The present invention relates to technology for controlling access to a storage device.
In recent years, for example, storage consolidation has become common, in which storage which used to be provided in dispersed in fashion for each server is concentrated onto a storage system in a single location. Furthermore, configurations have become common in which a file system for providing a file access service utilizing a file transfer protocol such as NFS (Network File System) or CIFS (Common Interface File System) is constructed by mounting a file server in the storage system. In one form of storage consolidation, the Systems Management Department, that provides services such as configuration, application and maintenance in regard to storage in an enterprise, may for example provide for each department a virtual file server by logical division of a single file server.
For data protection reasons, it becomes necessary to provide access control. For example, a virtual file server can access only permitted storage devices. The access control is disclosed in for example Laid-open Japanese Patent Application No. 2004-206221 and Laid-open Japanese Patent Application No. 2000-276406.
In Laid-open Japanese Patent Application No. 2004-206221, a technique for preventing referencing or alteration from other computers is described, in which a partition comprising a tape drive and a plurality of tape slots is created in a tape library, and the tape drive and slot that a host computer can access are restricted by allocating a partition to each host computer.
In Laid-open Japanese Patent Application No. 2000-276406, a technique is disclosed according to which an access allowability table and related table are created and held, and a decision is reached as to whether or not access to a logical volume (LU) is allowed, using the S_ID of an inquiry request from the host computer and these tables. The access allowability table contains, in associated fashion, the N_Port_Name of the host computer or Node_Name and LU in the storage subsystem. The related table relates the S_ID and LU that are allocated when the host computer logs in.