Patent Grant
7210058
Applicant's invention relates to an apparatus and method for peer-to-peer data processing system recovery after a subsystem failure or shutdown.
In hierarchical computer storage systems, fast and intensively used storage are paired with arrays of slower and less frequently accessed data devices. One example of high-speed, expensive memory is a direct access storage device file buffer (DASD). Slower storage devices include tape drives and disk drive arrays, which are less expensive than a DASD.
One such hierarchical storage system is a virtual tape storage system. Such a virtual tape storage system may include, for example, one or more virtual tape servers (“VTS”) in combination with one or more data storage and retrieval systems, such as the IBM TotalStorage® 3494 Enterprise Tape Library. During operation, each virtual tape storage system is communicating data from one or more hosts, and is providing data to a second VTS for copying.
Data disaster recovery solutions include various “peer-to-peer” copy routines where data is backed-up not only remotely, but also continuously (either synchronously or asynchronously). In order to communicate duplexed data from one host processor to another host processor, or from one storage controller to another storage controller, or some combination thereof, a substantial amount of control data is required for realizing the process. A high overhead, however, can interfere with a secondary site's ability to keep up with a primary site's processing, thus threatening the ability of the secondary site to be able to recover the primary in the event a disaster occurs.
Disaster recovery protection for the typical data processing system requires that primary data stored on primary DASDs be backed-up at a secondary or remote location. The physical distance separating the primary and secondary locations can be set depending upon the level of risk acceptable to the user, and can vary from several kilometers to thousands of kilometers.
Using prior art methods, in the case where, if the peer-to-peer subsystems, i.e. both virtual tape servers, are shutdown for normal service, and for some reason only one of those virtual tape servers becomes operational, then the peer-to-peer cluster must wait until both tape servers are again operational before going online to the host computer. Therefore using these prior art methods, if a second virtual tape server fails while the first virtual tape server is shutdown for maintenance, then the entire peer-to-peer system becomes unavailable until both virtual tape servers are again operational.
What is needed is a method to distribute information about the status of a peer-to-peer data storage system across a plurality of system components such that the system itself can use that stored system information to return to operation even if all the virtual tape servers are not operational.
Applicants' invention includes an apparatus and method for peer-to-peer system recovery, where the peer-to-peer system comprises a plurality of virtual tape controllers in communication with a first virtual tape server and with a second vial tape server. The method generates a shutdown key and saves that shutdown key in each of the operational virtual tape controllers and virtual tape servers. The method then takes the first virtual tape server out of operation at a first time. The method takes the second virtual tape server out of operation at a second time, and brings the second virtual tape server in operation at a third time, where the third time is subsequent to the first time and the second time.
The method determines if the first virtual tape server is in operation at the third time. If the first virtual tape server is not in operation at the third time, then the method sets a VTC agreement threshold, and determines by each virtual tape controller whether to place the second virtual tape server on-line. The method then determines if the number of virtual tape controllers electing to place the second virtual tape server on-line is greater than the VTC agreement threshold. If the number of virtual tape controllers electing to place the second virtual tape server on-line is greater than the VTC agreement threshold, then the method places the peer-to-peer system on-line with only the second virtual tape server in operation.
The invention will be better understood from a reading of the following detailed description taken in conjunction with the drawings in which like reference designators are used to designate like elements, and in which:
Referring now to
Host computer 110 comprises a computer system, such as a mainframe, personal computer, workstation, etc., including an operating system such as Windows, AIX, Unix, MVS, LINUX, etc. (Windows is a registered trademark of Microsoft Corporation; AIX is a registered trademark of IBM Corporation, and MVS is a trademark of IBM Corporation; UNIX is a registered trademark in the United States and other countries licensed exclusively through The Open Group.) In certain embodiments, host computer 110 includes a storage management program 112. The storage management program 112 in the host computer 110 may include the functionality of storage management type programs known in the art that manage the transfer of data to a data storage and retrieval system, such as the IBM DFSMS implemented in the IBM MVS operating system.
Storage management program 112 may include known storage management program functions, such as recall and migration. The storage management program 112 may be implemented within the operating system of the host computer or as a separate, installed application program. Alternatively, storage management program 112 may include device drivers, backup software, and the like.
Control unit 120 comprises a plurality of individual virtual tape controllers, such as virtual tape controllers 121, 122, 123, 124, 125, 126, 127, and 128. Each of virtual tape controllers 121, 122, 123, 124, 125, 126, 127, and 128, comprises a memory. Host computer 110 communicates with virtual tape controller 121 via communication link 111. Host computer 110 communicates with virtual tape controller 121 via communication link 111. Host computer 110 communicates with virtual tape controller 122 via communication link 112. Host computer 110 communicates with virtual tape controller 123 via communication link 113. Host computer 110 communicates with virtual tape controller 124 via communication link 114. Host computer 110 communicates with virtual tape controller 125 via communication link 115. Host computer 110 communicates with virtual tape controller 126 via communication link 116. Host computer 110 communicates with virtual tape controller 127 via communication link 117. Host computer 110 communicates with virtual tape controller 128 via communication link 118.
Communication links 111, 112, 113, 114, 115, 116, 117, and 118, are each selected from the group consisting of a serial interconnection, such as RS-232 or RS-422, an Ethernet interconnection, a SCSI interconnection, a Fibre Channel interconnection, an ESCON interconnection, a FICON interconnection, a Local Area Network (LAN), a private Wide Area Network (WAN), a public wide area network, Storage Area Network (SAN), Transmission Control Protocol/Internet Protocol (TCP/IP), the Internet, or other interconnections and/or protocols as is known to those of skill in the art.
VTS 130 comprises controller 139, computer readable medium 150, and computer program product 152. VTS 140 comprises controller 149, computer readable medium 160, and computer program product 162. Library 135 comprises operator panel 170. Library 145 comprises operator panel 180.
VTC 121 communicates with VTS 130 via communication link 131, and with VTS 140 via communication link 141. VTC 122 communicates with VTS 130 via communication link 132, and with VTS 140 via communication link 142. VTC 123 communicates with VTS 130 via communication link 133, and with VTS 140 via communication link 143. VTC 124 communicates with VTS 130 via communication link 134, and with VTS 140 via communication link 144. VTC 125 communicates with VTS 130 via communication link 135, and with VTS 140 via communication link 145. VTC 126 communicates with VTS 130 via communication link 136, and with VTS 140 via communication link 146. VTC 127 communicates with VTS 130 via communication link 137, and with VTS 140 via communication link 147. VTC 128 communicates with VTS 130 via communication link 138, and with VTS 140 via communication link 148.
Communication links 131, 132, 133, 134, 135, 136, 137, 138, 141, 142, 143, 144, 145, 146, 147, 148, are each selected from the group consisting of a serial interconnection, such as RS-232 or RS-422; an Ethernet interconnection, a SCSI interconnection, a Fibre Channel interconnection, an ESCON interconnection, a FICON interconnection, a Local Area Network (LAN), a private Wide Area Network (WAN), a public wide area network, Storage Area Network (SAN), Transmission Control Protocol/Internet Protocol (TCP/IP), the Internet, or other interconnections and/or protocols as is known to those of skill in the art.
Referring now to
Each virtual tape controller comprises a computer readable medium, such as computer readable media 213, 223, 233, 243, 253, 263, 273, and 283. Each virtual tape controller comprises a computer program product, such as computer program product 215, 225, 235, 245, 255, 265, 275, and 285.
Each virtual tape controller includes one or more memory devices, such as memory 218, 228,238,248,258,268, 278, and 288. Memory devices 218,228,238, 248, 258, 268, 278, and 288, are each selected from the group consisting of RAM memory, one or more DASDs, one or more hard disks, one or more electronic storage devices, and combinations thereof. By electronic storage device, Applicants mean a device such as a PROM, EPROM, EEPROM, Flash PROM, compactflash, smartmedia, and the like.
In certain embodiments, the virtual tape controllers do not contain their own processors and/or memory. Instead, control unit 120 includes processor 292 and memory 294 which are shared between the virtual tape controllers.
Referring now to
VTS 300 also communicates with direct access storage device (DASD) 310, and a plurality of data storage devices 330 and 340. In certain embodiments, data storage devices 330 and 340 are disposed within one or more data storage and retrieval systems. In certain embodiments, DASD 310 is integral with host 110 (
VTS 300 further includes storage manager 320, such as the IBM Adstar® Distributed Storage Manager. Storage manager 320 controls the movement of data from DASD 310 to information storage media mounted in data storage devices 330 and 340. In certain embodiments, storage manager 320 includes an ADSM server 322 and an ADSM hierarchical storage manager client 324. Alternatively, server 322 and client 324 could each comprise an ADSM system. Information from DASD 310 is provided to data storage devices 330 and 340 via ADSM server 322 and SCSI adapter 385.
VTS 300 further includes autonomic controller 350. Autonomic controller 350 controls the operations of DASD 310 through the hierarchical storage manager (HSM) client 324, and the transfer of data between DASD 310 and data storage devices 330 and 340.
In one embodiment, Applicants' method saves a shutdown key in each operational VTS and VTC in anticipation of taking the entire system off-line for maintenance, repair, upgrade, and the like.
In order to perform service on one or both VTS, such as VTS 130 (
Using prior art methods, if for any reason one of the VTSs does not properly return to operation, then the entire system 100 remains unavailable until both VTSs are again operational. Using Applicants' method, however, system 100 may be placed on-line after the service on both VTSs is completed even if one of those VTSs remains non-operational.
Referring now to
In step 420, each VTC generates and saves a shut down key regarding the status of both VTSs. In certain embodiments, such a shutdown key is continuously generated and saved. In certain embodiments, such a shutdown key is generated and saved only in anticipation of bringing the system down for service.
In certain embodiments, step 420 is performed by a processor disposed in each VTC, such as one or more of processors 216 (
In certain embodiments, the shutdown key of step 410 is saved in a memory device disposed in each VTC, such as one or more of memory devices 218 (
In step 430, Applicants' method provides a command to each VTC to take the first VTS, such as VTS 130 (
In certain embodiments, step 430 is performed by a host computer, such as host computer 110 (
In certain embodiments, the command of step 430 specifies a mode for taking the first VTS off-line. In certain embodiments, the specified mode comprises a “normal mode” wherein the first VTS completes all pending copy jobs prior to being taken off-line. In certain embodiments, the specified mode comprises an “expedite mode” wherein the first VTS increases its copy bandwidth, i.e. the bandwidth between the first VTS and the second VTS, to expedite the copying of all pending copy jobs. In certain embodiments, the specified mode comprises an “immediate mode” wherein the first VTS is taken off-line prior to completing all pending copy jobs. In certain embodiments, the specified mode comprises a “force mode” wherein the first VTS performs operations whatsoever prior to being taken off-line.
In certain embodiments, the command of step 430 is provided to each VTC disposed in control unit 120. In certain embodiments, the command of step 410 is provided to one VTC which broadcasts that command to the remaining VTCs.
In certain embodiments, the shutdown key of step 410 includes the specified mode of step 430. In certain embodiments, the shutdown key of step 410 comprises the operational status of the both VTSs when those VTSs were taken off-line.
In step 440, Applicants' method at a first time takes both VTSs off-line. In certain embodiments, step 440 is performed by controllers disposed in those VTSs, such as controllers 139 (
In step 450, Applicants' method at a second time provides a command to each VTC to bring both VTSs back on-line. In certain embodiments, the command of step 450 is provided to each VTC disposed in control unit 120. In certain embodiments, the command of step 450 is provided to one VTC which broadcasts that command to the remaining VTCs.
In certain embodiments, step 450 is performed by controllers disposed in the VTSs, such as controllers 139/149. In certain embodiments, step 450 is performed by a processor disposed in each VTC, such as one or more of processors 216 (
In step 460, Applicants' method determines if both the VTSs were returned to operation. In certain embodiments, step 460 is performed by controllers disposed in the VTSs. In certain embodiments, step 460 is performed by a processor disposed in each VTC, such as one or more of processors 216 (
If Applicants' method determines in step 460 that both VTSs were returned to operation and are operational, then the method transitions from step 460 to step 470 wherein the method places Applicants' peer-to-peer data processing system on-line with the one or more host computers, where the data processing system includes two operational virtual tape servers.
If Applicants' method determines in step 460 that one of the two VTSs did not return to operation, then the method transitions from step 460 to step 462 wherein the method sets a VTC agreement threshold. Step 462 may be performed at any time prior to performing step 464.
The VTC agreement threshold of step 462 comprises the minimum percentage/number of VTCs that must elect to place one VTS back on-line even if the second VTS is non-operational. In certain embodiments, the VTC agreement threshold of step 462 comprises a percentage of the VTCs operational at the time the second VTS became non-operational. In certain embodiments, the VTC agreement threshold of step 462 is greater than fifty percent.
In certain embodiments, the VTC agreement threshold of step 462 comprises a certain number of VTCs, where each of those VTCs must have been operational at the time the system was taken off-line.
In certain embodiments, the VTC agreement threshold is set in firmware disposed the memory portion of each VTC. In certain embodiments, the VTC agreement threshold is set in firmware disposed in each VTS.
In step 464, each VTC that was operational when the system was taken off-line independently determines, based upon the shutdown key saved in step 420, whether to place one VTS on-line even if the second VTS is non-operational.
For example, if the shutdown key saved in each operational VTC and in the now-operational VTS are the same, then each VTC in step 464 would elect to place the one operational VTS on-line, and in step the method would determine that the VTC agreement threshold is met.
Step 464 further includes reporting by each VTC its determination regarding whether to place the operational VTS on-line. This reporting may comprise any signaling method known to those of skill in the art. For example, each VTC may send a message to each of the remaining VTCs setting forth that VTC's determination of step 464. Alternatively, each VTC may poll the other VTCs for their individual determinations of step 464.
Applicants' method transitions from step 464 to step 466 wherein the method determines if the number of VTCs electing in step 466 to place the operational VTS on-line is greater than the VTC agreement threshold of step 462. In certain embodiments, step 466 is performed by a processor disposed in each VTC, such as one or more of processors 216 (
If Applicants' method determines in step 466 that the VTC agreement threshold is met, i.e. the number of VTCs electing in step 466 to place the operational VTS on-line is greater than the VTC agreement threshold of step 462, then the method transitions from step 466 to step 480 wherein the method places Applicants' peer-to-peer data processing system on-line to the host computer(s) using only the operational VTS. Alternatively, if Applicants' method determines in step 466 that the VTC agreement threshold is not met, then the method transitions from step 466 to step 490 wherein the method keeps Applicants' peer-to-peer data processing system off-line to the host computer(s).
In step 510, Applicants' method provides a command to each VTC to take the first VTS, such as VTS 130 (
In certain embodiments, step 510 is performed by a host computer, such as host computer 110 (
In certain embodiments, the command of step 510 specifies a mode for taking the first VTS off-line. In certain embodiments, the specified mode comprises a “normal mode” wherein the first VTS completes all pending copy jobs prior to being taken off-line. In certain embodiments, the specified mode comprises an “expedite mode” wherein the first VTS increases its copy bandwidth, i.e. the bandwidth between the first VTS and the second VTS, to expedite the copying of all pending copy jobs. In certain embodiments, the specified mode comprises an “immediate mode” wherein the first VTS is taken off-line prior to completing all pending copy jobs. In certain embodiments, the specified mode comprises a “force mode” wherein the first VTS performs operations whatsoever prior to being taken off-line.
In certain embodiments, the command of step 510 is provided to each VTC disposed in control unit 120. In certain embodiments, the command of step 510 is provided to one VTC which broadcasts that command to the remaining VTCs.
In step 520, Applicants' method at a first time takes the first VTS off-line. In certain embodiments, step 530 is performed by a controller disposed in the first VTS, such as controller 139 (
In step 530, each VTC generates and saves a shutdown key regarding the status of the first VTS. In certain embodiments, this shutdown key is continuously generated and saved. In certain embodiments, this shutdown key is generated and saved only in anticipation of taking one VTS, or both VTSs, off-line. In certain embodiments, the shutdown key of step 530 includes the specified mode of step 510. In certain embodiments, the shutdown key of step 530 includes a timestamp.
In certain embodiments, step 530 is performed by a processor disposed in each VTC, such as one or more of processors 216 (
In certain embodiments, the shutdown key of step 530 is saved in a memory device disposed in each VTC, such as one or more of memory devices 218 (
In step 540, Applicants' method, at a second time subsequent to the first time, takes the second VTS out of operation. In certain embodiments, step 540 comprises a non-intentional cessation of operation of the second VTS, i.e. a failure of the second VTS. In other embodiments, step 540 comprises an intentional cessation of operation of the second VTS.
In certain embodiments, step 540 is performed by a controller disposed in the second VTS, such as controller 139 (
In step 550, the second VTS is placed in operation at a third time, where the third time of step 550 is subsequent to the first time of step 530 and the second time of step 540. In certain embodiments, step 550 is performed by a controller disposed in the second VTS, such as controller 139 (
In step 560, Applicants' method determines if the first VTS, such as VTS 130 (
If Applicants' method determines in step 560 that the first VTS is operational at the third time of step 550, then the method transitions from step 560 to step 570 wherein the two VTSs “sync up,” i.e. compare copy tokens to ensure that all pending copy jobs are completed.
If Applicants' method determines in step 560 that the first VTS is not in operation at the third time of step 550, then the method transitions from step 560 to step 562 wherein the method sets a VTC agreement threshold. Step 562 may be performed at any time prior to performing step 564.
The VTC agreement threshold of step 562 comprises the minimum percentage/number of VTCs that must elect to place the second VTS back on-line even if the first VTS is non-operational. In certain embodiments, the VTC agreement threshold of step 562 comprises a percentage of the VTCs operational at the time the second VTS became non-operational. In certain embodiments, the VTC agreement threshold of step 452 is greater than fifty percent. In certain embodiments, the VTC agreement threshold of step 562 comprises a certain number of VTCs, where each of those VTCs must have been operational at the time the second VTS became non-operational.
In certain embodiments, the VTC agreement threshold is set in firmware disposed the memory portion of each VTC. In certain embodiments, the VTC agreement threshold is set in firmware disposed in each VTS.
In step 564, each VTC that was operational when the first VTS became non-operational independently determines, based upon the shutdown key saved in step 530, whether to place the second VTS on-line even if the first VTS is non-operational.
Step 564 further includes reporting by each VTC its determination regarding whether to place the first VTS on-line. This reporting may comprise any signaling method known to those of skill in the art. For example, each VTC may send a message to each of the remaining VTCs setting forth that VTC's determination of step 564. Alternatively, each VTC may poll the other VTCs for their individual determinations of step 564.
Applicants' method transitions from step 564 to step 566 wherein the method determines if the number of VTCs electing in step 466 to place the second VTS on-line is greater than the VTC agreement threshold of step 562. In certain embodiments, step 566 is performed by a processor disposed in each VTC, such as one or more of processors 216 (
If Applicants' method determines in step 566 that the VTC agreement threshold is met, i.e. the number of VTCs electing in step 566 to place the second VTS on-line is greater than the VTC agreement threshold of step 562, then the method transitions from step 566 to step 580 wherein the method places Applicants' peer-to-peer data processing system on-line to the host computer(s) with only one VTS in operation. Alternatively, if Applicants' method determines in step 566 that the VTC agreement threshold is not met, then the method transitions from step 566 to step 590 wherein the method keeps Applicants' peer-to-peer data processing system off-line to the host computer(s).
In certain embodiments, individual steps recited in
Applicants' invention further includes an article of manufacture comprising a computer useable medium, such as computer useable medium 150 (
Applicants' invention further includes a computer program product, such as computer program product 152 (
While the preferred embodiments of the present invention have been illustrated in detail, it should be apparent that modifications and adaptations to those embodiments may occur to one skilled in the art without departing from the scope of the present invention as set forth in the following claims.
| Number | Name | Date | Kind |
|---|---|---|---|
| 5437022 | Beardsley et al. | Jul 1995 | A |
| 5566297 | Devarakonda et al. | Oct 1996 | A |
| 5619644 | Crockett et al. | Apr 1997 | A |
| 5724501 | Dewey et al. | Mar 1998 | A |
| 5819310 | Vishlitzky et al. | Oct 1998 | A |
| 5832195 | Braun et al. | Nov 1998 | A |
| 5873103 | Trede et al. | Feb 1999 | A |
| 5895493 | Gatica | Apr 1999 | A |
| 5924096 | Draper et al. | Jul 1999 | A |
| 6052797 | Ofek et al. | Apr 2000 | A |
| 6061807 | Albert et al. | May 2000 | A |
| 6065018 | Beier et al. | May 2000 | A |
| 6128750 | Espy et al. | Oct 2000 | A |
| 6189079 | Micka et al. | Feb 2001 | B1 |
| 6249849 | Day, III et al. | Jun 2001 | B1 |
| 6260158 | Purcell et al. | Jul 2001 | B1 |
| 6266784 | Hsiao et al. | Jul 2001 | B1 |
| 6336173 | Day, III et al. | Jan 2002 | B1 |
| 6463513 | Bish et al. | Oct 2002 | B1 |
| 6473829 | Dahman et al. | Oct 2002 | B1 |
| 6499091 | Bergsten | Dec 2002 | B1 |
| 6502205 | Yanai et al. | Dec 2002 | B1 |
| 6513097 | Beardsley et al. | Jan 2003 | B1 |
| 6745212 | Kishi et al. | Jun 2004 | B2 |
| 6779058 | Kishi et al. | Aug 2004 | B2 |
| 20030004980 | Kishi et al. | Jan 2003 | A1 |
| 20050066116 | Bello et al. | Mar 2005 | A1 |
| Number | Date | Country | |
|---|---|---|---|
| 20050081077 A1 | Apr 2005 | US |
