JP4810930B2 - Information processing system - Google Patents

Description

  The present invention relates to a volume protection technique in an information processing system in which a plurality of storage systems are connected via a network.

  In an information processing system including a host computer (hereinafter referred to as a business host) and a storage system, it is necessary to realize the following two functions in order to protect data written in the storage system.

  (1) Deny access other than authorized business hosts.

  (2) Preventing an erroneous operation of the storage system administrator and prohibiting a malicious storage system administrator from rewriting data.

  The above functions are collectively referred to as a volume protection function.

  One technique for realizing the function (1) is an access protection technique. In the access protection technology, a business host that can be accessed for each logical device (hereinafter referred to as a logical volume) composed of physical disks of a storage system is determined in advance, and the area other than the predetermined business host is assigned to the area. This technology denies access.

The storage system holds, as information for managing each logical volume, the port ID of the business host that has given access permission to each logical volume. When the storage system receives an access request to the logical volume, the storage system checks whether the requested business host port ID matches the port ID of the business host to which the access permission has been granted, and permits access only if they match.

  At this time, a plurality of business hosts may be grouped, and permission or denial of access to each logical volume may be set for each group. Hereinafter, this group is referred to as a host group.

  One technique for realizing the method (2) is a volume attribute protection technique. Here, in this specification, the volume attribute refers to a form of prohibiting and permitting access such as reading and writing, which is set in advance for each logical volume. Specifically, there are Read / Write for which both reading and writing are permitted, Read Only for which only reading is permitted, and Protect for which both reading and writing are prohibited.

The volume attribute protection technique is a technique for controlling access to a logical volume in accordance with a volume attribute preset for each logical volume. Specifically, the volume attribute is set in advance for each logical volume, and when the logical volume is accessed, the set attribute is confirmed, and read and / or according to the attribute. Control is performed to permit or reject writing (see, for example, Patent Document 1). According to the method disclosed in Patent Document 1, a disk control device connected to a business host and controlling input / output of data to / from a logical volume is provided, and information related to the attributes of each logical volume is held in the disk control device. The business host accesses the storage system via the disk controller.

  Here, in an information processing system including a business host and a plurality of storage systems, as a method for providing a logical volume of a storage system to a business host, one storage system is connected to another storage system connected to the storage system. There is a technique for providing a volume as a volume of its own storage system (see, for example, Patent Document 2). Hereinafter, connecting another storage system so that the volume of the other storage system can be provided as the volume of its own storage system is referred to as external connection.

  A connection source storage system externally connected to another storage system provides a virtual logical volume called a virtual volume associated with a logical volume in the other storage system to the business host. Hereinafter, a storage system externally connected to a storage system that provides a virtual volume to a business host is referred to as an external storage system. When a storage system that provides a virtual volume to a business host receives an access request from the business host to the virtual volume, it accesses the logical volume in the external storage system corresponding to the virtual volume, and sends the result to the business host. return.

JP 2000-112822 A JP 2004-220450 A

  According to the method of Patent Document 1, it is guaranteed that reading and writing by an unauthorized business host with respect to the logical volume of the storage system is not performed. However, there is no disclosure about access protection for the logical volume of the external storage system in the information processing system having the external storage system.

  In an information processing system having an external storage system, there are a wide variety of volume protection methods that can be set depending on the functions related to volume protection of the storage system that provides virtual volumes to business hosts and the external storage system, and the system configuration. However, a complicated procedure is required for setting.

  The present application has been made in view of the above circumstances, and enables a storage system administrator to easily perform settings for protecting a logical volume of an external storage system, and provides a highly reliable setting technology. The purpose is to increase the safety of the operation of the entire information system.

  In order to solve the above problems, the present invention consolidates information relating to volume protection to a management server that manages each storage system in an information processing system, and selects a volume protection method that can be selected according to a predetermined method. Generate and present.

  Specifically, a first storage system, a second storage system connected to the first storage system, a management device connected to the first storage system and the second storage system, The first storage system includes an actual storage area that provides one or more first storage areas of the first storage system to a host computer as a logical storage area, and the second storage system includes A virtual storage area that provides one or more second storage areas to the host computer as a logical storage area, and the management device is provided in the logical storage area that the first storage system provides to the host computer. Collect information from the first storage system that identifies the data protection function (first volume protection function) Information that identifies the function (second volume protection function) for protecting the data in the second storage area of the second storage system is collected from the second storage system and retained. When the volume protection function holding means and an instruction to protect the data in the second storage area are received from the user, the first volume protection function and the second volume protection are referred to by referring to the volume protection function holding means. Volume protection management means for generating a method for protecting data in the second storage area that can be selected by combining functions (second storage area protection method) and presenting it to the user. An information processing system is provided.

  According to the present application, the storage system administrator can easily perform the setting for protecting the logical volume of the external storage system. Accordingly, the reliability of the settings relating to volume protection including the external storage system is increased, and the safety of the operation of the entire information system is increased.

  Hereinafter, an embodiment of an information processing system to which the present invention is applied will be described with reference to the drawings.

  FIG. 1 is a system configuration diagram of an information processing system 100 according to the present embodiment. As shown in this figure, the information processing system of this embodiment includes a storage system 101, a storage system 102 (external storage system 102) that is an external storage system, and a host computer (hereinafter referred to as a business host) 104. , A network 141 that connects them, a management server 103 that performs operation / maintenance management of the entire information processing system 100, and a network 143 that connects the management server 103, the storage system 101, and the external storage system 102.

  The storage system 101 includes a processor 111, a memory 112, a business host interface 113 that receives an I / O request from the business host 104, a management server interface 114 that receives an instruction from the management server 103, and the storage system 102. An external connection interface 115 for accessing the data, a plurality of hard disks 116 for storing data, and a cache memory 117 for temporarily storing write data from the business host 104.

  The external storage system 102 stores a processor 121, a memory 122, a business host interface 123 that receives an I / O request from the outside, a management server interface 124 that receives an instruction from the management server 103, and data. A plurality of hard disks 126 and a cache memory 127 for temporarily storing write data from the outside are provided. That is, the external storage system 102 has a configuration in which the external connection interface is removed from the storage system 101.

  The management server 103 includes a processor 131, a memory 132, an interface 133 for accessing the storage system 101 and the external storage system 102, a monitor 134 for outputting information to a storage system administrator, a keyboard, a mouse, and the like. The input device 135 receives an input from the storage system administrator, and the hard disk 136 stores data.

  Each of the storage system 101, the external storage system 102, and the management server 103 implements various functions described later by the processors 111, 121, and 131 executing various programs stored in the memories 112, 122, and 132.

  The business host 104 includes a CPU, a memory, and the like, and achieves a predetermined function when the CPU reads and executes an operating system and application programs stored in the memory.

  Next, details of the storage system 101, the external storage system 102, and the management server 104 will be described.

  FIG. 2 is a functional configuration diagram of the storage system 101. As shown in the figure, the storage system 101 includes a logical volume group 320 having one or a plurality of logical volumes for providing a storage area of the hard disk 116 or the hard disk 126 of the external storage system 102 to the business host 104.

  The logical volumes that make up the logical volume group 320 include one or more real volumes 321 and one or more virtual volumes 322. Here, the real volume 321 is a logical volume configured from the hard disk 116 of the storage system 101. On the other hand, the virtual volume 322 is provided to the business host 104 as a logical volume of the storage system 101, but the actual data storage destination is the logical volume of the external storage system 102. Connecting the external storage system 102 to the storage system 101 so as to provide the logical volume of the external storage system 102 as the logical volume of the storage system 101 to the business host 104 is called external connection.

  Each logical volume (real volume 321 and virtual volume 322) constituting the logical volume group 320 is assigned to one of the ports of the business host interface 113, respectively.

  The storage system 101 assigns, to each logical volume of the external storage system 102, information identifying the area of the cache memory 117 and the virtual volume 322 associated with the logical volume. The association between the logical volume of the external storage system and the logical volume of the storage system is called mapping. When there is an access request from the business host 104 to the virtual volume 322, the storage system 101 accesses the logical volume of the mapped external storage system 102 via the external connection interface 115. Then, the storage system 101 returns the result returned from the external storage system 102 to the business host 104.

  Note that the processing when the business host 104 makes an access request to the virtual volume 322 may or may not use the cache 117. A processing mode that uses the cache 117 when there is an access request from the business host 104 is called a cache mode. That is, the cache is used when the cache mode is on, and the cache is not used when the cache mode is off.

  Specifically, when the cache mode is on (valid), the storage system 101 notifies the business host 104 of the completion of writing at the time of writing to the cache 117 in response to a write request from the business host 104. Data written to the cache 117 is transferred to the external storage system 102 and written asynchronously with the write request. In response to a read request from the business host 104, first, the cache 117 is searched. If the target data is in the cache 117, the cache 117 is transferred to the business host 104. If the target data is not in the cache 117, a read request is issued to the external storage system 102, and when data is received from the external storage system 102, the data is stored in the cache 117 and transferred from the cache 117 to the business host 104.

  On the other hand, when the cache mode is off (invalid), the storage system 101 immediately issues a write request to the external storage system 102 in response to the write request from the business host 104 and notifies the external storage system 102 of the write completion. When received, the business host 104 is notified of the completion of writing. Further, in response to a read request from the business host 104, the read request is immediately issued to the external storage system 102, data is received from the external storage system 102 and transferred to the business host 104. When data is received from the external storage system 102, the data is not written to the cache 117.

  The memory 112 of the storage system 101 includes a volume table 301, a port table 302, an external volume table 303, a host table 304, a volume attribute control program 311, an external connection control program 312, and an access protection control program 313. An encrypted writing program 314, a table management program 316, and an access management program 317 are stored.

  The volume table 301 holds volume attributes set for each logical volume constituting the logical volume group 320. Details will be described later with reference to FIG. The port table 302 holds the identification information of the host group to which the business host 104 that can be accessed by the logical volume assigned to each logical volume belongs. Details will be described later with reference to FIG. The external volume table 303 holds the correspondence between the virtual volume 322, the external connection port, and the logical volume of the external storage system 102 assigned to the virtual volume 322 via the external connection port. Details will be described later with reference to FIG. The host table 304 holds the correspondence between the identification information (port ID) of the host connected to the storage system 101 and the identification information of the host group to which the port belongs. Details will be described later with reference to FIG. These tables may be held together as one table.

  The volume attribute control program 311 is a program that performs processing to change the volume attribute of each logical volume that constitutes the logical volume group 320. When an instruction to change the volume attribute is received, it is determined whether or not the change is possible, and if possible, the change is made. Here, in the present embodiment, there are three types of volume attributes that can be set: a read / write attribute that permits both read and write access, a read only attribute that permits only read, and a protect attribute that prohibits both read and write access. To do.

  When the volume attribute control program 311 changes the volume attribute of each logical volume to a Read Only attribute and a Protect attribute, the volume attribute control program 311 sets a period (holding period) for maintaining the volume attribute in accordance with an instruction input by the user. Note that the retention period is updated as time passes.

  The external connection control program 312 is a program that performs processing for externally connecting the external storage system 102 to the storage system 101. After the external connection processing is completed, the external storage system 102 processes access from the storage system 101 in the same manner as access from the business host 104.

  The access protection control program 313 is a program that performs processing for protecting access to each logical volume. That is, for each logical volume, a process of assigning a host group composed of business hosts 104 that can access the logical volume is performed. In this embodiment, the access protection control program 313 assigns a host group to each logical volume as described above, but the business host 104 that can access the logical volume for each logical volume. May be assigned. The business host 104 can access only the logical volume assigned to the host group to which the business host 104 belongs by the access protection control program 313.

  The encrypted writing program 314 is a program for performing processing for encrypting data written from the business host 104 and storing the data in a physical storage area associated with the logical volume.

  The table management program 316 is a program that performs processing for rewriting the volume table 301, the port table 302, the external volume table 303, and the host table 304 in accordance with processing of other programs.

  The access management program 317 is a program that executes access to a logical volume.

  The storage system 101 may not have the volume attribute control program 311 and the encrypted communication program 316.

  FIG. 3 is a functional configuration diagram of the external storage system 102. As shown in the figure, the external storage system 102 includes a logical volume group 420 composed of logical volumes that are one or a plurality of logical storage areas for providing the storage area of the hard disk 126 to the outside. Each logical volume constituting the logical volume group 420 is a real volume 421. Further, the memory 122 stores a volume attribute control program 411, an access protection control program 413, a table management program 416, a volume table 401, a port table 402, a host table 403, and an access management program 417. The These are basically the same as the program and table of the storage system 101 having the same name. That is, the external storage system 102 does not have the external connection control program 312, the encrypted write program 314, the virtual volume 322, and the external volume table 303 of the storage system 101. The external storage system 102 may not have the volume attribute control program 411 and the access protection control program 413.

  The access protection control program 313 of the storage system 101 allocates an accessible logical volume to a host group composed of one or a plurality of business hosts 104, whereas the access protection control program 413 of the external storage system 102 Allocates a logical volume of the accessible logical volume group 420 to the port of the external connection interface 115 of the storage system 101.

  FIG. 4 is a functional configuration diagram of the management server 103. As shown in the figure, the memory 132 of the management server 103 has a storage table 201, an access protection correspondence table 202, a mapping table 203, a volume correspondence table 204, a GUI program 211, a volume protection management program 212, The storage management program 214 and the management information change program 213 are stored.

  The storage table 201, the access protection correspondence table 202, the mapping table 203, and the volume correspondence table 204 are set in the information collected from each of the external storage system 101 and the storage system 102 that are the management targets of the management server 103. It holds information. Details will be described later with reference to FIGS. 5, 6, 7, and 8. These tables may be held together as one to a few tables.

  The GUI program 211 is a program that displays information of the storage system 101 and the external storage system 102 on the monitor 134 and provides an interface for operating the management server 103 to the storage system administrator. Details of a screen that is an interface displayed on the monitor 134 by the GUI program 211 will be described later with reference to FIGS. 13 and 14. Of course, instead of the GUI program 211, another operation interface such as a command line interface may be provided.

  The volume protection management program 212 is a program that instructs the storage system 101 and the external storage system 102 to change the volume attributes of the logical volumes that constitute the logical volume group 320 and the logical volumes that constitute the logical volume group 420, respectively. is there. The volume protection management program 212 acquires functions related to volume protection held by the storage system 101 and the external storage system 102 and generates options that can be selected as a method for protecting the volume of the external storage system 102. Then, the generated volume protection method is presented to the storage system administrator, the selection from the storage system administrator is accepted, and the storage system 101 and the external storage system 102 are instructed to protect the external storage system 102 by the accepted method. To do. At this time, the volume protection management program 212 may be configured to select the optimal method instead of the storage system administrator selecting the method. Details will be described later with reference to FIGS. 19 and 20.

  The storage management program 214 is a program that extracts necessary information from the storage system 101 and the external storage system 102 and defines the system configuration. In this embodiment, specifically, information necessary for completing and changing the storage table 201, the access protection correspondence table 202, the mapping table 203, and the volume correspondence table 204 is acquired. The storage management program 214 collects information from each storage system (in this embodiment, the storage system 101 and the external storage system 102) at an arbitrary timing, not only when there is an instruction from the storage system administrator. It is good to do.

  The management information change program 213 is a program for updating management information. Here, the management information is information for managing information acquired from the storage system 101 and the external storage system 102. In this embodiment, the information is stored in the storage table 201, the access protection correspondence table 202, the mapping table 203, and the volume correspondence table 204. The volume protection management program 212 may update the management information instead of the management information change program 213.

  The storage table 201 holds program information relating to logical volume protection that can be used by each storage system. FIG. 5 is a diagram illustrating an example of the storage table 201. As shown in this figure, the storage table 201 can use the storage system name column 501 for storing the storage system name of each storage system and the access protection control programs 313 and 413 (for example, whether the program is held). An access protection control column 502 storing information indicating whether or not, and a volume attribute control column storing information indicating whether or not the volume attribute control programs 311 and 411 can be used (for example, whether the program is held). 503 and an encrypted write string 505 in which information indicating whether or not the encrypted write program 314 can be used (for example, whether the program is held) is stored.

  The access protection correspondence table 202 stores information on access protection attributes indicating whether or not access protection is performed by the access protection control programs 313 and 413 for each logical volume of each storage system (whether access protection is valid or invalid). The FIG. 6 is a diagram illustrating an example of the access protection correspondence table 202. As shown in this figure, the access protection correspondence table 202 includes a storage system name column 601 that stores the storage system name of each storage system, and an LU # column 602 that stores identification information for uniquely identifying each logical volume. And an access protection attribute column 603 for storing information indicating whether the logical volume is protected by the access protection control programs 313 and 413 (valid or invalid). When the validity is stored in the access protection attribute column, the host group column 604 stores information indicating a host group permitted to access the logical volume.

  LU #, which is identification information of a logical volume, is uniquely determined from a port number that identifies a port on the host interface to which the logical volume is allocated and a logical volume number that is an identification number of the logical volume at the port. For example, taking AZB1225-001 stored in the LU # column 602 of the first row of the access protection comparison table 202 in FIG. 6 as an example, the first half AZB 1225 is the port number, and the second half 001 is the logical volume number. It is. The port number is a number for uniquely identifying the port, and is the only number in the world assigned in advance such as World Wide Name.

  The mapping table 203 is a correspondence between a logical volume of a storage system (storage system 101 in this embodiment) having an externally connected storage system and a logical volume of the external storage system (external storage system 102 in this embodiment). Holds information indicating the relationship. FIG. 7 is a diagram illustrating an example of the mapping table 203. As shown in the figure, the mapping table 203 includes an LU # column 701 that stores the identification information of the logical volume of the storage system 101, a storage system column 702 that stores the storage system name of the storage system 101, and an external storage system 102. The external LU # column 703 for storing the identification information of the logical volume and the external storage system column 704 for storing the storage system name of the external storage system 102 are provided.

  The volume correspondence table 204 holds the volume attribute and related information of the logical volume of each storage system. FIG. 8 is a diagram showing an example of the volume correspondence table 204. As shown in the figure, the volume correspondence table 204 includes a storage system name column 801 that stores the storage system name of each storage system, an LU # column 802 that stores identification information of each logical volume, and a volume in each logical volume. The volume attribute column 803 that stores information indicating the volume attribute set by the attribute control programs 311, 411, the volume attribute retention period column 805 that stores information indicating the retention period of the volume attribute of each logical volume, and the data It is provided with an encrypted write string 806 for storing information indicating whether or not each logical volume has been encrypted and written by the encrypted write program 314.

  The volume table 301 holds volume attributes and related information of each logical volume that constitutes the logical volume group 320. FIG. 9 is a diagram showing an example of the volume table 301 in the storage system 101. As shown in the figure, the volume table 301 includes an LU # column 901 that stores identification information of each logical volume, and a volume attribute column 902 that stores volume attributes set by the volume attribute control program 311 for each logical volume. A cache mode attribute column 904 that stores information indicating whether the cache mode at the time of external connection is valid or invalid for each logical volume, and a volume attribute retention period column that stores information indicating the retention period of the volume attribute of each logical volume 905. The validity / invalidity of the cache mode stored in the cache mode attribute column 904 is stored only when the logical volume is the virtual volume 322.

  The volume table 401 held by the external storage system 102 basically has the same configuration as the volume table 301, and holds volume attributes and related information of each logical volume in the logical volume group 420. However, it does not have a cache mode attribute column 903.

  The port table 302 holds the access protection attribute of each logical volume in the logical volume group 320 and related information. FIG. 10 is a diagram illustrating an example of the port table 302. As shown in this figure, the port table 302 includes an LU # column 1001 that stores identification information of each logical volume and an access protection attribute of each logical volume, that is, whether or not access is protected by the access protection control program 313. Information indicating whether or not (valid or invalid), and information indicating a host group that is permitted to access the logical volume when validity is stored in the access protection attribute column And a host group column 1003 for storing.

  The external volume table 303 has information on the logical volume to which the external connection port is connected (here, the logical volume constituting the logical volume group 420 of the external storage system 102). FIG. 11 is a diagram showing an example of the external volume table 303. As shown in this figure, the external volume table 303 includes an LU # column 1101 for storing identification information of the virtual volume 322 of the storage system 101 and an external connection port used for accessing the logical volume of the external storage system 102. An external connection port column 1102 for storing the port number of the external storage system, and an external LU # column 1103 for storing the identification information of the logical volume of the connection destination external storage system 102.

  The host table 304 shows information on the business hosts 104 belonging to each host group. FIG. 12 is a diagram illustrating an example of the host table 304. As shown in this figure, the host table 304 includes a host port column 2301 that stores the names of the ports of the business host 104 used for the business host 104 to connect to the storage system 101, and the host group of the host group to which the port belongs. A host group column 2302 for storing names. The port name stored in the host port column 2301 is a number for uniquely identifying the port of the business host 104, and is the only number assigned in advance in the world such as World Wide Name.

  Next, the configuration of a screen provided as an input / output interface by the GUI program 211 will be described. In the present embodiment, the screens provided by the GUI program 211 include a volume search screen 1200 that receives a search instruction for searching for a logical volume to be operated and a volume attribute change screen 1300 that receives an operation instruction.

  FIG. 13 is an example of a volume search screen 1200 provided by the GUI program 211. The volume search screen 1200 is provided as an interface for extracting a logical volume whose volume attribute is to be changed. The volume search screen 1200 includes a tree review area 1201, a command input area 1202, and a result display area 1203.

  The tree view area 1201 displays the storage system name of the storage system managed by the management server 103. The administrator of the storage system can select a storage system using the input device 135. The GUI program 211 accepts selection of the storage system from the administrator of the storage system by clicking or the like.

  The result display area 1203 displays information on the logical volume of the storage system selected by the storage system administrator. Information to be displayed is extracted from the volume correspondence table 204 using the storage system name as a key for the storage system for which the GUI program 211 has received the selection of the storage system administrator via the tree review area 1201.

  The command input area 1202 is an area where a storage system administrator inputs a command for operation. When the storage system administrator receives input of information in each column of the volume correspondence table 204 as a selection condition, the GUI program 211 selects a logical volume that meets the condition from the volume correspondence table 204 using the input information as a key. The result is output to the display unit 1203. Of course, the input and display of the search condition is not limited to this method. For example, volume search input and search result display may be realized by means such as a command line interface.

  FIG. 14 is an example of a volume attribute change screen 1300 provided by the GUI program 211. The volume attribute change screen 1300 is provided as an interface for receiving various instructions for changing the volume attribute. The volume attribute change screen 1300 includes a volume attribute operation window 1301. The volume attribute operation window 1301 includes an attribute input area 1302, an execute button 1303, and a cancel button 1304. The administrator of the storage system selects a logical volume whose volume attribute is to be changed from the logical volumes extracted via the volume search screen 1200, and inputs the attribute to be changed and the retention period of the attribute to the attribute input unit 1302. That is, the GUI program 211 receives an instruction to specify a logical volume whose volume attribute is to be changed, an instruction of an attribute to be changed, a retention period, and the like from the administrator of the storage system.

  The execution button 1303 accepts the intention to execute the instruction that accepted the input, and the cancel button 1304 accepts the intention that the instruction that accepted the input is not executed. That is, the storage system administrator selects the execute button 1303 when executing the input attribute change instruction. When the attribute change instruction is not executed, a cancel button 1304 is selected. That is, when the GUI program 211 accepts the selection of the execution button 1303, the GUI program 211 instructs the volume protection management program 212 to execute the change for which the input has been accepted. It is not given to the protection management program 212. Of course, input of an attribute change instruction or the like is not limited to this method. For example, it may be realized by means such as a command line interface.

  Next, the operation of each process will be described.

First, processing at the time of system configuration definition and processing at the time of volume registration operation will be described. The system configuration definition process is a process performed when the system is constructed (initial) and when the system configuration is changed.

  In the tables held by the storage system 101 and the external storage system 102, the management server 103 registers the configuration of each storage system, and the information about the volume is registered in the table according to the instructions of the management server 103 on each storage system side. Created by. Each table included in the management server 103 is updated with information acquired from the tables included in the storage system 101 and the external storage system 102 and contents instructed by the management server 103 to the storage system 101 and the external storage system 102.

  First, the operation of the management server 103 at the time of system configuration definition will be described. FIG. 15 is a flowchart showing an example of the operation of the management server 103 at the time of system configuration definition.

The management server 103 acquires information for accessing the connected storage system 101 and external storage system 102. That is, an IP address of the storage system 101 and the external storage system 102 or information for accessing the storage system 100 is received from the storage system administrator (step 140).
1).

  The storage management program 214 accesses the storage system 101 and the external storage system 102 based on the received IP address, respectively, the logical volume that each storage system has, the host group that is permitted to access each logical volume, and each storage Get information about programs available to the system. The management information change program 213 writes the acquired information in predetermined columns of the storage table 201, access protection correspondence table 202, and volume correspondence table 204 (step 1402).

  The storage management program 214 instructs the storage system 101 to connect the port of the external connection interface 115 as the external connection port to the port of the external storage system 102. When the management information change program 213 receives the set information from the storage system 101 together with the setting completion notification, the management information change program 213 writes the received information (set information) in the external LU # column 703 and the external storage system column 704 of the mapping table 203. (Step 1403).

  The storage management program 214 accesses the storage table 201 and determines whether or not the external storage system 102 connected to the external connection port of the storage system 101 holds the access protection control program 413 (step 1404). In the case of holding, the external volume is permitted to allow only the access from the external connection port to the logical volume of the external storage system 102 accessed from the port of the external storage system 102 connected to the external connection port of the storage system 101. The storage system 102 is instructed. When the management information change program 214 receives a notification of the completion of setting from the external storage system 102, the management information change program 214 changes the access protection attribute column 603 of the access protection correspondence table 202 (step 1405), and ends the processing. On the other hand, if it is determined in step 1404 that the data is not held, the processing is terminated.

  FIG. 16 is a flowchart showing an example of the operation of the storage system 101 at the time of system configuration definition.

  The access protection control program 313 of the storage system 101 classifies the business host 104 connected to the storage system 101 into a host group according to an instruction of the storage system administrator, and causes the table management program 316 to write it in the host table 304 (step 1501). ).

  The access protection control program 313 assigns a logical volume to each host group, changes the access protection attribute to valid, registers the processing result in the port table 302, and assigns the business host 104 belonging to the corresponding host group for each logical volume. (Step 1502).

  The external connection control program 312 defines the port of the external connection interface 115 as an external connection port according to the instruction of the storage management program 214 of the management server 103, and sets the port of the host interface 123 of the external storage system 102 to the port. Allocating and setting an access path to a logical volume accessible from the port of the external storage system 102 (step 1503).

  The external connection control program 312 acquires information on logical volumes in the logical volume group 420 that can be accessed from the port of the host interface 123 of the external storage system 102 connected to the external connection port defined in step 1503. The table management program 316 writes the acquired information in the external connection port column 1102 and the external LU # column 1103 of the external volume table 303 (step 1504), and ends the processing. When the writing is completed, the external connection control program 312 notifies the setting together with the information set in the management server 103.

  When the system configuration is defined, the external storage system 102 receives the instruction from the management server 103 in step 1405 in FIG. 15 and executes processing corresponding to steps 1501 and 1502 in FIG. In steps 1501 and 1502, the access protection control program 413 of the external storage system 102 associates the identification information of the logical volume of the external storage system 102 with the host table 404 for external connection of the storage system 101 instead of the host group. The port identification information is registered, and the logical volume accessible from the port of the external storage system 102 connected to the external connection port is set to permit only the access from the external connection port. Then, the management server 103 is notified of the completion of setting together with the information of the set port table 404.

  Next, an operation at the time of a volume registration operation, which is an operation of assigning a logical volume constituting the logical volume group 420 of the external storage system 102 as a virtual volume 322 of the storage system 101 will be described.

  First, the operation of the management server 103 at the time of volume registration operation will be described. FIG. 17 is a flowchart showing an example of the operation of the management server 103 during the volume registration operation.

  The volume protection management program 212 of the management server 103 presents the logical volume of the external storage system 102 held in the volume correspondence table 204 to the user and accepts a selection instruction from the user. Then, the external storage system 102 is instructed to assign the logical volume selected by the user to the port connected to the external connection port of the storage system 101, that is, to set the logical volume to be accessible from the port (step). 1601). Based on this instruction, the external storage 102 assigns the designated logical volume to a port connected to the external connection port of the storage system 101, and makes this logical volume accessible from this port. At this time, the access protection control program 413 of the external storage system 102 executes processing corresponding to the above-described steps 1501 and 1502, and permits access to this logical volume only from the external connection port of the storage system 101. You may set as follows.

  The volume protection management program 212 instructs the storage system 101 to allocate the virtual volume 322 to the logical volume specified in step 1601, and further allocate this virtual volume 322 to the host group specified by the storage system administrator ( Step 1602).

  The storage management program 214 obtains notification of assignment completion from the storage system 101, the correspondence between the virtual volume 322 and the logical volume of the logical volume group 420, and the correspondence between the virtual volume 322 and the host group. The management information change program 213 writes the received information in the access protection correspondence table 202 and the mapping table 203 (step 1603) and ends the process.

  Next, the operation of the storage system 101 at the time of volume registration operation will be described. FIG. 18 is a flowchart showing an example of the operation of the storage system 101 during the volume registration operation.

  The external connection control program 312 of the storage system 101 allocates the logical volume of the external storage system 102 instructed from the management server 103 to the virtual volume 322, and further assigns this virtual volume 322 to the host group specified by the management server 103. assign. Further, the external connection control program 312 sets whether or not to correspond to the cache mode setting for the virtual volume 322 in accordance with an instruction from the management server 103 (step 1701).

  The access protection control program 313 validates the access protection attribute related to the host group designated by the management server 103 for the virtual volume 322 (step 1702).

  The table management program 316 shows the correspondence between the cache mode set in step 1701 in the volume table 301, the logical volume identification information (LU #) of the virtual volume 322 assigned in step 1702 in the port table 302, and the host group. In addition, the access protection attribute is changed to valid (step 1703), and the process ends.

  Next, processing during volume protection operation will be described. In the present embodiment, the volume protection operation refers to processing that is performed when a change in volume attribute of a logical volume constituting the logical volume group 320 is received.

  First, the process of the management server 103 will be described. 19 and 20 are flowcharts showing an example of the operation of the management server 103 during the volume protection operation.

  The management server 103 receives an operation request for changing the attribute of the logical volume of the storage system 101 from the administrator of the storage system (step 1801).

  The volume protection management program 212 refers to the mapping table 203 to determine whether the logical volume designated by the storage system administrator is a real volume 321 or a virtual volume 322 (steps 1802 and 1803). Specifically, when the logical volume identification information of the external storage system 102 is stored in the external LU # column 703 in association with the logical volume identification information designated by the storage system administrator, the logical volume 320 Is determined to be a virtual volume 322.

  When the designated logical volume is the real volume 321, the volume protection management program 212 instructs the storage system 101 to change the attribute (step 1804).

  On the other hand, when the designated logical volume is the virtual volume 322, the volume protection management program 212 provides the storage system (here, the storage system 101) that provides the designated logical volume to the business host 104 as the virtual volume 322. And a protection function that can be provided by the storage system that holds the real volume of the logical volume associated with the virtual volume 322 (here, the external storage system 102) is extracted (step 1805). . Then, the process proceeds to step 1806 in FIG.

  Specifically, referring to the mapping table 203, the storage system name stored in the storage system column 702 of the entry in which the identification information of the logical volume of the designated virtual volume 322 is stored in the LU # column 701, and The external storage system name stored in the external storage system column 704 is extracted. Then, with reference to the storage table 201, the functions held by each storage system are extracted. That is, the storage system that holds the virtual volume 322 that is the designated logical volume by referring to the volume attribute control column 503 and the encrypted write column 505 of the entry in which the extracted storage system name is stored in the storage system name column 501 The storage system (here, the storage system 101) holds the volume attribute control program 311, the encryption write program 314, or the storage system (here, external storage) that holds the real volume of the virtual volume 322 It is determined whether the system 102) holds the volume attribute control program 311.

  The volume protection management program 212 is a logical volume that constitutes the logical volume group 420 of the external storage system 102 using the volume protection function held by the storage system 101 and the external storage system 102 identified in step 1805 of FIG. A protection scheme that can be selected to protect the virtual volume 322 created is generated. Then, the generated protection method is displayed on the GUI display program 211 and selected by the storage system administrator (step 1806).

Here, the selectable volume protection method displayed by the GUI display program 211 is a program held in each of the storage system 101 and the external storage system 102, whether or not encrypted writing is performed on the virtual volume 322, virtual volume 3
22 and whether or not the logical volume of the external storage system 102 is access protected. Here, a state in which the access protection control program 413 of the external storage system 102 permits only the external connection port of the storage system 101 to access the logical volume that constitutes the logical volume group 420 is displayed. The logical volume is expressed as being access-protected, and the access protection control program 313 of the storage system 101 allows access to the virtual volume 322 only to a specific host group, and the virtual volume 322 is protected from access. Express that.

  An example of options that the volume protection management program 212 generates as a selectable volume protection method and is displayed on the GUI display program 211 is shown below.

  Case 1) When the storage system 101 and the external storage system 102 hold the volume attribute control programs 311 and 411, respectively, and the logical volume of the external storage system 102 is access protected, the following three options are volume protection methods: Selectable.

Option 1: A method for protecting the volume in both the storage system 101 and the external storage system 102 (that is, a method in which the volume attribute is changed by both the volume attribute control programs 311 and 411).
Option 2: A method of protecting a volume in the storage system 101 (that is, a method of changing a volume attribute only by the volume attribute control program 311)
In Case 1, since the logical volume of the external storage system 102 is access protected, only the storage system 101 is permitted to access the logical volume of the external storage system 102. Therefore, if the attribute of the virtual volume associated with the logical volume of the external storage system 102 is changed by the volume attribute control program 311, access to the logical volume of the external storage system 102 via the storage system 101 is restricted. Therefore, the logical volume of the external storage system 102 can be protected.

Option 3: A method for protecting a volume in the external storage system 102 (that is, a method for changing a volume attribute only by the volume attribute control program 411)
Specifically, for example, when reading and writing to a virtual volume are prohibited as volume protection, the following three options are generated by the volume protection management program 212 and output by the GUI display program 211.

Option A: In the storage system 101, the volume attribute of the virtual volume 322 specified by the volume attribute control program 311 is set to “protect attribute”, and the corresponding virtual volume 322 is set in the external storage system 102 by the volume attribute control program 411. Method of Setting Volume Attribute of Logical Volume Assigned to “Protect” Option B: In the storage system 101, the volume attribute control program 311 sets the volume attribute of the designated virtual volume 322 to “protect attribute” Method Option C: In the external storage system 102, the volume attribute control program 411 discusses the external storage system 102 associated with the virtual volume. Method of setting volume attribute of volume to “protect attribute” Case 2) Storage system 101 and external storage system 102 hold volume attribute control programs 311 and 411, respectively, and the logical volume of external storage system 102 is access protected. If not, the above-mentioned option 1 and option 3 can be selected as the protection method of the virtual volume.

  Specifically, as volume protection, for example, when reading and writing to a virtual volume are prohibited, the following two options are generated by the volume protection management program 212 and output by the GUI display program 211.

Option A: In the storage system 101, the volume attribute of the virtual volume 322 specified by the volume attribute control program 311 is set to “protect attribute”, and the corresponding virtual volume 322 is set in the external storage system 102 by the volume attribute control program 411. Method of setting the volume attribute of the logical volume assigned to “protect attribute” Option C: In the external storage system 102, the volume attribute control program 411 causes the logical volume of the external storage system 102 associated with the virtual volume to Method of setting volume attribute to “protect attribute” Note that in case 2, if encrypted writing has been performed (that is, the storage system 101 has encrypted writing) Only the storage system 101 decrypts the data stored in the logical volume of the external storage system 102 associated with the virtual volume (if the encrypted write program 314 is used). Can be Also, writing to the logical volume of the external storage system 102 can be prohibited by changing the attribute of this logical volume to “read only attribute” by the volume attribute control program 411. In other words, in this case, write access to the logical volume of the external storage system 102 is prohibited by the volume attribute control program 411, and if another storage system or business host other than the storage system 101 is externally connected via the storage system 101, When a read access is attempted to the logical volume of the storage system 102, these access source devices can read the data but cannot decrypt the data. Therefore, if encrypted writing has been performed, for access sources other than the storage system 101, the volume attribute control program 411 has a level almost equivalent to setting the logical volume of the external storage system 102 to the “protect attribute”. The volume protection management program 212 may display on the GUI display program 211 that volume protection can be realized by setting the logical volume of the external storage system 102 to the “read only” attribute by the volume attribute control program 411. .

  Case 3) Since the storage system 101 does not have the volume attribute control program 311 and the external storage system 102 holds the volume attribute control program 411, the above option 3 can be selected as the volume protection method. The volume protection management program 212 generates this method and presents it to the CUI display program 211.

  In case 3, if the logical volume of the external storage system 102 is access protected, only the storage system 101 can be permitted to access the logical volume of the external storage system 102.

  On the other hand, even if the logical volume of the external storage system 102 is not access protected, if the encrypted write is executed, only the storage system 101 is allowed to decrypt the data in the logical volume of the external storage system 102 be able to. Also, data writing can be prohibited by setting the volume attribute of the logical volume of the external storage system 102 to “read only attribute” by the volume attribute control program 411. Therefore, if encrypted writing has been executed, the access source other than the storage system 101 has a level almost the same as when the logical volume of the external storage system 102 is set to the “protect attribute” by the volume attribute control program 411. The volume protection management program 212 may display on the GUI display program 211 that volume protection can be realized by setting the logical volume of the external storage system 102 to the “read only” attribute by the volume attribute control program 411. . Case 4) When the storage system 101 holds the volume attribute control program 311, the external storage system 102 does not have the volume attribute control program 411, and the logical volume of the external storage system 102 is access protected, Since this option 2 can be selected as the volume protection method, this method is generated and displayed.

  Case 5) When the storage system 101 has the volume attribute control program 311, the external storage system 102 does not have the volume attribute control program 411, and the logical volume of the external storage system 102 is not access protected. The above-mentioned option 2 can be selected as the volume protection method. Accordingly, option 2 is generated and displayed.

  However, in Case 5, the volume protection method of option 2 can prohibit access to the logical volume of the external storage system 102 via the storage system 101, but the external storage system 102 does not pass through the storage system 101. Access to the logical volume cannot be prohibited. This is because the logical volume of the external storage system 102 is not access guarded, and the external storage system 102 does not have the volume attribute control program 411.

  In case 5, if the encrypted writing is executed, only the storage system 101 can decrypt the data of the logical volume of the external storage system 102 associated with the virtual volume. However, access to the logical volume of the external storage system 102 that is performed without going through the storage system 101 cannot be prohibited regardless of whether encrypted writing is executed.

  Case 6) If neither the storage system 101 nor the external storage system 102 has the volume attribute control programs 311 and 411, there is no option that can be selected as a volume protection method, so a message to that effect is generated, Is displayed. In this case, since there are no options, the processing of the volume protection management program 212 ends (not shown in FIG. 20).

  In case 6, if encrypted writing is executed, only the storage system 101 can decrypt the data of the logical volume of the external storage system 102 associated with the virtual volume. However, access to the logical volume of the external storage system 102 that is performed without going through the storage system 101 cannot be prohibited regardless of whether encrypted writing is executed.

  Returning to FIG. 20, the volume protection management program 212 accepts the selection of the administrator of the storage system from each of the presented methods. Then, it is determined whether or not the volume protection method designated by the storage system administrator is accompanied by a change in the volume attribute of the logical volume of the storage system 101 (step 1807).

  When the change of the volume attribute of the logical volume of the storage system 101 is accompanied, the volume protection management program 212 instructs the storage system 101 to change the volume attribute (step 1808). If it is not necessary to change the volume attribute of the storage system 101, the process proceeds to step 1809.

  On the other hand, the volume protection management program 212 determines whether or not the volume protection method designated by the storage system administrator is accompanied by a change in the volume attribute of the logical volume of the external storage system 102 (step 1809).

  If the change is accompanied by a change in the volume attribute of the external storage system 102, the volume protection management program 212 determines whether the attribute change is write prohibition or write prohibition and read prohibition (step 1810).

  In the case of write prohibition or write prohibition and read prohibition, the volume protection management program 212 instructs the storage system 101 to turn off the cache mode and to transfer all data in the cache 117 (step 1811). The external connection control program 312 of the storage system 101 rewrites the cache mode of the volume table 301 to off, and writes all the write data for the virtual volume 322 that remains in the cache 117 to the storage system 102. When the write completion notification is received from the external storage system 102, the external connection control program 312 outputs a cache mode change completion notification to the management server 103.

  On the other hand, if it is not write prohibition or write prohibition and read prohibition, the process proceeds to step 1812 as it is.

  The volume protection management program 212 instructs the external storage system 102 to change the volume attribute (step 1812), and ends the process. If it is not necessary to change the volume attribute of the external storage system 102 in step 1809, the process ends.

  Next, an operation in which the storage system 101 instructed to change the volume attribute by the volume protection management program 212 changes the volume attribute will be described. FIG. 21 is a flowchart illustrating an example of an operation in which the storage system 101 changes a volume attribute. The external storage system 102 performs the same operation when receiving an instruction from the volume protection management program 212.

  The storage system 101 receives an instruction to change the volume attribute of a specific logical volume from the management server 103 (step 1901). The volume attribute change instruction includes information for specifying a logical volume whose volume attribute is to be changed, a volume attribute, and a retention period.

  The volume attribute control program 311 extracts from the volume table 301 the volume attribute currently set for the logical volume instructed to change the volume attribute and its retention period (step 1902). Specifically, referring to the volume table 301, the volume attributes and retention periods stored in the volume attribute column 902 and the retention period column 905 in association with the LU # that is the identification of the logical volume designated from the management server 103. Is read.

The table management program 316 determines from the change instruction from the management server 103 and the read result whether the volume attribute can be changed (step 1903). Here, the volume attribute is determined to be changeable when it meets any of the following conditions.
1. When the currently set attribute is Read / Write attribute.
2. When the currently set attribute is Read Only attribute or Protect attribute and the retention period is 0.
3. When extending the retention period with the same attribute.
4). The currently set attribute is a Read Only attribute, and the attribute to be changed is a Protect attribute that is longer than the currently set retention period.

  As described above, the volume attribute control program 311 does not accept a change in volume attribute that shortens the retention period. That is, when the Protect attribute is set, it cannot be changed to another attribute during the retention period. When the Read Only attribute is set, the Protect attribute can only be changed to a Protect attribute having a retention period longer than the remaining retention period during the retention period. It is possible to set a longer retention period for both the Read Only attribute and the Protect attribute. Thereby, the retention period can be extended.

  When it is determined that the volume attribute can be changed according to the above conditions, the table management program 316 rewrites the volume attribute and the retention period of the volume table 301 and notifies the management server 103 that the change of the volume attribute is completed. (Step 1904), and the process ends.

  On the other hand, if it is determined that the volume attribute cannot be changed, the management server 103 is notified that the volume attribute cannot be changed (step 1905), and the process is terminated.

  Next, an operation when the storage system 101 receives a read or write operation from the business host 104 to a logical volume constituting the logical volume group 320 will be described. 22 and 23 are flowcharts showing an example of the operation of the storage system 101 when receiving a read or write operation from the business host 104 to the logical volumes constituting the logical volume group 320. A read or write operation is collectively called an access request.

  The storage system 101 receives an access request for a predetermined logical volume from the business host 104 (step 2101).

  The access management program 317 refers to the volume table 301, reads the volume attribute of the logical volume that is the access request target, and determines whether or not the access request operation is prohibited (steps 2102 and 2103).

  When the operation of the access request is prohibited, the access management program 317 notifies the business host 104 of access refusal (step 2104) and ends the process.

  On the other hand, when the access request operation is permitted, the access management program 317 determines whether the logical volume is a virtual volume 322 or a real volume 321 (step 2105). In other words, the external volume table 303 is accessed to determine whether or not the identification information (LU #) of the designated logical volume is stored in the LU # column 1101. If it is not stored, it is determined that the logical volume is a real volume 321, and if it is stored, the logical volume is a virtual volume 322, that is, a logical volume constituting the logical volume group 420 of the external storage system 102. Determine that it is a volume.

  If the access target is the real volume 321, the access management program 317 accesses the real volume 321, returns the result to the business host 104 (step 2106), and ends the processing.

  On the other hand, when the access target is the virtual volume 322 that is a logical volume of the external storage system 102, the process proceeds to step 2107 in FIG. 23, and the access management program 317 determines whether the cache mode is valid or invalid (step 2107). ). That is, the volume table 301 is accessed, and it is determined whether or not the cache mode of the entry in which the logical volume identification information (LU #) is stored in the LU # column 901 is on or off (valid or invalid) (step) 2107).

  If the cache mode is valid, the access management program 317 determines whether the operation in the access request from the business host 104 is a write request or a read request (step 2108). If the cache mode is invalid, the process proceeds to Step 2112.

  If the request is a write request, the access management program 317 writes to the cache 117 (step 2109).

  If it is a read request, the cache 117 is searched to check whether data exists (step 2110). If the data exists, the data on the cache 117 is returned to the business host 104 (step 2111).

  On the other hand, if the data is not in the cache 117 or if the cache mode is off, the external connection control program 312 outputs an access request to the external storage system 102 (step 2112).

  When an access result is returned from the external storage system 102, the access management program 317 returns the access result to the business host 104 (steps 2113 and 2114), and the process is terminated.

  If an access rejection result is returned from the external storage system 102 or the access request times out, the access management program 317 notifies the business host 104 of the access rejection (step 2115) and ends the processing. To do.

  Next, processing in the external storage system 102 when there is an access request from the storage system 101 to the external storage system 102 will be described. FIG. 24 is a flowchart showing an example of the operation of the external storage system 102 when processing an access request from the storage system 101 to the external storage system 102.

  The external storage system 102 receives an access request to the logical volumes constituting the logical volume group 420 from the storage system 101 (step 2201).

  The access management program 417 of the external storage system 102 refers to the volume table 401 and determines whether or not the volume attribute of the logical volume that is the target of the access request permits the operation requested by the access request ( Step 2202, 2203).

  If it is determined that the access is permitted, the access management program 417 accesses the logical volume that is the target of the access request, returns the result to the storage system 101 (step 2204), and ends the process.

  On the other hand, if it is determined that the access is not permitted, the access management program 417 notifies the storage system 101 of access refusal (step 2205) and ends the process.

  22, 23, and 24 mainly describe processing executed by the access management program 317 of the storage system 101 and the access management program 417 of the external storage system 102. However, if the storage system 101 or the external storage system 102 has the access protection program 313 or 413 when the storage system 101 or the external storage system 102 receives the access request, and these programs are activated, In addition to the processing described in FIGS. 22, 23, and 24, additional processing is required. Therefore, this additional process will be described below.

When the storage system 101 has the access protection control program 313 and this program is activated, Step A to Step C described below are inserted after Step 2101 in FIG.
Step A) The access protection control program 313 checks the identification information of the access request issuing source (that is, the business host that issued the access request) included in the access request, and accesses the host table by referring to the host table. It is determined whether or not the request issuer is permitted to access the logical volume that is the target of the access request.
Step B) If the issuer of the access request is permitted to access the logical volume, the processing after step 2102 is continued.
Step C) If the issuer of the access request is not permitted to access the logical volume, the process is terminated at this point.

In the case of the external storage system 102, similar processing is added. That is, when the external storage system 102 has the access protection control program 413 and this program is activated, the following steps D to F are added after 2201 in FIG.
Step D) The access protection control program 413 checks the identification information of the access request issuer included in the access request (that is, the external connection interface 115 of the storage system 101), and refers to the host table. Then, it is determined whether or not the issuer of the access request is permitted to access the logical volume that is the target of the access request.
Step E) If the issuer of the access request is permitted to access the logical volume, the processing after step 2202 is executed.
Step F) If the issuer of the access request is not permitted to access the logical volume, the process ends at this point.

  Next, processing when data is written from the storage system 101 to the external storage system 102 will be described. This process is performed when the access request from the business host 104 is writing and the cache mode is OFF, at the time when the access request is received from the business host 104, that is, in step 2112 in the flow of FIG. On the other hand, when the access request from the business host 104 is a write and the cache mode is on, the process is performed at an arbitrary time, for example, when the processing load of the storage system 101 is low.

  FIG. 25 is a flowchart showing an example of the operation of the storage system 101 when data is written from the storage system 101 to the external storage system 102.

  The access management program 317 determines whether or not the storage system 101 holds the encryption program 314 (step 2401). When the storage system 101 holds the encrypted write program 314, the encrypted write program 314 encrypts data to be written to the external storage system 102 using an encryption key (step 2402).

  The external connection control program 312 writes the write data or the encrypted write data to the external storage system 102 (step 2403).

  The storage system 101 receives a write completion notification from the external storage system 102 (step 2404) and ends the process.

  As described above, according to the present embodiment, in the information processing system that provides the business host 104 with the volume of the second storage system (external storage system 102) as the volume of the first storage system (storage system 101), the external storage An attribute change related to volume protection such as reading / writing prohibition / permission of the logical volume of the system 102 can be performed via the management server 103. The management server 103 aggregates information of the storage system 101 and the external storage system 102 and presents a selectable volume protection method to the storage system administrator according to a predetermined rule. The storage system administrator may select from the presented volume protection methods. This eliminates the need for the storage system administrator to extract possible protection methods for each storage system in the information processing system and to consider a combination protection method, thereby reducing setting mistakes by the storage system administrator and setting accuracy. As a result, the operations of storage system administrators can be simplified.

FIG. 1 is a system configuration diagram of an information processing system according to the present embodiment. FIG. 2 is a functional configuration diagram of the storage system of this embodiment. FIG. 3 is a functional configuration diagram of the external storage system of this embodiment. FIG. 4 is a functional configuration diagram of the management server of this embodiment. FIG. 5 is a diagram showing an example of the storage table of this embodiment. FIG. 6 is a diagram illustrating an example of an access protection correspondence table according to the present embodiment. FIG. 7 is a diagram showing an example of the mapping table of the present embodiment. FIG. 8 is a diagram showing an example of the volume correspondence table of the present embodiment. FIG. 9 is a diagram showing an example of the volume table of the present embodiment. FIG. 10 is a diagram illustrating an example of the port table of the present embodiment. FIG. 11 is a diagram showing an example of the external volume table of the present embodiment. FIG. 12 is a diagram illustrating an example of a host table according to the present embodiment. FIG. 13 is an example of a volume search screen according to the present embodiment. FIG. 14 is an example of a volume attribute change screen according to this embodiment. FIG. 15 is a flowchart illustrating an example of the operation of the management server at the time of system configuration definition according to this embodiment. FIG. 16 is a flowchart showing an example of the operation of the storage system at the time of system configuration definition of this embodiment. FIG. 17 is a flowchart showing an example of the operation of the management server during the volume registration operation of this embodiment. FIG. 18 is a flowchart showing an example of the operation of the storage system during the volume registration operation of this embodiment. FIG. 19 is a flowchart showing an example of the operation of the management server during the volume protection operation of this embodiment. FIG. 20 is a flowchart showing an example of the operation of the management server during the volume protection operation of this embodiment. FIG. 21 is a flowchart showing an example of an operation in which the storage system of this embodiment changes a volume attribute. FIG. 22 is a flowchart showing an example of the operation when the storage system of this embodiment receives an access request. FIG. 23 is a flowchart showing an example of the operation of the storage system when receiving an access request of this embodiment. FIG. 24 is a flowchart showing an example of the operation of the external storage system when receiving an access request of this embodiment. FIG. 25 is a flowchart showing an example of the operation of the storage system when data is written to the external storage system of this embodiment.

Explanation of symbols

100: Information processing system, 101: Storage system, 102: External storage system, 103: Management server, 104: Business host, 141: Network, 143: Network, 111: Processor, 112: Memory, 113: Business host interface 114: Management server interface 115: External connection interface 1
16: hard disk, 117: cache memory, 121: processor, 122: memory, 123: business host interface, 124: management server interface,
126: hard disk, 127: cache memory, 131: processor, 132: memory, 133: interface, 134: monitor, 135: input device, 136: hard disk

Claims (16)

An information processing system comprising: a first storage system; a second storage system connected to the first storage system; and a management device connected to the first storage system and the second storage system. There,
The first storage system is
A real volume that provides the host computer with one or more first volumes as a logical volume;
A virtual volume that provides one or more second volumes of the second storage system as logical volumes to the host computer;
The management device
Information specifying the function (first volume protection function) for protecting the data in the logical volume provided by the first storage system is collected from the first storage system and held, and the second storage system Volume protection function holding means for collecting and holding information identifying the function (second volume protection function) for protecting data in the second volume of the storage system from the second storage system;
When receiving an instruction to protect the data in the second volume from the user, the volume protection function holding unit is referred to, and the first volume protection function and the second volume protection function can be selected in combination. Volume protection management means for generating a method for protecting data in the second volume (second volume protection method) and presenting it to the user;
An information processing system comprising: An information processing system according to claim 1,
Each of the logical volume and the second volume (hereinafter collectively referred to as a volume) prohibits or permits reading of data from the volume and prohibits or permits writing of data to the volume. With attributes to show,
The volume protection function holding means includes
As the first volume protection function,
Whether or not the first access protection for restricting access from the host computer to the predetermined logical volume is made;
The presence or absence of a first volume attribute control function for setting the attribute for each of the logical volumes;
When writing data from the first storage system to the second storage system, whether or not encrypted writing is performed is held,
Whether or not the second volume protection function is a second access protection that restricts access from the first storage system to the predetermined second volume,
An information processing system, wherein the presence or absence of a second volume attribute control function for setting the attribute is held for each of the second volumes. An information processing system according to claim 2,
The volume protection management means includes
When the first access protection and the second access protection are made in the volume protection function holding means, and the first volume attribute control function and the second volume attribute control function are held as being present, A method of protecting the second volume using at least one of the first volume attribute control function and the second volume attribute control function is generated as the second volume protection method,
When the first access protection and the encrypted writing are performed in the volume protection function holding unit and the first volume attribute control function and the second volume attribute control function are held as being present, at least A method for protecting the second volume using the second volume attribute control function is generated as the second volume protection method,
When the first access protection is performed in the volume protection function holding means and the first volume attribute control function and the second volume attribute control function are held, the first volume attribute control A method of protecting the second volume using the function and the second volume attribute control function, and generating as the second volume protection method,
If the first access protection and the second access protection are made in the volume protection function holding means and the first volume attribute control function is held, the first volume attribute control function is A method for protecting the second volume using the second volume protection method,
When the first access protection and the second access protection are made in the volume protection function holding means and the second volume attribute control function is held, the second volume attribute control function is used. And generating a method for protecting the second volume as the second volume protection method,
When the first access protection and the encrypted writing are performed in the volume protection function holding means and the second volume attribute control function is held, the second volume attribute control function is used. And generating a method for protecting the second volume as the second volume protection method. An information processing system according to claim 3,
Accepting means for accepting a user's selection from the second volume protection method presented by the volume protection management means;
In accordance with the second volume protection method selected by the accepting means, an attribute change instructing means for instructing the first storage and the second storage to change the attribute respectively. system. An information processing system according to claim 4,
The attribute further includes a validity period in the case of write prohibition and / or read prohibition,
When the first storage system receives an instruction to change the attribute of the predetermined logical volume from the management device, the first storage system compares the attribute with the attribute of the logical volume, changes if possible, and changes the change result, A first attribute changing means for returning to the management device that the change is impossible if the change is impossible;
When the second storage system receives an instruction to change the attribute of the predetermined second volume from the management apparatus, the second storage system compares the attribute with the attribute of the logical volume, changes if possible, and changes the result. An information processing system comprising: second attribute changing means for returning to the management device that the change is impossible if the change is impossible. An information processing system according to claim 5,
The instruction to change the attribute received from the first management device by the first storage system and the second storage system comprises a changed attribute and a valid period after the change,
The first attribute changing means recognizes that the attribute can only be changed without shortening the effective period set together with the prohibition of reading or the prohibition of writing,
The information processing system according to claim 2, wherein the second attribute changing unit recognizes that only a change in which the attribute is set together with the prohibition of reading or the prohibition of writing is not shortened. The information processing system according to claim 4, 5 or 6,
The first storage system is
A cache that temporarily holds data,
Cache mode control means for controlling whether or not processing is performed using the cache for access to the virtual volume from the host computer,
The volume protection management means includes
When the second volume protection method received by the receiving unit includes a process for prohibiting writing by the second volume attribute control function, the cache mode control unit does not perform processing using the cache. And an instruction to transfer all data held in the cache to the second storage. The information processing system according to claim 7,
The first storage system is
Access confirmation means for determining whether or not access to the virtual volume is accepted when an access request (access request) to the virtual volume is received from the host computer;
When it is determined that access is permitted in the access confirmation unit, a cache mode determination unit that determines whether the cache mode control unit is controlled to perform processing using a cache;
In the cache mode determination means, if it is determined that the process is controlled to use the cache, if the access request is a write, write to the cache, write completion is returned to the host computer, When the access request is a read, the cache is accessed, and if there is data to be read in the cache, the data is read and returned to the host computer, and processing is performed using the cache. If it is determined that there is not, an access processing means for transferring the access request received to the second storage and returning a reply received as a reply to the access request from the second storage to the host computer; An information processing system characterized by further comprising: An information processing system comprising: a first storage system; a second storage system connected to the first storage system; and a management device connected to the first storage system and the second storage system. The first storage system has one or more first volumes that it has as a logical volume to the host computer and one or more second volumes that the second storage system has. An information processing system volume protection method held in the second volume in an information processing system comprising a virtual volume provided as a logical volume to the host computer,
When receiving an instruction to protect the data in the second volume from the user, the management device protects the data in the logical volume provided by the first storage system to the host computer (first Information for identifying the volume protection function) is collected from the first storage system, and the function for protecting the data in the second volume of the second storage system (second volume protection function) is identified. A volume protection function collection step for collecting information from the second storage system;
Volume that combines the first volume protection function and the second volume protection function, generates a selectable method for protecting data in the second volume (second volume protection method), and presents the volume to the user A volume protection method for an information processing system, comprising: a protection method generation presentation step. A volume protection method for an information processing system according to claim 9,
Each of the logical volume and the second volume (hereinafter collectively referred to as a volume) prohibits or permits reading of data from the volume and prohibits or permits writing of data to the volume. With attributes to show,
In the volume protection function collection step,
As the first volume protection function,
Whether or not the first access protection for restricting access from the host computer to the predetermined logical volume is performed;
The presence or absence of a first volume attribute control function for setting the attribute for each of the logical volumes;
When writing data from the first storage system to the second storage system, collect whether or not encrypted writing to be encrypted is performed,
Whether the second volume protection function is a second access protection that restricts access from the first storage system to the predetermined second volume, and
A volume protection method for an information processing system that collects the presence or absence of a second volume attribute control function for setting the attribute for each of the one or more second volumes. A volume protection method for an information processing system according to claim 10,
In the volume protection function collection step, the first access protection and the second access protection are performed, and information that identifies the first volume attribute control function and the second volume attribute control function is collected. In this case, in the volume protection method generation / presentation step, a method for protecting the second volume by using at least one of the first volume attribute control function and the second volume attribute control function is used. As a volume protection method
In the volume protection function collecting step, the first access protection and the encrypted writing are performed, and information specifying that the first volume attribute control function and the second volume attribute control function are present is collected. In the case of the volume protection method generation presentation step, a method for protecting the second volume using at least the second volume attribute control function is generated as the second volume protection method,
In the volume protection function collection step, when the first access protection is performed and the information specifying the presence of the first volume attribute control function and the second volume attribute control function is collected, the volume protection function is collected. In the method generation presentation step, a method for protecting the second volume using the first volume attribute control function and the second volume attribute control function is generated as the second volume protection method,
In the volume protection function collection step, when the first access protection and the second access protection are performed and information specifying that the first volume attribute control function is present is collected, the volume protection method generation is performed. In the presenting step, a method for protecting the second volume using the first volume attribute control function is generated as the second volume protection method,
In the volume protection function collection step, when the first access protection and the second access protection are performed and the information specifying the second volume attribute control function is collected, the volume protection method generation presentation In the step, a method for protecting the second volume using the second volume attribute control function is generated as the second volume protection method,
In the volume protection function collection step, when the first access protection and the encrypted writing are performed and the information specifying the second volume attribute control function is collected, the volume protection method generation presentation In the step, a method for protecting the second volume using the second volume attribute control function is generated as the second volume protection method. A volume protection method for an information processing system according to claim 11,
Instructs the first storage system and / or the second storage system to set each of the second volume protection methods presented in the volume protection method generation / presentation step according to the method selected by the user. A volume protection method for an information processing system, further comprising a volume protection method setting step. A volume protection method for an information processing system according to claim 12,
The attribute further includes a validity period in the case of write prohibition and / or read prohibition,
The first storage system and the second storage system that have received an instruction to change the attribute of the predetermined volume from the management device are compared with the attribute of the volume, and are changed if possible. A volume protection method for an information processing system, further comprising: a volume attribute changing step for returning to the management device that the change result cannot be changed if the change result cannot be changed. A volume protection method for an information processing system according to claim 13,
The instruction to change the attribute received from the management device by the first storage system and the second storage system in the volume attribute changing step includes an attribute after the change and a validity period after the change,
The volume protection method for an information processing system, wherein, in the volume attribute changing step, only a change that does not shorten the effective period, the attribute being set together with the prohibition of reading or the prohibition of writing, is recognized. 15. A volume protection method for an information processing system according to claim 12, 13 or 14,
The first storage system is
A cache that temporarily holds data,
Cache mode control means for controlling whether or not processing is performed using the cache for access to the virtual volume from the host computer,
When the method selected by the user includes a process for prohibiting writing by the second volume attribute control function, the cache mode control means performs processing using the cache in the volume protection method setting step. A volume protection method for an information processing system, characterized in that control is performed so that all data held in the cache is transferred to the second storage. An information processing system comprising a first storage system and a second storage system connected to the first storage system, wherein the first storage system includes one or more first volumes In an information processing system comprising: a real volume that provides a logical volume to a host computer; and a virtual volume that provides one or more second volumes of the second storage system as a logical volume to the host computer. A management apparatus for managing one storage system and the second storage system,
The management device
The first storage system collects and holds information identifying the function (first volume protection function) for protecting data in the logical volume provided to the host computer from the first storage system, and Volume protection function holding means for collecting and holding information specifying the function (second volume protection function) for protecting data in the second volume of the second storage system from the second storage system; ,
When receiving an instruction to protect the data in the second volume from the user, the volume protection function holding unit is referred to, and the first volume protection function and the second volume protection function can be selected in combination. A volume protection management means for generating a system for protecting data in the second volume (second volume protection system) and presenting it to the user.

Images