1. Field of the Invention
The present invention relates to an apparatus, method, and program for partitioning and managing logics which are present in a subsystem, and a recording medium for recording the program.
2. Description of the Related Art
A storage subsystem is proposed which is expected to be accessed from a variety of types of computers and which has a port to which an interface for connecting to a plurality of computers can be applied, a logical unit (LU) which can be accessed from the computers via said port, one or a plurality of storage devices for storing data which is stored in said logical unit, and a storage control device for conducting read/write control on the storage devices in order to realize security for each logical unit while effectively utilizing system resources in a conventional Logical Unit Number (LUN) security function. The computers accessing the logical unit are grouped into groups in such a manner that the computers can overlap each other. Each of the groups is assigned one or a plurality of logical units, and a management table is provided which correlates the assigned logical units and storage regions of the storage devices in such a manner that they can overlap each other.
On the other hand, the increasing storage capacity of a storage system has prompted large-scale storage consolidation. With storage consolidation, in a subsystem, there exist in a mixed manner a plurality of data belonging to a plurality of systems/applications. However, a security function in an aspect of storage management involved in storage consolidation has not sufficiently been provided by a GUI-level masking technology or conventional technology that provides security functions for data access itself.
That is, according to the conventional GUI-level masking etc., resources of upper storage management software are not partitioned on an interface which is adapted to instruct an actual storage to change a configuration. This is a problem. Therefore, such an issue is left unsolved that by using this interface, the configuration can be changed arbitrarily irrespective of a partitioning unit on a GUI etc.
Further, conventionally, partitioning of resources to such an extent that the upper storage management software can recognize (at a logical-volume level) is possible, whereas partitioning of physical resources that cannot be recognized by the management software (e.g., at an HDD level) has been impossible. Furthermore, even in the case of this partitioning at the logical-volume level, it cannot be known to which physical resources the logical volumes are allocated, so that some of the resources, even if partitioned as described above, may be common physically in some cases, which remains as a problem in performance or security.
Therefore, in a case where partitioning of logics of a subsystem in which storage consolidation has been performed is managed according to the conventional method, there is a possibility that an administrator may mistakenly perform an operation such as addition/deletion even to a region of other users, administrators and companies in relation to processing such as addition/deletion because such processing can be performed on an LU by configuration changing functions of an RAID. This may lead to system panic or user data destruction.