This invention relates to storage systems, and in particular to storage systems for assuring data integrity across networks. The remote dual copy function is one which provides a real time copy at remote site as protection against loss of the original copy, for example, due to natural disaster or other cause of corruption or loss of the data. For this function it is very important to guarantee integrity of the data. In general there are two types of remote copyxe2x80x94synchronous and asynchronous. In synchronous remote copy, a local disk system completes a write request from the local host computer system. After the local disk system completes the transfer of write data received from the local host in the write request, it writes the data to the remote disk system. As a result it is relatively easy to maintain data integrityxe2x80x94the local and the remote systems are at worse only one write apart in having matching data.
In an asynchronous type remote dual copy system, a local disk system completes the write request from the local host before the local disk system completes the transfer of write data to the remote disk system. The write data is stored in a cache memory at the local disk system until the local disk system completes transfer of the write data to the remote disk system. In this circumstance of asynchronous dual copy, to preserve data integrity, the order of writing data to the disks in the disk system at the remote site must be the same as the order of writing data to the disk system at the local host. Thus, typically, the local disk system sends a time stamp or write order information with write data to the remote disk system. Either approach assures data integrity. Thus, the local disk system can manage the write data, the time stamp, and the writing order information corresponding to the write data all together.
A communication line or other fault between the local disk system and the remote disk system, however, may occur at times. When this happens, because the local disk system cannot send write data to the remote disk system, the local disk system may have too much write data to store in its cache memory. Then, the local disk system destages (unwrites) the write data in its own disk unit, and deletes the write data from the cache memory. After the deletion of write data from the cache memory, the local disk system is unable to manage the write data, the time stamp, and the writing order information together efficiently. Thus, it is difficult to guarantee data integrity if there happens to be a communication line, or similar, error between the local disk system and the remote disk system.
Japan patent application JP-A-11-085408 discloses asynchronous remote copy technology to guarantee data integrity by utilizing a time stamp or similar technique. It also discloses several types of remote dual copy system architectures. A first one is includes one local disk system and one remote disk system. A second architecture includes more than one local disk system and one remote disk system. A third approach is a system that includes more than one local disk system and more than one remote disk system. This Japan application, however, does not take into consideration the need to guarantee data integrity in the case where the data communication between a local disk system and remote disk system fails.
This invention provides an improved system which is more capable of preserving data integrity, even when communications line, or similar, errors arise between the local disk system and the remote disk system. In particular, this invention provides data integrity despite communication line errors between the local disk system and the remote disk system. When there is no communication line error between the local disk system and the remote disk system, the local disk system sends a time stamp or the write order information with the write data to the remote disk system. This enables the remote disk system to make a copy with data integrity on the disk unit in the remote disk system itself. If there is a communication line error, the remote disk system allocates an empty disk unit and makes a copy with data integrity on the allocated disk unit after the communication line error between the local disk system and the remote disk system is detected. By doing so, even if the transfer of write data without the time stamp or the write ordering information is executed from the disk unit in the local disk system to the disk unit in the remote disk system, the remote disk system can keep a copy with the secured disk unit.
Another benefit of the invention is that it provides for the transfer of data without the time stamp or the write ordering information from the disk unit in the local disk system to the disk unit in the remote system in parallel with the data transfer from the disk unit in the remote disk system to the newly allocated disk unit.