In the data storage field, many data storage products contain some memory which is used to store data which is regarded as non-volatile. This data is rendered non-volatile by a combination of software, an intelligent external Uninterruptible Power Supply (UPS) and a disk drive. (An intelligent UPS is one which is capable of controlling and monitoring its operating condition and responding to signals, preferably via a signal cable. The reliability, availability and serviceability of such systems is thereby enhanced over that of conventional “unintelligent” apparatus.) The software at a node connected by the signal cable monitors the state of the UPS and the supply to the UPS, and if it detects that main power to the UPS has failed, it initiates a process by which the contents of the memory are written out to the disk. This process occurs under power from the UPS. Once the data has been copied from memory to disk, the storage product hardware is powered down.
The connection between a storage product and a conventional intelligent UPS consists of a power cable and a separate signal cable, typically in the form of an RS232 (serial) connection. Due to the physical design of the commercially available UPSs that are typically used, it is physically possible to plug the power cable into one UPS and the data cable into a different UPS. The same difficulty applies to various configurations of data processing apparatus connected to UPSs, with varying results, depending on the uses to which the apparatus is put.
It is thus possible, in the exemplary data storage case, to lose data as a result of configurations where the serial cable is not connected to the UPS powering the node, but to a different UPS powering a different node.
The normal system design of an exemplary data storage configuration relies upon the signal cable between the storage product node and the UPS connecting to the correct UPS. If this is not the case then a node can be powered down without the contents of its fast write cache and metadata being copied to the node's internal disk drive.
A number of steps are taken already in the conventional design to ensure correct cabling but unfortunately none of the existing checks can detect the case where the signal cable for a specific node is connected to a UPS which is not supplying that actual node with power. A common mistake is to cross connect the signal and power cables between two consumer nodes and two UPSs, such that the power cable of one UPS the signal cable of a different UPS are connected to each node, although other misconfigurations are possible.
In the case of a typical system according to the prior art which has been cross-connected in this way, when one node is shut down it stops refreshing the keepalive timer in the UPS powering its partner node. When this keepalive timer expires, the partner node, which may be the only operational node in the system, is powered off unexpectedly.
It is possible to alleviate the problem using the following known techniques:
1. Tightly integrating the UPS with the node. This is a poor solution to the problem because it leads to inflexibility in the design. Potentially the power consuming product is tied to one UPS vendor or to designing and manufacturing custom UPS hardware for each processing complex used.
2. Integrated supply and data cable. This is a poor solution to the problem because vendors of the currently available UPSs have not designed their UPSs with this in mind.
3. Physically tying together the supply and data cable. This solution is actually used today, but unfortunately it is impossible to make a cable which cannot be plugged into the wrong UPS if the UPSs are physically close together.
It would therefore be desirable to provide some degree of automation of the checking process and/or to offer protection against the problems described, thus reducing the potential for human error to cause severe system errors.