Devices that do not require self-orienting command chains comprise those devices whose media are not continually moving, and which typically come to a stop after completion of a read or a write operation. Self-orienting devices are those whose orientation is constantly changing, as in constantly rotating magnetic disk drives, and which require continuing sets of identifiers, such as the track, sector, etc., identifiers. Examples of devices which are not self-orienting include magnetic tape drives and optical tape drives.
For non-self-orienting devices, the assumption is made that, following each read or write command, the device is logically positioned to access the next record. This assumption is correct if the device is coupled to a single host, or to a single host at a time. Additionally, such devices typically employ removable media. Commonly, the host software verfies that the correct media is loaded by rewinding the media to read the volume identifier at the BOT (Beginning of Tape) and optionally rewinds again to the BOT. Thus, in every instance, a single host is aware of the location of the data storage media in the drive.
Typically, a static device configuration process is employed for every control program for each I/O subsystem. The configuration process defines what devices are associated with specific I/O channels or communication paths. These devices are assigned at I/O configuration generation or hardware configuration definition, and may not all be present at any one time. For example, a device may be temporarily off-line for updating or servicing.
No device may be permanently assigned to any one host or its communication path since to do so would detract from the I/O subsystem availability, for example, by leaving one device idle when not needed by one host, while another host is using its available device and requires the use of another. Thus, the typical I/O configuration couples each host to as many of the data storage devices as possible.
A difficulty arises when the device is shared between multiple hosts coupled to the device controller over multiple communication paths. Should one device controller complete a command for one host, and then a command from a different host causes movement of the media on the device (such as to read the volume identifier), the first host, in most cases, is unaware of the movement of the media and may continue with write operations, for example, at the present position of the tape, which is different than the position where the first host left it. The first host is likely to thus overwrite any data at the actual present logical position of the media. Thus, the specific data that was overwritten is at a location unknown to the host and therefore the data that was overwritten is also unknown, and may be irretrievable from any other source.
As the result, protocols have been developed to attempt to assure that only one host can move the media at one time, thus providing a one-host-at-a-time environment. Such protocols include changing the active host assignments by means of dynamic device partitioning. In systems of the IBM System 390 type, the host/device assignment mechanism is called "VARY ONLINE". The protection against override may be at the hardware level, using the "ASSIGN" and "UNASSIGN" process for IBM System 390, and for SCSI systems, "RESERVE and RELEASE". In one example (Job Entry Subsystem 2), the sharing of devices is through a simple "VARY", and the protection is managed through the assign process at the hardware level, requiring operator host console intervention. However, a risk is that a sloppy operator can inadvertently override the protection. In another example (JES 3 or MULTI-IMAGE MANAGER of COMPUTER ASSOCIATES), the protection is at the software level through coordination between the hosts via a common communication mechanism (shared disk or other common link). However a software failure or certain operator failures have been found to result in inadvertent overwrite.
An example of an operator failure may result from use of default passwords to bypass hardware protections. Another system, not part of the coordinating hosts in the first system, may physically share the device, and both systems may use the same default password. Thus, the device may be accessed from hosts of any system using the same password. The first host assumes (since it has not released control) that there is no other host issuing commands causing media motion in the interim. As an example, the first host may fill much of the tape during an archiving process and wait for additional data, the second host may then do a volume verification to check for the location of a particular tape by rewinding to the beginning of tape (BOT), then the first host continues the archiving process, inadvertently overwriting the previously archived information.
Since a primary usage of tape data storage devices is to archive information, the original information is typically not saved in any form. Thus, if the archive information is overwritten, it is often not retrievable from any other source and is lost forever.
However, prevention of sharing of the devices or a significant reduction of the performance of the hosts or systems sharing the devices are alternatives unacceptable to most users.
Additionally, prior or subsequent to an actual job, multiple hosts must be able to move the tape to read the label without hindrance.