1. Field of the Invention
This invention generally relates to data storage facilities and more specifically to the encryption of data within data storage facilities
2. Description of Related Art
A data storage facility generally comprises a disk array storage device that includes physical storage media and related controls. For example, a typical disk array storage device includes a plurality of physical disk drives as physical storage media. The controls include a cache memory, an interconnecting bus and adapters. At least one host adapter connects between a host processor, or “host” and the bus. A plurality of disk adapters act as interfaces between the bus and the physical disk drives.
From the perspective of applications being processed by a host, disk storage typically is organized into “logical devices”. Such “logical devices” are also known as “logical storage devices”, “logical volumes” and “devices”. The following discussion uses “logical device.” Each logical device may reside in part of, or in the entirety of, a single physical disk drive. A logical device also may reside on multiple physical disk drives. Logical devices may store one or more “data sets”, also called files. Each data set comprises one or more extents. An extent is defined by one or more contiguous storage locations, typically contiguous cylinders or tracks in a disk storage system. A plurality of data sets may be designated as a “group.”
An operating system provides control routines and data structures to interface a host application with a data storage facility. I/O requests from a host application generally define an operation, like a “read” or “write” operation, and logical device addresses for logical storage locations from which or to which the data is to be retrieved (read) or sent (written) respectively.
IBM-based systems, for example, use an MVS (registered trademark of IBM Corporation) operating system that includes access methods, a unit control block (UCB) and related structures that are assigned to each logical device. Operating system I/O control routines use these unit control blocks to convert the logical device addresses provided by the application into connection-based addressing recognized by the storage facility. Metadata, such as that in the volume table of contents (VTOC), provides the exact cylinder and head ranges occupied by multiple extents on that logical device assigned to a particular data set. Although a single extent occupies contiguous storage locations in a single logical device, such operating systems may scatter the individual extents in a data set across a number of logical devices.
As the quantity of stored data grows, the quantity of data in existing data storage facilities approaches a maximum capacity. Additions to that capacity often involve the addition of newer data storage facilities have greater capacities and improved performance. Consequently, it has become desirable to replace or supplement existing data storage facilities with the addition of newer data storage facilities. Benefiting from the resulting improved performance often requires a transfer of data from the older data storage facilities to the newer data storage facility or facilities.
There also is a long term trend for increasing the storage capacity of individual logical devices within new storage facilities. One reason for this is that there is an architectural limit to the number of unit control block addresses within current operating systems. This prevents a free proliferation of UCB's to support expanded storage. This situation is further exacerbated by certain throughput optimization strategies that require the dedication of multiple UCB's to the addressing of a single logical device. For example, systems now available provide overlapped access using multiple unit control blocks for addressing a single logical device. U.S. Pat. No. 6,665,739 to Vishlitzky et al. discloses an enhancement whereby provisions made for overlapped input/output requests to a single logical device by using parallel access unit control blocks. Each assignment of a parallel access unit control block to one application reduces the number of unit control blocks available for other purposes.
These and other enhancements and changes in policy have heightened the need to conserve the number of unit control blocks when possible. One conservation approach is to consolidate data from multiple small logical devices into one large logical device. Such approaches require that data be transferred from existing logical devices to one logical device in the same or different data storage facility. However, it is also an objective, if not a necessity, that such transfers occur transparently without interrupting normal data processing activities with the data being transferred or migrated.
A number of efforts have been undertaken to provide such transparent and concurrent transfers or migrations. For example, U.S. Pat. No. 6,145,066 to Atkin discloses a method for the transparent migration of data between complete logical devices. In accordance with the disclosure in this patent, data in a source logical device is transferred to a target logical device in a multi-phase process. Basically a copy sub-task completes one pass of the source logical device by copying data to the target logical device. During each task, user applications continue to interact with the data in the source logical device. After the copy sub-task completes one pass, a refresh phase analyzes the changes that were made to the source logical device and copies the changed data to the target logical device. This refresh phase continues in an iterative fashion until the number of changes is below a predetermined threshold. Then the system quiesces I/O requests to the source logical device to prevent any further interaction between the user applications and that logical device. During quiescence, the remaining changed data transfers to the target logical device. A swapping operation then makes the target logical device become a new source logical device. That is, after the swapping operation is complete, communications with user applications are re-enabled and the quiescent state is terminated to allow interaction between user applications and the data in the target, now new source.
As described, such data migrations are limited to all the data in a logical device. The new logical device may have a greater capacity than the source logical device, but the data from the source logical device is transferred essentially intact and in order to the target logical device. The system does not provide any suggestion for handling data in extents within a logical device or for combining data extents from different logical devices within one logical device.
U.S. Pat. No. 6,356,977 to Ofek et al. and assigned to the assignee of this invention discloses a system and method for on-line, real time data migration. In accordance with this patent, a replacement data storage facility connects between an existing data storage facility and a host operating system or network. The replacement data storage facility processes all I/O requests for all logical devices designated to be migrated. A background copy operation moves data from the designated logical devices in the existing data storage facility to corresponding logical devices in the replacement data storage facility. Any I/O request to a location for which data has not yet been migrated by the background operation is handled on a priority basis and status is updated to indicate that a migration has occurred with respect to that particular location. This system essentially minimizes any need to quiesce the logical devices being migrated. However, it also is limited to the migration of complete logical devices.
The foregoing Atkin and Ofek et al. patents are examples of data migration systems that transfer entire logical devices. They are not adapted for migrating one or more data sets from one or more source logical devices onto a single target logical device or multiple target logical devices on an extent-by-extent basis. They cannot reduce the number of unit control blocks that must be assigned to a given number of logical volumes in a disk array storage device, particularly when some extents in a logical device are being migrated and other extents are not.
In addition, data that is stored may be sensitive and should not be accessible except to authorized users. For example, customer lists of an on-line vendor or a bank may contain customer names and addresses as well as account numbers. Although it is possible to restrict access to the data on the storage device, the information may be backed up to a tape that may be compromised. In addition, in some cases, a malicious user may be able to physically remove a disk to attempt to access the data thereon to frustrate security of the storage device. In these and other similar cases, it would be useful if the data were not useable except by those authorized to access the data.