Multiple data copies can be maintained as part of a security function in data processing operations in case data is unavailable, damaged, or lost. Institutional users of data processing systems commonly maintain quantities of highly important information and expend large amounts of time and money to protect data against unavailability resulting from disaster or catastrophe. One class of techniques for maintaining redundant data copies is termed mirroring. Data processing system users maintain copies of valuable information on-site on a removable storage media or in a secondary mirrored storage site positioned locally or remotely. Offsite remote mirroring at locations within a metropolitan distance, for example up to about 200 kilometers, protects against local disasters including fire, power outages, or theft. Remote mirroring over geographic distances of hundreds of kilometers is useful for protecting against catastrophes such as earthquakes, tornados, hurricanes, floods, and the like. Many data processing systems employ multiple levels of redundancy to protect data, positioned at multiple geographic distances.
Data processing systems maintain remote copies using synchronous or asynchronous mirroring. Synchronous remote copies are typical when response time is relatively unimportant, distances between copy storage are short, and data cannot be lost. Synchronous mirroring generally enables more rapid recovery. In contrast, asynchronous mirroring is used to improve operating speed, impose the smallest possible performance impact on the primary site, and enable mirrored data to travel long distances. Asynchronous mirroring is often used for operations of very large geographical scale.
Data processing systems that store multiple mirrored copies extending over a range of distances may use synchronous links for some sites, generally relatively nearby sites within metropolitan distances, and asynchronous links for other sites. One risk of systems that combine synchronous and asynchronous mirroring is possibility of corrupted or unusable data when suspended links are not restored in a proper order.
For example, when a cascaded mirroring configuration sends data synchronously from site A to site B, and then sends the data asynchronously from site B to site C, site A does not contain information regarding what data that site B has actually sent to site C. Thus, if site B fails, site A must perform a full resynchronize process to site C even though much of the data already exists on site C.