1. Field of the Invention
The invention relates to the management of firmware embodied within an embedded control device and more specifically relates to the update of firmware within the controller of the storage subsystem.
2. Discussion of Related Art
A wide variety of devices include the embedded computing capabilities. The ubiquitous nature of such embedded computing ranges from simple consumer devices such as kitchen appliances and telephones to large scale devices and machines such as automobiles and planes through leading edge computing devices such as storage subsystems and network appliances.
In the context of storage subsystems in particular, it is known to use a storage controller device embedded within a storage subsystem. The storage controller device generally adapts the storage subsystem for connectivity with attached host computing systems. The host computing systems generate I/O requests for storage and retrieval of information in the storage subsystem. The storage controller device receives such I/O requests and manipulates and manages the storage devices within the storage subsystem to perform the host computing system I/O request.
In advanced storage subsystems, such as RAID (redundant array of inexpensive disks) subsystems, the storage controller device performs significant management functions to improve reliability and performance of the storage subsystem. To these ends, RAID storage controller devices tend to include a significant volume of firmware (stored programmed instructions) for performing the RAID storage management techniques. In general, RAID storage management techniques improve reliability of a storage subsystem by providing redundancy information stored on the disk drives along with the host system data to ensure access to stored data despite partial failures within the storage subsystem.
It is also known in such RAID storage subsystems to provide for redundant storage controller devices. Such redundant storage controllers are used to not only to provide reliability with respect to the controller devices of the subsystem but also to provide enhanced performance by using the redundant controllers to perform parallel processing in satisfying host computing I/O requests.
It is a problem in such embedded systems to provide for a reliable technique for updating the embedded firmware without significantly impacting the operation of the storage subsystem. Specifically, it is a problem for an external management client (external to the storage subsystem) to instruct the storage controller devices to update their firmware while continuing to process I/O requests from an attached host system.
Prior known techniques for permitting an external management client (i.e., an administrative user at a management computer console coupled to the storage subsystem) to update embedded storage controller firmware relied upon low-level xe2x80x9cdumbxe2x80x9d interfaces to manage the firmware download process. Such low-level techniques involve ensuring low-level sequencing of the download process, often in multiple stages. For example, the management client in accordance with prior known techniques would often have to be cognizant of a first stage of downloading relating to bootstrap software operable within the embedded storage controller followed by a subsequent stage interacting with the previously downloaded bootstrap software to load normal operation firmware. Further, prior known techniques often required that the management client ensure that the download process proceed cautiously and robustly taking care of abnormal conditions such as unexpected bus resets, etc. In particular, in the case of redundant storage controllers, the management client was responsible for ensuring synchronization and compatibility of the firmware operating within the redundant controllers.
Such management problems imposed significant complexity on the management client in managing the download process. It is therefore evident that a need exists to ensure proper sequencing of a firmware download process in a storage controller environment and for ensuring synchronization and compatibility of the firmware simultaneously operable in multiple redundant storage controllers while reducing the complexity incumbent upon the management client process.
The present invention solves the above and other problems, thereby advancing the state of the useful arts, by providing methods and associated structures for coordinating the download and synchronization of firmware within multiple redundant controllers. Specifically, the present invention comprises a firmware file format that includes metadata describing the structure and sequence of loading the storage controller firmware. The firmware file is self-describing to the redundant storage controllers to permit the storage controllers to sequence their updating process independent of the management client. Further, an automated code synchronization method and protocol is defined for communications between the multiple redundant storage controllers to coordinate the synchronization and compatibility of firmware operable therein.
The code synchronization among the multiple storage controllers includes steps to pass xe2x80x9cownershipxe2x80x9d of a first controller""s storage volumes to another controller and to restore ownership of the passed volumes after the first controller""s firmware is successfully updated. This feature permits continued operation of the storage subsystem on requests from an attached host. At all times, at least one of the two redundant controllers will be operating and available to the host system to perform I/O request processing.
Specifically, the management client, under the direction of an administrative operator, transfers the formatted firmware file to a first controller with a request that the first controller update its firmware (and then the firmware of its redundant mate). I/O requests continue to be processed by the other controller while the first controller initiates its firmware update process. The first controller requests the second redundant controller to take control of the storage volumes nominally owned by the first controller. Upon such transfer of ownership, the first controller completes its firmware update process in accordance with the metadata provided in the firmware file. When the first controller has completed its firmware update process and has re-started itself to load and run the new firmware, it requests restoration of ownership of its volumes from the second controller. In addition, the first controller takes temporary ownership of the volumes owned by the second controller. Upon restoration of ownership of its storage volumes and those of the second controller, the first controller performs a reset of the second controller. Upon initialization of the second controller, the second controller inquires of the first controller whether its firmware is up to date. If not, the first controller sends the updated firmware file to the second controller. The second controller updates its firmware in accordance with the metadata and code in the firmware file. The second controller then resets itself and again inquires of the first controller if its firmware is up to date. If not, the sequence repeats until successful. The second controller requests restoration of ownership of its storage volumes from the first controller when the firmware update process completes successfully.
In accordance with this technique, the multiple redundant storage controllers are assured to be operating a synchronized, compatible level of firmware. Processing of I/O requests on behalf of attached host systems continues throughout the update process such that the host system is essentially shielded from knowledge of the update process.
These and other features and advantages of the invention will be further described and more readily apparent from a review of the detailed description of the preferred embodiments which follows.