This invention relates to information storage and retrieval, and in particular to encryption of data in storage systems having local and remote locations. In such systems, data are stored in a local storage system, for example, an array of hard disk drives, and data are also stored in a remote storage system. The use of a remote location for a copy of the data is desirable because it prevents loss of the data from corruption of communications links, natural disasters, or other causes. The remote copy function creates and maintains mirror volumes (duplicate sets) of the local data, but with the volumes of the sets separated by a “long” distance. The two disk systems are directly connected by remote links, through which updates to the data stored on the local disk system are copied to the remote disk system.
The remote system typically is coupled to the local system using communication links or a network, for example, ESCON, FC, TI, T3, ATM, etc. or a combination thereof, while suitable protocols are ESCON, SCSI, IP or others. In such a computing environment, data is exposed to the danger of corruption, theft and alteration because the network, or parts of the network, are publicly accessible, especially when using the Internet Protocol (IP).
Some companies, often referred to as storage service providers (SSP), provide a service to assist in managing customers' data. These companies sometimes rent their storage infrastructure and provide services such as storage management, remote copy, etc. to their customers. In such situations, the customers' data is stored in the SSP's storage system, and may be exposed to access by others.
U.S. Pat. Nos. 5,459,857 and 5,544,347 describe remote copy technology which uses a remote link to connect two disk systems, enabling maintaining a duplicate copy, termed “a mirror,” of the local system data on the remote disk system. The local disk system copies data on a local disk when duplication, termed “pair creation,” is indicated. When a host updates data on the local disk, the local disk system transfers the data to the remote disk system through the remote link. Thus no host operation is required to maintain a mirror of two volumes.
U.S. Pat. No. 5,933,653 discloses a method for transferring data between a local disk system and a remote disk system. In a synchronous mode, the local disk system transfers data to the remote disk system before completing a write request from a host. In a semi-synchronous mode, the local disk system completes a write request and then transfers the write data to the remote disk system. Succeeding write requests are not processed until the previous data transfer is completed. With adaptive copy mode, data to be sent to the remote disk system is stored in a memory and transferred to the remote disk system when the local disk system and/or remote links are available for the copy task.