This invention relates to a computer system having a disk unit and, more specifically, a technique of processing a logical volume copy pair.
The recent rash of natural disasters and terrorist incidents has enhanced the necessity of disaster recovery measures for systems that constitute infrastructures of a society. One of such measures is a data loss prevention method in which a volume from which data is copied (copy source volume) is paired with a volume to which data is copied (copy target volume), and data written in the copy source volume is synchronously or asynchronously copied to the copy target volume so that the copy target volume is put in use in case of a disaster. A variation of this method is also known in which the copy processing is performed among three data centers in order to maintain a configuration recoverable from a disaster that takes down one of the three data centers.
To give an example, two data centers located not far from each other are connected to each other by a copy feature with which data is copied from one to the other by synchronous transfer. One of the two data centers is linked to a third data center, which is on a remote site, by an asynchronous remote copy feature. The third data center holds data received from a host by a storage subsystem of the one of the near site data centers that is connected to the third data center while guaranteeing that the order in which the data is received is kept intact. Another known remote copy control method gives each storage subsystem a feature of tracking the progress of data transfer, reception, and update between storage subsystems set up in two data centers where, in normal operation, data is not transferred, directly (see JP 2003-122509 A).
One way for a computer system that contains a data center holding a huge amount of data to avoid system shutdown due to a failure resulting from a disaster is to have plural data centers and distribute data among the data centers.
In a known example of this disaster recovery measure, a first command to designate a copy source and a copy target designates, as a data copy target of a first logical disk drive, a second logical disk drive, the area of the first logical disk drive is switched with the area of the second logical disk drive, and data in the first logical disk drive is copied to the second logical disk drive based on a second command which instructs to make a copy of data (see JP 2003-162378 A).
One of measures is a data loss prevention method in which a volume from which data is copied (copy source volume) is paired with a volume to which data is copied (copy target volume), and data written in the copy source volume is synchronously or asynchronously copied to the copy target volume so that the copy target volume is put in use in case of a disaster.
JP 2002-215462 A discloses a computer system in which a volume key 571 is assigned to each volume. A volume is written in a secondary disk drive 9 while kept encoded with the volume key 571 that is assigned to this volume. To change the volume key, a secondary storage controller unit 8 receives the current volume key and a new volume key from a primary storage controller unit 5, and the entire record of this volume is decoded with the current volume key and then encoded with the new volume key in a tamper-proof encoding feature 85 while a record to be copied through remote copy is kept sent from the primary storage controller unit 5.
U.S. Pat. No. 6,502,205 discloses a method for preventing content of volume for copy target from making it destroy, designating right or wrong of the access of the volume of copy target beforehand, when the pair relation has interrupted temporarily.