This application is based on Japanese Patent Application No. 9-300916, filed Oct. 31, 1997, the content of which is incorporated herein by reference.
The present invention relates to a computer system which can appropriately take a snapshot that holds the contents of files stored in, e.g., a disk device at a predetermined time and, more particularly, to a computer system which can easily restart a system using a disk image of an arbitrary snapshot.
Conventionally, troubles of the disk itself can be coped with by adopting a redundant disk architecture. However, such redundant technique is not useful for software bugs, loss or alteration of data due to operation errors, virus affection, or the like, and serious troubles that may damage the disk storage unit itself. In order to cope with such problems, a snapshot or backup of the disk must be held.
The "snapshot" is a copy image of a file, disk, or the like at a certain time, and the contents of the file or the entire disk are copied to another location of an identical disk storage unit or another disk storage unit, thus forming the snapshot. When a program or data is lost or altered, the contents of the program, data, or the entire disk revert to the snapshot (copy image) formed immediately before such loss or alternation, thereby coping with such troubles.
On the other hand, the "backup" is the snapshot saved in another large-capacity storage medium (magnetic tape or the like). With this backup, even when the disk storage unit itself is lost (all the data therein are also lost), the program or data upon taking the snapshot can be restored by loading the backup onto a new disk storage unit.
Normally, upon taking the snapshot or backup, all the applications, their files of which are likely to be changed, must be quitted. If the applications are not quitted, the file or data may be changed during formation of a copy, and a correct snapshot or backup may not be taken. In other words, even if an illegal snapshot or backup is stored in a disk storage unit, the application program side may produce errors or erroneous operations, and the above-mentioned measure against the troubles cannot serve its purpose.
Since write access to the disk storage unit is normally faster than that to a large-capacity storage medium, the application quit period required upon forming a snapshot and backing it up to the large-capacity storage medium can be shorter than that upon directly backing up a file or disk image. Also, using the snapshot, the lost or altered program or data can be restored faster. When a backup is made on a sequential access medium such as a magnetic tape, much time is required to find and read out a specific file, resulting in poor efficiency.
On the other hand, a file system with a snapshot function, which can solve the above problem that an application program or programs must be quitted for a long period of time to take a snapshot or backup has been disclosed (reference 1: "The Episode File System", Proceedings of the Winter 1992 USENIX Conference, pp. 43-60, San Francisco, Calif., reference 2: "File System Design for an NFS File Server Appliance", Proceedings of the Winter 1994 USENIX Conference, pp. 235-2344, San Francisco, Calif.).
Such file systems (e.g., reference 2) are premised on the assumption that files have a tree structure having a root node as the start point. Upon forming a snapshot, a copy of the root node which builds such log structured file system and contains information, a snapshot of which is to be formed (a copy of the root node and intermediate nodes until a layer, data of which has been updated) is generated. The copied root node (snapshot root node) expresses a tree structure as a snapshot. The root node of the copy source expresses the tree structure of an active file system from/into which data are actually read out/written. Since the snapshot root node indicates the same node as the root node when it is generated, no disk space other than the root node copied for a new snapshot is required.
If the user has changed a certain data block, a new data block is written on a disk, and the active file system expressed by the root node is changed to indicate that new block. The original data block on the disk remains unchanged, and the snapshot root node still indicates the original data block. Hence, by designating the snapshot root node, a data block upon forming the snapshot can be referred to.
As described above, when the file system with the snapshot function is used, a snapshot can be formed by copying intermediate nodes up to a directory layer in which data has been updated to have the root node as the start point, and an application program or programs need not be quitted. Since the snapshot can be saved in a large-capacity storage medium parallel to execution of the application program, a backup can also be formed without quitting the application. Hence, the application program need not be quitted to save snapshot or backup data.
However, since the above-mentioned technique cannot be directly applied to a conventional UNIX file system, a new, dedicated file system (e.g., a new, dedicated database is created from the beginning) must be developed, and the technique cannot be directly applied to existing computer systems. Also, since the file system itself is premised on the assumption that it is expressed by a tree structure, the above technique cannot be applied to an extent-based file system such as NTFS (New Technology File System) available from Microsoft Corp. A file system normally has a large tree structure, and in order to update the above-mentioned data block in practice, all intermediate nodes located in the route must be copied, thus considerably deteriorating update performance after formation of the snapshot (when certain data has been updated, since an intermediate node must be created, and copies from the root node to that intermediate node must also be formed, as the tree structure becomes complicated, the processing volume increases). Furthermore, with the above-mentioned technique, since a dedicated file system must be created, if the functions of a conventional UNIX file system are used, and the snapshot function is also added, a software module must be formed to prevent errors in these functions. For example, when another function is to be added, the above-mentioned technique disturbs flexible software design.