The present invention relates to a computer system, management computer, and volume allocation change method of the management computer to change a volume allocation in a storage network.
A storage device represented by a disk array device divides logically a storage area of a disk device in the storage device and provides to a host computer as a logical volume. A storage device which provides only one's own volume is called a lower-level storage device, another storage device which allocates a volume provided by a lower-level storage device as a virtual volume that is a virtualized volume is called a higher-level storage device, and there is a method of providing this virtual volume to the host computer.
In this case, the host computer accesses the virtual volume that is provided by the higher-level storage device. The higher-level storage device relays access data to the lower-level storage device which provides the volume corresponding to the virtual volume.
In a higher-level storage device that provides a virtual volume, a method of automating a correspondence (hereinafter, called mapping) between the virtual volume and a volume provided by a lower-level storage device that provides a real volume corresponding to the virtual volume in accordance with a required specification to the virtual volume is disclosed in the patent reference 1, for example.
[Patent Reference 1] Japanese Patent Application Publication No. 2004-178253
Incidentally, in a computer system comprised of a host computer, network device, and storage device, it is possible to prevent third party's interception and falsification of communication by encrypting the communication between a storage device that provides a volume and a host computer that uses the volume based on an encrypted transfer protocol such as IPSec (Internet Protocol Security) disclosed in the RFC-2401 standard, for example.
When such encrypted transfer is applied to communication between the host computer that uses the above-described virtual volume and a higher-level storage device that provides the virtual volume, the interception and falsification are possible on a network connecting the higher-level storage device that provides the virtual volume and a lower-level storage device that provides a real volume corresponding to the virtual volume unless the encrypted transfer is performed between the higher-level storage device that provides the virtual volume and the lower-level storage device that provides the real volume corresponding to the virtual volume, and the encrypted transfer between the host computer and the storage device that provides the virtual volume becomes useless.
Therefore, it is necessary for an administrator to set the encrypted transfer to the communication between the lower-level storage device that provides the real volume corresponding to the virtual volume and the higher-level storage device that provides the virtual volume. In addition, when the lower-level storage device that provides the real volume corresponding to the virtual volume does not support the encrypted transfer, it is necessary for the administrator to specify a storage device that supports the encrypted transfer and that provides a real volume corresponding to a virtual volume, to migrate data of the volume into that lower-level storage device that provides the real volume corresponding to the virtual volume, and to change setting of a volume of the migration destination into a virtual volume of the lower-level storage device that provides the virtual volume. Accordingly, a setting man-hour of the administrator increases, and furthermore there is a possibility of causing a setting mistake since the setting becomes complicated.