In certain storage area networks (SAN) usage scenarios, such as may arise for storage service providers (SSPs), there are multiple customers attempting to share the same common SAN resources. In such cases, there is a need to ensure that customers can only see and access the storage resources they have been allocated and prevent them from accessing storage of other customers. For example, if a customer stores their critical business data with a SSP, then they generally do not want other customers of the SSP reading their data or even being aware that they have information stored with the SSP. The capability to partition a tape library is known. However, special hardware or special backup software as described below has been used to implement partitioning.
Existing software-based data library partitioning solutions typically employ a host system that restricts access to portions of a tape library. The host restrictions are implemented by a mediating software process on a host system to enforce partition restrictions. However, this approach is problematic. Specifically, the approach is undesirable if the data library is utilized in a SSP environment. In SSP environments, the data library and the host systems may belong to different entities (e.g., the SSP and the customers). Placement of software mediating processes on host systems is unattractive, because it increases the burden on the customers to make use of the storage service. Moreover, many customers are unwilling to allow other parties to place software on their host systems. Additionally, the software mediating process approach is typically incompatible with existing data back-up utilities, i.e., the software mediating process approach requires the use of specialized data back-up applications. Hence, users are effectively denied the ability to run desired backup software.
Existing fibre channel (FC) disk array firmware may be used to provide security in an FC redundant array of independent disks (RAID), since the disk array firmware has direct control over the array's ports connected to the SAN. Every host and device connection into the SAN generally has a unique FC-based world-wide-name (WWN), which can be used by an FC-based RAID to uniquely identify a device or host connection. Therefore, the FC-disk array firmware may be configured so that when a host attempts to send a small computer systems interface (SCSI) command to a FC-logical unit number (LUN) inside the RAID, the firmware will check the originating WWN from the server that sent the command against a list of authorized WWNs. If the WWN is on the list of authorized WWNs for that RAID FC-LUN, the SCSI command may be processed, if the WWN is not on the list of authorized WWNs for the RAID FC-LUN the command will be rejected. The list of authorized WWN's for each RAID FC-LUN may be configured via the existing management software for the RAID.
However, if a standard existing SCSI device, such as a data tape library is connected to a FC SAN via existing FC interfaces, such as existing FC tape drives in the library, it is not possible to secure these devices so that only certain hosts can access them, as individual existing FC tape drives do not support the FC WWN-based security discussed above. As a typical example, if a FC tape drive is connected to a SAN, it is visible to every server connected to that SAN. This circumstance is unacceptable for a SAN that offers secure storage resources to diverse customers. Existing solutions do not allow fibre channel tape drive devices to be secured in a SAN environment. The scheme to secure LUNs implemented in FC disk arrays, as discussed above, does not extend to securing physical tape drives that make up a logical partition within a SAN attached tape library.
FC switches have the capability of configuring security zones that define which WWNs or FC ports of a server can see which WWNs or FC ports of devices. However, this FC switch zoning does not extend to device LUNs, so it is only possible to provide security using such FC switch zoning at the FC port level. Even if tape libraries are directly attached on a FC SAN, it would be very difficult for a user to define security zones for the library tape drives. A data tape library can have multiple FC tape drives, and may be logically partitioned into partitions extending across multiple fibre channel tape drives. Therefore, it would be difficult for a user to correctly identify which FC ports and LUNs should be associated together in the same security zone for an FC switch. Understandably, a user may easily make mistakes in such a manual configuration process.
Access to stand-alone native FC devices may be secured by using switch zoning, facilitated by a one-to-one relationship between a stand alone FC drive and an accessing user's WWN. In a data library, the library controller is typically placed behind a bridge. Configuring an FC switch for switch zoning to secure such a controller adds a process for a SAN administrator to implement and coordinate with users. FC switch configuration is not typically under control of a library's management card.