1. Field of the Invention
The present invention relates to networked magnetic storage tape systems, and more particularly to tape systems connected via a tape driver system that provide tape failover capability. Tape failover refers to having alternative paths between a host and a tape system, where when one path fails the other path is seamlessly enabled and the first path disabled.
2. Background Information
One tape failover system was developed by IBM for backing up system memories of host computer systems and is referred to as Atape driver running under the AIX operating system. Atape driver refers to IBM AIX Enhanced Tape and Medium Changer Device Driver. AIX is a proprietary operating system developed by IBM based on a UNIX system. AIX comes from Advanced IBM Unix or, more recently, from Advanced Interactive eXective. For more discussion on the Atape driver and AIX, see IBM publication, entitled, IBM Magstar Tape Drives—AIX High Availability SAN Failover for 3590, by Rob Bashand and Jim Ayres, and published Jun. 12, 2001 by IBM Corp., Tucson, Ariz., U.S.A. This publication is incorporated herein by reference.
The AIX Atape driver provides up to fifteen alternative parallel paths to a single tape drive system. When a failover occurs, the Atape driver will enable one of the alternative paths invisibly to applications running on the host computer system.
Operations of tape back up systems are well known in the art, and are only briefly described herein. Generally, the first block, block 0, is written by the host onto a blank tape. Block 0 will contain label and header-type information, e.g. index of files within the image, etc., so that the tape and its contents can be identified by the host. Block 0 is written and data blocks or files are then sequentially written onto the tape. The tape may be physically unloaded from the tape drive and stored. When the host system memory needs to be restored, the tape is reloaded onto the tape drive, the host reads block 0 and replaces the host's memory contents with the data from the tape. Protocols, file structures, error detection and correction that are used for these operations are well known in the art. If there is a failover, the Atape driver enables an alternative path to the tape system, and operations continue as if there were no failure.
Consider a tape failover environment, wherein a security appliance or system is located “in-line” in each of the separate paths running from a host system to a single tape system. The security appliance is configured to encrypt data generated by the host system for secure storage on the tape system. In such an environment, block 0 will contain encryption information. The security appliance encrypts data coming from the host and delivers it to the tape and decrypts data coming from the tape system (when the tape is restoring the host memory) and delivers it to the host. The Host/Atape driver and tape systems operate as though the security appliance was not there.
Limitations, however, occur since one security appliance may NOT have the encryption key for a tape written through another security appliance. If a failover occurs, the Atape driver diverts the data flow to an alternative path. The operation will fail, however, since the encryption key is not known to the security appliance in the alternative path.
The present invention is concerned, inter alia, with the above limitations.
Encryption systems and keys are well known in the art, including public/private key operations, and these systems and processes are generically described as they apply to specific operations in examples of the present invention. The use herein of “encryption key” refers to all the encryption information needed to encrypt and decrypt data.