The present invention relates to a utility program to manage security between a storage device and a computer, and in particular, to a method of implementing a utility program and an operation method thereof in which security can be managed without considering methods of setting a security function supported by a storage device, a security function supported by a computer, and a security function supported by a switching device (connecting device), respectively.
The connection most employed between a computer and an external storage device are changing from a connection layout in which the storage device exclusively belongs to the computer to a storage network layout in which a plurality of computers are connected via a network to a plurality of storage devices. One of such storage network layouts in which a fibre channel is used as a connecting medium between the computer and the storage is particularly known as “storage area network (SAN)”.
The SAN uses connecting devices called “fabric switch” or “a fibre channel switch”. The fabric switch is a device including a plurality of fibre channel ports. By connecting computers and storage devices via fibre channel cables to ports of the fibre channel switch, the computer and storage devices can communicate with each other. By connecting the fabric switches via a fibre channel cable to each other, computers and storage devices connected to the SAN can communicate via a plurality of fabric switches with each other.
The devices such as storage devices and computers constituting the SAN will be referred to as nodes hereinbelow. Each node includes at least one port to be connected to the SAN and is connected via a fibre channel cable to a fibre channel switch.
All nodes connected to the SAN can communicate with each other as described above. Therefore, a plurality of computers connected to the SAN can access any areas of the storage devices connected to the SAN. In general, it is assumed that an operating system running in each computer exclusively use a storage area, and it is not considered that the storage area can be accessed by other computers. Therefore, there possibly occurs, for example, a case in which when two or more computers write data in one storage area of the SAN, first data written first in the storage area is by mistake lost by a subsequent writing operation in the storage area.
As above, the property of the SAN easily causes hindrance to the operating system. There also exists a program product which uses the property of the SAN so that a plurality of computers share the storage area. The system manager must manage the programs such that a plurality of computers simultaneously access one storage area excepting when such a program product described above is used.
To easily solve this problem, the fabric switch generally supports a function called “zoning”. The zoning function is used to classify the ports of the nodes connected to the fabric switch into groups so that only the computers belonging to a zone can access the storage devices belonging to the zone. To set a zone, a value called “worldwide name (WWN) which is a unique identifier assigned to a port is used. The SAN manager sets worldwide names of storage devices and zones which contain worldwide names of computers allowed to access the storage devices to the fabric switch so that the computers access only the storage devices set as above.
Incidentally, one port can belong to a plurality of zones. In this case, the port can mutually communicate with the ports contained in all zones to which the port belongs.
On the other hand, the access limiting function may be supported by an external storage device. A function called “logical unit number (LUN) security” or “LUN masking” is used to limit, by use of a worldwide name, computers which can access storage areas in storage devices. A logical unit number is an 8-bit value assigned to a storage area and is defined by small computer system interface (SCSI) specifications used as a communication protocol of the SAN. A computer specifies a logical unit number in the SCSI protocol to conduct communication via a fibre channel with a storage device to thereby access a particular storage area.
However, if an LUN security has been set to the storage area, the storage device makes a check using a worldwide name to determine whether or not the access is issued from a computer allowed to access the storage area. If the computer (WWN) is not allowed to access the storage area, the storage device rejects the access. In this specification, a storage area will be referred to as a logical unit according to the definition of SCSI.
There exists a method in which the LUN security function is supported or provided by a device driver of a fibre channel host bus adapter installed in a computer. In this method, the device driver of the fibre channel host bus adapter limits an access to a logical unit by concealing the logical unit of an SAN specified for the operating system. The device driver of the fibre channel host bus adapter having the function includes an interface to set the LUN security.
The zoning function and the LUN security function are mutually independent of each other. Therefore, to change setting of the zoning and the setting of the LUN security, the manager must respectively operate the fabric switches and the storage devices and the computers connected to the fabric switches. This disadvantageously takes a long period of time.
To limit the access in the storage area network, the access restriction of the zoning function and that of the LUN security must integrally match each other. For example, even if the manager sets the LUN security to allow a computer access a logical unit, when the zoning function inhibits the computer from accessing the logical unit, the computer cannot access the logical unit. This possibly leads to a fatal event in which the system including the storage area network stops. In the prior art, since the zoning function and the LUN security function are independent of each other, there exists possibility of such inconsistent setting of these functions as described above.