1. Field of the Invention
This invention relates generally to automated data storage systems, and particularly, to novel improvements in virtual tape server subsystems for ensuring that expired data is overwritten within a time interval set by a user.
2. Discussion of the Prior Art
A virtual tape system is a special storage device that manages data so that it appears to be stored entirely on tape cartridges when portions of it may actually be located in faster, hard disk storage. The programming for a virtual tape system is sometimes called a virtual tape server (VTS). Virtual tape can be used with a hierarchical storage management (HSM) system in which data is moved as it falls through various usage thresholds to slower but less costly forms of storage media. Virtual tape may also be used as part of a storage area network (SAN) where less-frequently used or archived data can be managed by a single virtual tape server for a number of networked computers.
FIG. 1 illustrates is a block diagram illustrating the physical hardware components comprising the VTS 100. As shown in FIG. 1, the VTS is installed in several frames: one or more frames 102 comprising physical tape drives 136 such as the IBM Magstar 3590 to which data are recalled to and copied from a tape volume cache 135; a VTS frame 125 comprising key components of the VTS subsystem including an intelligent (VTS) controller 126 and its associated storage management software 128, and, RAID disk arrays 105 which make up the Tape Volume Cache (TVC); and, a Library Manager 140 comprising a virtual and stacked volume inventory and implementing functions for the management of the physical library e.g., tracking the physical position and status-of the tape cartridges. The VTS is connected to a host computing system such as a mainframe or IBM S/390 host 99 by up to sixteen Enterprise Systems Connection (ESCON) channels 115. The VTS may also be attached to a SCSI host by up to eight SCSI busses. This VTS can be dedicated to a SCSI host only or shared with a S/390 host. The tape drives are attached to the VTS controller and the Library Manager only and are dedicated to the function of the VTS. They are not visible to, and therefore cannot be used by, any external host system.
The VTS frame 125 preferably includes a RISC-based processor 126, which provides ESCON as well as SCSI attachments, tape drive emulation to the host system and attachment to the TVC disks 135. The processor in the VTS may be based upon an RS/6000 processor. The storage management software, which manages the TVC contents and stacked volumes, controls the movement of data between a disk (i.e., the TVC) and the tape cartridges, e.g., an IBM Magstar 3590, and automatically fills the tapes.
The Tape Volume Cache (TVC) 135 of the VTS subsystem is the key element that enables the utilization of the tape technology. Buffering host-created volumes and later stacking them on a tape cartridge makes it possible for the cartridge capacity of the technology to be fully utilized. The TVC is a disk buffer where the host emulated tape volumes are written before they are copied to the physical tape cartridges. The host operating system sees tape drives, but actually, the space is represented by storage space in RAID fault-tolerant Serial Storage Architecture (SSA) disk subsystems. All host interaction is through the VTS virtual control unit 126 which handles the migration of data between the disk cache and the tape media in an optimal space and time fashion; the host never writes directly to the tape drives inside the VTS.
With this approach, in addition to fulfilling the objective of making full use of high-capacity tape cartridges, there are additional benefits such as: the emulated volumes are accessed at disk speeds and tape commands such as space, locate, rewind and unload are mapped into disk commands that are completed in tens of milliseconds rather than the tens of seconds required for traditional tape commands; and, multiple, different, emulated volumes can be accessed in parallel because they physically reside in the TVC, i.e., a single virtual volume cannot be shared by different jobs or systems at the same time.
FIG. 2 illustrates the relationship between several virtual and real image of components which are shown to host systems differently. When using a VTS, the host application writes tape data to virtual drives 150. The volumes written by the host are physically stored in the tape volume cache (e.g., a RAID disk buffer) and are called Virtual Volumes 160. The storage management software 128 in the VTS controller 126 copies these virtual volumes in the TVC to the physical cartridges 175 owned by the VTS subsystem. Once a virtual volume is copied or migrated from the TVC to tape, it is called a Logical Volume 180. As virtual volumes 160 are copied from the TVC to a Magstar cartridge (tape), they are “stacked” on the cartridge end to end, taking up only the space written by the host application. This arrangement maximizes utilization of a cartridge's storage capacity. The storage management software manages the location of the logical volumes on the physical cartridges, and the user has no control over the location of the data. When a logical volume 182 is moved from a physical cartridge to the TVC 135, the process is called recall and the volume becomes a virtual volume 162 again. The host cannot distinguish between physical and virtual volumes, or physical and virtual drives and treats them as if they were “real” cartridges and drives because the host's view of the hardware is virtual. That is, all host interaction with tape data in a VTS subsystem is through virtual volumes and virtual tape drives.
The relationship between virtual and logical volumes is readily understood from FIG. 2. That is, in the virtual tape server (VTS) subsystem, a customer tape volume is virtualized in the disk cache. Any access to the virtual volume is through the image stored in the TVC. The virtual tape volume is identified by a volume serial number referred to as a “volser” (generally, a six character name). After a virtual volume is created and/or modified (one or more records are written to the volume) and closed, it is copied onto the physical tape (logical) volume 180. The image of the virtual volume 160 copied to a physical volume 180 when it was closed is a complete version of the virtual volume at the point in time it was closed. If a virtual volume 160 is subsequently opened and modified, when it is closed, that image of the virtual volume is also copied onto physical tape, however it does not overwrite the prior version of the volume since it may have a different size then the previous version. So at any point in time, there may be several versions of the same volume serial number that reside on one or more physical tape volumes.
While the Library Manager in the VTS maintains a database to track which version of a virtual volume is the most current and its location on the physical volumes managed by the VTS, it is the case that during normal VTS operations, only the most current version of a virtual volume is accessible by a host system. It is an expressed concern that the old versions of the virtual volume's data, although not directly accessible by the host system attached to the VTS, could be accessed by a tape drive, compatible with the physical tape volumes used by the VTS, that is directly attached to a host system. In addition, the data associated with the most current version of a virtual volume could have been expired by the customer, but it still will exist on the physical tape volume and could be accessed.
Conventional methods implement the concept of “expiring” data, which entails returning the virtual volume to a “scratch” status which is required as a result of modifying the data associated with a virtual volume in the VTS which creates a new image of the volume. This additionally requires that the old version(s) of the volume must be handled to guarantee that they cannot be recovered.
It would be highly desirable to provide a system and method that guarantees that old or expired versions of a virtual volume cannot be accessed, after a given period of time, through any reasonable means including reading the tape on a tape device directly attached to a host.
It would be highly desirable to provide a function executable in a virtual tape server that guarantees that virtual volume data that has been expired by the customer in the VTS cannot be recovered by any reasonable means after a certain time interval.