1. Field of the Invention
This invention relates to a technology for managing a network system and, particularly, to a technology for managing a SAN.
2. Description of the Related Art
In recent years, there has been provided a network system called SAN (storage area network). The SAN is constituted by a storage device having a storage area of a large capacity and, connected thereto, host computers that use the data in the storage region of the storage device. The SAN uses, in many cases, a protocol compatible with an SCSI (small computer system interface). Therefore, the storage devices constituting the SAN are accessible from any host computer provided it is connected to the SAN, arousing a problem of security.
To cope with this problem, there has been known an access control technology for limiting the host which can access a unit of volume (see Japanese Unexamined Patent Publication (Kokai) No. 2002-278905, page 8, FIG. 1). Namely, based on a list of access controls that have been registered in advance, the control unit in the storage device judges whether the host computer is capable of making an access to a unit of volume. In the above publication, further, the storage device specifies a host computer that can affect the fault in the volume by utilizing an access control table, and notifies the presence and status of the fault.
In the above publication, the memory device sets the access control table and notifies the fault. In the system which uses a plurality of storage devices, however, the access control table must be set for each of the storage devices requiring a cumbersome operation.
In the above publication, further, consideration has been given to only the access control table that is managed by the storage device, but no consideration has been given to the access control tables managed by other devices. For example, the storage device and the host computer may often be connected together through an FC (fiber channel) switch. The FC switch, too, involves the access control technology (zoning, etc.) like the storage device. To notify the fault to only those host computers using the volumes, therefore, consideration must also be given to the access control technology for the FC switches. In the above publication, however, attention has not been given to the access control tables managed outside the storage devices.