that the storage device 2000 includes a logical device (CMD: CoMandMDevice) 2900 for receiving a storage management operation request via In-band. The CMD 2900 is assigned to the logical port 2110n and can be recognized from the host computer 1000n.
 実施例2では、CMD2900を提供するホストグループ2111nの論理ポート2110n内のローカルIDはFFに固定されているが、ホストグループ2111nはストレージ管理者により設定された任意のホストグループでも良い。但し、CMD2900は、通常LUNとして配布されるため、ALUが属するホストグループと分けられる必要がある。これは、ストレージ装置2000を操作するSCSIコマンドがベンダユニークなコマンドであり、ホスト計算機1000n上のHyper Visor部1400がベンダユニークなコマンドに対応していない場合があるためである。 In the second embodiment, the local ID in the logical port 2110n of the host group 2111n that provides the CMD 2900 is fixed to FF, but the host group 2111n may be any host group set by the storage administrator. However, since CMD2900 is normally distributed as a LUN, it needs to be separated from the host group to which the ALU belongs. This is because the SCSI command for operating the storage apparatus 2000 is a vendor-unique command, and the Hyper-Visor unit 1400 on the host computer 1000n may not support the vendor-unique command.
 図26は、実施例2のホスト計算機1000nの構成の例を示す図である。ホスト計算機1000nは、メモリ1200nにストレージ管理プログラム1220を具備する。ストレージ管理プログラム1220は、CMD2900を接続先としたローデバイス1310nに対して、ベンダユニークなSCSIコマンドを送信する処理を有している。ストレージ管理プログラム1220は、業務アプリケーション1210やホスト管理者から入力部1700を介してSLUのバインド要求を受け、ベンダユニークなSCSIコマンドに変換した後、作成したコマンドをローデバイス1310nに送信する。 FIG. 26 is a diagram illustrating an example of the configuration of the host computer 1000n according to the second embodiment. The host computer 1000n includes a storage management program 1220 in the memory 1200n. The storage management program 1220 has processing for transmitting a vendor-unique SCSI command to the raw device 1310n to which the CMD 2900 is connected. The storage management program 1220 receives an SLU bind request from the business application 1210 or the host administrator via the input unit 1700, converts it into a vendor-unique SCSI command, and transmits the created command to the raw device 1310n.
 ストレージ装置2000のCMD2900は、前記コマンドを受理すると、指定されたSLUとALUを抽出し、ストレージ装置2000が具備する構成制御部へ指示されたバインドおよびアンバインド処理を要求し、構成制御部はバインドおよびアンバインド処理を実行する。なお、ローデバイス1310pはローデバイス1310nとは別のデバイスであって、図3を用いて説明したローデバイス1310と同じであり、ALU2210pはALU2210hと同じである。 Upon receiving the command, the CMD 2900 of the storage apparatus 2000 extracts the designated SLU and ALU, requests the configuration control unit included in the storage apparatus 2000 to instruct the bind and unbind processing, and the configuration control unit binds. And unbind processing is executed. The raw device 1310p is a device different from the raw device 1310n, and is the same as the raw device 1310 described with reference to FIG. 3, and the ALU 2210p is the same as the ALU 2210h.
 また、ストレージ管理プログラム1220は、業務アプリケーション1210やホスト管理者から入力部1700を介してSLUのバインド要求を受け、ベンダユニークなSCSIコマンドに変換した後、作成したコマンドをローデバイス1310p(実施例1のローデバイス1310)に送信しても良い。この場合、ストレージ装置2000のALU2010p(実施例1のALU2210h)は、前記コマンドを受理すると、指定されたSLUとALUを抽出し、ストレージ装置2000が具備する構成制御部へ指示されたバインドおよびアンバインド処理を要求し、構成制御部はバインドおよびアンバインド処理を実行する。 In addition, the storage management program 1220 receives an SLU bind request from the business application 1210 or the host administrator via the input unit 1700, converts it to a vendor-unique SCSI command, and then converts the created command to the raw device 1310p (Example 1). To the raw device 1310). In this case, when the ALU 2010p of the storage apparatus 2000 (ALU 2210h of the first embodiment) receives the command, it extracts the specified SLU and ALU, and binds and unbinds specified to the configuration control unit provided in the storage apparatus 2000. The process is requested, and the configuration control unit executes bind and unbind processes.
 実施例2におけるストレージ管理プログラム1220は、バインドおよびアンバインド操作指示のみを受理し、ストレージ装置2000のその他の操作要求を拒絶する。バインドおよびアンバインド以外の操作は、ストレージ装置2000の操作を熟知したストレージ管理者によって遂行されるべきである。これにより、ストレージ装置2000の操作を習得していないホスト管理者や業務プログラムからの操作を抑止し、人為的ミスや担当外のSLUへのアクセスを防ぐことができる。 The storage management program 1220 in the second embodiment accepts only bind and unbind operation instructions and rejects other operation requests of the storage apparatus 2000. Operations other than bind and unbind should be performed by a storage administrator who is familiar with the operation of the storage apparatus 2000. As a result, operations from a host administrator or business program that has not mastered the operation of the storage apparatus 2000 can be suppressed, and human error or access to unassigned SLUs can be prevented.
 以上で説明したように、ALUとSLUのバインドはホスト計算機からの要求に応じて変更可能となる。これにより、ホスト計算機上の仮想サーバの構成変更などにも迅速に対応可能となる。 As described above, the binding between ALU and SLU can be changed according to the request from the host computer. As a result, it is possible to quickly cope with a change in the configuration of the virtual server on the host computer.
1000:ホスト計算機
2000:ストレージ装置
3000:管理計算機
4000:ストレージエリアネットワーク
5000:管理ネットワーク 1000: Host computer 2000: Storage device 3000: Management computer 4000: Storage area network 5000: Management network

Claims (15)

  1.  一つもしくは複数のホスト計算機とストレージ装置を接続したストレージシステムにおいて、
     前記ストレージ装置は、
     階層的に対応付けられた第一層のLU(Logical Unit)と第二層のLUを具備し、
     前記第二層のLUを一つもしくは複数の論理グループに分配し、前記論理グループと前記第一層のLUとを対応付ける構成制御部と、
     前記第一層のLUと前記第二層のLUが指定されたアクセス要求を受信し、前記指定された第一層のLUに対応付けられた前記論理グループに分配された前記第二層のLUへのアクセスに、前記指定された第二層のLUへのアクセスの中で処理するアクセスを限定する入出力制御部
    を具備し、
     前記ホスト計算機は、
     前記アクセス要求を前記ストレージ装置へ送信すること
    を特徴とするストレージシステム。     In a storage system that connects one or multiple host computers and storage devices,
    The storage device
    It comprises a first layer LU (Logical Unit) and a second layer LU that are hierarchically related,
    A configuration controller that distributes the second layer LU to one or more logical groups, and associates the logical group with the first layer LU;
    The first layer LU and the second layer LU receive the designated access request and the second layer LU distributed to the logical group associated with the designated first layer LU. An access control unit for limiting access to be processed in access to the designated second layer LU,
    The host computer
    A storage system that transmits the access request to the storage apparatus.
  2.  前記ストレージ装置は、
     前記ホスト計算機と接続し、前記第一層のLUにアクセス可能なホスト計算機がそれぞれ登録され、前記登録されたホスト計算機からのアクセスのみを許可するポート
    をさらに具備することを特徴とする請求項1に記載のストレージシステム。     The storage device
    2. The host computer according to claim 1, further comprising a port that is connected to the host computer and that is accessible to the first layer LU, and that only allows access from the registered host computer. The storage system described in.
  3.  前記ストレージシステムは、
     前記ホスト計算機と前記ストレージ装置とに接続された管理計算機をさらに具備し、
     前記ストレージ装置は、
     前記管理計算機からの前記第一層のLUと論理グループとの対応関係設定要求に対して、前記対応関係設定要求された前記第一層のLUにアクセス可能なホスト計算機が前記ポートに登録されていない場合、前記対応関係設定要求を拒絶すること
    を特徴とする請求項2に記載のストレージシステム。     The storage system
    A management computer connected to the host computer and the storage device;
    The storage device
    In response to the correspondence setting request between the first layer LU and the logical group from the management computer, a host computer that can access the first layer LU requested for the correspondence setting is registered in the port. 3. The storage system according to claim 2, wherein if there is not, the correspondence setting request is rejected.
  4.  前記ストレージシステムは、
     前記ホスト計算機と前記ストレージ装置とに接続された管理計算機をさらに具備し、
     前記ストレージ装置は、
     前記管理計算機からの前記第一層のLUと論理グループとの対応関係設定要求に対して、前記対応関係設定要求された前記第一層のLUにアクセス可能なホスト計算機の登録されたポートと、前記対応関係設定要求された前記論理グループに対応付けられた前記第一層のLUにアクセス可能なホスト計算機の登録されたポートが同一の場合、前記対応関係設定要求を拒絶すること
    を特徴とする請求項2に記載のストレージシステム。     The storage system
    A management computer connected to the host computer and the storage device;
    The storage device
    In response to the correspondence setting request between the first layer LU and the logical group from the management computer, the registered port of the host computer that can access the first layer LU requested for the correspondence setting; The correspondence setting request is rejected when the registered ports of the host computers that can access the first layer LU associated with the logical group requested for the correspondence setting are the same. The storage system according to claim 2.
  5.  前記ストレージ装置は、
     前記登録されたポートが同一の場合、前記管理計算機へ設定可否要求を送信し、
     前記設定可否要求に対する前記管理計算機からの設定可否応答に応じて、前記対応関係設定要求の拒絶を行わず、
     前記管理計算機は、
     前記ストレージ装置から設定可否要求を受信し、
     前記受信した設定可否要求を出力して、前記設定可否応答が入力され、前記入力された設定可否応答を前記ストレージ装置へ送信すること
    を特徴とする請求項4に記載のストレージシステム。     The storage device
    If the registered ports are the same, send a setting availability request to the management computer,
    In response to a setting availability response from the management computer to the setting availability request, without rejecting the correspondence setting request,
    The management computer is
    A setting availability request is received from the storage device,
    5. The storage system according to claim 4, wherein the received setting availability request is output, the setting availability response is input, and the input setting availability response is transmitted to the storage apparatus.
  6.  前記ストレージシステムは、
     前記ホスト計算機と前記ストレージ装置とに接続された管理計算機をさらに具備し、
     前記ストレージ装置は、
     前記管理計算機からの前記第一層のLUと論理グループとの対応関係設定要求に対して、
    前記対応関係設定要求された前記第一層のLUにアクセス可能と前記ポートに登録されたホスト計算機と、前記対応関係設定要求された前記論理グループに対応付けられた前記第一層のLUにアクセス可能と前記ポートに登録されたホスト計算機が異なる場合、前記対応関係設定要求を拒絶すること
    を特徴とする請求項2に記載のストレージシステム。     The storage system
    A management computer connected to the host computer and the storage device;
    The storage device
    In response to the correspondence setting request between the first layer LU and the logical group from the management computer,
    Access to the first layer LU requested for the correspondence setting and access to the host computer registered in the port and the first layer LU associated with the logical group requested for the correspondence setting 3. The storage system according to claim 2, wherein if the host computer registered in the port is different from possible, the correspondence setting request is rejected.
  7.  前記ストレージ装置は、
     前記登録されたホスト計算機が異なる場合、前記管理計算機へ設定可否要求を送信し、
     前記設定可否要求に対する前記管理計算機からの設定可否応答に応じて、前記対応関係設定要求の拒絶を行わず、
     前記管理計算機は、
     前記ストレージ装置から設定可否要求を受信し、
     前記受信した設定可否要求を出力して、前記設定可否応答が入力され、前記入力された設定可否応答を前記ストレージ装置へ送信すること
    を特徴とする請求項6に記載のストレージシステム。     The storage device
    If the registered host computer is different, send a setting availability request to the management computer,
    In response to a setting availability response from the management computer to the setting availability request, without rejecting the correspondence setting request,
    The management computer is
    A setting availability request is received from the storage device,
    7. The storage system according to claim 6, wherein the received setting availability request is output, the setting availability response is input, and the input setting availability response is transmitted to the storage apparatus.
  8.  前記ストレージシステムは、
     前記ホスト計算機と前記ストレージ装置とに接続された管理計算機をさらに具備し、
     前記管理計算機は、
     前記第一層のLUにアクセス可能と前記ポートに登録されたホスト計算機の解除要求を送信し、
     前記ストレージ装置は、
     前記解除要求を受信し、解除要求された前記第一層のLUに対応付けられた前記論理グループに分配された前記第二層のLUが存在する場合、前記解除要求を拒絶すること
    を特徴とする請求項2に記載のストレージシステム。     The storage system
    A management computer connected to the host computer and the storage device;
    The management computer is
    Sending a request to cancel the host computer registered in the port that the first layer LU is accessible,
    The storage device
    Receiving the release request, and rejecting the release request when there is an LU of the second layer distributed to the logical group associated with the LU of the first layer requested to be released. The storage system according to claim 2.
  9.  前記ストレージシステムは、
     前記ホスト計算機と前記ストレージ装置とに接続された管理計算機をさらに具備し、
     前記管理計算機は、
     前記第一層の削除要求を送信し、
     前記ストレージ装置は、
     前記削除要求を受信し、削除要求された前記第一層のLUに対応付けられた前記論理グループに分配された前記第二層のLUが存在する場合、前記削除要求を拒絶すること
    を特徴とする請求項2に記載のストレージシステム。     The storage system
    A management computer connected to the host computer and the storage device;
    The management computer is
    Send the first layer delete request,
    The storage device
    Receiving the deletion request, and rejecting the deletion request when there is an LU of the second layer distributed to the logical group associated with the LU of the first layer requested to be deleted. The storage system according to claim 2.
  10.  前記ストレージ装置は、
     前記ホスト計算機からの要求を受け付ける第三のLUを具備し、
     前記第三のLUで受け付けた要求に基づき、前記第一層のLUへの前記第二層のLUの割り当てを行い、
     前記ホスト計算機は、
     前記第一層のLUへの前記第二層のLUの割当て要求を前記第三のLUへ送信すること
    を特徴とする請求項1に記載のストレージシステム。     The storage device
    Comprising a third LU for accepting requests from the host computer;
    Based on the request received by the third LU, assign the second layer LU to the first layer LU;
    The host computer
    The storage system according to claim 1, wherein a request to allocate the second layer LU to the first layer LU is transmitted to the third LU.
  11.  前記ストレージ装置は、
     前記第三のLUの受け付ける要求として、前記第一層のLUへの前記第二層のLUの割当て要求以外は拒絶すること
    を特徴とする請求項10に記載のストレージシステム。     The storage device
    The storage system according to claim 10, wherein, as a request accepted by the third LU, a request other than an allocation request of the second layer LU to the first layer LU is rejected.
  12.  一つもしくは複数のホスト計算機とストレージ装置を接続したストレージシステムのアクセス制御方法において、
     前記ストレージ装置は、
     階層的に対応付けられた第一層のLU(Logical Unit)と第二層のLUを具備し、前記第二層のLUを一つもしくは複数の論理グループに分配し、前記論理グループと前記第一層のLUとを対応付け、
     前記ホスト計算機は、
     前記第一層のLUと前記第二層のLUが指定されたアクセス要求を前記ストレージ装置へ送信し
     前記ストレージ装置は、
     前記アクセス要求を受信し、前記指定された第一層のLUに対応付けられた前記論理グループに分配された前記第二層のLUへのアクセスに、前記指定された第二層のLUへのアクセスの中で処理するアクセスを限定すること
    を特徴とするアクセス制御方法。     In a storage system access control method in which one or a plurality of host computers and a storage device are connected,
    The storage device
    It comprises a first layer LU (Logical Unit) and a second layer LU that are hierarchically related, the LU of the second layer is distributed to one or more logical groups, and the logical group and the first layer LU are distributed. Associate with one LU,
    The host computer
    An access request in which the first layer LU and the second layer LU are specified is transmitted to the storage device, and the storage device
    The access request is received, and access to the second layer LU distributed to the logical group associated with the designated first layer LU is made to the designated second layer LU. An access control method characterized by limiting access to be processed in access.
  13.  前記ストレージ装置は、
     前記ホスト計算機と接続し、前記第一層のLUにアクセス可能なホスト計算機がそれぞれ登録され、前記登録されたホスト計算機からのアクセスのみを許可するポートをさらに具備し、
     前記ホスト計算機は、
     前記第一層のLUと前記第二層のLUにより指定されたデータのアクセス要求を前記ストレージ装置へ送信し
     前記ストレージ装置は、
     前記アクセス要求を受信し、前記アクセス要求を送信したホスト計算機が、前記アクセス要求で指定された第一層のLUにアクセス可能であると前記ポートに登録されたホスト計算機の場合、前記アクセス要求を許可すること
    を特徴とする請求項12に記載のアクセス制御方法。     The storage device
    A host computer connected to the host computer and capable of accessing the LU of the first layer is registered, and further includes a port that permits access only from the registered host computer;
    The host computer
    An access request for data designated by the LU of the first layer and the LU of the second layer is transmitted to the storage device.
    When the host computer that has received the access request and has transmitted the access request is a host computer that is registered in the port as being able to access the first layer LU specified in the access request, the access request is 13. The access control method according to claim 12, wherein the access is permitted.
  14.  前記ストレージ装置は、
     前記ホスト計算機からの要求を受け付ける第三のLUを具備し、
     前記ホスト計算機は、
     前記第一層のLUへの前記第二層のLUの割当て要求を前記第三のLUへ送信し、
     前記ストレージ装置は、
     前記第三のLUで受け付けた要求に基づき、前記第一層のLUへの前記第二層のLUの割り当てを行うこと
    を特徴とする請求項12に記載のアクセス制御方法。     The storage device
    Comprising a third LU for accepting requests from the host computer;
    The host computer
    Sending a request to assign the second layer LU to the first layer LU to the third LU;
    The storage device
    13. The access control method according to claim 12, wherein the second layer LU is allocated to the first layer LU based on a request received by the third LU.
  15.  一つもしくは複数のホスト計算機と接続するストレージ装置であって、
     階層的に対応付けられた第一層のLU(Logical Unit)及び第二層のLUと、
     前記第二層のLUを一つもしくは複数の論理グループに分配し、前記論理グループと前記第一層のLUとを対応付ける構成制御部と、
     前記ホスト計算機から前記第一層のLUと前記第二層のLUが指定されたアクセス要求を受信すると、前記指定された第一層のLUに対応付けられた前記論理グループに分配された前記第二層のLUへのアクセスに、前記指定された第二層のLUへのアクセスの中で処理するアクセスを限定する入出力制御部と、
    を備えること
    を特徴とするストレージ装置。     A storage device connected to one or more host computers,
    A first-layer LU (Logical Unit) and a second-layer LU that are hierarchically associated with each other;
    A configuration controller that distributes the second layer LU to one or more logical groups, and associates the logical group with the first layer LU;
    Upon receiving an access request in which the first layer LU and the second layer LU are designated from the host computer, the first layer distributed to the logical group associated with the designated first layer LU is received. An input / output control unit that limits access to the two-layer LU to be processed in the access to the designated second-layer LU;
    A storage apparatus comprising:
PCT/JP2014/084379 2014-12-25 2014-12-25 Storage system, storage device and access control method WO2016103416A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/JP2014/084379 WO2016103416A1 (en) 2014-12-25 2014-12-25 Storage system, storage device and access control method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2014/084379 WO2016103416A1 (en) 2014-12-25 2014-12-25 Storage system, storage device and access control method

Publications (1)

Publication Number Publication Date
WO2016103416A1 true WO2016103416A1 (en) 2016-06-30

Family

ID=56149509

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2014/084379 WO2016103416A1 (en) 2014-12-25 2014-12-25 Storage system, storage device and access control method

Country Status (1)

Country Link
WO (1) WO2016103416A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018011839A1 (en) * 2016-07-11 2018-01-18 株式会社日立製作所 Information processing system and control method for information processing system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2001265655A (en) * 2000-01-14 2001-09-28 Hitachi Ltd Security system for storage sub system
JP2005165702A (en) * 2003-12-03 2005-06-23 Hitachi Ltd Device connection method of cluster storage
JP2006184949A (en) * 2004-12-24 2006-07-13 Hitachi Ltd Storage control system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2001265655A (en) * 2000-01-14 2001-09-28 Hitachi Ltd Security system for storage sub system
JP2005165702A (en) * 2003-12-03 2005-06-23 Hitachi Ltd Device connection method of cluster storage
JP2006184949A (en) * 2004-12-24 2006-07-13 Hitachi Ltd Storage control system

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018011839A1 (en) * 2016-07-11 2018-01-18 株式会社日立製作所 Information processing system and control method for information processing system
JPWO2018011839A1 (en) * 2016-07-11 2018-11-22 株式会社日立製作所 Information processing system and method for controlling information processing system
US10762021B2 (en) 2016-07-11 2020-09-01 Hitachi, Ltd. Information processing system, and control method of information processing system
JP7012010B2 (en) 2016-07-11 2022-01-27 株式会社日立製作所 Information processing system and control method of information processing system

Similar Documents

Publication Publication Date Title
US8402239B2 (en) Volume management for network-type storage devices
US9124613B2 (en) Information storage system including a plurality of storage systems that is managed using system and volume identification information and storage system management method for same
US9639277B2 (en) Storage system with virtual volume having data arranged astride storage devices, and volume management method
JP5512833B2 (en) Storage system including a plurality of storage devices having both a storage virtualization function and a capacity virtualization function
US9229645B2 (en) Storage management method and storage system in virtual volume having data arranged astride storage devices
US8214611B2 (en) Storage subsystem and its data processing method, and computer system
US8051262B2 (en) Storage system storing golden image of a server or a physical/virtual machine execution environment
JP4671353B2 (en) Storage apparatus and control method thereof
US8650381B2 (en) Storage system using real data storage area dynamic allocation method
US8639775B2 (en) Computer system and its management method
JP6055924B2 (en) Storage system and storage system control method
JP7012010B2 (en) Information processing system and control method of information processing system
US20120265956A1 (en) Storage subsystem, data migration method and computer system
US9081509B2 (en) System and method for managing a physical storage system and determining a resource migration destination of a physical storage system based on migration groups
US20090276594A1 (en) Storage system
US9395926B2 (en) Storage system and management computer
US9239681B2 (en) Storage subsystem and method for controlling the storage subsystem
WO2016103416A1 (en) Storage system, storage device and access control method
WO2018011881A1 (en) Storage device and computer system
JP2009258825A (en) Storage system, virtualization device and computer system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14909023

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14909023

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: JP