Remote mirroring is a well-known approach for data protection in data processing systems, especially for systems that handle mission-critical data. In a standard mirroring configuration, a mass storage network comprises two data storage facilities, located at separate locations and connected by communication lines. A first facility is a local or primary facility, and a second facility is a remote or secondary facility configured to mirror data in the first. A host whose data requests are being served by the storage network is connected to the primary facility.
Mirroring mechanisms, within or ancillary to the primary and secondary facilities, ensure that input/output (I/O) transactions communicated from the host to the primary facility are also communicated to the secondary facility, so that data stored in the primary is substantially the same as data stored in the secondary.
In the present disclosure, a transaction is assumed to be a sequence of one or more computer operations,
In the present disclosure, a transaction is assumed to be a sequence of one or more computer operations, performed by a computing system, which change a state of the system. Transaction Processing: Concepts and Techniques, by Gray and Reuter, published by Morgan Kaufmann Publishers, San Mateo Calif. (1993), describes transactions and their processing in detail, and section 1.2, entitled “What Is a Transaction Processing System,” is incorporated herein by reference.
As stated in section 1.2, a transaction has the properties of Atomicity, Consistency, Isolation, and Durability (ACID). The properties may be summarized as follows:    Atomicity Either all operations happen or none happen.    Consistency The transaction must result in a correct transformation of the state. The transaction must be a “correct program.”    Isolation Even though transactions execute concurrently, it appears to each transaction, T, that others executed either before T or after T.    Durability Once a transaction completes successfully (commits), its changes to the state survive failures.
One purpose of the mirroring mechanisms described above is that in case of a disaster occurring at the physical site of the primary facility (e.g., fire, flood, and earthquake), the secondary facility can take the place of the primary facility and data processing operations can continue.
In one implementation of remote mirroring, the two facilities are synchronized at the level of an individual I/O transaction. Each I/O transaction initiated by the host is not acknowledged by the primary facility until the primary has performed all the tasks associated with the transaction and has also received acknowledgement from the secondary that it, too, has performed all the associated tasks. Thus, at any given moment, there is substantially no difference between the two facilities, and in the event of a failure of either or both facilities, virtually no data is lost.
There are alternative, asynchronous implementations known in the art, whereby the state of the secondary may lag by several transactions. In general, asynchronous schemes trade a gain in performance against a risk of losing some data in the event of storage failure. In the event of a failure of either or both facilities, data “lagging” between the two facilities may be lost, and the corresponding transactions may need to be processed again.
Whereas the main aim and usage of the storage network is to perform I/O tasks vis-à-vis one or more hosts, there are ancillary activities that must be performed at each facility in support of the main usage. These activities are generally data storage management activities, which include bringing a storage facility “on-line”, creating and deleting areas that can be used by host applications for data storage (logical units, files, data objects, etc.), modifying the properties of these storage areas, performing backup operations, and other associated commands. Data storage management activities are generally performed independently for each facility comprising the system. Typically, a management module, either operating from the host or from a separate console, is used to initiate the data storage management activities by issuing data storage management commands.
Backup operations include the creation of point-in-time (PiT) copies, also called concurrent copies, Business Continuance Volumes (BCVs), or snapshots or some other names used in the art. A PiT copy is generated either at the primary or at the secondary facility, and, subsequent to generation, may be moved to an archival facility such as magnetic tape storage. If an identical PiT copy is required at both the primary and the secondary facility, it is first generated at one and then transmitted to the other.
U.S. Pat. No. 6,549,921 to Ofek, whose disclosure is incorporated herein by reference, describes a data network with a remote data facility for providing redundant data storage and for enabling concurrent point-in-time backup operations. A local data processing system with a data facility stores a data base and processes applications. A second system, physically separated from the first system, includes a data facility that normally mirrors the data in the first system. In a backup mode, the second system is enabled to transfer data for backup from its data facility to a backup facility concurrently with, but independently of, the operations of the first system.
U.S. Pat. No. 6,442,551 to Ofek, whose disclosure is incorporated herein by reference, describes a data network with data storage facilities for providing redundant data storage and for enabling concurrent access to the data for multiple purposes. A first data processing system with a first data facility stores a data base and processes transactions or other priority applications. A second data storage facility, that may be physically separated from the first data storage facility, mirrors the data in the first data storage facility. In a concurrent access operating mode, the second data storage facility makes the data available to an application concurrently with, but independently of, the operation of the other application. On completion of the concurrent operation, the second data storage facility can reconnect with and synchronizes with the first data storage facility thereby to reestablish the mirroring operation.
U.S. Pat. No. 6,496,908 to Kamvysselis, et al., whose disclosure is incorporated herein by reference, describes a system for mirroring source data to two or more mirrors includes first and second processors designated to communicate with first and second remote mirrors, respectively. First and second queues in the system receive requests to mirror source data at first and second mirrors, respectively. Each of the queues is periodically scanned by a processor corresponding to the mirror associated with that queue. A mask provides information indicative of any pending mirror requests for sending the source data to the first and second mirrors.
U.S. Pat. No. 5,889,935 to Ofek, et al., whose disclosure is incorporated herein by reference, describes a system wherein a host computer directly accesses a primary volume, and data written to a primary volume is automatically sent over the link to a corresponding secondary volume. Each write request transmitted over the link between the data storage systems includes not only the data for at least one track in the secondary volume to be updated but also the current “invalid track” count for the secondary volume. Therefore, once a disaster occurs that destroys the data storage system containing the primary volume, the data storage system containing the secondary volume has an indication of the degree of consistency of the secondary volume. The “invalid track” count can be used to determine an appropriate recovery operation for the volume.
U.S. Pat. No. 5,742,792 to Yanai et al., whose disclosure is incorporated herein by reference, describes a remote data mirroring system comprising two data storage systems coupled by a data link. Each system comprises signal processors which perform activities such as monitoring of respective system controllers.