Abstract: An information system includes host computers having virtual machine programs running thereon for generating virtual machines. A storage system in communication with the host computers stores an image file corresponding to each virtual machine running on the host computers. In some embodiments, when the storage system receives an access request to a particular image file corresponding to a particular one of the virtual machines running on one of the host computers, the storage system determines whether the access request is authorized based upon an identifier of the particular virtual machine and a location of the particular virtual machine. In some embodiments, the storage system sends an inquiry to a management computer when determining whether the access request is authorized and, based upon the location of the particular virtual machine and the identifier of the particular virtual machine, the management computer sends a reply as to whether the access request is authorized.

Abstract: Systems and methods for decryption and encryption for data being archived at archive storage systems. The system includes an archive storage coupled to host and client computers and optionally to a network attached storage. The data arriving at the archive storage may contain encrypted data. The encrypted data may be decrypted at the archive storage, at the host computer or at the network attached storage coupled to the archive storage. Indexing information is added to the decrypted data. The data is subsequently re-encrypted before being archived. Encryption key information may be obtained from a key manager or an encryption key may be generated by a host computer or a client computer.

Abstract: A storage system is defined by multiple hard drives (HDDs) which are divided into several HDD Groups. Each HDD Group consists of one or several HDDs. A storage administrator can set security related attributes to each HDD Group. The storage system may have logical volumes mapped onto corresponding selected HDD Group. When the storage system assigns a logical volume to a host computer, the storage system receives security related requirements for the logical volume from the host computer. The storage system then compares the HDD Groups attributes and to the requirements and assigns an appropriate free space that meets requirements as a logical volume.

Abstract: A storage system compares content of new data received from a host computer with content of existing data already stored in the storage system. If the content of the new data matches the content of the existing data, the storage system determines whether the computer that sent the new data is a registered owner of the new data by determining who the registered owners are of the existing data that has the matching content. If the computer that sent the new data is not a registered owner, unauthorized information sharing is assumed to have taken place. The storage system sends a notification or takes other specified action when the computer that sent the new data is not a registered owner. An administrator or monitoring agent may thus be notified of any unauthorized file sharing or data leakage within the storage system.

Abstract: Protection mechanism is provided for data stored in logical volumes, especially during the time the corresponding host computer is off line. Additionally, integrity check mechanism is provided for logical volume when the host computer is started, so that host computer can detect unauthorized access to its assigned logical volume during off-line period, and execute security check.

Abstract: The present invention provides a storage system and an audit log management method that achieve the secure and highly-reliable collective storage of audit logs, making easy audit log operation and management possible. A host apparatus sends audit log data for the host apparatus to a storage apparatus via a network, and the storage apparatus writes/reads the audit log data sent from the host apparatus to/from an audit log storage area, consisting of an area for storing audit log data, defined in one or more logical units. This makes it possible to achieve a storage system and an audit log management method that can collectively store audit log data in a secure and highly reliable manner, making audit log operation and management easy.

Abstract: A computer system that can authenticate a user to handle the management of a logical volume and that can restrict logical-volume management operation instructions and management operation objects according to the right given to the user is provided. A computer system includes a computer and a storage device connected to the computer via a network. The computer sends user authentication information so that it is written into a specific area of a specific logical volume of the storage device. The storage device authenticates the user based on the user authentication information stored in the specific area of the specific logical volume.