Generally, there is known a switch apparatus that virtualizes a storage in a network layer (switch layer) and that provides a user with virtual disks independent of type of host or storage. Such the switch apparatus (hereinafter virtualized switch) provides a virtualized disk function and a copy function as main functions.
Here, the term “virtualized disk function” refers to a function of freely allotting a real disk from a storage device and allocating it to the host, as a virtual disk. The term “copy function” refers to a function of performing a copy from a virtual disk to another virtual disk using only resources in the virtualized switch without using resources (CPU or memory) in the host. Related-art examples include U.S. Pat. No. 5,964,886, U.S. Pat. No. 6,173,413, U.S. Pat. No. 6,161,191, U.S. Pat. No. 6,421,787, and U.S. Publication No. US2005/0228835.
As a solution utilizing the virtualized switch, there is a COD (capacity on demand) service. As exemplified in FIG. 16, the COD service utilizing the virtualized switch includes one COD center providing the COD service and managing the entire storage system, and a plurality of users utilizing the COD service. In the COD service, virtual disks prepared by a management center are lent out to each user by an amount commensurate with needed areas.
The management center prepares, also in itself, virtual disks of a capacity equal to or more than that of the virtual disks lent out to the user, to thereby perform backup or restoration of the virtual disks lent to the user.
An example illustrated in FIG. 16 is a case wherein a virtual disk 1 and a virtual disk 2 are lent out to a user 1, and a virtual disk 3 and a virtual disk 4 are lent out to a user 2. The virtual disk 1 is linked to a virtual target A, the virtual disk 2 to a virtual target B, and the virtual disks 3 and 4 to virtual targets C. Moreover, the management center prepares, in its own side, virtual disks 1′ to 4′ as backup/restoration disks for the virtual disks lent out to the users.
The virtualized switch provides a function of copying from a virtual disk to another virtual disk. The copy function is performed under an instruction from the COD center side or an instruction from the user side.
The case wherein a copy is performed under an instruction from the user side will be described using the example in FIG. 16. The user 1 usually performs a copy between the virtual disk 1 and the virtual disk 2 (a copy from the virtual disk 1 to the virtual disk 2, or a copy from the virtual disk 2 to the virtual disk 1), the copy having been allocated to the user 1 itself. The COD center side performs backup or restoration in the same system, as a COD service.
In operating the COD utilizing the above-described virtualized switch, the COD center and a plurality of users share the use of one system among them. This can raise a security problem. For example, when a user executes a copy information (copy session information list) acquisition command that is being executed in a system, the user can acquire an REC copy session information list (in the example in FIG. 16, a copy from the virtual disk 2 to the virtual disk 1) that have been actuated by the user itself.
Furthermore, when the user executes a copy session information list acquisition command that is being executed in the system, the user can even go so far as to acquire an REC copy session information list that have been actuated by the COD center (in the example in FIG. 16, a copy from the virtual disk 1 to the virtual disk 1′, a copy from the virtual disk 1′ to the virtual disk 1, a copy from the virtual disk 2 to the virtual disk 2′, and a copy from the virtual disk 2′ to the virtual disk 2.)
The copy session information list that has been acquired in this way includes information on a virtual cabinet S. This has caused a potential security problem in that the information on the virtual cabinet S may be abused to copy content of another user's virtual disks to the user's own virtual disks, to thereby leak the information; and also has raised a possible problem that content of the user's own virtual disks may be written over another user's virtual disks to thereby destroy data of the other user.
Moreover, in operating the COD utilizing the above-described virtualized switch, in addition to the case wherein the information is abused, there have been an potential issue that content of another user's virtual disks are erroneously copied to the user's own disks by a faulty operation of the user to thereby leak the information, and an issue that content of the user' own virtual disks are erroneously written over another user's virtual disks to thereby destroy data of the other user.