The present invention relates to a computer system having a failure recovery function, and more particularly to a computer system having a failure recovery function which is suitable for a disaster recovery system that achieves data integrity at the time of a disaster by remote-copying the data between storage device subsystems.
For the purposes of handling a larger scale system and achieving the higher security of data, a system configuration constituted of two data centers (that is to say, a site where usual operation is performed and a backup site) has been generally used (hereinafter this configuration is referred to as “2DC configuration”).
As a disaster recovery system having such a configuration, for example, the technology disclosed in the EMC's home page (http://japan.emc.com/local/ja/JP/products/product_pdfs/srdf/srdf.pdf) is known.
Here, instead of the 2DC configuration constituted of two data centers, that is to say, the site where operation is performed and the backup site, a disaster recovery system having a configuration constituted of three data centers will be reviewed (hereinafter this configuration is referred to as “3DC configuration”). In the description below, a site where usual operation is performed is called “production site”; a site which is closed to the production site is called “local site”; and a site which is far from the production site is called “remote site”.
In this disaster recovery system having the 3DC configuration, a storage volume of the production site is remote-copied to a storage volume of the local site, and then the storage volume of the local site is remote-copied to a storage volume of the remote site. This is how data is transferred. At this time, a disaster recovery management program (hereinafter referred to as “disaster recovery management program P”) which operates in a host of the production site controls the above-mentioned series of remote copies.
Incidentally, the conventional remote copy technology has the following problem: if the production site where the usual operation is performed suffers from a disaster, management information required for the execution of disaster recovery, which is managed by a disaster recovery management program operating on a host of the production site, cannot be transferred to the other local and remote sites, and therefore data cannot be quickly recovered at the time of the disaster.
The present invention has been devised to solve the above-mentioned problem. An object of the present invention is to provide a computer system having a failure recovery function, in which if a production site where usual operation is performed suffers from a disaster, a disaster recovery management program is executed from another site in which no failure occurs, and thereby the remote copy is restarted to quickly recover data at the time of the disaster.