In today's business world, a company's data is often one of its most important company assets. With today's voluminous amounts of important data come the problems associated with storing the data and managing access to the data. In the beginning, computer systems had only as much storage as was available on the disk drive of the individual computer system. As the company's data grew, companies had to constantly purchase larger and more expensive memory disk space to keep pace with its increasing data storage requirements. In this very basic scenario, data storage was as secure as the physical location of the computer system, that is, only those individuals with physical access to the device or with permission to use the connected computer system could have access to the data. This process, however, was not cost efficient, as each individual computer system frequently had unused storage capacity.
Over the years, storage of data on external disk devices became common and other models for data storage emerged. In a host-centric legacy environment, one or more centralized data storage devices would be connected to a host computer and managed by the IT department. This system allowed for better management of storage space and the IT department was able to control the security of the storage space.
The advent of client/server and network computing has allowed for more complex, but economical data sharing configurations, but often at the expense of data security. For example, most companies operate a local area network (LAN) with client computers, application servers, and a combination of storage devices. Most conventional LANs do not have storage devices directly connected to the LAN, but rather use storage accessible through a server that is connected to the LAN. Individual users operate client computers (also called “network” computers, if connected to a network) for data entry and presentation. The users run applications on application servers and access data stored on various storage devices, which may be directly connected to the client or network computer or accessible over a network. Today's storage systems even allow data to be shared over a wide area network such as the Internet. In the typical LAN, however, data storage is decentralized and therefore hard to manage and control. Companies rarely know exactly how much storage they have or where valuable data may be located. Companies that do not accurately plan for future storage needs may find themselves suddenly needing extra capacity that they do not have or with excess capacity that is wasted while sitting idle. Additionally, decentralized storage suffers the additional drawback in that application-processing speed is often adversely affected because the server is spending precious processor cycles monitoring data movement between storage spaces. Furthermore, decentralized data storage is also difficult to secure properly as anyone with access to the network may be able to access the data.
One fairly recent improvement in data storage management has been the introduction of the Storage Area Network (SAN). A SAN is a centrally managed network of multi-vendor storage devices interconnected by routers, bridges, switches, and gateways, which is managed using storage management software. SANs may be dedicated to one server, but more commonly are shared between multiple servers. SANs are constructed from storage interfaces and therefore support direct, high-speed data transfers between servers and storage devices.
However, even SANs fail to solve all the problems of storage management. For example, companies must still plan for future storage needs and purchase costly storage devices on a regular basis to handle the company's growing storage needs. Additionally, if a company downsizes, it is frequently left holding costly unused data storage devices. Consequently, many companies are outsourcing their data storage and management functions to a Storage Service Provider (SSP). Conventional SSP arrangements are flexible and allow a business to pay only for the storage it uses or reserves within a particular time frame. Therefore, if a company has a sudden need for new or additional storage, it can obtain the additional storage quickly and easily without the need to wait for additional hardware to be installed.
One of the problems with the current SSP model is that a company must trust another organization to maintain the availability and security of its information assets. Current SSPs use a one-to-one service provisioning model. This means that for each customer, the SSP maintains at least one dedicated storage device. This system provides some assurance to the customer that other customers will not be able to access the customer's confidential information. This system, however, is largely inflexible and more costly to operate for SSPs because the SSP must purchase and support separate equipment for each customer, even though a larger percentage of the storage device is not currently being used by the customer. Therefore, there is a need for a system and method for allowing SSPs to securely share storage resources between multiple customers without compromising the security of any customer's data.
Furthermore, in today's IT enterprise environment the actual storage subsystem (drive, or logical volume) is typically “visible” to a particular server or host computer. In addition, the host typically has administrative type privileges and can perform actions like enabling snapshots, creating and formatting logical volumes, or, even, deleting volumes and/or data. This is true even with the advent of storage area networks, or “SANs”. While SANs can make more storage accessible to multiple servers, the servers still mount actual storage devices (or at least the logical view presented by local storage controller) and a single homogenous customer enterprise has administrative control over the subsystem. Knowledge of the underlying storage implies that scalability is limited by the size of the attached storage subsystem; migration of data from one storage technology to another implies data must pass through the common host; and the ability to share a common storage amongst hosts is difficult or undesirable. These issues are accentuated in an environment wherein the servers are from different enterprise environments (such as, for example, a Storage Service Provider application) or are competitors.
In this heterogeneous customer environment, the ability for any customer to mount and manage a shared storage subsystem is neither desirable nor secure. Currently, virtualization, or abstraction, functions are handled by software layers in a host (such as, for example, volume managers) or separate, inline virtualization boxes (by, for example, smart fiber channel switches). The primary function of these subsystems/software is to present abstracted Local Unit Numbers (“LUNs”) to a client machine on a SAN. They then provide the logical to physical addresses translation for the data access operations. The software abstraction layers within host environments do not allow sharing of storage between customers (as you would have conflicting virtualization control over common storage). The separate virtualization subsystems do not provide the shared management capabilities (that is, support for multiple, heterogeneous customers managing their data and it's movement), do not provide for heterogeneity amongst virtualization engines, do not provide for metropolitan area network (“MAN”)/wide area network (“WAN”) data replication services, nor the scalability required to manage geographically separate storage subsystems. Therefore, there is a further need to provide methods and systems for keeping track of and managing data and data access by and on behalf of multiple customers across a common storage infrastructure.