A file server is a computer that provides file service relating to the organization of information on persistent storage devices, such memories, tapes or disks. The file server or filer may be embodied as a storage system including a storage operating system that implements a file system to logically organize the information as a hierarchical structure of directories and files on, e.g., the disks. Each “on-disk” file may be implemented as set of data structures, e.g., disk blocks, configured to store information, such as the actual data for the file. A directory, on the other hand, may be implemented as a specially formatted file in which information about other files and directories are stored.
One type of file system is a write-anywhere file system that does not overwrite data on disks. If a data block on disk is retrieved (read) from disk into memory and “dirtied” with new data, the data block is stored (written) to a new location on disk to thereby optimize write performance. A write-anywhere file system may initially assume an optimal layout such that the data is substantially contiguously arranged on disks. The optimal disk layout results in efficient access operations, particularly for sequential read operations, directed to the disks. An example of a write-anywhere file system that is configured to operate on a storage system, such as a filer, is the Write Anywhere File Layout (WAFL™) file system available from Network Appliance, Inc., Sunnyvale, Calif. The WAFL file system is implemented as a microkernel within an overall protocol stack of the filer and associated disk storage.
The disk storage is typically implemented as one or more storage “volumes” that comprise a cluster of physical storage devices (disks), defining an overall logical arrangement of disk space. Each volume is generally associated with its own file system. In the WAFL file system, a special directory, called a “qtree”, may be created that has the properties of a logical sub-volume within the namespace of a physical volume. Each file system object (file or directory) is associated with one and only one qtree, and quotas, security properties and other items can be assigned on a per-qtree basis. Each volume has its own file system identifier (ID) and each qtree within a volume has its own qtree ID.
A difficult and time-consuming issue in managing a file server or filer is copying data, e.g., a data set, from an original filer (“primary filer”) to another filer (“backup filer”) to protect from data loss/corruption due to primary filer failure. As used herein, a data set is defined as one or more storage units, such as volumes or qtrees, that when combined represent data being served, migrated, and protected against disaster. A primary filer is a physical filer that is serving a client's data set and a backup filer is a different physical filer functioning as a target of a data set being served from the primary filer. The backup filer may also serve its own independent data set.
One way to copy a data set onto a backup filer to ensure against total primary filer failure is to physically move the storage disks from the primary filer to the backup filer. Another approach is to generate copies of the data set on backup tapes for use with the backup filer. However, these approaches can be slow and labor-intensive processes to manage. Yet another approach is to replicate a primary filer data set at the backup filer using a conventional storage replication technique, such as remote synchronous mirroring. In a remote synchronous replication environment, a mirrored data set must be transferred over a computer network and stored (“written”) to the backup filer before the write operation completes on the primary filer. Although this technique assures a high level of data currency for the backup filer, it also introduces data latency issues as a result of, among other things, performance delays inherent to remote synchronous mirroring.
The copied, mirrored data set can be used in a variety of useful ways, e.g., as local read-only copies of data that can be accessed quickly, or as an online consistent backup copy of data that can be used in the event of a failure of the original data set. However, the mirrored data set must typically be restored to the primary filer before it becomes available because the operating environment, e.g., operating system, security domain, etc., of the backup filer may be different from that of the primary filer. Thus to effectively use a mirrored data set, that data set usually must be returned to the filer of origin after the primary filer has been repaired or rebuilt.
A known Remote Disaster Facility (RDF) system available from Compaq Computer (Tandem Dictionary) maintains synchronized and consistent local and remote copies of a data set based on transfer of audit information. Briefly, the RDF system comprises a transaction-processing database on a local computer that utilizes audit information to monitor changes to the local data set. The audit information is transferred to a backup computer of the RDF system and applied to the remote copy of the data set. The backup computer can then take over a function from the local computer in the face of a disaster. However, transfer of the audit information is implemented at a “middle” software layer using, e.g., a Transaction Monitoring Facility (TMF), that resides between an application layer and a file system layer. Use of the TMF consumes substantial overhead, without providing general file system recovery. Moreover, clients must be notified of new location of the data set in the event of takeover by the backup computer.