Computer system, management computer and data management method
First Claim
1. A computer system comprising a computer which executes a job, a storage apparatus which is connected with said computer and which has a memory area for storing encrypted data which is encrypted to data used by said computer, a encryption-decryption apparatus which performs encryption-decryption to the data stored in said storage apparatus and a management computer which manages said computer, said storage apparatus and said encryption-decryption apparatus, wherein said management computer judges the necessity of the decryption of the data which is stored per each job in said storage apparatus to an execution request for the job of said computer;
- decrypts said encrypted data and sets up a first path between said computer and said storage apparatus for providing said computer with the decrypted data to an execution request for a first job from the computer;
sets up a second path for providing said computer with said encrypted data without performing the decryption to an execution request for a second job from the computer, and said computer acquires the data relating to said first job in a decrypted state through said first path and acquires the data of an encrypted state through said second path to said execution request for the second job.
1 Assignment
0 Petitions
Accused Products
Abstract
With respect to an administrator in a data management system, although an authority to see contents of data is not granted depending on a job of the administrator, it is necessary to acquire information of a volume in order to replicate the data on a computer in a job such as a replication of the data at the time of managing a storage system, and since the data can also be operated by the administrator who replicates the data, there is a problem from the view point of security.
A volume to encrypt and decrypt is determined by a user management program 112 of a management computer 100 according to a user'"'"'s job. Further, as to whether to encrypt or whether to decrypt, a command of yes/no of the encryption and decryption is given to an encryption apparatus in accordance with the authority in an application of the user so as to perform the job such as performing the data replication by the encrypted data. Moreover, when it seems not possible to judge the encryption and decryption by the encryption apparatus, a path is set up without passing through the encryption apparatus so as to have a host recognize the data as is encrypted.
8 Citations
17 Claims
-
1. A computer system comprising a computer which executes a job, a storage apparatus which is connected with said computer and which has a memory area for storing encrypted data which is encrypted to data used by said computer, a encryption-decryption apparatus which performs encryption-decryption to the data stored in said storage apparatus and a management computer which manages said computer, said storage apparatus and said encryption-decryption apparatus, wherein said management computer
judges the necessity of the decryption of the data which is stored per each job in said storage apparatus to an execution request for the job of said computer; -
decrypts said encrypted data and sets up a first path between said computer and said storage apparatus for providing said computer with the decrypted data to an execution request for a first job from the computer;
sets up a second path for providing said computer with said encrypted data without performing the decryption to an execution request for a second job from the computer, and said computer acquires the data relating to said first job in a decrypted state through said first path and acquires the data of an encrypted state through said second path to said execution request for the second job. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A management computer to manage a computer which executes a job, a storage apparatus which is connected with said computer and which has a memory area for storing encrypted data which is encrypted to data used by said computer and a encryption-decryption apparatus which performs encryption-decryption to the data stored in said storage apparatus comprising:
-
a communication interface which is connected with said computer, said storage apparatus and said encryption-decryption apparatus through a network and which performs communication with the outside; and
a control portion which is connected with said communication interface and which is responsible for controlling, wherein said control portion judges the necessity of the decryption of the data to be stored per each job in said storage apparatus to an execution request for the job of said computer;
decrypts said encrypted data and sets up a first path between said computer and said storage apparatus for providing said computer with the decrypted data to an execution request for a first job from the computer;
sets up a second path for providing said computer with said encrypted data without performing the decryption to an execution request for a second job from the computer; and
makes said computer acquire the data relating to said first job in a decrypted state through said first path and acquire the data of an encrypted state through said second path to the execution request for said second job. - View Dependent Claims (14, 15, 16)
-
-
17. A data management method of performing management by a management computer to a computer which executes a job, a storage apparatus which is connected with said computer and which has a memory area for storing encrypted data which is encrypted to data used by said computer and a encryption-decryption apparatus which performs encryption-decryption to the data stored in said storage apparatus, wherein said management computer.
judges the necessity of the decryption of the data to be stored per each job in said storage apparatus to an execution request for the job of said computer; -
decrypts said encrypted data and sets up a first path between said computer and said storage apparatus for providing said computer with the decrypted data to an execution request for a first job from the computer;
sets up a second path for providing said computer with said encrypted data without performing the decryption to an execution request for a second job from the computer; and
makes said computer acquire the data relating to said first job in a decrypted state through said first path and acquire the data of an encrypted state through said second path to said execution request for the second job.
-
Specification