The present invention relates to dual writing of data to be executed through the effect of two controllers. In particular, the present invention is effective in the case that a long distance exists between the two controllers so that a delay takes place in transferring data between the controllers.
The following techniques have been disclosed as the prior art of the present invention.
The European Patent Publication No. 0671686A1 has disclosed a technique of doing dual writing through the effect of controllers spaced from each other by a long distance. In this technique, one controller guarantees data on a disk therein if the other controller is broken by a disaster such as an earthquake. The technique disclosed in EP-0671686A1 is arranged so that a primary controller directly receives write data from a host computer, transfers the received write data to a secondary controller located in a remote place, and reports completion of receipt of the write data to a host computer. This is a quite excellent method from a view-point of data security because the data to be stored in the primary controller is completely equivalent to the data to be stored in the secondary controller. However, a longer distance existing between two controllers makes a data transfer time between the controllers far larger. This method therefore has difficulty on performance to be solved if one controller is far away from the other controller.
The European Patent Application Publication No. 0672985A1 also has disclosed a technique of doing dual writing on disks loaded in two controllers far away from each other. The technique disclosed in EP-0672985A1 is arranged so that a primary controller directly receives write data from a primary host computer, immediately after receipt of the write data, reports completion of the receipt of the write data to the primary host computer. In the EP-0672985A1, a copy of the write data received by the primary controller is read out to the primary host computer. According to the invention, a time stamp is given to the write data received from the primary host computer for the first time. The time stamp indicates a time when a request for writing the write data is issued. When the copy of the write data is read out to the primary host computer, the write time is passed to the primary host computer as well. Then, the primary host computer sends the copy of the write data and the write time to a secondary host computer.
When the secondary host computer receives the write data and the write time, information such as the write data is written on the disk for the control purpose. Further, the write data is written on the disk on the secondary side in the sequence of the write time by referring to the time given to each write data record.
In the EP-06729851A1, the secondary host computer performs the foregoing procedure, because it is not desirable to leave the intermediate results of the transactions normally used by an online system. For example, considering a transaction of transferring a bank deposit from a bank account A to another bank account B, though the deposit is withdrawn from the bank account A, the state of having transferred no corresponding deposit to the bank account B is not left. This means that no intermediate result of the transaction is left. Normally, the recovery unit is a transaction on the online system. Hence, leaving the intermediate result of the transaction is a quite significant obstacle.
In turn, why no intermediate result of the transaction can be left by the foregoing process will be briefly described below. The disks on which data is dually written contain a disk for storing a database such as account information and a disk for storing a journal where an update history of the transaction is left. If the host computer is failed, a recovery program is started to analyze the journal so that the update result of the unfinished transaction is returned to the state before the execution and no intermediate result of the transaction is left. The write data written on the disk loaded in the secondary controller is effective only in the cases such as when the primary controller for storing the latest write data is broken. The secondary controller does not store the latest write data but can guarantee the write data up to a certain time. Hence, apparently, the host computer yields an equivalent state to the failed state at a time when the write data is guaranteed. As a result, by using the disk for storing the journal, loaded in the secondary controller and the disk for storing the database, the similar process to the recovery to be executed when the host computer is failed is executed so that the intermediate result of the transaction may not be left.
Further, the disk controller contains a non-volatile cache memory and provides a write-after technique, that is, a technique of writing the write data received from the host computer onto a non-volatile cache memory and reporting the completion of the write to the host computer. The non-volatile cache memory is highly reliable, so that the data may be sufficiently guaranteed by storing the write data in the cache.
The technique disclosed in the EP-0672985A1 is arranged to suppress the degrade of the performance though some data is lost even if a distance between the controllers is expanded. Further, it does not leave the intermediate result of the transaction.