This invention relates in general to the field of computer networks, and more particularly, to a system and method for providing a reliable centralized storage system for a computer network.
Computer network storage capacity and reliability is becoming an increasingly important issue as computer usage continues to grow. Often, needed storage capacity exceeds that which can reasonably be offered by local storage devices such as CD-ROMs or hard drives. Work environments present additional challenges when designing storage systems since multiple users frequently must have access to and share at least some stored data. These users are often separately located, sometimes at great distances from one another. In addition to pressures to provide increasing amounts of storage and the ability to share stored data, users are also demanding faster access to that stored data. Centralized storage systems have become a popular way to address these demands.
A centralized storage system will typically consist of multiple storage subunits. These storage subunits may be individual disks, but to maximize storage capacity will generally consist of multiple disk arrays, which are multiple disks operating as one logical unit and accessible through a single disk controller. The controller is knowledgeable of the configuration of the array, and controls how data is stored amongst the disks in the array. Disk arrays will often exist in a RAID configuration (redundant array of inexpensive disks). The fundamentals of RAID storage configurations and the various xe2x80x9clevelsxe2x80x9d of configurations are well known in the art, and are described in detail in a 1987 book authored by David A. Patterson et al., from University of California at Berkeley entitled A Case for Redundant Arrays of Inexpensive Disks (RAID).
Centralized storage systems are typically accessible by multiple users through one or more servers. For centralized storage systems having a limited number of disk arrays accessed by a relatively small number of users that are centrally located, the storage system may be accessed via a SCSI (small computer systems interface) bus using SCSI protocol. The SCSI interface and protocol are well known and described in the SCSI-1, SCSI-2, and SCSI-3 specifications. A disadvantage of SCSI is that it provides a transport medium that is effective only if the communication path is relatively short. Further, SCSI limits the number of accessible devices (i.e., disk arrays) and the number of servers, and supports only the SCSI communication protocol.
Because access to centralized storage systems can become the largest bottleneck affecting the entire computer network, the limitations of the SCSI interface become too great for most networks. Under such circumstances, Fibre Channel technology can be used to interface with centralized storage system. Fibre Channel is a well known industry standard I/O channel that supports multiple communication protocols, such as SCSI and IPI, supports data rates that surpass that of SCSI, and supports different architectures for interconnecting computer networks with a centralized storage system, such as a loop architecture or a switch (fabric) architecture. Fibre Channel technology can support a very large amount of storage, but is also expensive. Accordingly, the demands to provide an adequate and reliable centralized storage system are even greater.
As indicated above, centralized storage systems typically consist of multiple storage subunits such as disk arrays. Each server will typically be assigned to have access to data stored in one or more designated disk arrays within the centralized storage system. In some circumstances, the same disk array will be shared by two or more servers operating in a cluster environment. The disk array(s) assigned to each server are each viewed by the server as a single logical unit, or xe2x80x9cLUNxe2x80x9d (an acronym for logical unit number). For example, the server will view a RAID disk array as a single LUN rather than individual disks.
Many difficulties arise when trying to reliably assign storage subunits within the centralized storage system to individual servers. For example, when some servers, such as NT servers, boot up they scan all devices on the network. Thus, the server will scan all storage subunits in the centralized storage system and try to xe2x80x9cmountxe2x80x9d each one, or make each one accessible to its own applications by assigning a drive letter to that storage subunit. During this time, the server could attempt to write to that storage subunit, potentially corrupting data if another server is also attempting to read or write to that storage subunit.
Several methods have been used in attempting to reduce the potential for corruption in a centralized storage system that is accessible by multiple servers. One solution is to provide a filter driver associated with the server. A filter driver is software resident at the server that is programmed with information regarding the storage subunits assigned to that server in order to prevent any applications running on the server""s network from accessing storage subunits other than the assigned ones. The use of filter drivers, however, present reliability problems that can never be overcome; the potential for human error. Since filter drivers must be programmed by an individual, programming errors in properly assigning storage subunits will always be possible. Further, filter drivers cannot protect against additional servers having access to the centralized storage system being installed without filter drivers, or servers being installed at a later date and programmed to have access to the same storage subunits. Both of these events could result in servers competing for access to the same storage device, which could compromise the integrity of the centralized storage system. An alternative is to provide a master software application governing all servers in the network, rather than having a filter driver at each server. This is not a true solution in that it still subject to programming error, and will not prevent potential corruption in the event that a server is added or removed without reprogramming the master software.
Another method that has been applied is using a device driver having some LUN masking capability. A device driver is a hardware driver at the server location that performs the same function as a filter driver, but at a lower level. A miniport driver with LUN masking capability uses a standard Host Bus Adapter (HBA) that has a LUN masking feature added to it. At the time of booting, a miniport driver with LUN masking capability will report to the server only those LUNs (storage subunits) that the server is to have access to, essentially preventing the server from seeing any LUNs other than those assigned to it. These devices, however, suffer from the same problems described above, including the potential for programming mistakes, and the inability to control potentially corrupting competing access by servers.
Finally, ID ranges have also been used in an attempt to increase reliability of centralized storage systems and the integrity of the data stored therein. Each server is provided with an individual ID. The centralized storage system contains software that recognizes the server by that ID, and is programmed to know which servers have access to which storage subunits. As with filter drivers and miniport drivers having LUN masking capabilities, this method is subject to the problems described above. Further, since each server and its access to designated storage subunits is identified by a unique number, the software must be reprogrammed if a server is added or removed, or even if an adapter card in one of the servers is replaced.
Each of the methods described above do not adequately protect data in the centralized storage system against administrative error during the configuration process, or protect against improper competing access by servers that may occur when servers are added or removed from the network.
Therefore, a need has arisen for a centralized storage system in which storage subunits can be allocated among multiple user systems in a reliable manner such that the integrity of data stored therein is better protected against user systems competing for access to that data, and otherwise better protected against corruption.
In accordance with the present disclosure, a method is described for providing access by a plurality of user systems to data in a centralized storage system, the centralized storage system having a plurality of storage subunits for storing the data. The method includes the steps of placing the plurality of storage subunits in a default locked state wherein data in the storage subunit is not accessible by any user system, and providing at least one of the plurality of user system with an initial key corresponding to at least one storage subunit. The method further includes the step of one of the user systems provided with the initial key using the initial key to assign at least one of the corresponding storage subunits to itself, wherein when assigned to itself data in the at least one storage subunit is accessible only by the one user system and wherein the at least one storage subunit cannot be assigned to another user system until it has been placed back in the default locked state.
According to one embodiment, the step of assigning the at least one corresponding storage subunit to itself further includes the steps of the one user system providing the initial key and a new identifier to the at least one storage subunit, and the at least one storage subunit replacing the initial key with the new identifier.
According to another embodiment, the method further includes the step of the one user system determining the lock status of the storage subunit, and the user system performing the using step if it is determined that the storage subunit is in the default locked state.
According to yet another embodiment, SCSI commands are used to provide the initial key and the new identifier to the at least one storage subunit, and to perform the determining step.
In yet another embodiment, a SCSI Persistent Reserve Out command with a service action of PREEMPT is used to assign the at least one storage subunit to the user system. In another embodiment, a SCSI Persistent Reserve In command with a service action of READ RESERVATION is used to perform the determining step.
A computer network is also provided including a centralized storage system having a plurality of storage subunits for storing data thereon, and a plurality of user systems coupled to the centralized storage system by a communication channel, wherein each of the plurality of storage subunits are capable of existing in a default locked state wherein data stored thereon is not accessible by any of the user systems, and an assigned state wherein data stored thereon is accessible only by a single user system to which it is assigned. Each of the plurality of storage subunits are assignable only to a user system having an initial key corresponding to the storage subunit, and only when the storage subunit is in the default locked state.
In another embodiment, the user system having the initial key is capable of using the initial key to cause the corresponding storage subunit to enter an assigned state in which the storage subunit is assigned to the user system.
In yet another embodiment, the user system is capable of assigning the storage subunit to itself by providing the initial key and a new identifier to the storage subunit, and causing the storage subunit to replace the initial key with the new identifier.
In yet another embodiment, the user system having the initial key is capable of using SCSI commands to assign the corresponding storage subunit to itself.
A method is also provided for assigning a storage subunit of a centralized storage system to one of a plurality of user systems. The method includes the steps of providing the storage subunit in a default locked state wherein it can only be assigned to a user system having an initial key, providing the initial key to the one user system, the one user system providing the initial key and a new identifier to the storage subunit, and the storage subunit entering an assigned state wherein data stored therein can only be accessed by the one user system using the initial key.
According to one embodiment, the method further includes the step of, after the storage subunit has entered the assigned state, the user system providing the storage subunit with the, new identifier and the initial key, and the storage subunit re-entering the default locked state.
Finally, in yet another embodiment, SCSI commands are used by the user system to provide the initial key and the identifier to the storage subunit.