The present invention is related to a technique for controlling an access which is received via a communication network from an external apparatus, concretely speaking, for instance, directed to a storage control apparatus for controlling an access in accordance with the iSCSI protocol, received via the communication network.
For instance, such a fibre channel connection storage control apparatus has already been known from, for example, JP-A-10-333839, and this fibre channel connection storage control apparatus controls accesses received form a plurality of upper grade apparatus via a fibre channel.
On the other hand, in IP-SAN (Internet Protocol-Storage Area Network), it is known that communication operations are carried out based upon such a communication protocol called as “iSCSI (symbol “SCSI” is abbreviated as “Small Computer System Interface)”. The communication techniques operated based upon the iSCSI protocol own one major aspect, namely, how to prevent illegal accesses in order to improve security.
However, the access control technique made based upon the fibre channel, as described in above-described JP-A-10-333839, cannot be merely applied to the technique used to control the accesses based upon the iSCSI protocol. This reason is given as follows: That is, an access which is received via a fibre channel by a storage control apparatus must be equal to such an access which is issued from an upper grade apparatus connected to the same communication network. However, the first-mentioned access is not such an access which is issued from an undefined node connected to another communication network as explained in the access made based upon the iSCSI protocol. Concretely speaking, in accordance with the iSCSI protocol, there are some cases that, for instance, a storage control apparatus connected to a certain LAN (Local Area Network) may accept an access issued from an undefined information processing terminal via both another LAN and the Internet to which the last-mentioned LAN is connected.
As previously explained, in the communication technique established based upon the iSCSI protocol, one major aspect thereof is conceivable. That is, high security may be provided by executing such a way that how the access control operation is carried out. Also, this sort of major aspect may exist in such a system that accesses are accepted via either one or a plurality of other communication networks, but not via the same communication network, while this major aspect is not limited only to the above-explained iSCSI protocol.