Method for improving mean time to data loss (MTDL) in a fixed content distributed data storage

Abstract

An archival storage cluster of preferably symmetric nodes includes a data protection management system that periodically organizes the then-available nodes into one or more protection sets, with each set comprising a set of n nodes, where “n” refers to a configurable “data protection level” (DPL). At the time of its creation, a given protection set is closed in the sense that each then available node is a member of one, and only one, protection set. When an object is to be stored within the archive, the data protection management system stores the object in a given node of a given protection set and then constrains the distribution of copies of that object to other nodes within the given protection set. As a consequence, all DPL copies of an object are all stored within the same protection set, and only that protection set. This scheme significantly improves MTDL for the cluster as a whole, as the data can only be lost if multiple failures occur within nodes of a given protection set. This is far more unlikely than failures occurring across any random distribution of nodes within the cluster.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

For a more complete understanding of the present invention and the advantages thereof, reference is now made to the following descriptions taken in conjunction with the accompanying drawings, in which:

FIG. 1 is a simplified block diagram of a fixed content storage archive in which the present invention may be implemented;

FIG. 2 is a simplified representation of a redundant array of independent nodes each of which is symmetric and supports an archive cluster application according to the present invention;

FIG. 3 is a high level representation of the various components of the archive cluster application executing on a given node;

FIG. 4 illustrates a process flow for the creation of a protection set map according to the present invention; and

FIG. 5 illustrates how a given protection manager instance constrains distribution of copies of a data object to improve MTDL according to the present invention.

Claims

1. In a redundant array of independent nodes networked together, wherein each node executes an instance of an application that provides object-based storage, a protection management method, comprising: for each of a set of one or more protection levels, grouping the nodes within one or more protection sets, wherein a number of nodes within a protection set is a function of a given protection level and, at the time of grouping, a given node is a member of one, and only one, protection set; andas a given object is stored in a node within a given protection set, storing one or more copies of the given object within nodes of the given protection set, and no other protection set.

2. The protection management method as described in claim 1 wherein the protection level is defined as a data protection level (DPL).

3. The protection management method as described in claim 1 wherein the step of group the nodes includes generating a protection set map and broadcasting the protection set map to other nodes in the redundant array.

4. The protection management method as described in claim 3 wherein the step of generating the protection set map includes: obtaining information about a current state of each node in the redundant array;for at least a first protection set, determining whether a given node in the first protection set is in a given state;if the given node in the first protection set is in the given state, breaking the first protection set; andfor a given protection level, grouping at least one other node that is then currently ungrouped with one or more nodes of the first protection set that has been broken to form a new protection set.

5. The protection management method as described in claim 1 wherein the grouping step is performed at a given node of the redundant array.

6. The protection management method as described in claim 5 further including selecting the given node of the redundant array using leader election.

7. The protection management method as described in claim 1 further including periodically updating the grouping upon a given occurrence.

8. The protection management method as described in claim 7 wherein the given occurrence is one of: a failure of a given node within a protection set, and addition of a new node to the redundant array.

9. The protection management method as described in claim 1 wherein the given object is an internal file component of an external file submitted for storage to the redundant array.

10. A method, operative in a redundant array of independent nodes networked together, for improving mean time to data loss (MTDL), wherein each node executes an instance of an application that provides object-based storage, comprising: generating a data structure that, for each of a set of one or more data protection levels, groups the nodes into one or more protection sets, wherein a number of nodes within a protection set is a function of a given protection level and, at the time of generating the map, a given node is a member of one, and only one, protection set; andas a given object is stored in a node within a given protection set, storing one or more copies of the given object within nodes of the given protection set, and no other protection set.

11. The method as described in claim 10 further including updating the data structure.

12. The method as described in claim 11 wherein the data structure is updated periodically or upon a given occurrence.

13. In a redundant array of independent nodes networked together, wherein each node executes an instance of an application that provides object-based storage, a node comprising: a map that, for each of a set of one or more data protection levels, groups the nodes into one or more protection sets, wherein a number of nodes within a protection set is a function of a given protection level and, at the time of generating the map, a given node is a member of one, and only one, protection set; anda protection manager, responsive to storage of a given object in the node, for using the map to identify where one or more copies of the given object are to be stored to satisfy a given data protection level;wherein the one or more copies are stored in one or more other nodes of the given protection set, and no other protection set.

14. The node as described in claim 13 wherein the protection manager generates a new map periodically or upon a given occurrence.

15. The node as described in claim 14 wherein the protection manager broadcasts the new map to other protection managers running in other nodes of the redundant array.

16. The node as described in claim 13 wherein, upon a given disk failure within the node, the protection manager performs a given repair to attempt to maintain the protection set.