1. Field of the Invention
This invention relates to redundant signals and more particularly relates to limiting failures resulting from single device malfunctions in redundant signals.
2. Description of the Related Art
The costs of losing data and mitigating data losses can be high for a critical system such as an enterprise computer system, a redundant array of independent disks (“RAID”) system, and a transaction processing system. To reduce the potential for data loss, critical systems often employ a warning signal to notify a component such as a computer, a hard disk drive, a router, or the like of a state change that may affect the component's function. The warning signal forewarns the component so that the component may take timely action to prevent data loss.
For example, certain RAID systems generate a warning signal of an imminent power failure such as an early power off warning (“EPOW”) signal. A hard disk drive may receive the warning signal and in response to the signal complete writes of data from a volatile write buffer to the non-volatile hard disk and go off-line in advance of the power failure. Completing the writes prior to the power failure protects the data in the write buffer from loss. In addition, going off-line protects the hard disk drive from damage or data loss when power is unavailable.
Unfortunately, if a component receives an erroneous warning signal generated as a result of the failure of a device generating the warning signal, the component may take an action in response to the erroneous warning that adversely affects the critical system. For example, conventional RAID system hard disk drives upon receiving an erroneous warning of a power failure go off-line, reducing the redundancy of the RAID system and increasing the risk of data loss.
Critical systems typically employ a plurality of redundant components to protect against data loss if one of the components fails. For example, if a single hard disk drive of a RAID system fails or becomes unavailable, the RAID system generally does not lose data because other hard disk drives contain redundant data from the failed hard disk drive. Critical systems also often include redundant warning signals to limit the consequences of erroneous warning signals. For example, certain RAID systems generate a distinct warning signal for each hard disk drive. Thus a first erroneous warning signal generated for a first hard disk drive does not cause a second hard disk drive to take an adverse action because the second hard disk drive expects a distinct second warning signal.
Unfortunately, one or more devices such as arrays of semiconductor gates or discrete electronic devices are often common to the generation of the plurality of redundant warning signals. For example, the plurality of warning signals may all be generated from the output of a common AND logic gate configured to perform a logical AND operation. If one of the common devices generating the redundant warning signals such as the common logic AND gate fails, the plurality of signals may be erroneous. As a result, a plurality of components may respond by going off-line or the like. If the number of components responding to the erroneous signal exceeds the redundancy of the critical system, the system's data may be at risk.
For example, if two or more RAID system hard disk drives receive erroneous warning signals indicating an imminent power failure as a result of the failure of a common device, each hard disk drive may write buffer data to the hard disk and go off-line. The hard disk drives going off-line may put all of the data of the RAID system at risk by removing the RAID system's access to redundant data stored on the off-line hard disk drives or the system's ability to write redundant data to the hard disk drives. Thus, an erroneous warning signal may put system data at risk by eliminating the redundancy of the RAID system.
From the foregoing discussion, it should be apparent that a need exists for an apparatus, system, and method that limit failures in generating redundant signals. Beneficially, such an apparatus, system, and method would limit the effects of device malfunctions on the generation of redundant signals.