The invention relates to a storage system, an information processing apparatus, and a connection method. For example, the invention is suitable for use in an information processing apparatus that is connected to, and that exchanges data between, a client apparatus and a storage apparatus.
Conventionally, NAS (Network Attached Storage) apparatuses have been widespread. A NAS apparatus enables plural information processing devices (client systems) in a network to share a file stored in a storage apparatus connected via a storage interface such as SCSI or Fibre Channel. Each client apparatus accesses the shared file by using an NFS (Network File System) or CIFS (Common Internet File System) service provided by the NAS apparatus.
Recently, a technique for executing an operating system (OS) that performs plural NAS functions (hereinafter referred to as a “NAS control system”) in an information processing apparatus by means of a multiple instance feature in the operating system and making file systems or the network environment in each NAS control system independent has also been put into practical use.
Using those techniques, in the information processing apparatus, spying, from a NAS control system, on file systems used in another NAS control system, or access to a client system to which another NAS control system is currently providing services can be prevented. Using those techniques, in the information processing apparatus, spying, from a NAS control system, on file systems in another NAS control system, or access from a client apparatus using a NAS control system to another NAS control system via a network can be prevented.
Since high security in NAS control systems can be maintained in the information processing apparatus as described above, each NAS control system in one information processing apparatus can separately provide the NAS service to a company.
If a number of NAS control systems are managed, as is the case in a data center, a technique for an administrator to collectively manage those systems becomes necessary. There currently is a method of collectively managing plural NAS control systems by connecting a management device and NAS control systems with a LAN or similar, and sending an order from the management device to the NAS control systems (for example, see JP-A-2004-227127).
However, if plural NAS control systems share a network a physical cable such as a LAN, not only communication between the management device and each NAS control system, but also communication between the NAS control systems is enabled.
Therefore, if, for example, one of those NAS control system is hacked via an existing security hole, the other NAS control systems connected to the hacked one via a network such as a LAN are also exposed to the risk of information leakage, hacking, or virus infection, etc.
The present invention has been made in light of that problem, and its object is to provide a highly reliable storage system, information processing apparatus, and connection method.