Data protection using distributed intra-device parity and inter-device parity

Information

  • Patent Grant
  • 12086030
  • Patent Number
    12,086,030
  • Date Filed
    Monday, February 13, 2023
    a year ago
  • Date Issued
    Tuesday, September 10, 2024
    3 months ago
Abstract
A system and method for offset protection data in a RAID array. A computer system comprises client computers and data storage arrays coupled to one another via a network. A data storage array utilizes solid-state drives and Flash memory cells for data storage. A storage controller within a data storage array is configured to store user data in a first page of a first storage device of the plurality of storage devices; generate intra-device protection data corresponding to the user data, and store the intra-device protection data at a first offset within the first page. The controller is further configured to generate inter-device protection data corresponding to the first page, and store the inter-device protection data at a second offset within a second page in a second storage device of the plurality of storage devices, wherein the first offset is different from the second offset.
Description
BACKGROUND OF THE INVENTION
Field of the Invention

This invention relates to computer networks and, more particularly, to efficiently distributing data among a plurality of solid-state storage devices.


Description of the Related Art

As computer memory storage and data bandwidth increase, so does the amount and complexity of data that businesses daily manage. Large-scale distributed storage systems, such as data centers, typically run many business operations. A distributed storage system may be coupled to client computers interconnected by one or more networks. If any portion of the distributed storage system has poor performance or becomes unavailable, company operations may be impaired or stopped completely. A distributed storage system therefore is expected to maintain high standards for data availability and high-performance functionality. As used herein, storage disks may be referred to as storage devices as some types of storage technologies do not include disks.


To protect against data loss, storage devices often include error detection and correction mechanisms. Often these mechanisms take the form of error correcting codes which are generated by the devices and stored within the devices themselves. In addition, distributed storage systems may also utilize decentralized algorithms to distribute data among a collection of storage devices. These algorithms generally map data objects to storage devices without relying on a central directory. Examples of such algorithms include Replication Under Scalable Hashing (RUSH), and Controlled Replication Under Scalable Hashing (CRUSH). With no central directory, multiple clients in a distributed storage system may simultaneously access data objects on multiple servers. In addition, the amount of stored metadata may be reduced. However, the difficult task remains of distributing data among multiple storage disks with varying capacities, input/output (I/O) characteristics and reliability issues. Similar to the storage devices themselves, these algorithms may also include error detection and correction algorithms such as RAID type algorithms (e.g., RAID5 and RAID6) or Reed-Solomon codes.


The technology and mechanisms associated with chosen storage devices determine the methods used to distribute data among multiple storage devices, which may be dynamically added and removed. For example, the algorithms described above were developed for systems utilizing hard disk drives (HDDs). The HDDs comprise one or more rotating disks, each coated with a magnetic medium. These disks rotate at a rate of several thousand rotations per minute for several hours daily. In addition, a magnetic actuator is responsible for positioning magnetic read/write devices over the rotating disks. These actuators are subject to friction, wear, vibrations and mechanical misalignments, which result in reliability issues. The above-described data distribution algorithms are based upon the characteristics and behaviors of HDDs.


One example of another type of storage disk is a Solid-State Disk (SSD). A Solid-State Disk may also be referred to as a Solid-State Drive. An SSD may emulate a HDD interface, but an SSD utilizes solid-state memory to store persistent data rather than electromechanical devices as found in a HDD. For example, an SSD may comprise banks of Flash memory. Without moving parts or mechanical delays, an SSD may have a lower access time and latency than a HDD. However, SSD typically have significant write latencies. In addition to different input/output (I/O) characteristics, an SSD experiences different failure modes than a HDD. Accordingly, high performance and high reliability may not be achieved in systems comprising SSDs for storage while utilizing distributed data placement algorithms developed for HDDs.


In view of the above, systems and methods for efficiently distributing data and detecting and correcting errors among a plurality of solid-state storage devices are desired.


SUMMARY OF THE INVENTION

Various embodiments of a computer system and methods for efficiently distributing and managing data among a plurality of solid-state storage devices are disclosed.


In one embodiment, a computer system comprises a plurality of client computers configured to convey read and write requests over a network to one or more data storage arrays coupled to receive the read and write requests via the network. Contemplated is a data storage array(s) comprising a plurality of storage locations on a plurality of storage devices. In various embodiments, the storage devices are configured in a redundant array of independent drives (RAID) arrangement for data storage and protection. The data storage devices may include solid-state memory technology for data storage, such as Flash memory cells. The data storage subsystem further comprises a storage controller configured to store user data in a first page of a first storage device of the plurality of storage devices; generate intra-device protection data corresponding to the user data, and store the intra-device protection data at a first offset within the first page. The controller is further configured to generate inter-device protection data corresponding to the first page, and store the inter-device protection data at a second offset within a second page in a second storage device of the plurality of storage devices, wherein the first offset is different from the second offset.


In various embodiments, the protection data in the first page is a checksum value computed from corresponding data stored in the first page of the first storage device. Additionally, the second storage device further stores intra-device protection data for the second page in the second storage device.


Also contemplated are embodiments wherein the first storage device is formatted to a power of 2 sector size such that the first page is aligned to a power of 2 boundary, and wherein the data in the first page is compressed by the controller in order to accommodate storage of the intra-device protection data within the first page. Further, the intra-device protection data in the first page further includes one or both of a physical address or a virtual address corresponding to the user data stored within the first page which may be used during a read operation to validate the read data.


These and other embodiments will become apparent upon consideration of the following description and accompanying drawings.





BRIEF DESCRIPTION OF THE DRAWINGS


FIG. 1 is a generalized block diagram illustrating one embodiment of network architecture.



FIG. 2 is a generalized block diagram of one embodiment of a dynamic intra-device redundancy scheme.



FIG. 3 is a generalized flow diagram illustrating one embodiment of a method for adjusting intra-device protection in a data storage subsystem.



FIG. 4 is a generalized block diagram of one embodiment of a storage subsystem.



FIG. 5 is a generalized block diagram of one embodiment of a device unit.



FIG. 6 is a generalized block diagram illustrating one embodiment of a state table.



FIG. 7 is a generalized block diagram illustrating one embodiment of a flexible RAID data layout architecture.



FIG. 8 is a generalized block diagram illustrating another embodiment of a flexible RAID data layout architecture.



FIG. 9 is a generalized flow diagram illustrating one embodiment of a method for dynamically determining a layout in a data storage subsystem.



FIG. 10 is a generalized block diagram illustrating yet another embodiment of a flexible RAID data layout architecture.



FIG. 11A illustrates one embodiment of a device layout.



FIG. 11B illustrates one embodiment of a segment.



FIG. 11C is a generalized block diagram illustrating one embodiment of data storage arrangements within different page types.



FIG. 12 is a generalized block diagram illustrating one embodiment of a hybrid RAID data layout.



FIG. 13 is a generalized flow diagram illustrating one embodiment of a method for selecting alternate RAID geometries in a data storage subsystem.





While the invention is susceptible to various modifications and alternative forms, specific embodiments are shown by way of example in the drawings and are herein described in detail. It should be understood, however, that drawings and detailed description thereto are not intended to limit the invention to the particular form disclosed, but on the contrary, the invention is to cover all modifications, equivalents and alternatives falling within the spirit and scope of the present invention as defined by the appended claims.


DETAILED DESCRIPTION

In the following description, numerous specific details are set forth to provide a thorough understanding of the present invention. However, one having ordinary skill in the art should recognize that the invention might be practiced without these specific details. In some instances, well-known circuits, structures, signals, computer program instruction, and techniques have not been shown in detail to avoid obscuring the present invention.


Referring to FIG. 1, a generalized block diagram of one embodiment of network architecture 100 is shown. As described further below, one embodiment of network architecture 100 includes client computer systems 110a-110b interconnected to one another through a network 180 and to data storage arrays 120a-120b. Network 180 may be coupled to a second network 190 through a switch 140. Client computer system 110c is coupled to client computer systems 110a-110b and data storage arrays 120a-120b via network 190. In addition, network 190 may be coupled to the Internet 160 or other outside network through switch 150.


It is noted that in alternative embodiments, the number and type of client computers and servers, switches, networks, data storage arrays, and data storage devices is not limited to those shown in FIG. 1. At various times one or more clients may operate offline. In addition, during operation, individual client computer connection types may change as users connect, disconnect, and reconnect to network architecture 100. A further description of each of the components shown in FIG. 1 is provided shortly. First, an overview of some of the features provided by the data storage arrays 120a-120b is described.


In the network architecture 100, each of the data storage arrays 120a-120b may be used for the sharing of data among different servers and computers, such as client computer systems 110a-110c. In addition, the data storage arrays 120a-120b may be used for disk mirroring, backup and restore, archival and retrieval of archived data, and data migration from one storage device to another. In an alternate embodiment, one or more client computer systems 110a-110c may be linked to one another through fast local area networks (LANs) in order to form a cluster. One or more nodes linked to one another form a cluster, which may share a storage resource, such as a cluster shared volume residing within one of data storage arrays 120a-120b.


Each of the data storage arrays 120a-120b includes a storage subsystem 170 for data storage. Storage subsystem 170 may comprise a plurality of storage devices 176a-176m. These storage devices 176a-176m may provide data storage services to client computer systems 110a-110c. Each of the storage devices 176a-176m may be configured to receive read and write requests and comprise a plurality of data storage locations, each data storage location being addressable as rows and columns in an array. In one embodiment, the data storage locations within the storage devices 176a-176m may be arranged into logical, redundant storage containers or RAID arrays (redundant arrays of inexpensive/independent disks). However, the storage devices 176a-176m may not comprise a disk. In one embodiment, each of the storage devices 176a-176m may utilize technology for data storage that is different from a conventional hard disk drive (HDD). For example, one or more of the storage devices 176a-176m may include or be further coupled to storage consisting of solid-state memory to store persistent data. In other embodiments, one or more of the storage devices 176a-176m may include or be further coupled to storage utilizing spin torque transfer technique, magnetoresistive random access memory (MRAM) technique, or other storage techniques. These different storage techniques may lead to differing reliability characteristics between storage devices.


The type of technology and mechanism used within each of the storage devices 176a-176m may determine the algorithms used for data object mapping and error detection and correction. The logic used in these algorithms may be included within one or more of a base operating system (OS) 116, a file system 140, one or more global RAID engines 178 within a storage subsystem controller 174, and control logic within each of the storage devices 176a-176m.


In one embodiment, the included solid-state memory comprises solid-state drive (SSD) technology. Typically, SSD technology utilizes Flash memory cells. As is well known in the art, a Flash memory cell holds a binary value based on a range of electrons trapped and stored in a floating gate. A fully erased Flash memory cell stores no or a minimal number of electrons in the floating gate. A particular binary value, such as binary 1 for single-level cell (SLC) Flash, is associated with an erased Flash memory cell. A multi-level cell (MLC) Flash has a binary value 11 associated with an erased Flash memory cell. After applying a voltage higher than a given threshold voltage to a controlling gate within a Flash memory cell, the Flash memory cell traps a given range of electrons in the floating gate. Accordingly, another particular binary value, such as binary 0 for SLC Flash, is associated with the programmed (written) Flash memory cell. A MLC Flash cell may have one of multiple binary values associated with the programmed memory cell depending on the applied voltage to the control gate.


Generally speaking, SSD technologies provide lower read access latency times than HDD technologies. However, the write performance of SSDs is significantly impacted by the availability of free, programmable blocks within the SSD. As the write performance of SSDs is significantly slower compared to the read performance of SSDs, problems may occur with certain functions or operations expecting similar latencies. In addition, the differences in technology and mechanisms between HDD technology and SDD technology lead to differences in reliability characteristics of the data storage devices 176a-176m.


In various embodiments, a Flash cell within an SSD must generally be erased before it is written with new data. Additionally, an erase operation in various flash technologies must also be performed on a block-wise basis. Consequently, all of the Flash memory cells within a block (an erase segment or erase block) are erased together. A Flash erase block may comprise multiple pages. For example, a page may be 4 kilobytes (KB) in size and a block may include 64 pages, or 256 KB. Compared to read operations in a Flash device, an erase operation may have a relatively high latency—which may in turn increase the latency of a corresponding write operation. Programming or reading of Flash technologies may be performed at a lower level of granularity than the erase block size. For example, Flash cells may be programmed or read at a byte, word, or other size.


A Flash cell experiences wear after repetitive erase-and-program operations. The wear in this case is due to electric charges that are injected and trapped in the dielectric oxide layer between the substrate and the floating gate of the MLC Flash cell. In one example, a MLC Flash cell may have a limit of a number of times it experiences an erase-and-program operation, such as a range from 10,000 to 100,000 cycles. In addition, SSDs may experience program disturb errors that cause a neighboring or nearby Flash cell to experience an accidental state change while another Flash cell is being erased or programmed. Further, SSDs include read disturb errors, wherein the accidental state change of a nearby Flash cell occurs when another Flash cell is being read.


Knowing the characteristics of each of the one or more storage devices 176a-176m may lead to more efficient data object mapping and error detection and correction. In one embodiment, the global RAID engine 178 within the storage controller 174 may detect for the storage devices 176a-176m at least one or more of the following: inconsistent response times for I/O requests, incorrect data for corresponding accesses, error rates and access rates. In response to at least these characteristics, the global RAID engine 178 may determine which RAID data layout architecture to utilize for a corresponding group of storage devices within storage devices 176a-176m. In addition, the global RAID engine 178 may dynamically change both an intra-device redundancy scheme and an inter-device RAID data layout based on the characteristics of the storage devices 176a-176m.



FIG. 1 illustrates an example of a system capable of the described features according to one embodiment. Further details are provided below. Referring to FIG. 1, a further description of the components of network architecture 100 is provided below.


Components of a Network Architecture


Again, as shown, network architecture 100 includes client computer systems 110a-110c interconnected through networks 180 and 190 to one another and to data storage arrays 120a-120b. Networks 180 and 190 may include a variety of techniques including wireless connection, direct local area network (LAN) connections, storage area networks (SANs), wide area network (WAN) connections such as the Internet, a router, and others. Networks 180 and 190 may comprise one or more LANs that may also be wireless. Networks 180 and 190 may further include remote direct memory access (RDMA) hardware and/or software, transmission control protocol/internet protocol (TCP/IP) hardware and/or software, router, repeaters, switches, grids, and/or others. Protocols such as Ethernet, Fibre Channel, Fibre Channel over Ethernet (FCoE), iSCSI, and so forth may be used in networks 180 and 190. Switch 140 may utilize a protocol associated with both networks 180 and 190. The network 190 may interface with a set of communications protocols used for the Internet 160 such as the Transmission Control Protocol (TCP) and the Internet Protocol (IP), or TCP/IP. Switch 150 may be a TCP/IP switch.


Client computer systems 110a-110c are representative of any number of stationary or mobile computers such as desktop personal computers (PCs), workstations, laptops, handheld computers, servers, server farms, personal digital assistants (PDAs), smart phones, and so forth. Generally speaking, client computer systems 110a-110c include one or more processors comprising one or more processor cores. Each processor core includes circuitry for executing instructions according to a predefined general-purpose instruction set. For example, the x86 instruction set architecture may be selected. Alternatively, the Alpha®, PowerPC®, SPARC®, or any other general-purpose instruction set architecture may be selected. The processor cores may access cache memory subsystems for data and computer program instructions. The cache subsystems may be coupled to a memory hierarchy comprising random access memory (RAM) and a storage device.


Each processor core and memory hierarchy within a client computer system may be in turn connected to a network interface. In addition to hardware components, each of the client computer systems 110a-110c may include a base operating system (OS) stored within the memory hierarchy. The base OS may be representative of any of a variety of specific operating systems, such as, for example, MS-DOS®, MS-WINDOWS®, OS/2®, UNIX®, Linux®, Solaris® or another known operating system. As such, the base OS may be operable to provide various services to the end-user and provide a software framework operable to support the execution of various programs. Additionally, each of the client computer systems 110a-110c may include a hypervisor used to support higher-level virtual machines (VMs). As is well known to those skilled in the art, virtualization may be used in desktops and servers to fully or partially decouple software, such as an OS, from a system's hardware. Virtualization may provide an end-user with an illusion of multiple OSes running on a same machine each having its own resources, such logical storage entities (e.g., logical unit numbers, LUNs) corresponding to the storage devices 176a-176m within each of the data storage arrays 120a-120b.


Each of the data storage arrays 120a-120b may be used for the sharing of data among different servers, such as the client computer systems 110a-110c. Each of the data storage arrays 120a-120b includes a storage subsystem 170 for data storage. Storage subsystem 170 may comprise a plurality of storage devices 176a-176m. Each of these storage devices 176a-176m may be a SSD. A controller 174 may comprise logic for handling received read/write requests. For example, the algorithms briefly described above may be executed in at least controller 174. A random-access memory (RAM) 172 may be used to batch operations, such as received write requests.


The base OS 132, the file system 134, any OS drivers (not shown) and other software stored in memory medium 130 may provide functionality enabling access to files and LUNs, and the management of these functionalities. The base OS 134 and the OS drivers may comprise program instructions stored on the memory medium 130 and executable by processor 122 to perform one or more memory access operations in storage subsystem 170 that correspond to received requests.


Each of the data storage arrays 120a-120b may use a network interface 124 to connect to network 180. Similar to client computer systems 110a-110c, in one embodiment, the functionality of network interface 124 may be included on a network adapter card. The functionality of network interface 124 may be implemented using both hardware and software. Both a random-access memory (RAM) and a read-only memory (ROM) may be included on a network card implementation of network interface 124. One or more application specific integrated circuits (ASICs) may be used to provide the functionality of network interface 124.


In one embodiment, a data storage model may be developed which seeks to optimize data layouts for both user data and corresponding error correction code (ECC) information. In one embodiment, the model is based at least in part on characteristics of the storage devices within a storage system. For example, in a storage system, which utilizes solid-state storage technologies, characteristics of the particular devices may be used to develop a model for the storage system and may also serve to inform corresponding data storage arrangement algorithms. For example, if particular storage devices being used exhibit a change in reliability over time, such a characteristic may be accounted for in dynamically changing a data storage arrangement. As used herein, characteristics of a device may refer to characteristics of the device as a whole, characteristics of a sub-portion of a device such as a chip or other component, characteristics of an erase block, or any other characteristics related to the device.


Generally speaking, any model which is developed for a computing system is incomplete. Often, there are simply too many variables to account for in a real world system to completely model a given system. In some cases, it may be possible to develop models which are not complete but which are nevertheless valuable. As discussed more fully below, embodiments are described wherein a storage system is modeled based upon characteristics of the underlying devices. In various embodiments, selecting a data storage arrangement is performed based on certain predictions as to how the system may behave. Based upon an understanding of the characteristics of the devices, certain device behaviors are more predictable than others. However, device behaviors may change over time, and in response, a selected data layout may also be changed.


Intra-Device Redundancy


Turning now to FIG. 2, a generalized block diagram illustrating one embodiment of a dynamic intra-device redundancy scheme is shown. As is well known to those skilled in the art, one of several intra-device redundancy schemes may be chosen to reduce the effects of latent sector errors in a storage device. The term “sector” typically refers to a basic unit of storage on a HDD, such as a segment within a given track on the disk. Here, the term “sector” may also refer to a basic unit of allocation on a SSD.


An allocation unit within an SSD may include one or more erase blocks within an SSD. Referring to FIG. 2, the user data 210 may refer to both stored data to be modified and accessed by end-users and inter-device error-correction code (ECC) data. The inter-device ECC data may be parity information generated from one or more pages on other storage devices holding user data. For example, the inter-device ECC data may be parity information used in a RAID data layout architecture. The user data 210 may be stored within one or more pages included within one or more of the storage devices 176a-176k. In one embodiment, each of the storage devices 176a-176k is an SSD.


An erase block within an SSD may comprise several pages. As described earlier, in one embodiment, a page may include 4 KB of data storage space. An erase block may include 64 pages, or 256 KB. In other embodiments, an erase block may be as large as 1 megabyte (MB), and include 256 pages. An allocation unit size may be chosen in a manner to provide both sufficiently large sized units and a relatively low number of units to reduce overhead tracking of the allocation units. In one embodiment, one or more state tables may maintain a state of an allocation unit (allocated, free, erased, error), a wear level, and a count of a number of errors (correctable and/or uncorrectable) that have occurred within the allocation unit. In various embodiments, the size of an allocation unit may be selected to balance the number of allocation units available for a give device against the overhead of maintaining the allocation units. For example, in one embodiment the size of an allocation unit may be selected to be approximately 1/100th of one percent of the total storage capacity of an SSD. Other amounts of data storage space for pages, erase blocks and other unit arrangements are possible and contemplated.


Latent sector errors (LSEs) occur when a given sector or other storage unit within a storage device is inaccessible. A read or write operation may not be able to complete for the given sector. In addition, there may be an uncorrectable error-correction code (ECC) error. An LSE is an error that is undetected until the given sector is accessed. Therefore, any data previously stored in the given sector may be lost. A single LSE may lead to data loss when encountered during RAID reconstruction after a storage device failure. For an SSD, an increase in the probability of an occurrence of another LSE may result from at least one of the following statistics: device age, device size, access rates, storage compactness and the occurrence of previous correctable and uncorrectable errors. To protect against LSEs and data loss within a given storage device, one of a multiple of intra-device redundancy schemes may be used within the given storage device.


An intra-device redundancy scheme utilizes ECC information, such as parity information, within the given storage device. This intra-device redundancy scheme and its ECC information corresponds to a given device and may be maintained within a given device, but is distinct from ECC that may be internally generated and maintained by the device itself. Generally speaking, the internally generated and maintained ECC of the device is invisible to the system within which the device is included. The intra-device ECC information included within the given storage device may be used to increase data storage reliability within the given storage device. This intra-device ECC information is in addition to other ECC information that may be included within another storage device such as parity information utilized in a RAID data layout architecture.


A highly effective intra-device redundancy scheme may sufficiently enhance a reliability of a given RAID data layout to cause a reduction in a number of devices used to hold parity information. For example, a double parity RAID layout may be replaced with a single parity RAID layout if there is additional intra-device redundancy to protect the data on each device. For a fixed degree of storage efficiency, increasing the redundancy in an intra-device redundancy scheme increases the reliability of the given storage device. However, increasing the redundancy in such a manner may also increase a penalty on the input/output (I/O) performance of the given storage device.


In one embodiment, an intra-device redundancy scheme divides a device into groups of locations for storage of user data. For example, a division may be a group of locations within a device that correspond to a stripe within a RAID layout as shown by stripes 250a-250c. User data or inter-device RAID redundancy information may be stored in one or more pages within each of the storage devices 176a-176k as shown by data 210. Within each storage device, intra-device error recovery data 220 may be stored in one or more pages. As used herein, the intra-device error recovery data 220 may be referred to as intra-device redundancy data 220. As is well known by those skilled in the art, the intra-device redundancy data 220 may be obtained by performing a function on chosen bits of information within the data 210. An XOR-based operation may be used to derive parity information to store in the intra-device redundancy data 220. Other examples of intra-device redundancy schemes include single parity check (SPC), maximum distance separable (MDS) erasure codes, interleaved parity check codes (IPC), hybrid SPC and MDS code (MDS+SPC), and column diagonal parity (CDP). The schemes vary in terms of delivered reliability and overhead depending on the manner the data 220 is computed. In addition to the above described redundancy information, the system may be configured to calculate a checksum value for a region on the device. For example, a checksum may be calculated when information is written to the device. This checksum is stored by the system. When the information is read back from the device, the system may calculate the checksum again and compare it to the value that was stored originally. If the two checksums differ, the information was not read properly, and the system may use other schemes to recover the data. Examples of checksum functions include cyclical redundancy check (CRC), MD5, and SHA-1. Further, in various embodiments, checksums may be “salted” with a virtual and or physical address corresponding to data by using the address as part of the checksum calculation.


As shown in stripes 250a-250c, the width, or number of pages, used to store the data 210 within a given stripe may be the same in each of the storage devices 176a-176k. However, as shown in stripes 250b-250c, the width, or number of pages, used to store the intra-device redundancy data 220 within a given stripe may not be the same in each of the storage devices 176a-176k. In one embodiment, changing characteristics or behaviors of a given storage device may determine, at least in part, the width used to store corresponding intra-device redundancy data 220. For example, as described above, Flash cells experience program disturb errors and read disturb errors, wherein programming or reading a page may disturb nearby pages and cause errors within these nearby pages. When a storage device is aging and producing more errors, the amount of corresponding intra-device redundancy data 220 may increase. For example, prior to a write operation for stripe 250b, characteristics of each of the storage devices 176a-176k may be monitored and used to predict an increasing error rate. A predicted increase in errors for storage devices 176c and 176j may be detected. In response, the amount of intra-device redundancy data 220 may be increased for storage devices 176c and 176j. In the example of stripes 250a and 250b of FIG. 2, an increase in the amount of protection data stored can be seen for storage devices 176c and 176j for stripes 250a and 250b. For example, now, rather than protecting storage devices 176c and 176j with single parity, these devices may be protected with double parity or triple parity. It is noted that increasing the amount of intra-device protection for devices 176c and 176j does not necessitate a corresponding increase in other devices of the same stripe. Rather, data for the stripe may have differing levels of protection in each device as desired.


In various embodiments, increases or decreases in a given level of data protection may occur on a selective basis. For example, in one embodiment, an increase in protection may occur only for storage devices that are detected to generate more errors, such as storage devices 176c and 176j in the above example. In another embodiment, an increase in protection may occur for each of the storage devices 176a-176k when storage devices 176c and 176j are detected to generate more errors. In one embodiment, increasing the amount of intra-device protection on a parity device such as device 176k may require a reduction in the amount of data protected within the stripe. For example, increasing the amount of intra-device data stored on a parity device for a given stripe will necessarily reduce an amount of parity data stored by that device for data within the stripe. If this amount of parity data is reduced to an amount that is less than that needed to protect all of the data in the stripe, then data within the stripe must be reduced if continued parity protection is desired. As an alternative to reducing an amount of data stored within the stripe, a different device could be selected for storing the parity data. Various options are possible and are contemplated. It is also noted that while FIG. 2 and other figures described herein may depict a distinct parity device (e.g., 176k), in various embodiments the parity may be distributed across multiple devices rather than stored in a single device. Accordingly, the depiction of a separate parity device in the figures may generally be considered a logical depiction for ease of discussion.


Referring now to FIG. 3, one embodiment of a method 300 for adjusting intra-device protection in a data storage subsystem is shown. The components embodied in network architecture 100 and data storage arrays 120a-120b described above may generally operate in accordance with method 300. The steps in this embodiment are shown in sequential order. However, some steps may occur in a different order than shown, some steps may be performed concurrently, some steps may be combined with other steps, and some steps may be absent in another embodiment.


In block 302, a first amount of space for storing user data in a storage device is determined. This user data may be data used in end-user applications or inter-device parity information used in a RAID architecture as described earlier regarding data 210. This first amount of space may comprise one or more pages within a storage device as described earlier. In one embodiment, a global RAID engine 178 within the storage controller 174 receives behavioral statistics from each one of the storage devices 176a-176m. For a given device group comprising two or more of the storage devices 176a-176m, the global RAID engine 178 may determine both a RAID data layout and an initial amount of intra-device redundancy to maintain within each of the two or more storage devices. In block 304, the RAID engine 178 may determine a second amount of space for storing corresponding intra-device protection data in a storage device. This second amount of space may comprise one or more pages within a storage device. The intra-device protection data may correspond to the to intra-device redundancy data 220 described earlier.


In block 306, data is written in the first amount of space within each storage device included within a given device group. In one embodiment, both user data and inter-device parity information is written as a single RAID stripe across multiple storage devices included within the given device group. Referring again to FIG. 2, the width for the corresponding data being written is the same within each storage device. In block 308, the intra-device protection data is generated by an ECC algorithm, an XOR-based algorithm, or any other suitable algorithm. In addition, the system may generate a checksum to help identify data that has not been retrieved properly. In block 310, the generated intra-device protection data is written in the second amount of space in the storage devices.


In block 312, the RAID engine 178 may monitor behavior of the one or more storage devices. In one embodiment, the RAID engine 178 may include a model of a corresponding storage device and receive behavioral statistics from the storage device to input to the model. The model may predict behavior of the storage device by utilizing known characteristics of the storage device. For example, the model may predict an upcoming increasing error rate for a given storage device. If the RAID engine 178 detects characteristics of a given storage device which affect reliability (conditional block 314), then in block 316, the RAID engine may adjust the first amount and the second amount of space for storing data and corresponding intra-device redundancy data. For example, the RAID engine may be monitoring the statistics described earlier such as at least device age, access rate and error rate. Referring again to FIG. 2, the RAID engine 178 may detect storage devices 176c and 176j have an increase in a number of errors. Alternatively, the RAID engine may predict an increase in a number of errors for storage devices 176c and 176j. Accordingly, prior to writing the second stripe 250b, the RAID engine 178 may adjust a number of pages used to store data 210 and data 220 in each of the storage devices 176a-176k. Similarly, the RAID engine 178 may detect storage device 176b has decreased reliability. Therefore, prior to writing the third stripe 250c, the RAID engine 178 may again adjust a number of pages used to store data 210 and data 220 in each of the storage devices 176a-176k.


Monitoring Storage Device Characteristics


Turning now to FIG. 4, a generalized block diagram of one embodiment of a storage subsystem is shown. Each of the one or more storage devices 176a-176m may be partitioned in one of one or more device groups 173a-173m. Other device groups with other devices may be present as well. One or more corresponding operation queues and status tables for each storage device may be included in one of the device units 400a-400w. These device units may be stored in RAM 172. A corresponding RAID engine 178a-178m may be included for each one of the device groups 173a-173m. Each RAID engine 178 may include a monitor 410 that tracks statistics for each of the storage devices included within a corresponding device group. Data layout logic 420 may determine an amount of space to allocate within a corresponding storage device for user data, inter-device redundancy data and intra-device redundancy data. The storage controller 174 may comprise other control logic 430 to perform at least one of the following tasks: wear leveling, garbage collection, I/O scheduling, deduplication and protocol conversion for incoming and outgoing packets.


Turning now to FIG. 5, a generalized block diagram of one embodiment of a device unit is shown. A device unit may comprise a device queue 510 and tables 520. Device queue 510 may include a read queue 512, a write queue 514 and one or more other queues such as other operation queue 516. Each queue may comprise a plurality of entries for storing one or more corresponding requests 530a-530d. For example, a device unit for a corresponding SSD may include queues to store at least read requests, write requests, trim requests, erase requests and so forth. Tables 520 may comprise one or more state tables 522a-522b, each comprising a plurality of entries for storing state data, or statistics, 530. It is also noted that while the queues and tables are shown to include a particular number of entries in this and other figures, the entries themselves do not necessarily correspond to one another. Additionally, the number of queues, tables, and entries may vary from that shown in the figure and may differ from one another.


Referring now to FIG. 6, a generalized block diagram illustrating one embodiment of a state table corresponding to a given device is shown. In one embodiment, such a table may include data corresponding to state, error and wear level information for a given storage device, such as an SSD. A corresponding RAID engine may have access to this information, which may allow the RAID engine to dynamically change space allocated for data storage and schemes used for both inter-device protection and intra-device protection. In one embodiment, the information may include at least one or more of a device age 602, an error rate 604, a total number of errors detected on the device 606, a number of recoverable errors 608, a number of unrecoverable errors 610, an access rate of the device 612, an age of the data stored 614 and one or more allocation states for allocation spaces 616a-616n. The allocation states may include filled, empty, error and so forth.


Flexible RAID Layout


Turning now to FIG. 7, a generalized block diagram illustrating one embodiment of a flexible RAID data layout architecture is shown. A RAID engine may determine a level of protection to use for storage devices 176a-176k. For example, a RAID engine may determine to utilize RAID double parity for the storage devices 176a-176k. The inter-device redundancy data 240 may represent the RAID double parity values generated from corresponding user data. In one embodiment, storage devices 176j and 176k may store the double parity information. It is understood other levels of RAID parity protection are possible and contemplated. In addition, in other embodiments, the storage of the double parity information may rotate between the storage devices rather than be stored within storage devices 176j and 176k for each RAID stripe. The storage of the double parity information is shown to be stored in storage devices 176j and 176k for ease of illustration and description.


Referring now to FIG. 8, a generalized block diagram illustrating another embodiment of a flexible RAID data layout architecture is shown. Similar to the example shown in FIG. 7, double parity may be used for the storage devices 176a-176k. Although a RAID double parity is described in this example, any amount of redundancy in a RAID data layout architecture may be chosen.


During operation, the RAID engine 178 may monitor characteristics of the storage devices 176a-176k and determine the devices are exhibiting a reliability level higher than an initial or other given reliability level. In response, the RAID engine 178 may change the RAID protection from a RAID double parity to a RAID single parity. In other RAID data layout architectures, another reduction in the amount of supported redundancy may be used. In other embodiments, the monitoring of storage devices 176a-176k and changing a protection level may be performed by other logic within storage controller 174.


Continuing with the above example, only single parity information may be generated and stored for subsequent write operations executing on a given RAID stripe. For example, storage device 176k may not be used in subsequent RAID stripes for write operations after the change in the amount of supported redundancy. In addition, data stored in storage device 176k may be invalidated, thereby freeing the storage. Pages corresponding to freed data in storage device 176k may then be reallocated for other uses. The process of reducing an amount of parity protection and freeing space formerly used for storing parity protection data may be referred to as “parity shredding”. In addition, in an embodiment wherein storage device 176k is an SSD, one or more erase operations may occur within storage device 176k prior to rewriting the pages within stripe 250a.


Continuing with the above example of parity shredding, the data stored in the reallocated pages of storage device 176k within stripe 250a after parity shredding may hold user data or corresponding RAID single parity information for other RAID stripes that do not correspond to stripe 250a. For example, the data stored in storage devices 176a-176j within stripe 250a may correspond to one or more write operations executed prior to parity shredding. The data stored in storage device 176k within stripe 250a may correspond to one or more write operations executed after parity shredding. Similarly, the data stored in storage devices 176a-176j within stripe 250b may correspond to one or more write operations executed prior to parity shredding. The pages in storage device 176k within stripe 250b may be freed, later erased, and later rewritten with data corresponding to one or more write operations executed after the change in the amount of supported redundancy. It is noted that this scheme may be even more effective when redundancy information is rotated across storage devices. In such an embodiment, space that is freed by shredding will likewise be distributed across the storage devices.


Referring again to FIG. 8, the deallocated pages shown in storage device 176k within stripe 250c represent storage locations that may have previously stored RAID double parity information prior to parity shredding. However, now these pages are invalid and have not yet been reallocated. Particular characteristics of an SSD determine the manner and the timing of both freeing and reallocating pages within storage device 176k in the above example. Examples of these characteristics include at least erasing an entire erase block prior to reprogramming (rewriting) one or more pages. As can be seen from FIG. 8, when parity is shredded, it is not necessary to shred an entire device. Rather, parity may be shredded for individual stripes as desired. Similarly, parity protection for a stripe may be increased may adding protection data stored on an additional device to a stripe.


Referring now to FIG. 9, one embodiment of a method for dynamically determining a RAID layout is shown. The components embodied in network architecture 100 and data storage arrays 120a-120b described above may generally operate in accordance with method 900. In FIG. 9, two processes 910 and 920 are shown. Each of the processes may operate concurrently, or in a given order. Further, the steps in this embodiment are shown in sequential order. However, some steps may occur in a different order than shown, some steps may be performed concurrently, some steps may be combined with other steps, and some steps may be absent in another embodiment. Block 910 illustrates a process whereby a storage control system monitors the characteristics and behaviors of storage devices in the system (block 912). For example, characteristics such as those described in FIG. 6 may be observed and/or recorded. If a particular condition is detected, such as a change in reliability (decision block 914), then a change in the amount of protection used for stored data may be made (block 916). For example, when given devices are relatively young in age, the reliability of the devices may not be known (e.g., the devices may suffer “infant mortality” and fail at a relatively young age). Therefore, one or more extra storage devices per RAID stripe may be used to store parity information. At a later time, this extra protection may be removed when the devices prove over time that they are reliable. In various embodiments, characteristics regarding error rates may be maintained for devices. For example, characteristics concerning correctable and/or uncorrectable errors may be maintained and used to make decisions regarding the reliability of a given device. Based upon this information, the storage controller may dynamically alter various levels of protection for a device or stripe.


Block 920 of FIG. 9 generally illustrates a process whereby at the time a stripe or other portion of storage is to be allocated (decision block 922), a determination regarding the layout and protection level to use for the data may be made (block 924). It is noted that the process of block 910 could be performed at this time. Alternatively, levels of protection may have been determined by process 910 and stored. The determination of block 924 could then be based upon that stored data. In one embodiment, once a given layout has been determined, the particular devices to be used for the layout may be selected from a group of devices (block 925). For example, in one embodiment a group of 20 devices may be available for use. If a layout of 5+2 is determined, then any seven devices may be selected for use from the group of 20. Additionally, it is noted that a subsequent write with a selected 5+2 layout need not use the same 7 devices. Subsequent to determining the layout, protection level, and devices for the stripe, the stripe may be written (block 926).


In various embodiments, the RUSH algorithm may be utilized to determine which devices on which the data and redundancy information for a given stripe will reside. For example, the RUSH algorithm may be used to select the particular devices to utilize for an 8+2 RAID layout for a given stripe in storage devices 176a-176k. Generally speaking, as used herein, an M+N layout may generally describe a layout which includes M data devices and N parity devices for a given data stripe. Additionally, as discussed above, parity may be distributed across the devices rather than fully located within particular devices. Accordingly, an 8+2 layout may include data and parity striped across 10 devices—with 8 of the devices storing data and two of the devices storing parity. On a subsequent occasion, a layout of 12+2 may be selected. In this manner, the desired layout and protection characteristics may be determined dynamically at the time a write (e.g., a stripe) is to be written. In one embodiment, storage devices 176a-176k may include more than 10 storage devices, such as 30, 50 or more storage devices. However, for a stripe with an 8+2 layout, only 10 of the storage devices are utilized. It is noted that any 10 of the devices may be selected and any suitable algorithm may be used for selecting the 10 devices for use in storing the stripe. For example, the CRUSH algorithm could be used to select which 10 of the storage devices 176a-176k to utilize for a given 8+2 RAID layout.


In one example of a chosen 8+2 RAID layout for storage devices 176a-176k, 2 of the storage devices may be used to store error correcting code (ECC) information, such as parity information. This information may be used to perform reconstruct read requests. Referring again to FIG. 8, the storage devices 176j and 176k may be selected to store RAID double parity information in this example. Again, the parity information may be stored in a rotated fashion between each of the storage devices 176a-176k included within the RAID array, rather than consistently stored in the same storage devices. For ease of illustration and description, the storage devices 176j and 176k are described as storing RAID double parity.


In block 926, during execution of a write operation, metadata, user data, intra-device parity information and inter-device parity information may be written as a RAID stripe across multiple storage devices included within the RAID array. In block 912, the RAID engine 178 may monitor behavior of the one or more storage devices within the RAID array. In one embodiment, the RAID engine 178 may include a monitor 410 and data layout logic 420 as shown in FIG. 4. The RAID engine 178 may monitor at least an age of a given storage device, a number and a type of errors, detected configuration changes since a last allocation of data, an age of given data, a current usage of storage space in the RAID array, and so forth.


The data, which is monitored by the RAID engine 178, may be stored in RAM 172, such as in one of the device units 400a-400w shown in FIG. 4. Tables may be used to store this data, such as the examples shown in FIG. 5 and FIG. 6. The logic included within a corresponding RAID engine may both detect and predict behavior of storage devices by monitoring updated statistics of the storage devices. For example, the model may predict an upcoming increasing error rate for a given storage device.


If increased reliability of the storage device(s) is detected (conditional block 908), then in block 910, the RAID engine may decrease the level of data protection within the system. For example, in one embodiment the amount of parity information stored in the storage subsystem may be reduced. Regarding the above example, the RAID engine may decrease the RAID double parity to RAID single parity for the corresponding 8+2 RAID array, converting it to an 8+1 RAID array. In other examples a given RAID array may be utilizing an N-level amount of redundancy, or parity, in a RAID architecture prior to block 916. In block 916, the RAID engine may determine to utilize an (N-m)-level amount of redundancy, wherein N>1 and 1<m<N. Therefore, during subsequent write operations for a given RAID stripe, there will be m fewer storage devices written to within the given RAID stripe.


In order to reduce the level of data protection within the system, the RAID engine (or another component) may perform parity shredding as described earlier. Subsequently, the storage controller 174 may reallocate those pages which were freed as a result of the shredding operation to be used in subsequent write operations.


As each of the storage devices 176a-176k both age and fill up with data, extra parity information may be removed from the RAID array as described above. The metadata, the user data, corresponding intra-device redundancy information and some of the inter-device redundancy information remains. Regarding the above example with an 8+2 RAID array, the information stored in storage devices 176a-176j remains. However, extra inter-device redundancy information, or extra parity information, may be removed from the RAID array. For example, extra parity information stored in storage device 176k may be removed from the RAID stripes.


The information that remains, such as the information stored in storage devices 176a-176j in the above example, may remain in place. The storage space storing the extra parity information, such as the corresponding pages in storage device 176k in the above example, may be reused and reallocated for subsequent write operations. In one embodiment, each new allocation receives a new virtual address. Each new allocation may have any given size, any given alignment or geometry, and may fit in any given storage space (either virtual or physical). In one embodiment, each one of the storage devices 176a-176k and each allocated page within a storage device have a header comprising identification information. This identification information may allow the reuse of storage space for freed extra parity information without changing a given configuration.


In an embodiment wherein one or more of the storage devices 176a-176k is an SSD, an erase block is erased prior to reprogramming one or more pages within the erase block. Therefore, in an embodiment wherein storage device 176k is an SSD, corresponding erase blocks are erased prior to reprogramming freed pages in storage device 176k. Regarding the above example with an original 8+2 RAID array, one or more erase blocks are erased in storage device 176k within stripes 250a-250b prior to reprogramming pages with data 210. The original 8+2 RAID array is now an 8+1 RAID array with storage device 176j providing the single parity information for RAID stripes written prior to the parity shredding.


As is well known to those skilled in the art, during a read or write failure for a given storage device, data may be reconstructed from the supported inter-device parity information within a corresponding RAID stripe. The reconstructed data may be written to the storage device. However, if the reconstructed data fails to be written to the storage device, then all the data stored on the storage device may be rebuilt from corresponding parity information. The rebuilt data may be relocated to another location. With Flash memory, a Flash Translation Layer (FTL) remaps the storage locations of the data. In addition, with Flash memory, relocation of data includes erasing an entire erase block prior to reprogramming corresponding pages within the erase block. Maintaining mapping tables at a granularity of erase blocks versus pages allows the remapping tables to be more compact. Further, during relocation, extra pages that were freed during parity shredding may be used.


Offset Parity


Turning now to FIG. 10, a generalized block diagram illustrating yet another embodiment of a flexible RAID data layout architecture is shown. Similar to the generalized block diagram shown in FIG. 8, a flexible RAID data layout architecture may be used. The storage devices 176a-176k comprise multiple RAID stripes laid out across multiple storage devices. Although each of the storage devices 176a-176k comprises multiple pages, only page 1010 and page 1020 are labeled for ease of illustration. In the example shown, a double parity RAID data layout is chosen, wherein storage devices 176j and 176k store double parity information.


Each of the pages in the storage devices 176a-176k stores a particular type of data. Some pages store user data 210 and corresponding generated inter-device parity information 240. Other pages store corresponding generated intra-device parity information 220. Yet other pages store metadata 242. The metadata 242 may include page header information, RAID stripe identification information, log data for one or more RAID stripes, and so forth. In addition to inter-device parity protection and intra-device parity protection, each of the pages in storage devices 176a-176k may comprise additional protection such as a checksum stored within each given page. In various embodiments, the single metadata page at the beginning of each stripe may be rebuilt from the other stripe headers. Alternatively, this page could be at a different offset in the parity shard so the data can be protected by the inter-device parity. A “shard” represents a portion of a device. Accordingly, a parity shard refers to a portion of a device storing parity data.


Physical Layer


In various embodiments, the systems described herein may include a physical layer through which other elements of the system communicate with the storage devices. For example, scheduling logic, RAID logic, and other logic may communicate with the storage devices via a physical layer comprising any suitable combination of software and/or hardware. In general, the physical layer performs a variety of functions including providing access to persistent storage, and performing functions related to integrity of data storage.



FIG. 11A illustrates one embodiment of a hypothetical device layout for a 500 GB device. In various embodiments, the storage devices described herein may be formatted with a partition table 1101 at the beginning of the device, and a copy of the partition table at the end of the device. Additionally, a device header 1103 may be stored in the first and last blocks. For example, in a flash based storage device, a device header may be stored in the first and last erase blocks. As previously discussed, an erase block is a flash construct that is typically in the range of 256 KB-1 MB. Additional unused space in the first erase block may be reserved (padding 1105). The second erase block in each device may be reserved for writing logging and diagnostic information 1107. The rest of the erase blocks in between are divided into Allocation Units (AUs) 1109 of a multiple erase blocks. The AU size may be chosen so there are a reasonable number of AUs per device for good allocation granularity. In one embodiment, there may be something in the range of 10,000 AUs on a device to permit allocation in large enough units to avoid overhead, but not too many units for easy tracking. Tracking of the state of an AU (allocated/free/erased/bad) may be maintained an AU State Table. The wear level of an AU may be maintained in a Wear Level Table, and a count of errors may be maintained in an AU Error Table.


In various embodiments, the physical layer allocates space in segments which include one segment shard in each device across a set of devices (which could be on different nodes). FIG. 11B depicts one embodiment of a segment and various identifiable portions of that segment in one possible segment layout. In the embodiment shown, a single segment is shown stored in multiple devices. Illustrated are data devices Data 0-Data N, and parity devices Parity P and Parity Q. In one embodiment, each segment shard includes one or more allocation units on a device such that the size of the shard is equal on each device. Segment shard 1123 is called out to illustrate a segment shard. Also illustrated if FIG. 11B, is an I/O read size 1127 which in one embodiment corresponds to a page. Also shown is an I/O parity chunk 1129 which may include one or more pages of page parity for the I/O shard.


In one embodiment, each segment will have its own geometry which may include one or more of the following parameters:

    • (1) RAID level—The RAID level used for cross device protection in the segment. This may determine mirroring, parity, or ECC RAID and how many segment shards contain parity.
    • (2) Device Layout I/O shard size—This represents the size used to stripe across each device during a write. This will typically be in the range of 256 KB to 1 MB and probably be a multiple of the erase block size on each device. FIG. 11B calls out I/O shard size 1125 for purposes of illustration.
    • (3) I/O read size—This is a logical read size. Each I/O shard may be formatted as a series of logical pages. Each page may in turn include a header and a checksum for the data in the page. When a read is issued it will be for one or more logical pages and the data in each page may be validated with the checksum.
    • (4) I/O shard RAID level—The I/O shard has intra-shard parity to handle latent errors found during a rebuild. This parameter determines what type of parity is used for intra-shard protection and thus how many copies of the intra-shard parity will be maintained.
    • (5) I/O parity chunk—In various embodiments, the storage devices may do ECC on a page basis. Consequently, if an error is seen it is likely to indicate failure of an entire physical page. The I/O parity chunk is the least common multiple of the physical page size on each device in the segment and the intra-shard parity is calculated by striping down the I/O shard in the larger of the I/O parity chunks or the I/O read size. Included may be one or more pages of page parity. In various embodiments, this parity may be used to rebuild data in the event of a failed checksum validation.


In various embodiments, as each new segment is written a RAID geometry for the segment will be selected. Selection of the RAID geometry may be based on factors such as the current set of active nodes and devices, and the type of data in the segment. For example if 10 nodes or devices are available then an (8+2) RAID 6 geometry may be chosen and the segment striped across the nodes to withstand two device or node failures. If a node then fails, the next segment may switch to a (7+2) RAID 6 geometry. Within the segment some of the segment shards will contain data and some will contain ECC (e.g., parity).


In one embodiment, there are five types of segments. Three of these segments correspond to the AU State Table, the AU Error Table, and the Wear Level Table. In some embodiments, these three segments may be mirrored for additional protection. In addition to these three segments, there are metadata segments which may also be additionally protected through mirroring. Finally there are Data segments which hold client blocks and log information. The log information contains update information associated with the client blocks in the segment. The data segments will likely be protected by RAID 6 as illustrated in FIG. 11B with Parity P and Parity Q shards. In addition to the above, a segment table is maintained as an in memory data structure that is populated at startup with information from the headers of all the segment shards. In some embodiments, the table may be cached completely on all nodes so any node can translate a storage access to a physical address. However, in other embodiments an object storage model may be used where each node may have a segment table that can take a logical reference and identify the segment layout node where the data is stored. Then the request would be passed to the node to identify the exact storage location on the node. FIG. 11B also depicts segment tail data which identifies any (volume, snapshot) combinations that take up a significant amount of space in the segment. When snapshots are removed, a data scrubber may help identify segments for garbage collection based on this data.


In one embodiment, the basic unit of writing is the segio which is one I/O shard on each of the devices in the segment. Each logical page in the segio is formatted with a page header that contains a checksum (which may be referred to as a “media” checksum) of the page so the actual page size for data is slightly smaller than one page. For pages in the parity shards of a segment the page header is smaller so that the page checksums in the data page are protected by the parity page. The last page of each I/O shard is a parity page that again has a smaller header and protects all the checksums and page data in the erase block against a page failure. The page size referred to here is the I/O read size which may be one or more physical flash pages. For some segments, a read size smaller than a physical page may be used. This may occur for metadata where reads to lookup information may be index driven and smaller portion of data may be read while still obtaining the desired data. In such a case, reading half a physical page would mean tying up the I/O bus (and network) with less data and validating (e.g., checksumming) less data. To support a read size smaller than a physical page, an embodiment may include multiple parity pages at the end of the erase block such that the total size of all the parity pages is equal to the flash page size.


As the wear level of an erase block increases, the likelihood of an error increases. In addition to tracking wear levels, data may be maintained regarding observed how often errors are seen on an erase block and blocks with a higher probability of error identified. For some erase blocks, it may be decided to keep double or triple error correcting parity at the end of the erase block instead of the single RAID 5 parity. In this case, the data payload of the segio may be reduced accordingly. It may only be necessary to reduce the poor erase block within the segio, rather than all the erase blocks. The page headers in the erase block may be used to identify which pages are parity and which are data.


Whenever a page is read from storage, the contents may be validated using the page checksum. If the validation fails, a rebuild of the data using the erase block parity may be attempted. If that fails, then cross device ECC for the segment may be used to reconstruct the data.


In data segments the payload area may be divided into two areas. There will be pages formatted as log data which may include updates related to stored client blocks. The remainder of the payload area may contain pages formatted as client blocks. The client block data may be stored in a compressed form. Numerous compression algorithms are possible and are contemplated. Additionally, in various embodiments Intel® Advanced Encryption Standard instructions may be used for generating checksums. Additionally, there may be a header for the client block that resides in the same page as the data and contains information needed to read the client block, including an identification of the algorithm used to compress the data. Garbage collection may utilize both the client block header and the log entries in the segio. In addition, the client block may have a data hash which may be a checksum of the uncompressed data used for deduplication and to check the correctness of the decompressed data.


In some embodiments, segments and segios may have a monotonically increasing ID number used to order them. As part of writing a segio, a logical layer can record dependencies on prior flushes. At startup, the physical layer may build an ordered list of segments and segios and if a segio is dependent on another uncompleted segio it may be rolled back and not considered to have been written.


Wear Level Table


The Wear Level Table (WLT) for each device may be stored in a segment local to each device. The information may also be stored in the header of each segment shard. In one embodiment, the wear information is an integer that represents the number of times the allocation unit has been erased and reused. As the wear information may not be accurate, a flush of the table to the device may be performed when there has been a certain amount of activity or when the system has been idle for a reasonable period. The WLT may also be responsible for cleaning up old WLT segments as it allocates new ones. To add an extra layer of protection, old copies may be maintained before freeing them. For example, a table manager may ensure that it keeps the previous erase block and the current erase block of WLT entries at all times. When it allocates a new segment it won't free the old segment until it has written into the second erase block of the new segment.


AU State Table


The AU State Table (AST) tracks the state of each AU. The states include Free, Allocated, Erased and Bad. The AST may be stored in a segment on the device. Changing a state to Allocated or Free may be a synchronous update, while changing a state to Bad or Erased may be an asynchronous update. This table may generally be small enough and have enough updates that updates may be logged in NVRAM. The AST may be responsible for cleaning up old AST segments as it allocates new ones. Since the AST can be completely recovered by scanning the first block of each AU on the drive, there is no need to keep old copies of the AST.


AU Error Table


The AU Error Table (AET) may be used to track the number of recoverable errors and unrecoverable errors within each AU. The AET is stored in a segment on the device and each field may be a two byte integer. With four bytes per AU the entire table may be relatively small.


Referring now to FIG. 11C, a generalized block diagram illustrating one embodiment of data storage arrangements within different page types is shown. In the embodiment shown, three page types are shown although other types are possible and contemplated. The shown page types include page 1110 comprising metadata 1150, page 1120 comprising user data 1160, and page 1130 comprising parity information 1170 (inter-device or intra-device). Each of the pages 1110-1130 comprises metadata 1140, which may include header and identification information. In addition, each of the pages 1110-1130 may comprise intra-page error recovery data 1142, such as a corresponding checksum or other error detecting and/or correcting code. This checksum value may provide added protection for data stored in storage devices 176a-176k in a given device group.


Further, page 1130 may comprise inter-page error recovery data 1144. The data 1144 may be ECC information derived from the intra-page data 1142 stored in other storage devices. For example, referring again to FIG. 10, each page within storage device 176j, which stores inter-device parity information 240, may also store inter-page error recovery data 1144. The data 1144 may be a parity, a checksum, or other value generated from intra-page error recovery data 1142 stored in one or more of the storage devices 176a-176i. In one embodiment, the data 1144 is a checksum value generated from one or more other checksum values 1142 stored in other storage devices. In order to align data 1144 in a given page in storage device 176j with data 1142 in a corresponding page in one or more of the storage devices 176a-176i, padding 1146 may be added to the corresponding pages.


In one embodiment, end-user applications perform I/O operations on a sector-boundary, wherein a sector is 512 bytes for HDDs. In order to add extra protection, an 8-byte checksum may be added to form a 520-byte sector. In various embodiments, compression and remapping may be used in a flash memory based system to allow user data to be arranged on a byte boundary rather than a sector boundary. In addition, a checksum (8 byte, 4 byte, or otherwise) may be placed inside a page after a header and before the user data, which may be compressed. This placement is shown in each of pages 1110-1130.


When an end-user application reads a 512-byte sector, a corresponding page, which may be 2 KB-8 KB in size in one embodiment, has extra protection with an 8-byte checksum at the beginning of the page. In various embodiments, the page may not be formatted for a non-power of 2 sector size. As shown in pages 1110-1120, the checksum may be offset a few bytes into the page. This offset allows a parity page, such as page 1130, to store both a checksum that covers the parity page and ECC to protect checksums of the other pages.


For yet another level of protection, data location information may be included when calculating a checksum value. The data 1142 in each of pages 1110-1130 may include this information. This information may include both a logical address and a physical address. Sector numbers, data chunk and offset numbers, track numbers, plane numbers, and so forth may be included in this information as well.


Alternate Geometries


Turning now to FIG. 12, a generalized block diagram illustrating one embodiment of a hybrid RAID data layout 1200 is shown. Three partitions are shown although any number of partitions may be chosen. Each partition may correspond to a separate device group, such as device groups 713a-173b shown in FIG. 1. Each partition comprises multiple storage devices. In one embodiment, an algorithm such as the CRUSH algorithm may be utilized to select which devices to use in a RAID data layout architecture to use for data storage.


In the example shown, an L+1 RAID array, M+1 RAID array, and N+1 RAID array are shown. In various embodiments, L, M, and N may all be different, the same, or a combination thereof. For example, RAID array 1210 is shown in partition 1. The other storage devices 1212 are candidates for other RAID arrays within partition 1. Similarly, RAID array 1220 illustrates a given RAID array in partition 2. The other storage devices 1222 are candidates for other RAID arrays within partition 2. RAID array 1230 illustrates a given RAID array in partition 3. The other storage devices 1232 are candidates for other RAID arrays within partition 3.


Within each of the RAID arrays 1210, 1220 and 1230, a storage device P1 provides RAID single parity protection within a respective RAID array. Storage devices D1-DN store user data within a respective RAID array. Again, the storage of both the user data and the RAID single parity information may rotate between the storage devices D1-DN and P1. However, the storage of user data is described as being stored in devices D1-DN. Similarly, the storage of RAID single parity information is described as being stored in device P1 for ease of illustration and description.


One or more storage devices among each of the three partitions may be chosen to provide an additional amount of supported redundancy for one or more given RAID arrays. For example, storage device Q1 in partition 3 may be combined with each of the RAID arrays 1210, 1220 and 1230. The storage device Q1 may provide RAID double parity information for each of the RAID arrays 1210, 1220 and 1230. This additional parity information is generated and stored when a stripe is written to one of the arrays 1210, 1220, or 1230. Further this additional parity information may cover stripes in each of the arrays 1210, 1220, and 1230. Therefore, the ratio of a number of storage devices storing RAID parity information to a total number of storage devices is lower. For example, if each of the partitions used N+2 RAID arrays, then the ratio of a number of storage devices storing RAID parity information to a total number of storage devices is 3(2)/(3(N+2)), or 2/(N+2). In contrast, the ratio for the hybrid RAID layout 1200 is (3+1)/(3(N+1)), or 4/(3(N+1)).


It is possible to reduce the above ratio by increasing a number of storage devices used to store user data. For example, rather than utilize storage device Q1, each of the partitions may utilize a 3N+2 RAID array. In such a case, the ratio of a number of storage devices storing RAID parity information to a total number of storage devices is 2/(3N+2). However, during a reconstruct read operation, (3N+1) storage devices receive a reconstruct read request for a single device failure. In contrast, for the hybrid RAID layout 1200, only N storage devices receive a reconstruct read request for a single device failure.


It is noted each of the three partitions may utilize a different RAID data layout architecture. A selection of a given RAID data layout architecture may be based on a given ratio number of storage devices storing RAID parity information to a total number of storage devices. In addition, the selection may be based on a given number of storage devices, which may receive a reconstruct read request during reconstruction. For example, the RAID arrays 1210, 1220 and 1230 may include geometries such as L+a, M+b and N+c, respectively.


In addition, one or more storage devices, such as storage device Q1, may be chosen based on the above conditions to provide an additional amount of supported redundancy for one or more of the RAID arrays within the partitions. In an example with three partitions comprising the above RAID arrays and a number Q of storage devices providing extra protection for each of the RAID arrays, a ratio of a number of storage devices storing RAID parity information to a total number of storage devices is (a+b+c+Q)/(L+a+M+b+N+c+Q). For a single device failure, a number of storage devices to receive a reconstruct read request is L, M and N, respectively, for partitions 1 to 3 in the above example. It is noted that the above discussion generally describes 3 distinct partitions in FIG. 12. In such an embodiment, this type of “hard” partitioning where a given layout is limited to a particular group of devices may guarantee that reconstruct reads in one partition will not collide with those in another partition. However, in other embodiments the partitions may not be hard as described above. Rather, given a pool of devices, layouts may be selected from any of the devices. For example, treating the devices as on big pool it is possible to configure layouts such as (L+1, M+1, N+1)+1. Consequently, there is a chance that geometries overlap and reconstruct reads could collide. If L, M, and N are small relative to the size of the pool then the percentage of reconstruct reads relative to normal reads may be kept low.


Referring now to FIG. 13, one embodiment of a method 1300 for selecting alternate RAID geometries in a data storage subsystem is shown. The components embodied in network architecture 100 and data storage arrays 120a-120b described above may generally operate in accordance with method 1300. The steps in this embodiment are shown in sequential order. However, some steps may occur in a different order than shown, some steps may be performed concurrently, some steps may be combined with other steps, and some steps may be absent in another embodiment.


In block 1302, a RAID engine 178 or other logic within a storage controller 174 determines to use a given number of devices to store user data in a RAID array within each partition of a storage subsystem. A RUSH or other algorithm may then be used to select which devices are to be used. In one embodiment, each partition utilizes a same number of storage devices. In other embodiments, each partition may utilize a different, unique number of storage devices to store user data. In block 1304, the storage controller 174 may determine to support a number of storage devices to store corresponding Inter-Device Error Recovery (parity) data within each partition of the subsystem. Again, each partition may utilize a same number or a different, unique number of storage devices for storing RAID parity information.


In block 1306, the storage controller may determine to support a number Q of storage devices to store extra Inter-Device Error Recovery (parity) data across the partitions of the subsystem. In block 1308, both user data and corresponding RAID parity data may be written in selected storage devices. Referring again to FIG. 12, when a given RAID array is written, such as RAID array 1210 in partition 1, one or more bits of parity information may be generated and stored in storage device Q1 in partition 3.


If the storage controller 174 detects a condition for performing read reconstruction in a given partition (conditional block 1310), and if the given partition has a sufficient number of storage devices holding RAID parity information to handle a number of unavailable storage devices (conditional block 1312), then in block 1314, the reconstruct read operation(s) is performed with one or more corresponding storage devices within the given partition. The condition may include a storage device within a given RAID array is unavailable due to a device failure or the device operates below a given performance level. The given RAID array is able to handle a maximum number of unavailable storage devices with the number of storage devices storing RAID parity information within the given partition. For example, if RAID array 1210 in partition 1 in the above example is an L+a RAID array, then RAID array 1210 is able to perform read reconstruction utilizing only storage devices within partition 1 when k storage devices are unavailable, where 1<=k<=a.


If the given partition does not have a sufficient number of storage devices holding RAID parity information to handle a number of unavailable storage devices (conditional block 1312), and if there is a sufficient number of Q storage devices to handle the number of unavailable storage devices (conditional block 1316), then in block 1318, the reconstruct read operation(s) is performed with one or more corresponding Q storage devices. One or more storage devices in other partitions, which are storing user data, may be accessed during the read reconstruction. A selection of these storage devices may be based on a manner of a derivation of the parity information stored in the one or more Q storage devices. For example, referring again to FIG. 12, storage device D2 in partition 2 may be accessed during the read reconstruction, since this storage device may have been used to generate corresponding RAID parity information stored in storage device Q1. If there are not a sufficient number of Q storage devices to handle the number of unavailable storage devices (conditional block 1316), then in block 1320, the corresponding user data may be read from another source or be considered lost.


It is noted that the above-described embodiments may comprise software. In such an embodiment, the program instructions that implement the methods and/or mechanisms may be conveyed or stored on a computer readable medium. Numerous types of media which are configured to store program instructions are available and include hard disks, floppy disks, CD-ROM, DVD, flash memory, Programmable ROMs (PROM), random access memory (RAM), and various other forms of volatile or non-volatile storage.


In various embodiments, one or more portions of the methods and mechanisms described herein may form part of a cloud-computing environment. In such embodiments, resources may be provided over the Internet as services according to one or more various models. Such models may include Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). In IaaS, computer infrastructure is delivered as a service. In such a case, the computing equipment is generally owned and operated by the service provider. In the PaaS model, software tools and underlying equipment used by developers to develop software solutions may be provided as a service and hosted by the service provider. SaaS typically includes a service provider licensing software as a service on demand. The service provider may host the software, or may deploy the software to a customer for a given period of time. Numerous combinations of the above models are possible and are contemplated.


Although the embodiments above have been described in considerable detail, numerous variations and modifications will become apparent to those skilled in the art once the above disclosure is fully appreciated. It is intended that the following claims be interpreted to embrace all such variations and modifications.

Claims
  • 1. A computer system comprising: storing data in a first page of a first storage device in a storage system that includes a plurality of storage devices;generating intra-device protection data corresponding to the data and according to a desired protection level, wherein the intra-device protection data is stored within the first storage device of the plurality of storage devices and the desired protection level is selectively increased in the first storage device of the plurality of storage devices upon an increased error rate in the first storage device;generating inter-device protection data corresponding to the first page and one or more other pages in other storage devices within the storage system; andstoring the inter-device protection data within a second storage device in the storage system.
  • 2. The computer system as recited in claim 1, wherein the intra-device protection data is a checksum value computed from corresponding data stored in the first storage device.
  • 3. The computer system as recited in claim 1, wherein the inter-device protection data is configured to protect the intra-device protection data.
  • 4. The computer system as recited in claim 1, wherein the intra-device protection data further includes one or both of a physical address or a virtual address corresponding to the data stored within the first storage device.
  • 5. The computer system as recited in claim 4, wherein in response to a read of data in the first storage device, the storage system is configured to utilize at least one of the physical address or the virtual address to validate the read data.
  • 6. The computer system as recited in claim 1, wherein in response to a read of given data in the first storage device, the storage system is configured to: utilize intra-device protection data to attempt to rebuild the given data, in response to determining a checksum validation for the given data has failed; andutilize inter-device protection data to reconstruct the given data, in response to determining the rebuild has failed.
  • 7. The computer system as recited in claim 1, wherein said first storage device comprises one or more client blocks storing compressed data, and wherein the first storage device further includes additional protection data for each of the client blocks, the additional data being configured to validate corresponding data in an uncompressed state.
  • 8. A method for use in a computing system, the method comprising: storing data in a first page of a first storage device in a storage system that includes a plurality of storage devices;generating intra-device protection data corresponding to the data and according to a desired protection level, wherein the intra-device protection data is stored within the first storage device of the plurality of storage devices and the desired protection level is selectively increased in the first storage device of the plurality of storage devices upon an increased error rate in the first storage device;generating inter-device protection data corresponding to the first page and one or more other pages in other storage devices within the storage system; andstoring the inter-device protection data within a second storage device in the storage system.
  • 9. The method as recited in claim 8, further comprising computing the intra-device protection data as a checksum value based on data stored in the first page of the first storage device.
  • 10. The method as recited in claim 9, further comprising: receiving read and write requests at a data storage subsystem, wherein the subsystem comprises a plurality of data storage locations on a plurality of storage devices; andstoring data in the first storage device of the plurality of storage devices.
  • 11. The method as recited in claim 8, wherein the intra-device protection data is configured to protect the inter-device protection data.
  • 12. The method as recited in claim 8, wherein the intra-device protection data in the first storage device further includes one or both of a physical address or a virtual address corresponding to the data stored within the first storage device.
  • 13. The method as recited in claim 12, wherein in response to a read of data in the first storage device, the method comprises utilizing at least one of the physical address or the virtual address to validate the read data.
  • 14. The method as recited in claim 8, wherein in response to a read of given data in the first storage device, the method further comprises: utilizing intra-device protection data to attempt to rebuild the given data, in response to determining a checksum validation for the given data has failed; andutilizing inter-device protection data to reconstruct the given data, in response to determining the rebuild has failed.
  • 15. The method as recited in claim 8, wherein said first storage device comprises one or more client blocks storing compressed data, and wherein the first storage device further includes additional protection data for each of the client blocks, the additional data being configured to validate corresponding data in an uncompressed state.
  • 16. A non-transitory computer readable storage medium storing program instructions, wherein the program instructions are executable to: store data in a first page of a first storage device in a storage system that includes a plurality of storage devices;generate intra-device protection data corresponding to the data and according to a desired protection level, wherein the intra-device protection data is stored within the first storage device of the plurality of storage devices and the desired protection level is selectively increased in the first storage device of the plurality of storage devices upon an increased error rate in the first storage device;generate inter-device protection data corresponding to the first page and one or more other pages in other storage devices within the storage system; andstore the inter-device protection data within a second storage device in the storage system.
  • 17. The computer readable storage medium as recited in claim 16, wherein the program instructions are further executable to compute the intra-device protection data in the first storage device as a checksum value based on data stored of the first storage device.
  • 18. The computer readable storage medium as recited in claim 16, wherein the first storage device is formatted to a multiple of 512 sector size such that the first page is aligned to a multiple of 512 boundary, and wherein the program instructions are further executable to compress the data in the first page in order to accommodate storage of the intra-device protection data within the first storage device.
  • 19. The computer readable storage medium as recited in claim 16, wherein the intra-device protection data in the first storage device further includes one or both of a physical address or a virtual address corresponding to the user data stored within the first storage device.
  • 20. The computer readable storage medium as recited in claim 19, wherein in response to a read of data in the first storage device, the wherein the program instructions are further executable to utilize at least one of the physical address or the virtual address to validate the read data.
CROSS-REFERENCE TO RELATED APPLICATIONS

This is a continuation application for patent entitled to a filing date and claiming the benefit of earlier-filed U.S. Pat. No. 11,579,974, issued Feb. 14, 2023, herein incorporated by reference in its entirety, which is a continuation of U.S. Pat. No. 10,817,375, issued Oct. 27, 2020, which is a continuation application of U.S. Pat. No. 10,810,083, issued Oct. 20, 2020, which is a continuation application of U.S. Pat. No. 10,180,879, issued Jan. 15, 2019, which is a continuation application of U.S. Pat. No. 9,244,769, issued Jan. 26, 2016.

US Referenced Citations (341)
Number Name Date Kind
5208813 Stallmo May 1993 A
5403639 Belsan et al. Apr 1995 A
5490260 Miller Feb 1996 A
5706210 Kumano et al. Jan 1998 A
5799200 Brant et al. Aug 1998 A
5822782 Humlicek et al. Oct 1998 A
5933598 Scales et al. Aug 1999 A
5940838 Schmuck et al. Aug 1999 A
6012032 Donovan et al. Jan 2000 A
6085333 DeKoning et al. Jul 2000 A
6263350 Wollrath et al. Jul 2001 B1
6275898 DeKoning Aug 2001 B1
6412045 DeKoning et al. Jun 2002 B1
6643641 Snyder Nov 2003 B1
6647514 Umberger et al. Nov 2003 B1
6681290 Brower, Jr. et al. Jan 2004 B2
6718448 Ofer Apr 2004 B1
6757769 Ofer Jun 2004 B1
6789162 Talagala et al. Sep 2004 B1
6799283 Tamai et al. Sep 2004 B1
6834298 Singer et al. Dec 2004 B1
6850938 Sadjadi Feb 2005 B1
6854071 King et al. Feb 2005 B2
6915434 Kuroda et al. Jul 2005 B1
6938123 Willis et al. Aug 2005 B2
6973549 Testardi Dec 2005 B1
7028216 Aizawa et al. Apr 2006 B2
7028218 Schwarm et al. Apr 2006 B2
7039827 Meyer et al. May 2006 B2
7055035 Allison May 2006 B2
7089272 Garthwaite et al. Aug 2006 B1
7107389 Inagaki et al. Sep 2006 B2
7146521 Nguyen Dec 2006 B1
7200715 Kleiman et al. Apr 2007 B2
7206991 Chatterjee et al. Apr 2007 B2
7216164 Whitmore et al. May 2007 B1
7334124 Pham et al. Feb 2008 B2
7437530 Rajan Oct 2008 B1
7484137 Blaum et al. Jan 2009 B2
7493424 Bali et al. Feb 2009 B1
7506187 Maddock Mar 2009 B2
7669029 Mishra et al. Feb 2010 B1
7681072 Gibson et al. Mar 2010 B1
7689609 Lango et al. Mar 2010 B2
7743191 Liao Jun 2010 B1
7783682 Patterson Aug 2010 B1
7873619 Faibish et al. Jan 2011 B1
7899780 Shmuylovich et al. Mar 2011 B1
7913300 Flank et al. Mar 2011 B1
7930475 Kleiman et al. Apr 2011 B1
7933936 Aggarwal et al. Apr 2011 B2
7958303 Shuster Jun 2011 B2
7975115 Wayda et al. Jul 2011 B2
7979613 Zohar et al. Jul 2011 B2
8015440 Flynn et al. Sep 2011 B2
8019938 Flynn et al. Sep 2011 B2
8037391 Jung et al. Oct 2011 B1
8042163 Karr et al. Oct 2011 B1
8086585 Brashers et al. Dec 2011 B1
8086652 Bisson et al. Dec 2011 B1
8117464 Kogelnik Feb 2012 B1
8200887 Bennett Jun 2012 B2
8205065 Matze Jun 2012 B2
8271700 Annem et al. Sep 2012 B1
8352540 Anglin et al. Jan 2013 B2
8387136 Lee et al. Feb 2013 B2
8437189 Montierth et al. May 2013 B1
8465332 Hogan et al. Jun 2013 B2
8504797 Mimatsu Aug 2013 B2
8527544 Colgrove et al. Sep 2013 B1
8560747 Tan et al. Oct 2013 B1
8566546 Marshak et al. Oct 2013 B1
8578442 Banerjee Nov 2013 B1
8613066 Brezinski et al. Dec 2013 B1
8620970 English et al. Dec 2013 B2
8621241 Stephenson Dec 2013 B1
8700875 Barron et al. Apr 2014 B1
8751463 Chamness Jun 2014 B1
8762642 Bates et al. Jun 2014 B2
8769622 Chang et al. Jul 2014 B2
8800009 Beda, III et al. Aug 2014 B1
8806160 Colgrove et al. Aug 2014 B2
8812860 Bray Aug 2014 B1
8822155 Sukumar et al. Sep 2014 B2
8850546 Field et al. Sep 2014 B1
8874850 Goodson et al. Oct 2014 B1
8898346 Simmons Nov 2014 B1
8909854 Yamagishi et al. Dec 2014 B2
8931041 Banerjee Jan 2015 B1
8949863 Coatney et al. Feb 2015 B1
8959305 LeCrone et al. Feb 2015 B1
8984602 Bailey et al. Mar 2015 B1
8990905 Bailey et al. Mar 2015 B1
9081713 Bennett Jul 2015 B1
9124569 Hussain et al. Sep 2015 B2
9134922 Rajagopal et al. Sep 2015 B2
9189334 Bennett Nov 2015 B2
9209973 Aikas et al. Dec 2015 B2
9244769 Colgrove et al. Jan 2016 B2
9250823 Kamat et al. Feb 2016 B1
9280678 Redberg Mar 2016 B2
9300660 Borowiec et al. Mar 2016 B1
9311182 Bennett Apr 2016 B2
9395922 Nishikido et al. Jul 2016 B2
9423967 Colgrove et al. Aug 2016 B2
9436396 Colgrove et al. Sep 2016 B2
9436720 Colgrove et al. Sep 2016 B2
9444822 Borowiec et al. Sep 2016 B1
9454476 Colgrove et al. Sep 2016 B2
9454477 Colgrove et al. Sep 2016 B2
9507532 Colgrove et al. Nov 2016 B1
9513820 Shalev Dec 2016 B1
9516016 Colgrove et al. Dec 2016 B2
9552248 Miller et al. Jan 2017 B2
9632870 Bennett Apr 2017 B2
10180879 Colgrove et al. Jan 2019 B1
10324639 Seo Jun 2019 B2
10567406 Astigarraga et al. Feb 2020 B2
10810083 Colgrove et al. Oct 2020 B1
10817375 Colgrove et al. Oct 2020 B2
10846137 Vallala et al. Nov 2020 B2
10877683 Wu et al. Dec 2020 B2
11076509 Alissa et al. Jul 2021 B2
11106810 Natanzon et al. Aug 2021 B2
11194707 Stalzer Dec 2021 B2
20020013802 Mori et al. Jan 2002 A1
20020038436 Suzuki Mar 2002 A1
20020069318 Chow et al. Jun 2002 A1
20020087544 Selkirk et al. Jul 2002 A1
20020178335 Selkirk et al. Nov 2002 A1
20030115412 Franklin et al. Jun 2003 A1
20030140209 Testardi Jul 2003 A1
20030145172 Galbraith et al. Jul 2003 A1
20030191783 Wolczko et al. Oct 2003 A1
20030225961 Chow et al. Dec 2003 A1
20040049572 Yamamoto et al. Mar 2004 A1
20040080985 Chang et al. Apr 2004 A1
20040111573 Garthwaite Jun 2004 A1
20040153844 Ghose et al. Aug 2004 A1
20040193814 Erickson et al. Sep 2004 A1
20040255087 Pudipeddi et al. Dec 2004 A1
20040260967 Guha et al. Dec 2004 A1
20050066095 Mullick et al. Mar 2005 A1
20050108594 Menon et al. May 2005 A1
20050160416 Jamison Jul 2005 A1
20050188246 Emberty et al. Aug 2005 A1
20050210322 Corrado Sep 2005 A1
20050216535 Saika et al. Sep 2005 A1
20050216800 Bicknell et al. Sep 2005 A1
20050223154 Uemura Oct 2005 A1
20060015771 Van Gundy et al. Jan 2006 A1
20060074940 Craft et al. Apr 2006 A1
20060129817 Borneman et al. Jun 2006 A1
20060136365 Kedem et al. Jun 2006 A1
20060143507 Tanaka Jun 2006 A1
20060150048 Echeruo et al. Jul 2006 A1
20060155946 Ji Jul 2006 A1
20060161726 Lasser Jul 2006 A1
20060230245 Gounares et al. Oct 2006 A1
20060239075 Williams et al. Oct 2006 A1
20070022227 Miki Jan 2007 A1
20070028068 Golding et al. Feb 2007 A1
20070055702 Fridella et al. Mar 2007 A1
20070067585 Ueda et al. Mar 2007 A1
20070109856 Pellicone et al. May 2007 A1
20070150689 Pandit et al. Jun 2007 A1
20070162954 Pela Jul 2007 A1
20070168321 Saito et al. Jul 2007 A1
20070171562 Maejima et al. Jul 2007 A1
20070174673 Kawaguchi et al. Jul 2007 A1
20070220227 Long Sep 2007 A1
20070220313 Katsuragi et al. Sep 2007 A1
20070245090 King et al. Oct 2007 A1
20070266179 Chavan et al. Nov 2007 A1
20070294563 Bose Dec 2007 A1
20070294564 Reddin et al. Dec 2007 A1
20080005587 Ahlquist Jan 2008 A1
20080040540 Cavallo Feb 2008 A1
20080059699 Kubo et al. Mar 2008 A1
20080065852 Moore et al. Mar 2008 A1
20080077825 Bello et al. Mar 2008 A1
20080109616 Taylor May 2008 A1
20080134174 Sheu et al. Jun 2008 A1
20080155191 Anderson et al. Jun 2008 A1
20080162674 Dahiya Jul 2008 A1
20080178040 Kobayashi Jul 2008 A1
20080195833 Park Aug 2008 A1
20080209096 Lin et al. Aug 2008 A1
20080244205 Amano et al. Oct 2008 A1
20080256141 Wayda et al. Oct 2008 A1
20080270678 Cornwell et al. Oct 2008 A1
20080275928 Shuster Nov 2008 A1
20080282045 Biswas et al. Nov 2008 A1
20080285083 Aonuma Nov 2008 A1
20080307270 Li Dec 2008 A1
20090006587 Richter Jan 2009 A1
20090037662 La Frese et al. Feb 2009 A1
20090077340 Johnson et al. Mar 2009 A1
20090100115 Park et al. Apr 2009 A1
20090183051 Balb Jul 2009 A1
20090198886 Balakrishnan Aug 2009 A1
20090198889 Ito et al. Aug 2009 A1
20090204858 Kawaba Aug 2009 A1
20090228648 Wack Sep 2009 A1
20090300084 Whitehouse Dec 2009 A1
20100052625 Cagno et al. Mar 2010 A1
20100057673 Savov Mar 2010 A1
20100058026 Heil et al. Mar 2010 A1
20100067706 Anan et al. Mar 2010 A1
20100077205 Ekstrom et al. Mar 2010 A1
20100082879 McKean et al. Apr 2010 A1
20100106905 Kurashige et al. Apr 2010 A1
20100153620 McKean et al. Jun 2010 A1
20100153641 Jagadish et al. Jun 2010 A1
20100191897 Zhang et al. Jul 2010 A1
20100211723 Mukaida Aug 2010 A1
20100246266 Park et al. Sep 2010 A1
20100250802 Waugh et al. Sep 2010 A1
20100250882 Hutchison et al. Sep 2010 A1
20100257142 Murphy et al. Oct 2010 A1
20100262764 Liu et al. Oct 2010 A1
20100281225 Chen et al. Nov 2010 A1
20100287327 Li et al. Nov 2010 A1
20100306500 Mimatsu Dec 2010 A1
20100325345 Ohno et al. Dec 2010 A1
20100332754 Lai et al. Dec 2010 A1
20110035540 Fitzgerald et al. Feb 2011 A1
20110072290 Davis et al. Mar 2011 A1
20110072300 Rousseau Mar 2011 A1
20110125955 Chen May 2011 A1
20110131231 Haas et al. Jun 2011 A1
20110145598 Smith et al. Jun 2011 A1
20110161559 Yurzola et al. Jun 2011 A1
20110167221 Pangal et al. Jul 2011 A1
20110238634 Kobara Sep 2011 A1
20120023144 Rub Jan 2012 A1
20120023375 Dutta et al. Jan 2012 A1
20120036309 Dillow et al. Feb 2012 A1
20120054264 Haugh et al. Mar 2012 A1
20120079190 Colgrove et al. Mar 2012 A1
20120079318 Colgrove et al. Mar 2012 A1
20120117029 Gold May 2012 A1
20120131253 McKnight et al. May 2012 A1
20120198175 Atkisson Aug 2012 A1
20120303919 Hu et al. Nov 2012 A1
20120311000 Post et al. Dec 2012 A1
20120330954 Sivasubramanian et al. Dec 2012 A1
20130007845 Chang et al. Jan 2013 A1
20130031414 Dhuse et al. Jan 2013 A1
20130036272 Nelson Feb 2013 A1
20130042052 Colgrove et al. Feb 2013 A1
20130046995 Movshovitz Feb 2013 A1
20130047029 Ikeuchi et al. Feb 2013 A1
20130071087 Motiwala et al. Mar 2013 A1
20130091102 Nayak Apr 2013 A1
20130145447 Maron Jun 2013 A1
20130191555 Liu Jul 2013 A1
20130198459 Joshi et al. Aug 2013 A1
20130205110 Kettner Aug 2013 A1
20130205173 Yoneda Aug 2013 A1
20130219164 Hamid Aug 2013 A1
20130227201 Talagala et al. Aug 2013 A1
20130227236 Flynn et al. Aug 2013 A1
20130275391 Batwara et al. Oct 2013 A1
20130275656 Talagala et al. Oct 2013 A1
20130283058 Fiske et al. Oct 2013 A1
20130290607 Chang et al. Oct 2013 A1
20130290648 Shao et al. Oct 2013 A1
20130311434 Jones Nov 2013 A1
20130318297 Jibbe et al. Nov 2013 A1
20130318314 Markus et al. Nov 2013 A1
20130332614 Brunk et al. Dec 2013 A1
20130339303 Potter et al. Dec 2013 A1
20140020083 Fetik Jan 2014 A1
20140052946 Kimmel Feb 2014 A1
20140068791 Resch Mar 2014 A1
20140074850 Noel et al. Mar 2014 A1
20140082715 Grajek et al. Mar 2014 A1
20140086146 Kim et al. Mar 2014 A1
20140089730 Watanabe et al. Mar 2014 A1
20140090009 Li et al. Mar 2014 A1
20140096220 Da Cruz Pinto et al. Apr 2014 A1
20140101361 Gschwind Apr 2014 A1
20140101434 Senthurpandi et al. Apr 2014 A1
20140143517 Jin et al. May 2014 A1
20140164774 Nord et al. Jun 2014 A1
20140172929 Sedayao et al. Jun 2014 A1
20140173232 Reohr et al. Jun 2014 A1
20140195636 Karve et al. Jul 2014 A1
20140201150 Kumarasamy et al. Jul 2014 A1
20140201512 Seethaler et al. Jul 2014 A1
20140201541 Paul et al. Jul 2014 A1
20140208155 Pan Jul 2014 A1
20140215129 Kuzmin et al. Jul 2014 A1
20140215590 Brand Jul 2014 A1
20140220561 Sukumar et al. Aug 2014 A1
20140229131 Cohen et al. Aug 2014 A1
20140229452 Serita et al. Aug 2014 A1
20140229654 Goss et al. Aug 2014 A1
20140230017 Saib Aug 2014 A1
20140258526 Le Sant et al. Sep 2014 A1
20140281308 Lango et al. Sep 2014 A1
20140282983 Ju et al. Sep 2014 A1
20140285917 Cudak et al. Sep 2014 A1
20140325115 Ramsundar et al. Oct 2014 A1
20140325262 Cooper et al. Oct 2014 A1
20140351627 Best et al. Nov 2014 A1
20140373104 Gaddam et al. Dec 2014 A1
20140373126 Hussain et al. Dec 2014 A1
20150026387 Sheredy et al. Jan 2015 A1
20150074463 Jacoby et al. Mar 2015 A1
20150089569 Sondhi et al. Mar 2015 A1
20150095515 Krithivas et al. Apr 2015 A1
20150113203 Dancho et al. Apr 2015 A1
20150121137 McKnight et al. Apr 2015 A1
20150134920 Anderson et al. May 2015 A1
20150149822 Coronado et al. May 2015 A1
20150154418 Redberg Jun 2015 A1
20150193169 Sundaram et al. Jul 2015 A1
20150234709 Koarashi Aug 2015 A1
20150244775 Vibhor et al. Aug 2015 A1
20150278534 Thiyagarajan et al. Oct 2015 A1
20150378888 Zhang et al. Dec 2015 A1
20160019114 Han et al. Jan 2016 A1
20160026397 Nishikido et al. Jan 2016 A1
20160098191 Golden et al. Apr 2016 A1
20160098199 Golden et al. Apr 2016 A1
20160098323 Mutha et al. Apr 2016 A1
20160182542 Staniford Jun 2016 A1
20160248631 Duchesneau Aug 2016 A1
20160350009 Cerreta et al. Dec 2016 A1
20160352720 Hu et al. Dec 2016 A1
20160352830 Borowiec et al. Dec 2016 A1
20160352834 Borowiec et al. Dec 2016 A1
20170262202 Seo Sep 2017 A1
20180054454 Astigarraga et al. Feb 2018 A1
20180081562 Vasudevan Mar 2018 A1
20190220315 Vallala et al. Jul 2019 A1
20200034560 Natanzon et al. Jan 2020 A1
20200326871 Wu et al. Oct 2020 A1
20210360833 Alissa et al. Nov 2021 A1
Foreign Referenced Citations (26)
Number Date Country
103370685 Oct 2013 CN
103370686 Oct 2013 CN
104025010 Nov 2016 CN
0725324 Aug 1996 EP
3066610 Sep 2016 EP
3082047 Oct 2016 EP
3120235 Jan 2017 EP
3120235 Jan 2017 EP
3066610 Jun 2018 EP
2007087036 Apr 2007 JP
2007094472 Apr 2007 JP
2008250667 Oct 2008 JP
2010211681 Sep 2010 JP
1995002349 Jan 1995 WO
1999013403 Mar 1999 WO
2008102347 Aug 2008 WO
2010071655 Jun 2010 WO
2012047498 Apr 2012 WO
WO-2012087648 Jun 2012 WO
WO-2013071087 May 2013 WO
WO-2014110137 Jul 2014 WO
WO-2016015008 Jan 2016 WO
WO-2016190938 Dec 2016 WO
WO-2016195759 Dec 2016 WO
WO-2016195958 Dec 2016 WO
WO-2016195961 Dec 2016 WO
Non-Patent Literature Citations (40)
Entry
Ganger et al.; “Disk Arrays High Performance, High-Reliability Storage Subsystems”, Computer IEEE Service Center, Los Alamitos, CA; vol. 27, No. 3, Mar. 1, 1994.
Gray et al.; “Parity Striping of Disc Arrays: Low Cost Reliable Storage with Acceptable Throughput”, Proceedings of the 17th International Conference on Very Large Data Bases, Sep. 3-6, 1991, Barcelona, San Mateo, CA, Jan. 1, 1989.
Hwang et al., “RAID-x: A New Distributed Disk Array for I/O-Centric Cluster Computing”, Proceedings of the Ninth International Symposium on High-performance Distributed Computing, Aug. 2000, pp. 279-286, the Ninth International Symposium on High-Performance Distributed Computing, IEEE Computer Society, Los Alamitos, CA.
International Search Report and Written Opinion, PCT/US2011/052262, dated Jan. 3, 2012, 13 pages.
Microsoft Corporation, “Fundamentals of Garbage Collection”, Retrieved Aug. 30, 2013 via the WayBack Machine, 11 pages.
Microsoft Corporation, “GCSettings.IsServerGC Property”, Retrieved Oct. 27, 2013 via the WayBack Machine, 3 pages.
Stalzer, “FlashBlades: System Architecture and Applications”, Proceedings of the 2nd Workshop on Architectures and Systems for Big Data, Jun. 2012, pp. 10-14, Association for Computing Machinery, New York, NY.
Storer et al., “Pergamum: Replacing Tape with Energy Efficient, Reliable, Disk-Based Archival Storage”, FAST'08: Proceedings of the 6th USENIX Conference on File and Storage Technologies, Article No. 1, Feb. 2008, pp. 1-16, USENIX Association, Berkeley, CA.
Bellamy-McIntyre J., et al., “OpenID and the Enterprise: A Model-based Analysis of Single Sign-On Authentication,” (online), 2011, 15th IEEE International Enterprise Distributed Object Computing Conference (EDOC), Dated Aug. 29, 2011, 10 pages, DOI:10.1109/EDOC.2011.26, ISBN: 978-1-4577-0362-1, Retrieved fromURL:https://www.cs.auckland.ac.nz/lutteroth/publications/McintyreLutterothWeber2011-OpenID.pdf.
ETSI: “Network Function Virtualisation (NFV); Resiliency Requirements,” ETSI GS NFV-REL 001, V1.1.1, etsi.org (Online), Jan. 2015, 82 Pages, RetrievedfromURL:www.etsi.org/deliver/etsi_gs/NFV-RELJ001_099/001/01.01.01_60/gs_NFV-REL001v010101p.pdf.
Faith R., “Dictzip File Format,” GitHub.com (Online), 01 Page, [Accessed on Jul. 28, 2015] Retrieved from URL: github.com/fidlej/idzip.
Google Search Of: “Storage Array Define,” Performed by the Examiner for U.S. Appl. No. 14/725,278 on Nov. 4, 2015 , Results Limited to Entries Dated before 2012, 01 Page.
Hota C., et al., “Capability-Based Cryptographic Data Access Control in Cloud Computing,” International Journal of Advanced Networking and Applications, Eswar Publications, India, Aug. 13, 2011, vol. 1, No. 1,10 Pages.
Hu X-Y., et al., “Container Marking: Combining Data Placement, Garbage Collection and Wear Levelling for Flash,” 19th Annual IEEE International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunications Systems, Jul. 25-27, 2011, 11 Pages, DOI: 10.1109/MASCOTS.2011.50, ISBN: 978-0-7695-4430-4.
International Search Report and Written Opinion for International Application No. PCT/US2016/015006, Apr. 29, 2016, 12 pages.
International Search Report and Written Opinion for International Application No. PCT/US2016/016333, Jun. 8, 2016, 12 pages.
International Search Report and Written Opinion for International Application No. PCT/US2016/020410, mailed Jul. 8, 2016, 17 pages.
International Search Report and Written Opinion for International Application No. PCT/US2016/032052, mailed Aug. 30, 2016, 17 Pages.
International Search Report and Written Opinion for International Application No. PCT/US2016/032084, mailed Jul. 18, 2016, 12 Pages.
International Search Report and Written Opinion for International Application No. PCT/US2016/035492, mailed Aug. 17, 2016, 10 pages.
International Search Report and Written Opinion for International Application No. PCT/US2016/036693, mailed Aug. 29, 2016, 10 Pages.
International Search Report and Written Opinion for International Application No. PCT/US2016/038758, mailed Oct. 7, 2016, 10 Pages.
International Search Report and Written Opinion for International Application No. PCT/US2016/040393, mailed Sep. 22, 2016, 10 Pages.
International Search Report and Written Opinion for International Application No. PCT/US2016/044020, mailed Sep. 30, 2016, 11 Pages.
International Search Report and Written Opinion for International Application No. PCT/US2016/044874, mailed Oct. 7, 2016, 11 Pages.
International Search Report and Written Opinion for International Application No. PCT/US2016/044875, mailed Oct. 5, 2016, 13 pages.
International Search Report and Written Opinion for International Application No. PCT/US2016/044876, mailed Oct. 21, 2016, 12 Pages.
International Search Report and Written Opinion for International Application No. PCT/US2016/044877, mailed Sep. 29, 2016, 13 pages.
International Search Report and Written Opinion of the International Application No. PCT/US2016/015008, mailed May 4, 2016, 12 pages.
Kong K., “Using PCI Express as the Primary System Interconnect in Multiroot Compute, Storage, Communications and Embedded Systems,” IDT, White Paper, Aug. 28, 2008, 12 Pages, [Retrieved by WIPO on Dec. 1, 2014] Retrieved from URL: http://www.idt.com/document/whp/idt-pcie-multi-root-white-paper.
Li J., et al., “Access Control for the Services Oriented Architecture,” Proceedings of the ACM Workshop on Secure Web Services (SWS), ACM, New York, Nov. 2, 2007, pp. 9-17.
Microsoft: “Hybrid for SharePoint Server 2013—Security Reference Architecture,” Oct. 1, 2014, pp. 1-53, XP055296534, [Retrieved On Aug. 19, 2016] Retrieved from URL: http://hybrid.office.com/img/Security_Reference_Architecture.pdf.
Microsoft, “Hybrid Identity Management”, Microsoft (online), Apr. 2014, 2 pages, URL: download.microsoft.com/ download/E/A/E/EAE57CD1-A80B-423C-96BB-142FAAC630B9/Hybrid_Identity_Datasheet.pdf.
Microsoft, “Hybrid Identity,” (online), Dated Apr. 2014, 36 pages, Retrieved from URL: http://aka.ms/HybridIdentityWp.
PCMAG: “Storage Array Definition,” Published May 10, 2013, 1 page, Retrieved from URL: http://web.archive.Org/web/20130510121646/ http://www.pcmag.com/encyclopedia/term/52091/storage-array.
Storer M.W., et al., “Secure Data Deduplication,” Proceedings of the 4th ACM International Workshop on Storage Security And Survivability (StorageSS'08), ACM New York, NY, USA, Oct. 31, 2008, 10 Pages, DOI: 10.1145/1456471.
Sweere P., “Creating Storage Class Persistent Memory with NVDIMM,” Flash Memory Summit, Aug. 2013, 22 Pages, Retrieved from URL: http://www.flashmemorysummit.com/English/Collaterals/Proceedings/2013/20130814_T2_Sweere. pdf.
Techopedia, “What is a Disk Array,” techopedia.com (online), Jan. 13, 2012, 1 Page, Retrieved from URL: https://web.archive.org/web/20120113053358/ http://www.techopedia.com/definition/1009/disk-array.
Webopedia, “What is a disk array,” webopedia.com (online), May 26, 2011, 2 Pages, Retrieved from URL: https://web/archive.org/web/20110526081214/ http://www.webopedia.com/TERM/D/disk_array.html.
Wikipedia, “Convergent Encryption,” Wikipedia.org (online), Accessed on Sep. 8, 2015, 2 pages, Retrieved from URL: en.wikipedia.org/wiki/Convergent_encryption.
Related Publications (1)
Number Date Country
20230195573 A1 Jun 2023 US
Continuations (5)
Number Date Country
Parent 17075449 Oct 2020 US
Child 18168419 US
Parent 16863695 Apr 2020 US
Child 17075449 US
Parent 16231027 Dec 2018 US
Child 16863695 US
Parent 14967848 Dec 2015 US
Child 16231027 US
Parent 12892895 Sep 2010 US
Child 14967848 US