The present invention relates to a computer system, management computer, and volume allocation change method of the management computer to change a volume allocation in a storage network.
A storage device represented by a disk array device divides logically a storage area of a disk device in the storage device and provides to a host computer as a logical volume. A storage device which provides only one's own volume is called a lower-level storage device, another storage device which allocates a volume provided by a lower-level storage device as a virtual volume that is a virtualized volume is called a higher-level storage device, and there is a method of providing this virtual volume to the host computer.
In this case, the host computer accesses the virtual volume that is provided by the higher-level storage device. The higher-level storage device relays access data to the lower-level storage device which provides the volume corresponding to the virtual volume.
In a higher-level storage device that provides a virtual volume, a method of automating a correspondence (hereinafter, called mapping) between the virtual volume and a volume provided by a lower-level storage device that provides a real volume corresponding to the virtual volume in accordance with a required specification to the virtual volume is disclosed in the patent reference 1, for example.
[Patent Reference 1] Japanese Patent Application Publication No. 2004-178253
Incidentally, in a computer system comprised of a host computer, network device, and storage device, it is possible to prevent third party's interception and falsification of communication by encrypting the communication between a storage device that provides a volume and a host computer that uses the volume based on an encrypted transfer protocol such as IPSec (Internet Protocol Security) disclosed in the RFC-2401 standard, for example.
When such encrypted transfer is applied to communication between the host computer that uses the above-described virtual volume and a higher-level storage device that provides the virtual volume, the interception and falsification are possible on a network connecting the higher-level storage device that provides the virtual volume and a lower-level storage device that provides a real volume corresponding to the virtual volume unless the encrypted transfer is performed between the higher-level storage device that provides the virtual volume and the lower-level storage device that provides the real volume corresponding to the virtual volume, and the encrypted transfer between the host computer and the storage device that provides the virtual volume becomes useless.
Therefore, it is necessary for an administrator to set the encrypted transfer to the communication between the lower-level storage device that provides the real volume corresponding to the virtual volume and the higher-level storage device that provides the virtual volume. In addition, when the lower-level storage device that provides the real volume corresponding to the virtual volume does not support the encrypted transfer, it is necessary for the administrator to specify a storage device that supports the encrypted transfer and that provides a real volume corresponding to a virtual volume, to migrate data of the volume into that lower-level storage device that provides the real volume corresponding to the virtual volume, and to change setting of a volume of the migration destination into a virtual volume of the lower-level storage device that provides the virtual volume. Accordingly, a setting man-hour of the administrator increases, and furthermore there is a possibility of causing a setting mistake since the setting becomes complicated.
The present invention aims at providing with a computer system, management computer, and volume allocation change method of the management computer in which encrypted transfer can be easily set between a storage device that provides a real volume corresponding to a virtual volume and a storage device that provides the virtual volume in order to provide the virtual volume used by a host computer.
In order to solve at least one of the above-described problems, one mode of the present invention is a computer system comprising of a host computer, one or two or more storage systems to store data used by the above-described host computer on a plurality of volumes, and a management computer to control the above-described storage system, wherein the above-described management computer has a memory, a processor to perform control, an interface to input and output data to the above-described storage system, and a volume allocation change program to change an allocation of a volume in the above-described storage system to a logical unit number of a volume that is recognized by the above-described host computer and an allocation of a virtual volume in which the above-described volume is allocated virtually to the above-described host computer; an identification information management table to manage identification information of the above-described storage system; a port management table to manage a port of the above-described storage system, which are provided in the above-described memory, and when security is set to a path between the above-described host computer and a volume that is provided to the above-described host computer, the above-described processor to execute the above-described volume allocation change program performs the control such that timing of notifying the above-described host computer of an access start to the above-described volume is differentiated depending on whether the above-described volume is the above-described virtual volume.
In addition, one mode of the present invention is a management computer to control one or tow or more storage systems that store data used by a host computer on a plurality of volumes, wherein the management computer has a memory, a processor to perform control, an interface to input and output data to the above-described storage system, and a volume allocation change program to change an allocation of a volume in the above-described storage system to a logical unit number of a volume that is recognized by the above-described host computer and an allocation of a virtual volume in which the above-described volume is allocated virtually to the above-described host computer; an identification information management table to manage identification information of the above-described storage system; a port management table to manage a port of the above-described storage system, which are provided in the above-described memory, and when security is set to a path between the above-described host computer and a volume that is provided to the above-described host computer, the above-described processor to execute the above-described volume allocation change program performs the control such that timing of notifying the above-described host computer of an access start to the above-described volume is differentiated depending on whether the above-described volume is the above-described virtual volume.
Also, one mode of the present invention is a volume allocation change method of a management computer to control one or two or more storage systems that store data used by a host computer on a plurality of volumes, wherein the control is performed such that timing of notifying the above-described host computer of an access start to the above described volume is differentiated depending on whether the above-described volume is the above-described virtual volume when security is set to a path between the above-described host computer and the volume that is provided to the above-described host computer.
Since the volume allocation change method of the present invention encrypts communication between a virtualized device (for example, a storage device which has a volume, a switch which does not have a volume, and the like) that provides a virtual volume to a host computer and a storage device that provides a volume which is provided by the virtualized volume as the virtual volume at the time of encrypting the communication in order for the host computer to use the virtual volume, secured communication from the host computer to the storage device can be realized by only setting the communication between the host computer and the virtualized device into the encrypted one.
In addition, it is possible to specify automatically the storage device that provides the volume which is provided as the virtual volume. Also, it is possible to automate a volume allocation change to a communication port that can support encrypted transfer in a storage device.
Furthermore, in case that a storage device that provides a volume corresponding to a virtual volume does not support encrypted transfer, it is possible to specify another storage device that has a communication port supporting encrypted transfer and to automate a migration of data of the volume into the specified another storage device. Accordingly, there also is an effect that a setting man-hour of an administrator is reduced and a setting mistake is prevented.