A storage system is a processing system adapted to store and retrieve data on behalf of one or more client processing systems (“clients”) in response to external input/output (I/O) requests received from clients. A storage system can provide clients with a file-level access to data stored in a set of mass storage devices, such as magnetic or optical storage disks, tapes, or non-volatile memory (and thus can be implemented as a network-attached storage (NAS) device). Alternatively, a storage system can provide clients with a block-level access to stored data (and implemented as a Storage Area Network (SAN) device), rather than file-level access, or with both file-level access and block-level access. Data storage space has one or more storage “volumes” comprising of a cluster of physical storage disks, defining an overall logical arrangement of storage space.
Network storage devices provide convenient data access, centralized storage and data management solutions for an enterprise. Because an enterprise's most important assets are often contained in its information, it is essential to maintain data integrity and keep the data virus-free. For example, a single virus-infected file in a storage system can infect large amounts of data, thereby causing disruption to storage services and other difficulties.
Anti-virus solutions have been offered by various vendors to provide security and data integrity for storage systems. One such a solution represents a server that executes an anti-virus application that provides virus scanning, pattern updates, event reporting, and anti-virus configuration. Exemplary servers 190 in communication with a storage system 120 via Remote Procedure Calls (RPC) are shown in FIG. 1. Each server 190 can be a computer system executing Windows® operating system provided by Microsoft Corporation of Redmond, Wash. Server 190 executes an anti-virus application 146, which can be provided by Trend Micro, Inc. of Cupertino, Calif., by Symantec Corporation of Cupertino, Calif., or by any other manufacturer. In order to perform virus checking of the data stored at the storage system 120, an anti-virus application has to be able to receive requests for scanning from the storage system, to obtain data from the storage system to scan, and to provide results of the scanning to the storage system. To this end, manufacturers of anti-virus applications typically have to modify an anti-virus application to enable the application to perform these tasks. For example, a component, such as a scan server 192, can be implemented on the server 190 for purposes of receiving requests for scanning, sending the requests to the anti-virus application, and providing results of the scanning to the storage system. Such a scan server can be ServerProtect® provided by Trend Micro of Cupertino, Calif. Furthermore, manufacturers of anti-virus applications also implement a Common Internet File System (CIFS) client or network file system (NFS) client that would allow an anti-virus application to send requests for data to be scanned to and otherwise communicate with the storage system using the protocol that is understood by the storage system.
Still with reference to FIG. 1, storage system 120 can be a storage system provided by Network Appliance of Sunnyvale, Calif. As shown in FIG. 1, storage system 120 can be registered with multiple servers 190. However, each server is dedicated to a single storage system. When a user of a client system (“client”) 110 attempts to access data on the storage system 120 or to store new data, an anti-virus client 122 executed at the storage system 120 issues a request to one of the registered servers 190. Scan server 192 at server 190 receives the request and sends the request for scanning to anti-virus application 146. The anti-virus application 146 initiates a scan operation by issuing a request for data to storage system 120. The anti-virus application 146 uses, for example, a CIFS client or NFS client (not shown in FIG. 1) to translate the request to the protocol that can be understood by the storage system. A protocol layer at the storage system (the protocol layer is not shown in FIG. 1) receives the request, passes the decoded request to a file system or a volume manager (shown in FIG. 2), obtains the data for scanning, and sends the data to the anti-virus application 146. The anti-virus application 146 scans data for viruses and sends the results of the scanning to the scan server 192. The scan server 192, in turn, provides the results of the scanning to the storage system 120. Based on the scan results, client system 110 is either allowed to access data or denied access to the data.
The above-described approach, however, has a number of drawbacks. A chief among them is that it requires each anti-virus manufacturer to develop an interface, such as a scan server, to communicate with the storage system and to issue requests to scan data to an anti-virus application. Developing the interface at the storage system often requires manufacturers of storage systems entering into licensing arrangements with the manufacturers of anti-virus applications, which may be costly. Since only few manufacturers develop scan servers, users of client systems are limited to the number of manufacturers of anti-virus solutions. Moreover, a request for data is processed in a protocol stack of the storage system, thereby slowing down the performance of the storage system.
Accordingly, what is needed is a seamless, easy-to-deploy, and high-performance anti-virus solution for storage systems.