Storage systems in which data are stored in storage devices such as HDDs (hard disk drives) after encryption of the data are known. In such storage systems, reading of the stored data can be made unable by obliterating an encryption key for use in decryption of the stored, encrypted data. Therefore, the stored data can be substantially erased in a short time.
In some storage systems which use a data erasing method based on obliteration of the encryption key, data are encrypted by using an encryption key unique to each logical volume, and the data are erased on the logical-volume basis by obliterating the encryption key. Further, in other storage systems, data are encrypted and stored in virtualized volumes.
On the other hand, in recent years, the server virtualization technology has been receiving attention. In the server virtualization technology, a server computer is divided into multiple virtual computers called virtual machines, and each virtual machine separately executes an OS (operating system) program and one or more application programs. The server virtualization technology enables flexible allocation of the hardware resources in the computer system including processors, memories, and communication lines according to the demands, and efficient use of the hardware resources. In addition, in many cases, disk volumes for virtual machines realized by use of the server virtualization technology are virtually constructed as virtual disks.
See, for example, Japanese Laid-open Patent Publications Nos. 2009-225437, 2008-108039, 2010-113509, and 2009-163542.
Incidentally, there are demands for erasing, in a short time, data stored in a virtual disk constructed for a virtual machine, by obliterating an encryption key before use of the virtual machine is completed. However, in many systems realizing virtual machines, physical storage areas are allocated for virtual disks by an apparatus different from a storage control apparatus which encrypts data to be stored in physical storage areas and manages encryption keys. In the systems in which the physical storage areas are allocated for the virtual disks by an apparatus different from the storage control apparatus, the storage control apparatus encrypts data to be stored in the physical storage areas and manages the encryption keys without awareness of the allocation of the physical storage areas for the virtual disks. Therefore, it is difficult to obliterate the encryption key for each virtual disk.