The present invention generally relates to the field of data protection and of ensuring data coherency. More particularly, the present invention relates to a method and apparatus for ensuring data coherency through the use of optimal data mirroring configurations and optimal error feedback techniques in the event of potential threats to data coherency.
As more and more tasks are automated and performed by computerized applications, the importance of maintaining accurate data grows. It accordingly has become prudent for businesses, especially those that particularly depend upon access to accurate data, to prepare contingency plans in the event of major disasters such as site power outages, natural disasters, and the like. Because such disasters will typically be site specific, common precautions include the storage of identical copies (i.e., xe2x80x9cmirroringxe2x80x9d) of mission critical data in geographically separated areas. Several copies of the data may exist at each location. Products for implementing such back up procedures and, in the event of a problem, for automatically writing to and reading from back up member disks of the mirrored disk sets, exist in the art.
However, current disk mirroring products suffer from certain drawbacks. For example, in the typical disk mirroring environment, if a mirrored write request is successfully delivered to a first member of a mirrored set of disks, but is not successfully delivered to other members, the system will return a successful result. Thus, applications using the mirrored data continue I/O operations with the first member of the mirrored set uninterrupted. At the same time however, following this procedure may defeat the purpose of contingency planning, since the disk used for further application processing (e R, the first member of the mirrored set in the example above) may no longer have a corresponding disk on line to use as a mirror. Thus, in the event of failure of the disk in use after further processing, there is no guarantee that a synchronized backup disk will be available. Instead, data created since the loss of mirroring capability may have to be re-created at significant cost or possibly lost entirely.
Another drawback of current disk mirroring systems is that, in the event of an error during disk writes, no information is provided regarding the location (i.e., disk site) of the problem disk(s). Thus, even where an administrator does learn of the existence of error conditions at one or more members of a mirrored disk set prior to the loss of any mission critical data, there is no immediate way of knowing the disk site(s) experiencing the problem. Thus, the proper course of action for ensuring geographically distributed disk copies are maintained, and remedying any problems, is more difficult to achieve.
The present invention addresses these drawbacks in the prior art. In particular, the present invention, which can be implemented by software running on a host system which is connected to series of geographically distributed disk sites (or other storage stores), allows a host administrator to specify a set of storage devices as a xe2x80x9ccoherent storage setxe2x80x9d and to associate geographic site identifiers with each member of the set. In this way, the system provides an environment that features an enforced coherency of data storage policy and that also features error notification with site specific data relating to the error. A coherency of data storage environment is one in which a data write operation will return an error to the application unless the data was successfully delivered to at least one member of the coherent storage set at each geographic site. Thus, an administrator can ensure that any time applications are in operation, disk mirroring implemented over more than one geographic area is also in effect. While in past practice system administrators may have tried to adhere to such a policy, prior to the present invention no system existed to automatically guarantee such a policy.
In another aspect of the present invention, disk or other storage devices are associated with geographic site specific identifiers. Thus, when an error result is returned, the system administrator has access to information locating the site that experienced the problem. For example, the site administrator may first act to remedy the problem and bring on line any problem back up storage devices or replace the problem devices with new ones. In the alternative, the system administrator may choose to override the coherency of data storage policy environment and continue application processing, without the guarantee that geographically distributed coherency mirroring is in effect. This option may be the optimal solution, particularly in situations where continued, uninterrupted application processing is most critical.
Thus, one advantage of the present invention is that it provides a means to ensure data coherency by automatically enforcing a policy of geographically distributed disk coherency over a plurality of storage sites during application processing.
Another advantage of the present invention is that it can provide geographically based error feedback in the event of a problem, thus facilitating re-implementation of the condition of geographically distributed, functional devices with synchronized data stores.
Another advantage of the present invention is that it provides the system administrator with the flexibility to override a coherency of data storage environment in those situations where uninterrupted continuation of application processing and I/O operations is of greater importance than ensuring future data coherency.
Further advantages of the present invention will become apparent from the more detailed description below.