The present invention relates to a method for copying volume data in a storage device and particularly to a method for achieving safe copying of volume data without illegal data.
There has been recently spread SAN (Storage Area Network) in which a storage device is connected to a computer (hereinafter also referred to as host) by a network so that the host is allowed to read/write data from/into a volume in the storage device. There has been also spread serverless backup for achieving data copying by using the high speed of the SAN widely without interposition of LAN (Local Area Network). By serverless backup, data can be copied from one volume in a storage device to another volume in the storage device or a volume in another storage device through the SAN.
For backup/restoration based on volume copying of the storage device, it is essential that security inspection is performed to check backdoor data (hereinafter referred to as illegal data), such as infection of viruses or worms, falsification of data or illegal interpolation of data, in the file level. In the serverless backup, it is however difficult to perform security inspection in the file level because the serverless backup is carried out by block data based on SCSI (Small Computer System Interface) or the like. Therefore, in “Internet Security” (written by Othmar Kays, issued by International Thomson Publishing Japan), the inspection is carried out not on the storage device but on the host. The host inspects/monitors illegal data by a security inspection program such as an antivirus tool or an IDS (Intrusion Detection System) installed in the host per se. The host checks safety of data in a volume as a subject of inspection by inspection/monitoring based on the security inspection program.
In JP-A-2004-46435, a virus check function is provided to an exclusive controller so that virus check is performed on a replicated volume copied from a volume as a subject of inspection. If there is no virus detected by the virus check, the controller instructs the storage device to generate a new-level backup volume by copying the replicated volume. Incidentally, the term “new-level backup volume” means a volume in which a replica of data stored in a certain volume is stored (hereinafter referred to as replicated volume) and means each of volumes replicated when the replica of data is made at regular intervals.