Computing systems today include a plethora of hardware and software components from a wide variety of manufacturers. The need for efficient and consistent collaboration between these various components is essential to the success and usefulness of these computing systems. In particular, the storage of information is an essential part of any computing system or network infrastructure. Performance of storage systems in addition to capacity increases continue to be mainstream issues for computing environments. The performance of storage systems is continuously challenged by the need for increased storage capacities and network speeds. As more users need to access and store information on systems other than their local computer or network, remote and distributed storage systems become a more critical component of the computing environment. The ability to send block-level data or files over IP networks provides a solution to some of the these access and storage network requirements in the Local Area Network (LAN), Wide Area Network (WAN) and Internet environments. However, this raises issues relating to the management of storage on such systems including implementation of security across multiple mass storage devices and storage media, which need to be addressed.
The need to disseminate and access information and more critically, the role that information plays in today's society increase the need to not only centralize information for ease of access but to also ensure the integrity and security of such information. Shared mass storage devices such as backup devices, disk arrays and CD arrays form an integral part of both commercial and non-commercial networks and enable such centralized or shared capabilities. Of critical importance with respect to these shared devices is the issue of security.
Secure access to shared devices and the information contained thereon has traditionally been addressed by closely associating the shared device with a particular computing systems to which the device is attached i.e. Direct Attached Storage (DAS). In other cases, each mass storage device is associated with a unique identifier to enable visibility to one computing system at a time on a network and this is known as Network Attached Storage (NAS). NAS provides for connectivity, data security and load balancing. NAS also allows the sharing of storage devices and files by heterogeneous client systems and serves data directly over a network to these systems. Yet another approach to the shared storage dilemma was the Storage Attached Network (SAN). SAN is typically a proprietary configuration and scheme to integrate different types of storage systems into a single systems on the network. In other words, SAN is directed at interoperability among heterogeneous servers and storage products. However, SAN is typically only appropriate in applications where Fibre Channel (FC) and Fibre Channel Protocol for SCSI (FCP) security issues can be managed.
In conjunction with the various network storage configurations discussed earlier, i.e. DAS, NAS and SAN, there are one or more underlying protocols for communicating with the mass storage devices. Small Computer System Interface (SCSI), FC and Internet Small Computer System Interface (iSCSI) are the current protocols utilized for mass storage communications. Each of these protocols enable access to network storage devices however, this also means that there is a possibility of access by any number of network users. As such, both the storage device and any media within such devices, need to be further subjected to some protection or security limitations.
To address this issue, various implementations of security for network device access have been implemented by various operating system environments and application programs. However, these implementations have been limited to the application of security for only the mass storage device, to the exclusion of the media within such device. So for example, regardless of which user or application writes to a particular removable media such as a tape, anyone with the appropriate security access to the tape drive will have the ability to read, write and modify the content of that tape media. Such free access is undesirable an should thus be addressed.
Under normal circumstances a user or an application program may need to access more than one storage media or type of storage media. For example a user who is running a backup application may need to access multiple tapes. As such, a security scheme that attaches permissions to each tape would result in a significant attribute and permission designations that are both redundant and repetitive. In such instances when such designations would be identical for each member of a group, user level security can be applied to groups of users rather than individual users. A media access security scheme would also benefit from being able to group similar tapes or media and attach permissions to such media groupings.
In light of the foregoing, there exists a need to provide a system and method that will enable the designation and implementation of security that will transcend the underlying storage device communication protocol and provide a permission based security that is associated with the storage media rather than the storage device. Furthermore, there exists a need for a method of pooling storage media and associating user level security to such pools.