Embodiments presented herein generally relates to storage area networks (SAN), and more specifically, to providing SAN management operations to clients of a SAN provider.
A storage area network (SAN) is a dedicated network that provides access to block level data storage. A SAN storage infrastructure has a network of physical storage devices, such as hard disk drives and solid state drives. A SAN storage provider may abstract storage units of the devices into logical disk units by aggregating the devices into storage pools. The SAN storage provider then maps the logical disk units to physical locations on the storage devices. Further, the SAN storage provider then assigns the logical disk units to client systems (e.g., physical computing systems, virtual machine instances, and the like). To a given client system, the logical disk units may appear as locally-attached storage devices.
In some cases, a given client may want to perform management operations to the disk units allocated to the client system. For example, the client may want to create a snapshot—a near instantaneous copy of a set of data at a given point in time—of data stored in a given disk unit to another disk unit. Typically, to perform management operations to the allocated disk units, the client must obtain access to the management interface of the SAN storage provider. However, because the SAN management interface generally allows unfettered access to the entire SAN storage infrastructure (including disk units not allocated to the client), an administrator of the SAN storage provider may be reluctant to provide a client access to the management operations.