The present invention generally relates to a storage apparatus and a data management method, and in particular relates to technology for encrypting or decrypting a common resource provided by the storage apparatus.
Pursuant to the enlargement of computer systems, a storage area network of connecting a storage apparatus with another storage apparatus, or connecting a storage apparatus with a computer using a network exclusive to the storage apparatus such as a fibre channel is becoming widely used. With the foregoing computer systems, various technologies are being developed for efficiently managing the enormous quantity of data or improving the availability of data.
For instance, there is technology in which, by partitioning one storage apparatus into a plurality of logical storage resources (hereinafter referred to as SLPR: Storage management logical partition) and providing such logical storage resources to a user, a computer or a management computer will recognize each SLPR as a physically different storage apparatus (for instance, refer to Japanese Patent Laid-Open Publication No. 2005-165441; “Patent Document 1”). Specifically, Patent Document 1 describes technology of allocating resources such as a plurality of storage areas or a plurality of ports of the storage apparatus to each SLPR. According to this technology, for instance, by allocating the SLPR to each business division of a company, it will be possible to manage the computer system independently for each business division.
As another technology, there is technology known as a snapshot or CDP (Continuous Data Protection) for reconstructing data of a storage area to a status at an arbitrary point in time (for instance, refer to Japanese Patent Laid-Open Publication No. 2005-235058; “Patent Document 2”). A snapshot is a data image of a storage area at a certain designated time. Patent Document 2 uses a common resource similar to a common journal volume to be used for reconstructing data between a plurality of storage areas. A common resource is a storage area configured from one or more storage areas. Upon updating the data stored in a storage area, the data pre-stored in the storage area, which is overwritten by this updating, is stored as update data in the common resource. The common resource stores update data (update data of a generation) divided at each arbitrary point in time. The update data is used when it becomes necessary to reconstruct the data in the storage area. For instance, an administrator is able to reconstruct data at an arbitrary point in time by acquiring the update data stored in the common resource up to the point in time such administrator wishes to reconstruct the data and restoring it to a prescribed snapshot.
As additional technology, there is technology for encrypting the data stored in a storage area in order to improve the security of the computer system. According to this technology, it is possible to prevent unauthorized access to data and prevent the divulgence of data when a disk is stolen.