1. Field of the Invention
The present invention relates to a computer program product, system, and method for determining an overall assessment of a likelihood of a backup image resulting in a successful recovery.
2. Description of the Related Art
A storage management application, such as IBM* Tivoli* Storage Manager (TSM), may be implemented on a storage management server. The storage management application may manage storage requirements for a plurality of client nodes that are coupled to the storage management server via a network. (IBM and Tivoli are registered trademarks of International Business Machines Corp. in the United States and other countries).
The storage management application may create and manage a repository for backup images. A backup image stores files needed to recover a state of a machine, including the current operating state of the machine, data, programs, and configuration settings, that are backed up, archived, migrated, or otherwise copied from the client nodes to the storage management server. The recovery of a backup image at a client node allows the client to operate with the state of the machine represented in the image. The storage management server may store machine components, such as programs, files, configuration settings, in one or more storage pools and may use a database stored in the storage management server for tracking information about the stored machine components.
The storage management application may perform incremental backup, incremental archiving, migration, or incremental copying of images from the client nodes to the storage management server. For example, if the storage management application comprises a backup application then the backup application may perform incremental backup operations in which image components are backed up only if the files have changed since a previous, periodic full backup, where the periodic full backups may be made on a weekly, monthly or some other periodic basis.
A Bare Machine Recovery (BMR) is defined as the ability to execute a recovery operation on a computer without using the operating system that is currently loaded on the computer. BMRs are performed from full or incremental backups. However, a selected backup image may not be useful and may have problems or errors that will prevent a successful restoration.
There is a need in the art to assess the suitability of a selected backup image and the likelihood of success of a recovery operation using a selected backup image.
Provided are a computer program product, method, and system for assessing a backup image comprising a backup of a source computer system to recover to a target computer system. A point-in-time backup image is selected from a plurality of backup images in a computer readable storage taken of an image on the source computer system, wherein the selected backup is to be applied to the target computer system. A determination is made of a first assessment value associated with an extent to which critical files of the image from the source computer system and recovery metadata providing configuration information on the source computer system are included in the selected backup based on an include list of critical files and recovery metadata to include in the backup. A determination is made of a second assessment value comprising a backup status of the critical files and the recovery metadata included in the selected backup. A determination is made of a third assessment value indicative of an extent to which the selected backup satisfies requirements of a retention policy in effect when the backup images were created. A determination is made of a fourth assessment value indicative of an extent to which computational resources and device drivers in the target computer system are compatible with computational resources and device drivers on the source computer system. And, a determination is made of an overall assessment value for the selected backup image based on the determined first assessment value, second assessment value, third assessment value, and fourth assessment value. The information on the overall assessment value is presented for use in determining whether to apply the image stored in the selected backup image to the target computer system.
Described embodiments provide techniques for assessing the likelihood that a selected backup image will result in a successful recovery operation based on a plurality of factors, such as whether the backup image includes critical files and recovery metadata, the backup status of those backed-up critical files and recovery metadata, whether the selected backup image satisfies a retention policy, and whether the target computer to which the image maintained in the backup image is applied has computational resources and device drivers compatible with those in the source computer from which the image was generated.
The client computers 2 and target computer 10 communicate with a server 14 over the network 12. The server 14 includes a backup server 16 program to backup or archive client files in the file system 8 and to create backup images of the client computer 2 system, including machine components such as the operating system 4 and file system 8, to allow the operating environment of the client computer 2 to be recovered to another target computer 10 or the client computer 2.
The backup server 16 stores in a backup database 18 file information 20 having information on client files 22 stored in a backup storage 24 that are stored separately in the backup storage 22 from any backup images 26 that may include the files 24. The backup server 16 maintains backup image metadata 28 in the backup database 18 having information on the backup images 26 in the backup storage 22. There is one instance of file metadata 20 and backup image metadata 28 for each file 22 and backup image 26, respectively, maintained for each client node. Each backup image 26 may provide an image of a client computer 2 as of a point-in-time, including files needed to recover a computer to a previous state. There may be multiple backup images 26 for one client computer 2, such that one of the backup images comprises a full backup of the client computer 2 image and other later taken backup images comprise incremental backups of the client computer 2 image, providing changes between the previous backup images and the current point-in-time of the incremental backup.
When restoring a computer as of a point-in-time from one of the backup images, the backup server 16 accesses most recent versions of files 22 indicated in the selected backup image, all previous incremental backup images, and the full backup image to recover. In a progressive incremental backup, if the client wants to recover a point-in-time, the backup server 16 is responsible for sorting out the files which would satisfy the desired point-in-time so that the client does not need to understand or select when the full and various incremental backups were taken.
The backup server 16 includes a backup assessor 30 component that assesses the likelihood of a successful recovery operation from a selected backup image 26 by considering various factors. The backup server 16 further maintains one or more include lists 32, where each include list 32 provides the critical files and recovery metadata that are required to be included in a backup image for a successful recovery operation.
The client 2 may further include a backup client 34 program to transfer copies of the client 2 image and client files in the client file system 8 over the network 12 to the backup server 6.
The client computers 2 and target computer 10 that communicate with the backup server 16 may comprise suitable computational devices known in the art, such as servers, desktop computers, workstations, mainframes, hand held computing devices, telephony devices, etc. There may be multiple instances of the client computer 2. The client storage 6 may comprise a primary storage device used by a client 2, such as one or more hard disk drives, solid state storage devices (SSDs), etc. The backup storage 24 may comprise storage comprise storage media implemented in one or more storage devices known in the art, such as interconnected hard disk drives (e.g., configured as a DASD, RAID, JBOD, etc.), solid state storage devices (e.g., EEPROM (Electrically Erasable Programmable Read-Only Memory), flash memory, flash disk, solid state storage devices (SSDs), storage-class memory (SCM)), electronic memory, magnetic tape media, tape cartridges, etc.
The network 12 may comprise a Wide Area Network (WAN), Local Area Network (LAN), Storage Area Network (SAN), wireless network, the Internet, an Intranet, peer-to-peer network, etc. The backup database 18 may comprise a relational database or other suitable database known in the art
The backup client 34 and backup server 6 may comprise programs included with a client-server backup program, such as the IBM™ Tivoli™ Storage Manager (TSM) backup manager or client-server backup programs offered by different computer vendors. Further, in certain embodiments, the client backup programs and backup server 16 may be implemented in the client machines so that the clients write backup images directly to the backup storage 24 without the need for the server 14.
For instance, the critical files for a Microsoft® Windows® BMR operating system recovery would include the system state files such as the Registry, COM+ Class Registration database, Boot files, including the system files, Certificate Services database, Active Directory directory service, SYSVOL directory, Cluster service information, IIS Metadirectory, System files that are under Windows File Protection. Restoring the System State, along with the primary drive (e.g.: C:\) have been found to be sufficient for a Windows operating system recovery. (Microsoft and Windows are registered trademarks of Microsoft Corp. in the United States and foreign countries).
For UNIX platforms, the critical files may include the files in the file systems at the locations: /. /usr; /opt; /export/home; and /export/install. (UNIX is a trademark or registered trademark of The Open Group.).
Thus, different include lists 32 for different operating systems, different versions of similar operating systems or client images may be maintained.
The backup assessor 30 determines (at block 108) a third assessment value indicative of an extent to which the selected backup image satisfies requirements of a retention policy, such as a current retention policy or retention policy in effect when the backup image was created.
The backup assessor 30 then determines (at block 112) an overall assessment value for the selected backup image based on the determined first assessment value, second assessment value, third assessment value, and fourth assessment value. This overall assessment value may indicate that the selected backup image is good, a warning or fail.
In further embodiments, the backup assessor 30 may also provide meaningful information to the user, not just a backup assessment value, such as information on how to change policy or processes so that a better assessment can be achieved for future backups. For example, if the assessment indicated that files were missing because of a policy setting that dictated that files are only kept for 15 days but the user is trying to recover to a point-in-time that is 30 days old, the assessment information may instruct the user how to change the policy setting(s) such that the individual files can be retained for at least 30 days for future backups.
If (at block 154) all the system state files included in the selected backup image 26 were successfully backed-up, then the backup status for the system state files is set (at block 160) to good. The backup status for the recovery metadata is set (at block 162) to good, warning or fail based on an amount of the backed-up recovery metadata that was successfully backed-up, e.g., the more that were not successfully backed-up, the higher the warning level. The backup assessor 30 further sets (at block 164) the backup status for the critical operating system files to good, warning or fail based on a number of recovery metadata files included in the backup being successfully backed-up.
If (at block 166) the backup statuses for the recovery metadata and critical operating system files in the backup image 26 are both good, then the second assessment value is set (at block 168) to good. Otherwise, the second assessment value is set (at block 170) to a warning level based on the warning level(s) and good status of the critical operating system files and recovery metadata. The warning level may be a sum or average or other computed value based on the warning levels of the critical operating system file and recovery metadata backup statuses.
In one implementation, the backup status of recovery metadata in only the selected backup image 26 may be considered, and not the backup statuses in any other previous incremental and full backup images 26 for the client computer 2 image being recovered. In an alternative embodiment, the backup statuses for recovery metadata as well as the critical operating system files and system state files in all the incremental and full backup images for the client image may be considered to determine the backup status.
File retention policies may indicate a number of days or number of versions to maintain for active files, inactive files, deleted files and non-deleted files. The purpose of the third assessment is to determine whether the file versions present at the time of the backup are likely to still be retained given factors such as retention policy applicable to the source computer system 2 subject to the backup, frequency of backups, etc. To the extent the backed-up files do not satisfy this assessment, then this factor could reduce the likelihood of a successful recovery operation. Upon initiating the operation to estimate the third assessment value, the backup assessor 30 determines (at block 192) from a plurality of retention policies applicable to files included in the source computer system 2 a most restrictive retention policy. To determine the most restrictive retention policy if there are multiple policies, the backup assessor may convert retention policies in different formats to a common format. For instance, if some retention policies are expressed in a “days to retain” retention unit and others expressed in a “number of versions” to retain retention unit, then the backup assessor may convert the “days to retain” retention policy to a “number of versions” to retain by multiplying the “days to retain” policy by a number of backups per day. The backup assessor 30 processes (at block 194) the point-in-time 48 at which the selected backup image 26 was created to express the selected backup image 26 in the retention term units of the most restrictive policy. For instance, if the most restrictive retention term policy is expressed in a number of versions, then the backup assessor 30 determines the number of days from a current time to the point-in-time 48 of the selected backup image, then multiplies the determined number of days times the number of backups to determine the version number of the backup image 26, so that the backup image and the retention policy are expressed in the same retention term unit. If (at block 196) the selected backup image 26 satisfies the most restrictive retention policy, e.g., the estimated backup image version number is less than the version number of the most restrictive retention policy, then the third assessment value is set (at block 198) to good. Otherwise, the third assessment value is set (at block 200) to warning.
Determining whether a selected backup image satisfies a most restrictive retention policy allows a further estimation as to whether the restoration of the selected backup is likely to succeed because a backup image having files that satisfy the retention policy requirements have a greater likelihood of restoring the target computer system 10 to an operational state. The described operations use an estimation technique assuming that the maximum number of revisions that could have occurred within the backup image based on an age of the backup image and the number of back-ups per day without having to consider individually whether each file in the backup image satisfies each retention policy requirement, which could be very computationally expensive. In an alternative embodiment, the assessment of the retention policy compliance may be performed by considering whether each file in the selected backup image 26, and files in the incremental and full backups, satisfies the retention policies applicable to the source client computer system 2.
Further details on how to determine the third assessment value based on a most restrictive retention policy is disclosed in the commonly assigned patent application titled “DETERMINING WHETHER A SELECTED BACKUP IMAGE SATISFIES A RETENTION POLICY”, by Surya K. GHATTY, James P. SMITH, Peter B. SYMONDS, and William R. YONKER, having Attorney Docket No SJO920110078US1, filed on the same date hereof, which patent application is incorporated herein by reference in its entirety.
If (at block 206) there are not a threshold number of device and device driver compatibility issues, then the backup assessor 30 determines (at block 210) computational resources at the target computer system 10, such as available storage, processor speed, memory, etc. If (at block 210) the computational resources of the target computer system 10 are sufficient to execute the image of the source computer system 2, then the fourth assessment value is set (at block 212) to good. Otherwise, if the target computational resources are not sufficient, the fourth assessment value is set (at block 214) to fail.
During the recovery, the backup server 16 may perform device driver reconciliations to avoid overwriting existing drivers in the target computer system 10 with device drivers from the source computer image that would be incompatible with the target system 10 hardware. Further, the introspection to determine device and device driver compatibility may also apply to embodiments where the image is recovered to the source computer and new hardware has been installed on the source computer. Further, the introspection to determine device and device driver compatibility can be applied regardless of whether the source or destination systems are physical or virtual. In other words, the source/destination combinations may be physical to virtual, physical to physical, virtual to virtual, or virtual to physical. To accomplish this device driver introspection task, the information needs to be collected on a regular basis with the data backups, and the information needs to be available to the backup assessor 30 during image recovery.
In one embodiment where the warning levels of the assessment values comprise numbers, the overall assessment warning level may be calculated by summing the warning levels of the first, second, third and fourth assessment values. In a further embodiment, each of the first, second, third and fourth assessment values may be associated with a different weighted warning value, and the overall assessment value is calculated by summing the weighted warning values of the first, second, third and fourth assessment having warning status. In this way, certain factors or assessment values may be given greater weight than others, for instance the presence in the selected backup image 26 of files on the include list 32 may be more important or given greater warning weight than whether the backup image satisfies a retention policy, the backup status of the backed-up files from the include list or the compatibility of the source and target device drivers and devices.
After calculating the overall assessment value, the backup assessor 30 displays (at block 238) the assessment value and if status is fail or warning, then the backup assessor 30 may further display information on the reasons for the warning or fail status, e.g., files missing, driver incompatibility, etc. The user invoking the backup assessor 30 may use the displayed assessment value and information to determine whether to initiate a recovery from the selected backup image 26 to the target computer, which would include restoring all files saved as part of the selected backup image 26, any incremental backup images preceding the selected backup image, and the full backup image.
Described embodiments provide techniques for assessing the likelihood that a selected backup image will result in a successful recovery operation based on a plurality of factors, such as whether the backup image includes critical files and recovery metadata, the backup status of those backed-up critical files and recovery metadata, whether the selected backup image satisfies a retention policy (e.g., to determine whether the appropriate file versions from the selected point-in-time still exist given the retention policies and other factors such as frequency of file changes, frequency of backups, etc.), and whether the target computer 10 to which the image maintained in the backup image is applied has computational resources and device drivers compatible with those in the source computer from which the image was generated. Because a recovery operation can be a very time consuming process, described embodiments provide the administrator or user with information to allow them to assess the likelihood of success of a particular backup image for an image they are considering whether to recover.
The described operations may be implemented as a method, apparatus or computer program product using standard programming and/or engineering techniques to produce software, firmware, hardware, or any combination thereof. Accordingly, aspects of the embodiments may take the form of an entirely hardware embodiment, an entirely software embodiment (including firmware, resident software, micro-code, etc.) or an embodiment combining software and hardware aspects that may all generally be referred to herein as a “circuit,” “module” or “system.” Furthermore, aspects of the embodiments may take the form of a computer program product embodied in one or more computer readable medium(s) having computer readable program code embodied thereon.
Any combination of one or more computer readable medium(s) may be utilized. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or
Flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain or store a program for use by or in connection with an instruction execution system, apparatus, or device.
A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C++ or the like and conventional procedural programming languages, such as the “C” programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any type of network, including a local area network (LAN) or a wide area network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet Service Provider).
Aspects of the present invention are described above with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer readable medium that can direct a computer, other programmable data processing apparatus, or other devices to function in a particular manner, such that the instructions stored in the computer readable medium produce an article of manufacture including instructions which implement the function/act specified in the flowchart and/or block diagram block or blocks.
The computer program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other devices to cause a series of operational steps to be performed on the computer, other programmable apparatus or other devices to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide processes for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
The terms “an embodiment”, “embodiment”, “embodiments”, “the embodiment”, “the embodiments”, “one or more embodiments”, “some embodiments”, and “one embodiment” mean “one or more (but not all) embodiments of the present invention(s)” unless expressly specified otherwise.
The terms “including”, “comprising”, “having” and variations thereof mean “including but not limited to”, unless expressly specified otherwise.
The enumerated listing of items does not imply that any or all of the items are mutually exclusive, unless expressly specified otherwise.
The terms “a”, “an” and “the” mean “one or more”, unless expressly specified otherwise.
Devices that are in communication with each other need not be in continuous communication with each other, unless expressly specified otherwise. In addition, devices that are in communication with each other may communicate directly or indirectly through one or more intermediaries.
A description of an embodiment with several components in communication with each other does not imply that all such components are required. On the contrary a variety of optional components are described to illustrate the wide variety of possible embodiments of the present invention.
Further, although process steps, method steps, algorithms or the like may be described in a sequential order, such processes, methods and algorithms may be configured to work in alternate orders. In other words, any sequence or order of steps that may be described does not necessarily indicate a requirement that the steps be performed in that order. The steps of processes described herein may be performed in any order practical. Further, some steps may be performed simultaneously.
When a single device or article is described herein, it will be readily apparent that more than one device/article (whether or not they cooperate) may be used in place of a single device/article. Similarly, where more than one device or article is described herein (whether or not they cooperate), it will be readily apparent that a single device/article may be used in place of the more than one device or article or a different number of devices/articles may be used instead of the shown number of devices or programs. The functionality and/or the features of a device may be alternatively embodied by one or more other devices which are not explicitly described as having such functionality/features. Thus, other embodiments of the present invention need not include the device itself.
The illustrated operations of the figures show certain events occurring in a certain order. In alternative embodiments, certain operations may be performed in a different order, modified or removed. Moreover, steps may be added to the above described logic and still conform to the described embodiments. Further, operations described herein may occur sequentially or certain operations may be processed in parallel. Yet further, operations may be performed by a single processing unit or by distributed processing units.
The program components of the computer 2, server 14, and target computer 10 may be implemented as one or more program modules in one or more computer systems, such as the computer system 302 shown in
As shown in
Computer system/server 302 typically includes a variety of computer system readable media. Such media may be any available media that is accessible by computer system/server 302, and it includes both volatile and non-volatile media, removable and non-removable media.
System memory 306 can include computer system readable media in the form of volatile memory, such as random access memory (RAM) 310 and/or cache memory 312. Computer system/server 302 may further include other removable/non-removable, volatile/non-volatile computer system storage media. By way of example only, storage system 313 can be provided for reading from and writing to a non-removable, non-volatile magnetic media (not shown and typically called a “hard drive”). Although not shown, a magnetic disk drive for reading from and writing to a removable, non-volatile magnetic disk (e.g., a “floppy disk”), and an optical disk drive for reading from or writing to a removable, non-volatile optical disk such as a CD-ROM, DVD-ROM or other optical media can be provided. In such instances, each can be connected to bus 308 by one or more data media interfaces. As will be further depicted and described below, memory 306 may include at least one program product having a set (e.g., at least one) of program modules that are configured to carry out the functions of embodiments of the invention.
Program/utility 314, having a set (at least one) of program modules 316, may be stored in memory 306 by way of example, and not limitation, as well as an operating system, one or more application programs, other program modules, and program data. Each of the operating system, one or more application programs, other program modules, and program data or some combination thereof, may include an implementation of a networking environment. The components of the computer 2 may be implemented as program modules 316 which generally carry out the functions and/or methodologies of embodiments of the invention as described herein. The components of the backup server 16, the backup database 18, and the backup storage 24 may be implemented in one or more computer systems 302, where if they are implemented in multiple computer systems 302, then the computer systems may communicate over a network.
Computer system/server 302 may also communicate with one or more external devices 318 such as a keyboard, a pointing device, a display 320, etc.; one or more devices that enable a user to interact with computer system/server 12; and/or any devices (e.g., network card, modem, etc.) that enable computer system/server 302 to communicate with one or more other computing devices. Such communication can occur via Input/Output (I/O) interfaces 322. Still yet, computer system/server 302 can communicate with one or more networks such as a local area network (LAN), a general wide area network (WAN), and/or a public network (e.g., the Internet) via network adapter 324. As depicted, network adapter 324 communicates with the other components of computer system/server 302 via bus 308. It should be understood that although not shown, other hardware and/or software components could be used in conjunction with computer system/server 302. Examples, include, but are not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data archival storage systems, etc.
The foregoing description of various embodiments of the invention has been presented for the purposes of illustration and description. It is not intended to be exhaustive or to limit the invention to the precise form disclosed. Many modifications and variations are possible in light of the above teaching. It is intended that the scope of the invention be limited not by this detailed description, but rather by the claims appended hereto. The above specification, examples and data provide a complete description of the manufacture and use of the composition of the invention. Since many embodiments of the invention can be made without departing from the spirit and scope of the invention, the invention resides in the claims herein after appended.