This invention relates to encryption of data stored in a storage subsystem.
For example, in companies or other organizations, a storage subsystem, configured separately from a host computer (hereafter “host”), is used to manage large amounts of data. Such a storage subsystem incorporates for example numerous hard disk drives (HDDs) or other storage devices and a controller, and by means of the controller provides large amounts of storage to the host.
Various important information, such as for example the names and addresses of individuals or other private information, or information relating to trust or reliability, is stored in storage subsystems. Hence technology is required to manage important information in secrecy, and to prevent illicit access and similar.
In order to protect data, encryption technology may be used. As one of the method, Data is encrypted within the host, and this encrypted data is transmitted to the storage subsystem and stored, so that illicit use by a third party of the encrypted data can be prevented.
However, because data is encrypted within the host, the data processing workload on the host is increased, adversely affecting the performance of the application programs and the like running on the host.
In Japanese Patent Laid-open No. 2005-322201, technology is proposed enabling encryption of data within a storage subsystem.
Also, with increases in the quantity of data handled by companies and other organizations, there are an increasing number of organizations in which storage systems, configured as a plurality of storage subsystems, are managed and operated. The resulting increases in the cost of management of such storage subsystems are viewed as a problem. In order to hold down increases in management costs, there exists technology in which one or more storage subsystems (hereafter, such storage subsystems are called “external storage subsystems”) are connected to a storage virtualization apparatus, and the storage virtualization apparatus provides the storage resources of one or more external storage subsystems, virtually, to a host, as the storage resources of a storage subsystem. The functions provided by such technology are called storage virtualization functions (or external storage connection functions), and are for example disclosed in Japanese Patent Laid-open No. 2005-107645.
In an environment in which one or more external storage subsystems are connected to a storage virtualization apparatus, when the encryption function of Japanese Patent Laid-open No. 2005-322201 is applied, it is thought natural to apply the encryption function to the storage virtualization apparatus. However, if the storage virtualization apparatus always executes encryption and decryption, the storage virtualization apparatus may become a performance bottleneck in the system.