It can be desirable to control access to storage devices within a data storage system or network. For example, data backup tasks are often scheduled to take place at regular intervals and benefit from exclusive use of the storage device during that operation. If another processing device simultaneously attempts to access the storage device upon which the backup copy is being written then it can disrupt the operation.
At present it is possible to define zones within a Storage Area Network (SAN, a network dedicated for transmitting data to/from a data centre separate from the transmission network that is used for general communication between networked computers). However, attempting to use such zones to restrict access to a data storage device when a backup operation is in progress is not a straightforward task. Typically, it would involve a network administrator having to apply configuration scripts to the switches within the SAN, which involves generating an individual set of suitable configuration settings for each switch. Further, setting up switch-based zones can be prone to errors. For example, an inexperienced administrator could introduce a new switch without the correct zoning parameters. Another concern is that zoning does not necessarily exclude the possibility that a “rogue” processing device could attempt to access the storage device during the backup procedure.
Another possible approach is to manually reconfigure a storage device to specify which host or hosts are allowed to access it before, during and after the backup procedure. However, this requires considerable administrator involvement, e.g. the administrator would have to set the appropriate configurations for a tape storage device within a tape library (which can be done using a suitable application such as “HP Secure Manager” produced by Hewlett-Packard Company) before each backup process starts and then re-configure the tape device after the backup has finished to allow it to be accessed by other hosts as normal.