The present invention relates to a method of achieving backup and recovery of file data in a network file server or a network storage system, and in particular, to a backup method using mirroring and a snapshot.
In U.S. Pat. No. 6,260,125, storage system data backup mainly includes offline backup and online backup. The online backup includes mirroring and a snapshot. Description will now be given of an outline of each backup. The offline backup is a technique in which a server connected to a storage system is stopped and backup of the storage system is conducted for each volume. Typically, this is conducted every day in the night after the jobs of the day are completed.
The mirroring is a technique to copy the contents of a volume onto another mirrored volume in a continuous fashion. To start the mirroring, a mirrored volume is first initialized using the contents of an active volume. When the initialization is finished, the mirroring is started by writing data stored in the active volume in the mirrored volume. In this operation, the data written in the active volume during the initialization is also mirrored in the mirrored volume. The storage apparatus conducts data coherence control to prevent an operation in which initialization data is written over the new mirrored data.
The snapshot is a backup technique to replicate a volume at a predetermined point of time. The snapshot includes a snapshot by a storage apparatus and a snapshot by a server. The snapshot by a storage apparatus is implemented using the mirroring and is hence also called “split mirror”. As in the initialization in the mirroring, the contents of an active volume are copied onto a snapshot volume. In the operation, when the contents of the active volume are changed, old data is mirrored in the snapshot volume. The storage apparatus conducts data coherence control. In the snapshot by a server, the volume is divided into areas each of which is called generation, and then change points in a predetermined range of time are collected in a group of an associated one of the generations. A snapshot at a point of time can be created by collecting generations preceding the point of time.
The storage system data backup can be classified as above.
On the other hand, U.S. Pat. No. 6,260,125 describes a new mirroring method, i.e., an asynchronous mirroring method. This method has an aspect that mirror data is kept staying for a predetermined period of time in a queue disposed between a volume and a mirrored disk. Assume in the present specification that the operation in backup processing between the volume and the mirrored disk to keep the mirror data for a predetermined period of time between a volume and a mirrored disk is referred to as “asynchronous mirroring”.
Description will now be given of disadvantages of the respective backup techniques.
In the offline backup, since applications of the server are normally terminated before the backup is started, it is advantageous that the restored file can be normally used by the applications. However, the backup is conducted for each volume and hence the user cannot restore the storage system for each file. Therefore, this leads to a disadvantage of increase in the operation cost to recover user's operation misses. Since the application jobs are stopped, it is inevitable that the backup is conducted at a long interval such as an interval of one day, and hence files recently created cannot be restored.
At failure of a disk in the mirroring system, latest data immediately before the failure can be restored. However, for example, data which is created 20 minutes before the mirroring and which is lost ten minutes therebefore cannot be restored. As distinct from the offline backup, the backup of the mirroring system is conducted without stopping the application, and hence the backup is also conducted for a file being written. As a result, the application cannot use the file again in many cases. As in the offline backup, the user can neither conduct the recovery nor restore the storage for each file.
As for the snapshot by the storage apparatus or the server, when the snapshot is created at a plurality of points of time, data can be restored at either one of the points of time. This is similar to the offline backup in that the backup is conducted by separating the storage apparatus from the server. However, since the application is not normally terminated, it is not guaranteed for the application to use the files again. The user can neither conduct the recovery nor restore the storage for each file.
The snapshot by the storage apparatus creates a complete replica of a volume and hence increases tolerance for failure. However, since a large amount of input/output data is required, performance of the storage system considerably decreases. The snapshot interval cannot be minimized to a satisfactory extent.
The snapshot by the server does not create a complete replica of a volume and hence decreases tolerance for failure. However, no load is imposed on the storage apparatus. Since the server can provide an interface for each snapshot, the recovery can be conducted for each file by the user's operation.
The method using the asynchronous mirroring described in U.S. Pat. No. 6,260,125 is advantageous in that data at any point of time within a predetermined range of time can be restored using the mirrored volume and the queue. However, the recovery by the user's operation and the storage recovery for each file are not possible. It is not guaranteed for the application to use the file again.
The techniques described above are useful in the recovery of the entire volume at storage failure. However, none of the techniques can recover a typical user miss described below.
The typical user miss is an operation miss such as a miss in which the user deletes by mistake a file created 30 minutes before. In the techniques described above, it is required to guarantee that a file erroneously deleted can be restored by the user's operation to be used again by the application.
In the techniques, the restoration points are dispersed, the restoration requires operation of a storage manager, and/or the application is stopped depending on cases. Even when the file restoration is conducted, the application cannot use the file again in some cases. That is, all conditions are not satisfied at the same time.