The present invention relates to a storage system which is capable of executing an encryption (or decryption) process (hereinafter referred to as ‘encryption and decryption processes’) on data and of executing a high-security (hereinafter referred to simply as ‘secure’) data communication with a computer (hereinafter referred to as ‘a server’) or another storage apparatus system (hereinafter referred to as ‘a storage system’).
Conventionally, fiber channel (hereinafter referred to as ‘FC’) interfaces have been mainly used as interfaces for effecting data communication between a server and a storage system. However, in recent years, the use of the Ethernet (a registered trademark of Fuji Xerox. Co., Ltd.) enables high-speed data communication at a speed equal to or more than that of a FC at a low cost. In addition, the advent of iSCSI (internet Small Computer System Interface) technology in which data communication by SCSI (Small Computer System Interface) protocol is realized over an IP (Internet Protocol) network makes it possible to construct a storage area network (hereinafter referred to as a ‘SAN’) with the IP network, such as the Ethernet, which is conventionally realized by using FC connections.
However, an FC network is commonly used in a closed environment, such as within the confinement of a company building, but an IP network is typically used inside or outside an enterprise as a general network, that is, in an open environment. Therefore, there is an increasing possibility that apparatuses connected to the IP network are susceptible to an unauthorized entry or to hostile break-in by a third party. Thus, when connecting a storage system to an IP network, it is becoming more indispensable to take necessary security measures for protection of the storage system.
One of the security measures is to apply a data encrypting technique for securing a data communication over an IP network to a storage system. Currently, IPsec (disclosed in RFC2406), which is prescribed as a standard protocol for a VPN (Virtual Private Network) by the IETF (Internet Engineering Task Force), which is one of the organizations for setting Internet standards, is widely used as a protocol for securing data communications over an IP network.
As shown in FIG. 19, in mounting encryption and decryption processing units in a storage system, encryption and decryption processing units 301 are provided in the front stages of host IFs 101 in channel IF units 12, or they are provided in the host IFs 101 (not shown).