JP4592735B2 - EXTERNAL STORAGE DEVICE, DATA RECOVERY METHOD FOR EXTERNAL STORAGE DEVICE, AND PROGRAM - Google Patents

Description

  The present invention relates to an external storage device such as a disk device, a data recovery method for the external storage device, and a program.

  In a business application program (database system) that handles a relatively large amount of data, the data is stored in a disk array device formed separately from the host computer. Various data operations are performed by accessing data on the disk array device from the database system of the host computer. A disk array device is formed by arranging a plurality of disk devices in an array, and operates according to a write command, a read command, or the like from a host computer.

  Here, if a failure occurs while the database system is running, for example, due to unexpected power loss, operator error, malfunction of hardware circuit or other program, the contents of the database before the failure Need to be restored. In addition to the failure, there is a case where it is desired to return the data operation to a desired time.

  As a first conventional technique, in a normal database system, the database system itself on the host computer writes journal data (log data) to a predetermined disk device of the disk array device separately from the actual data. Therefore, in a normal database system, the database system itself reads the journal data from the disk device based on the backup data acquired in advance and sequentially reflects it in the backup data. As a result, the database system on the host computer can restore the database to a desired point in time as long as journal data remains.

  In the second prior art, the contents of the first disk device are stored in the backup disk device at a predetermined cycle, and the journal data is stored in the journal disk device. When a failure occurs in the first disk device, a virtual first disk device is created in the second disk device based on the backup data and journal data, and data access to the first disk device is performed. Are internally switched to the virtual first disk device. When the restoration of the first disk device is completed, the contents of the virtual first disk device are transferred to the first disk device (see, for example, Patent Document 1).

JP-A-6-110618

    In the first prior art, the database system itself on the host computer manages the journal data, and the data can be recovered at an arbitrary time. However, since the database system itself performs data recovery work, the computer resources (arithmetic unit, memory, etc.) of the host computer are used for data recovery processing, and the original business process and other business processes are performed during the recovery work. The processing efficiency will be reduced. The database system manages journal data. If the journal data storage disk becomes full, the data cannot be recovered unless backup data is taken. Therefore, the database system needs to perform up to the capacity management of the journal data disk and the processing load increases. Furthermore, when performing data generation management, multiple generations of backup data are created, which further increases the processing load.

  In the second prior art, by switching the access to the virtual disk device, the data recovery operation can be performed without interrupting the processing being executed, but it can be recovered only to the previous state. The data cannot be recovered at any time desired by the operator.

  The present invention has been made in view of the above problems, and an object of the present invention is to provide an external storage device and an external storage device capable of restoring data to an arbitrary time without increasing the processing load on the host computer side. To provide a data recovery method and program. Further objects of the present invention will become clear from the description of the embodiments described later.

  In order to solve the above problems, an external storage device according to the first aspect of the present invention is connected to a host computer, and stores storage means for storing data used by the host computer, and control means for controlling the storage means. And have. The control means registers the recoverable time point set by the host computer with respect to the data stored in the storage means, and, in response to a request from the host computer, the registered recoverable time point selection information. Selection information transmitting means for transmitting the data, and recovery means for recovering the data designated by the host computer to the designated recoverable time based on the selectable information at the recoverable time.

  As the storage means, for example, a storage device in which a plurality of disk devices are arranged in an array can be used. The host computer can set a recoverable time point for the data stored in the storage means. The recoverable time point is information indicating a time point at which the data can be recovered, and can also be referred to as a restoration point. The recoverable time points set regularly or irregularly by the host computer are registered by the registration means.

  When data recovery is necessary due to a failure or the like, the host computer requests the control means for selection information at a recoverable point. In response to this request, the selection information transmission means transmits the selection information to the host computer. The selection information is information for selecting a recoverable point in time, and can be displayed in a list format, for example.

  The host computer selects a point in time to be recovered based on the received selection information. The recoverable point selected by the host computer is notified to the recovery means. Then, the recovery means recovers the data specified by the host computer to the specified time. The recovery means can recover the data, for example, by sequentially reflecting the journal data up to the specified recovery point in the backup data. As a result, data can be recovered to an arbitrary point in the external storage device with virtually no use of computer resources of the host computer.

  The registering means can register a plurality of time points set by the host computer as recoverable time points. That is, it is possible to register not only the latest state immediately before but also a plurality of arbitrary time points. For example, the host computer can set the recoverable time point every time an update process (commit) is requested or every time a data operation is separated, or manually by an operator.

  In one aspect of the present invention, the storage means includes journal data storage means for acquiring and storing journal data, and the registration means associates the label information with a predetermined position of the journal data based on an instruction from the host computer. Thus, the recoverable point is registered. That is, the journal data is automatically collected and stored independently by the journal data storage means in the external storage device. Then, the registration means registers the recoverable time by associating the marker information with a predetermined position of the journal data based on the setting from the host computer. The tag information can be included in the journal data, or can be managed as data different from the journal data, and can be associated with each other by a unique identification code or the like.

  In one aspect of the present invention, the journal data includes at least write data, a write position, and recovery flag information as indicator information, and the registration unit sets predetermined recovery flag information in the journal data. Thus, the recoverable point is registered.

  Add a recovery flag to expand the data structure of journal data. All journal data includes a data area for setting a recovery flag in advance. When setting a recoverable point in time for certain data, a recovery flag corresponding to the data is set. If the recovery flag is reset, the set recoverable time can be canceled.

  In one aspect of the present invention, the storage means further includes backup data storage means for storing backup data, and the control means includes journal data management means. The journal data management means transfers the oldest journal data stored in the journal data storage means to the backup data storage means when the free space of the journal data storage means is insufficient, and the journal data storage means And the host computer is notified that the oldest recoverable time among the registered recoverable times has been changed.

  Data recovery is realized, for example, by sequentially reflecting journal data up to a target time in backup data at a certain time (roll forward method). Therefore, when there is no journal data, the data can be returned only to the time when it was backed up. On the other hand, journal data is a collection of data update histories and increases daily. When the storage amount of journal data reaches the storage capacity of the disk device, no more journal data can be stored. Therefore, when the free space of the journal data is insufficient, the oldest data among the already accumulated journal data is transferred to the backup data by a necessary amount to secure the free space. The necessary amount to be transferred may be a fixed value set in advance, or may be dynamically changed according to various factors such as the journal data storage speed and the storage capacity of the backup data storage means. Here, the transfer of the oldest journal data to the backup data means that the oldest journal data is deleted after reflecting the oldest journal data in the backup data. As long as there is an unused storage area in the storage means, the journal data storage area is automatically expanded, and when the unused storage area is insufficient, the oldest journal data is transferred to the backup data. May be.

  A data recovery method for an external storage device according to a second aspect of the present invention is a data recovery method for recovering data in an external storage device connected to a host computer in the external storage device. A registration step of registering recoverable time points that can be set at any of a plurality of time points by the host computer; a list transmission step of transmitting information for selecting the registered recoverable time points to the host computer in response to a request from the host computer; And a recovery step of recovering the data designated from the host computer to the designated recoverable time based on the selection information of the recoverable time.

  The registration step, the list transmission step, and the recovery step may be executed in this order, or may be executed in different orders, for example, in parallel.

  A program according to the third aspect of the present invention is a program for controlling an external storage device connected to a host computer, and the external storage device has storage means for storing data used by the host computer. Registration means for registering recoverable time points that can be set at any plurality of time points by the host computer with respect to the data stored in the storage means, and information for selecting the recoverable time points registered in response to a request from the host computer On the computer of the external storage device, selection information transmitting means for transmitting to the host computer and recovery means for recovering data designated from the host computer to a designated recoverable time based on the selectable information at the recoverable time Make it happen.

  The program according to the fourth aspect of the present invention is a program for controlling a host computer that uses an external storage device, and for the data stored in the external storage device, the recoverable time points that can be set at any of a plurality of time points are externally set. Registration instruction means for instructing and registering the storage device, selection information request means for requesting selection information at the recoverable point registered in the external storage device, and the selection information received from the external storage device Recovery instruction means for instructing the external storage device to recover the data to a desired recoverable point on the host computer.

  This program can be provided in the form of an API (Application Program Interface), for example, and can be suitably used from various business application programs.

  The program according to the present invention can be fixed in various storage media such as a disk-type storage medium and a semiconductor memory, and can be distributed, or can be distributed from a server via a communication network.

    Hereinafter, embodiments of the present invention will be described with reference to FIGS.

  First, an overall outline of the external storage system will be described with reference to FIG.

  First, the overall configuration of the system will be described with reference to FIG. The storage device system 60 includes the storage device control device 10 and the storage device 30. The storage device control apparatus 10 controls the storage device 30 according to the command received from the information processing apparatus 20. For example, when receiving a data input / output request from the information processing apparatus 20, the storage device control apparatus 10 performs an input / output process of data stored in the storage device 30. A logical volume (hereinafter abbreviated as LU) is set on a physical storage area provided by a disk drive included in the storage device 30. An LU is a logical storage area, and data is stored on this LU. In addition, the storage device control device 10 also exchanges various commands for managing the storage device system 60 with the information processing device 20.

  The information processing apparatus 20 is a computer system including a CPU (Central Processing Unit), a memory, and the like. Various functions are realized by the CPU of the information processing apparatus 20 executing various programs. The information processing apparatus 20 may be a personal computer or a workstation, or may be a mainframe computer, for example. In FIG. 1, for convenience of explanation, first to fifth information processing apparatuses are illustrated. In order to identify each information processing apparatus 20, sequential numbers such as “information processing apparatus 1”, “information processing apparatus 2”, and the like in FIG. 1 are designated as first to fifth information processing apparatuses 20. . Similarly, a channel control unit 11 and a disk control unit 14 to be described later are also distinguished by attaching serial numbers.

  The first to third information processing apparatuses 20 are connected to the storage device control apparatus 10 via a LAN (Local Area Network) 40. The LAN 40 can be, for example, the Internet or a dedicated network. Data communication between the first to third information processing apparatuses 20 and the storage device control apparatus 10 is performed via the LAN 40 according to, for example, a TCP / IP (Transmission Control Protocol / Internet Protocol) protocol. The first to third information processing apparatuses 20 make a data access request by specifying a file name to the storage system 60 (a data input / output request in units of files. Hereinafter, abbreviated as “file access request”). Is sent.

  A backup device 71 is connected to the LAN 40. Examples of the backup device 91 include MO (magneto-optic: magneto-optical storage device), CD-R (CD-Recordable: readable / writable compact disc), DVD-RAM (Digital Versatile Disk-RAM: readable / writable DVD). ) And other tape storage devices such as DAT (Digital Audio Tape) tape, cassette tape, open tape, cartridge tape, and the like. The backup device 71 stores backup data of data stored in the storage device 30 by communicating with the storage device control apparatus 10 via the LAN 40. Further, the backup device 71 can be configured to be connected to the first information processing apparatus 20. In this case, backup data of data stored in the storage device 30 is acquired via the first information processing apparatus 20.

  The storage device control apparatus 10 communicates with the first to third information processing apparatuses 20 and the backup device 71 via the LAN 40 using the first to fourth channel control units 11. The first to fourth channel control units 11 individually accept file access requests from the first to third information processing apparatuses 20. That is, each of the first to fourth channel control units 11 is assigned a network address (for example, an IP address) on the LAN 40, and each of the first to fourth channel control units 11 is individually connected to the NAS. It is supposed to behave as (Network Attached Storage). The first to fourth channel control units 11 can provide services as NAS to the first to third information processing apparatuses 20 as if they were independent NAS. Hereinafter, the first to fourth channel control units 11 may be abbreviated as CHN. As described above, since the first to fourth channel control units 11 that individually provide the services as the NAS are provided in the single storage device system 60, each of the individual storage systems 60 has conventionally been individually operated by an independent computer. The NAS servers that have been operated are integrated into one storage device system 60. As a result, the overall operation of the storage device system 60 becomes possible, and the efficiency of maintenance operations such as various settings / controls, failure management, and version management can be improved.

  Note that the first to fourth channel control units 11 of the storage device control apparatus 10 are, for example, hardware formed on a circuit board integrated into a unit, and an OS (Operating System) executed by the hardware. ), And is realized by software such as an application program operating on the OS. In the storage device system 60, functions that have been conventionally implemented as part of hardware are realized by software. Therefore, by using the storage device system 60, it is possible to operate the system with great flexibility, and it is possible to meticulously respond to various and rapidly changing user needs.

  The third and fourth information processing apparatuses 20 are connected to the storage device control apparatus 10 via a SAN (Storage Area Network) 50. The SAN 50 is a network for exchanging data with the third and fourth information processing apparatuses 20 in units of blocks, which are data management units in the storage area provided by the storage device 30. Communication between the third and fourth information processing apparatuses 20 and the storage device control unit 10 performed via the SAN 50 generally follows the fiber channel protocol. From the third and fourth information processing apparatuses 20, a data access request in block units (hereinafter abbreviated as a block access request) is transmitted to the storage device system 60 in accordance with the fiber channel protocol.

  A SAN-compatible backup device 70 is connected to the SAN 50. The SAN-compatible backup device 70 stores backup data of data stored in the storage device 30 by communicating with the storage device control apparatus 10 via the SAN 50.

  The storage device control apparatus 10 performs communication between the third and fourth information processing apparatuses 20 and the SAN compatible backup device 70 via the SAN 50 by the fifth and sixth channel control units 11. Hereinafter, the fifth and sixth channel control units 11 may be abbreviated as CHF.

  Further, the fifth information processing apparatus 20 is directly connected to the storage device control apparatus 10 without going through a network such as the LAN 40 or the SAN 50. The fifth information processing apparatus 20 can be, for example, a mainframe computer, but is not limited to this. Communication between the fifth information processing apparatus 20 and the storage device control apparatus 10 is, for example, FICON (Fibre Connection) (registered trademark), ESCON (Enterprise System Connection) (registered trademark), ACONARC (Advanced Connection Architecture) ( It follows communication protocols such as registered trademark and FIBARC (Fibre Connection Architecture). From the fifth information processing apparatus 20, a block access request is transmitted to the storage system 60 according to these communication protocols.

  The storage device control device 10 communicates with the fifth information processing device 20 by the seventh and eighth channel control units 11. Hereinafter, the seventh and eighth channel control units 11 may be abbreviated as CHA.

  The SAN 50 is connected to another storage device system 61 installed at a location (secondary site) remote from the installation location (primary site) of the storage device system 60. The other storage device system 61 is used as a data replication destination device in the replication or remote copy function. In addition to the SAN 50, the other storage device system 61 may be connected to the storage device system 60 via a communication line such as ATM (Asynchronous Transfer Mode). In this case, a channel control unit 11 having an interface (channel extender) for using the communication line is employed.

  Next, the configuration of the storage device 30 will be described. The storage device 30 includes a large number of disk drives (physical disks) and provides a storage area to the information processing apparatus 20. Data is stored in an LU which is a logical storage area. As the disk drive, for example, various devices such as a hard disk device, a flexible disk device, and a semiconductor storage device can be used. For example, the storage device 30 may be configured as a disk array by a plurality of disk drives. In this case, the information processing apparatus 20 can be provided with a storage area by a plurality of disk drives managed by RAID (Redundant Array of Independent (Inexpensive) Disks).

  As shown in FIG. 1, the storage device control apparatus 10 and the storage device 30 may be directly connected or indirectly connected via a network. Furthermore, the storage device 30 can also be configured as an integral part of the storage device control apparatus 10.

  The LU set in the storage device 30 includes a user LU accessible from the information processing apparatus 20 and a system LU used for control of the channel control unit 11. The system LU also stores an OS executed by the CHN 11. Each LU is associated with each channel controller 11 in advance. Thereby, an accessible LU is allocated to each channel control unit 11. In addition, the association can be set so that a plurality of channel control units 11 share one LU. In the following description, the user LU may be referred to as a user disk and the system LU may be referred to as a system disk. An LU shared by a plurality of channel control units 11 may be referred to as a shared LU or a shared disk.

  Next, the configuration of the storage device control apparatus 10 will be described. The storage device control apparatus 10 includes a channel control unit 11, a shared memory 12, a cache memory 13, a disk control unit 14, a connection unit 15, and a management terminal 16.

  The channel control unit 11 has a communication interface for performing communication with the information processing apparatus 20, and has a function of exchanging data input / output commands and the like with the information processing apparatus 20. For example, the CHN 11 receives file access requests from the first to third information processing apparatuses 20. Thereby, the storage device system 60 can provide the service as the NAS to the first to third information processing devices 20. The CHF 11 accepts block access requests according to the fiber channel protocol from the third and fourth information processing apparatuses 20. Thereby, the storage device system 60 can provide the third and fourth information processing devices 20 with a data storage service that can be accessed at high speed. Further, the CHA 11 accepts a block access request according to a protocol such as FICON, ESCON, ACONARC, and FIBARC from the fifth information processing apparatus 20. Thereby, the storage device system 60 can provide a data storage service to a mainframe computer or the like such as the fifth information processing device 20.

  Each channel control unit 11 is connected to the management terminal 16 through an internal LAN 17. As a result, a program to be executed by the channel control unit 11 can be transmitted from the management terminal 16 to the channel control unit 11 and installed. The configuration of the channel control unit 11 will be further described later.

  The connection unit 15 connects each channel control unit 11, shared memory 12, cache memory 13, and each disk control unit 14 to each other. Data and commands are exchanged among the channel control unit 11, the shared memory 12, the cache memory 13, and the disk control unit 14 through the connection unit 15. The connection unit 15 is configured by a high-speed bus such as an ultra-high-speed crossbar switch that performs data transmission by high-speed switching. By connecting the channel control units 11 with each other via a high-speed bus, the communication performance between the channel control units 11 is improved as compared with the case where NAS servers operating on individual computers are connected via a LAN. This also enables a high-speed file sharing function, high-speed failover, and the like.

  The shared memory 12 and the cache memory 13 are storage memories shared by each channel control unit 11 and each disk control unit 14. The shared memory 12 is mainly used for storing control information and commands. The cache memory 13 is mainly used for storing data.

  For example, when a data input / output command received by a certain channel control unit 11 from the information processing device 20 is a write command, the channel control unit 11 writes the write command to the shared memory 12 and receives it from the information processing device 20. The written data is written to the cache memory 13. On the other hand, the disk control unit 14 monitors the shared memory 12. When the disk control unit 14 detects that a write command has been written to the shared memory 12, the disk control unit 14 reads write data from the cache memory 13 in accordance with the command and writes the read data to the storage device 30.

  The disk control unit 14 controls the storage device 30. For example, as described above, the disk control unit 14 writes data to the storage device 30 in accordance with the write command received by the channel control unit 11 from the information processing apparatus 20. Further, the disk control unit 14 converts the data access request to the LU by the logical address designation transmitted from the channel control unit 11 into the data access request to the physical disk by the physical address designation. If the physical disk in the storage device 30 is managed by RAID, the disk control unit 14 accesses data according to the RAID configuration. The disk control unit 14 also performs replication management control and backup control of data stored in the storage device 30. Further, the disk controller 14 also copies data of the storage system 60 at the primary site to other storage systems 61 installed at the secondary site for the purpose of preventing data loss (disaster recovery) in the event of a disaster. Control is also performed (called replication function or remote copy function).

  Each disk control unit 14 is connected to the management terminal 16 via the internal LAN 17, and can communicate with each other. As a result, a program to be executed by the disk control unit 14 can be transmitted from the management terminal 16 to the disk control unit 14 and installed.

  Next, the management terminal 16 will be described. The management terminal 16 is a computer for maintaining and managing the storage device system 60. By operating the management terminal 16, for example, setting of a physical disk configuration in the storage device 30, setting of an LU, installation of a program to be executed by the channel control unit 11, and the like can be performed. Here, as the setting of the physical disk configuration in the storage device 30, for example, addition or reduction of physical disks, change of RAID configuration (change from RAID1 to RAID5, etc.) can be mentioned. Further, the management terminal 16 can also perform operations such as confirmation of the operating state of the storage device system 60, identification of a faulty part, and installation of an OS executed by the channel control unit 11. The management terminal 16 is connected to an external maintenance center via a LAN, a telephone line, or the like, and the storage terminal system 60 is monitored using the management terminal 16 from the external maintenance center or when a failure occurs. It is also possible to respond quickly. The occurrence of a failure is notified from the OS, application program, driver software, or the like, for example. This notification can be performed by, for example, an HTTP (HyperText Transfer Protocol) protocol, an SNMP (Simple Network Management Protocol) protocol, an e-mail, or the like. These settings and controls can be performed by an operator or the like operating a web page provided by a web server operating on the management terminal 16 as a user interface. An operator or the like operates the management terminal 16 to set a fault monitoring target or content, or set a fault notification destination.

  The management terminal 16 may be configured to be built in the storage device control apparatus 10 or may be configured to be externally attached to the storage device control apparatus 10. The management terminal 16 may be configured as a computer dedicated to maintenance and management of the storage device control device 10 and the storage device 30, or may be configured by providing a general-purpose computer with a maintenance and management function. Also good.

  Next, an example of the data recovery method according to the present invention will be described with reference to FIG. FIG. 2 is a schematic configuration diagram in which the main part of the storage device system described with FIG. 1 is extracted. As will be described later, the external storage system shown in FIG. 2 is roughly divided into a host computer 10 and an external storage device, and the external storage devices are roughly divided into a disk control device 200 and a mass storage device 400. Here, the correspondence between FIG. 1 and FIG. 2 will be briefly explained. The storage device system 60 in FIG. 1 is replaced with the disk controller 200 in FIG. 2, and the channel controller 11 in FIG. In the channel port 210 and the microprocessor 220, the shared memory 12 and the cache memory 13 in FIG. 1 are in the buffer memory 230 in FIG. 2, and the connection unit 15 in FIG. 1 is in the bus, switches, etc. (not shown). The disk controller 14 in FIG. 1 is the microprocessor 220 in FIG. 2, the storage device 30 in FIG. 1 is in the storage device 400 in FIG. 2, and the information processing apparatus 20 in FIG. 1 is the host computer in FIG. 100 respectively. The microprocessor 220 may be present on either side of the channel control unit 11 or the disk control unit 14.

  The host computer 100 is composed of, for example, a personal computer, a workstation, or the like, and has an application program 110 (hereinafter abbreviated as application) that handles a database. Although not shown, the host computer 100 includes a user interface for exchanging information with an operator through, for example, a pointing device, a keyboard switch, a monitor display, and the like. The application 110 processes predetermined work by accessing data in the storage device 400 via the disk control device 200.

  The disk controller 200 controls the storage device 400, and includes a channel port 210, a microprocessor 220, and a buffer memory 230.

  The microprocessor 220 performs bidirectional data communication with the host computer 100 via the channel port 210. The microprocessor 220 executes the disk control program 300. The disk control program 300 includes a write control process 310, a write data process 320, a disk management process 330, a data recovery control process 340, a data recovery process 350, and a data synchronization process 360.

  The main processing will be described in detail later, but the write control processing 310 mainly manages write control information (journal control information) at the time of data writing. The write data processing 320 performs data writing to a predetermined disk device. The disk management process 330 mainly manages the journal data storage disk 430. The data recovery control process 340 transmits the recovery trigger registration set from the host computer 100 and the registered recovery trigger list data to the host computer 100. The data recovery process 350 recovers data of a specified disk device up to a specified time. The data synchronization process 360 performs a data backup process in response to an instruction from the host computer 100.

  In the buffer memory 230, for example, recovery data information D10, journal data D20, write control information D30, and update data D40 are stored. The recovery data information D10 is history information of data recovery processing (recovery processing), and records, for example, a data recovery destination and a recovery time. The journal data D20 is an update history of data operation, and is sequentially transferred from the buffer memory 230 to the journal storage disk 430. The write control information D30 includes information necessary for recovering data at an arbitrary time. The update data D40 is data instructed to be updated by the application 110, and is transferred from the buffer memory 230 to the data storage disk 410. The above data need not exist on the buffer memory 230 at the same time. For convenience of explanation, the buffer memory 230 is shown as a single memory, but may be configured as an aggregate of a plurality of types of memory devices, for example.

  The mass storage device 400 includes a data storage disk 410, a backup data storage disk 420, and a journal data storage disk 430. The data storage disk 410 stores the latest data (actual data) currently in use. The backup data storage disk 420 stores backup data at a certain point in time. Journal data is stored in the journal data storage disk 430. Note that each of the disks 410 to 430 is precisely a disk device, and includes a plurality of disks. Hereinafter, the data storage disk is called a data disk, the backup data storage disk is called a backup disk, and the journal data storage disk is called a journal disk.

  FIG. 3 is a data structure diagram showing a schematic structure of the journal data D20 and the write control information D30.

  The journal data D20 according to the present embodiment includes write control information D30 and update data (write data) D40. The write control information D30 functions as journal control information, and includes information such as a data write position D31, a data size D32, a time stamp D33, a recovery flag D34, and other control information D35, for example. The data writing position D31 is position information indicating where and in which disk device data is written. The data size D32 is information indicating the size of the written data. The time stamp D33 is information indicating the data writing time. The recovery flag D34 is indicator information indicating that it is a recoverable time point (restoration point). When the recovery flag D34 is set, it is set as recoverable data. When the recovery flag D34 is reset, the recovery point is set. Canceled. The other control information D35 includes, for example, other necessary information such as a control number and a data type for uniquely specifying the write control information D30.

  In the present embodiment, as shown in FIG. 3, the structure of the journal data D20 is uniquely expanded, and a recovery flag D34 is provided in the journal data D20. Thus, any time point can be freely set as a recoverable time point simply by adding a small amount of data, and data can be recovered at any time point. However, the present invention is not limited to this, and the journal data D20 and the recovery flag D34 may be separated and associated with each other by a unique ID (identification code) or the like.

  Next, FIG. 4 is a block diagram showing an outline of the program structure of the host computer 100 and the disk control device 200.

  The application 110 performs bidirectional data communication with the disk control program 300 via the OS 120 of the host computer 100. The OS 120 has an API (Application Program Interface) group 130. The API group 130 includes a data write API 131, a recovery trigger notification API 132, a recovery trigger list acquisition request API 133, and a recovery instruction API 134. The application 110 calls and uses these APIs 131 to 134 as appropriate, sets a desired time point as a recovery opportunity, reads a set recovery opportunity list, selects the desired time point, and instructs data recovery. Can do.

  The overall operation will be briefly described with reference to FIG. When the application 110 issues a data update request (commit request) to the disk controller 200 via the data write API 131 (S1), the write control process 310 of the disk control program 300 is predetermined via the write data process 320. The data is written to the disk and the application 110 is notified that the update request has been processed (S2).

  During the business process, the application 110 can set a desired time point as a recovery opportunity (restoration point) as a recoverable time point, for example, regularly or irregularly. The application 110 instructs the disk controller 200 on data for setting a recovery trigger by calling the recovery trigger notification API 132 (S3). When the recovery opportunity is notified, the data recovery control processing 340 of the disk control program 300 sets the recovery flag of the designated data, and notifies the application 110 that the recovery opportunity has been set (S4).

  When data is recovered due to a failure or the like, the application 110 calls the recovery opportunity list acquisition request API 133 and requests the disk control device 200 for list information at a recoverable time (S5). When a list is requested, the data recovery control process 340 examines the journal disk 430 to obtain information on data for which the recovery flag is set, and creates a recovery opportunity list. The data recovery control process 340 returns a recovery opportunity list to the application 110 (S6).

  The application 110 refers to the recovery opportunity list stored in the memory 140 and selects at least one time point at which recovery is desired. The application 110 instructs the disk controller 200 to restore the data on the predetermined disk to a desired time by calling the recovery instruction API 134 (S8). When receiving a recovery instruction from the application 110, the data recovery process 350 uses the backup disk 420 and the journal disk 430 to recover the specified data to a specified time. The recovery process 350 notifies the application 110 that the recovery process has been completed (S9).

  Next, detailed control of each unit will be described with reference to FIGS. First, FIG. 5 is a flowchart showing the write control process. Although the same applies to the following description, the flowchart shown in the drawing shows a main part of the operation for understanding the invention, and may be different from an actual program. In the figure, “step” is abbreviated as “S”.

  When the application 110 issues a write request, the data D40 on the buffer memory 230 is updated (S21), and the write control information D30 on the buffer memory 230 is updated (S22). Next, it is determined whether the journal disk 430 has sufficient free space (S23). For example, it can be determined based on whether or not the current free capacity of the journal disk 430 exceeds the data size of data to be written. When the free space of the journal disk 430 is insufficient (S23: NO), a free space is secured by executing journal disk management processing described later with reference to FIG. 6 (S24), and if necessary, it is stored on the buffer memory 230. The write control information is updated (S25). The case where it is necessary is, for example, a case where the writing position of journal data fluctuates due to automatic journal expansion described later.

  When sufficient free space exists in the journal disk 430 (S23: YES) and when sufficient free space is secured in the journal disk 430, the write data D40 and the write control information D30 (that is, journal data D20) are journaled. The data is additionally written to the disk 430 (S26). Further, the write data D40 on the buffer memory 230 is written to a predetermined position of the data disk 410 (S27), and the fact that the data writing is completed is the host computer 100 (specifically, the application 110 on the host computer 100. The same applies hereinafter). (S28).

  Note that S26 and S27 may be performed separately (asynchronously) from the write control process. In this case, for example, the data in the buffer memory can be managed by providing a flag indicating whether or not the data is reflected on the disk.

  Then, it is determined whether the backup update flag is on (S29). The backup update flag is indicator information indicating that the oldest journal data has been transferred to the backup disk 420 in order to secure the free space of the journal disk 430. Since the earliest point of time that can be recovered from the backup data is changed by the transfer of the journal data, if the backup update flag is set to ON (S29: YES), the backup data has been updated. The host computer 100 is notified (S30). After notifying the host computer 100 of the backup update, the backup update flag is reset to the off state (S31).

  FIG. 6 is a flowchart showing details of the journal disk management process S24 in FIG. First, it is determined whether or not the automatic extension mode of the journal disk 430 is set (S41). The automatic expansion mode is a mode in which the logical size of the journal disk 430 is automatically expanded by searching for unused disks and unused storage areas.

  If the automatic extension mode is not set (S41: NO), the oldest data among the journal data stored in the journal disk 430 is selected and reflected in the backup disk 420 (S42). The oldest journal data transferred to the backup disk 420 is deleted from the journal disk 430 (S43). As a result, the free capacity of the journal disk 430 increases. Until the free capacity of the journal disk 430 reaches a predetermined value, the oldest journal data is sequentially transferred to the backup disk 420 (S44). When the free capacity of the journal disk 430 reaches a predetermined value (S44: YES), the backup update flag is set to the on state (S45). As a result, as shown at S30 in FIG. 5, the backup data is updated, and the host computer 100 is notified that the oldest time point that can be recovered from the backup data has been changed. The predetermined value in S44 may be a fixed value set in advance, for example, a value that is dynamically changed according to the free capacity of the backup disk, the data size written to the data disk 410, and the like. There may be.

  On the other hand, if the automatic extension mode of the journal disk 430 is set (S41: YES), an unused storage area (referred to as an unused area) is searched from the connected disk devices, and journal data is retrieved. It is determined whether there is a storable unused area (S46, S47). If an unused area is not found (S47: NO), the process moves to S42, and the oldest journal data is transferred to the backup disk 420 as described above, thereby securing a free space in the journal disk 430. When an unused area is found (S47: YES), the logical size of the journal disk 430 is expanded and the disk management map is updated to use the found unused area as a journal disk (S48). Then, it is determined whether or not the free space generated by the logical size expansion of the journal disk 430 has reached a predetermined value (S49), and the processes of S46 to S49 are repeated until the free space of the journal disk 430 reaches a predetermined value. However, the unused area is automatically expanded as a journal data storage area.

  Next, FIG. 7 shows a registration process of a recovery opportunity instructed from the host computer 100. As described above, in this embodiment, the host computer 100 can set a plurality of times (restoration points) that can be recovered at any point in time.

  When the recovery timing to be registered is notified from the host computer 100 to the disk controller 200, the data recovery control processing 340 searches the position of the latest data stored in the journal disk 430 (S51), and the latest write data The recovery flag in the write control information corresponding to is set to the on state and updated (S52). Then, the host computer 100 is notified that the setting of the recovery opportunity has been completed, and is notified of the control number for specifying the write control information (S53). As described above, the application 110 of the host computer 100 can instruct setting of a recovery opportunity for data at an arbitrary point in time when data is written.

  Next, FIG. 8 shows a transmission process of a recovery opportunity list that returns recovery opportunity list information in response to a request from the host computer 100. First, of the journal disks 430, the disk corresponding to the data designated for recovery from the host computer 100 is selected, and the pointer is set to the oldest journal data in the selected disk (S61).

  When the oldest journal data is read (S62), it is checked whether the recovery flag in the write control information relating to the read journal data is set to ON (S63), and the recovery flag is set Records the read journal data in addition to the recovery opportunity list information (S64). S62 to S64 are repeated until the final data stored in the disk selected in S61 is read (S65). In this way, the journal data corresponding to the designated data is inspected in order from the oldest data to the latest data, the journal data in which the recovery flag is set is extracted, and the recovery opportunity list is generated. The generated recovery opportunity list is transmitted to the host computer 100 together with the completion report or asynchronously (S66).

  Next, FIG. 9 shows data recovery processing. The application program 110 on the host computer 100 can instruct data recovery to a desired time point based on the recovery opportunity list information acquired by the processing shown in FIG.

  When a recovery instruction is notified from the host computer 100, the data recovery processing 350 selects a disk corresponding to the data specified for recovery from the backup disk 420 and the journal disk 430 (S71).

  Next, it is determined whether the disk designated as the data recovery destination from the host computer 100 is the backup disk 420 (S72). In other words, in the present embodiment, data up to a specified time can be recovered to a disk device other than the backup disk 420. When the disk device designated as the recovery destination is a disk device other than the backup disk 420, the backup data stored in the backup disk 420 is copied to the designated disk device, which becomes the basis for data recovery. Preparation of backup data is completed (S73).

  Next, the oldest journal data is searched from the journal disk 430 (S74), the data is read in order from the oldest journal data, and reflected in the storage contents of the disk designated as the recovery destination (S75). . Until the data is recovered from the host computer 100 to the designated time, the journal data is read and the storage contents of the recovery destination disk are updated (S76).

  If the data has been recovered to the designated time, the host computer 100 is notified that the data recovery has been completed (S77). Further, information such as the recovery time and the recovery destination is recorded in the recovery data information D10 (S78).

  According to the present embodiment, since data is automatically recovered in the external storage device, the computer resources of the host computer 100 are not consumed for data recovery processing, and other tasks on the host computer 100 are performed. Processing efficiency is not reduced. In particular, the application 110 using a large-capacity external storage device handles a large amount of data, so that the burden of data recovery processing increases, and a large amount of computer resources are consumed. Accordingly, the processing speed of other tasks performed on the host computer 100 is reduced, and the processing time until the completion of data recovery is increased. However, in the present embodiment, since the host computer 100 executes only a few processes such as a recovery trigger setting instruction, a recovery trigger list acquisition request, and a recovery instruction, the actual data recovery process is left to the external storage device. The burden on the host computer 100 can be reduced. While performing data recovery in the external storage device, the host computer 100 can efficiently process other tasks.

  In addition, since it is possible to set a plurality of arbitrary time points as a recovery opportunity and data can be recovered to a desired time point, it is highly convenient unlike the conventional technique in which data is simply recovered to the immediately preceding data.

  Furthermore, in this embodiment, APIs 131 to 134 for performing a setting instruction for a recovery opportunity, a request for acquisition of a recovery opportunity list, and the like from the host computer 100 side are prepared. Therefore, the host computer only includes these unique APIs. An external storage device according to the invention can be used.

  In the present embodiment, journal data is automatically collected in the external storage device, and the free space management of the journal disk 430 is also performed, so that the journal disk 430 becomes full and data recovery becomes impossible. Can be prevented.

  In this embodiment, since the data structure of the journal data D20 is expanded and the recovery flag is set in the journal data D20 (in the write control information D30 as journal control information), the configuration is relatively simple. Nevertheless, it is possible to realize data recovery to any plurality of time points.

  FIG. 10 shows a second embodiment of the present invention. In this embodiment, multiple generations of data are managed. That is, in addition to the data disk 410 that holds the latest data, the data disk 410 (1GA) that stores the data before one generation, the data disk 410 (1GA) that stores data before the second generation, and the data disk 410 (2GA) that stores data before the second generation. As described above, data can be managed in multiple generations.

  For example, after restoring the recorded contents of the backup disk 420 to the previous generation data disk 410 (1GA), the journal data of the data dB stored in the journal disk 430 is read and reflected in the previous generation data disk 410 (1GA). By doing so, it is possible to return to the data of the previous generation. Similarly, by copying the backup data to the data disk 410 (2GA) two generations before and reflecting the journal data of the data dB and data dC, it is possible to return to the data two generations before. As described above, even when data is managed in multiple generations, according to the present invention, it is possible to construct and manage multiple generations of data in the external storage device without imposing a processing burden on the host computer 100.

  In addition, this invention is not limited to each embodiment mentioned above. A person skilled in the art can make various additions and changes within the scope of the present invention.

1 is a schematic configuration diagram of an external storage system according to a first embodiment of the present invention. FIG. 2 is a block diagram showing an outline of the storage device system shown in FIG. 1. It is a data structure figure which shows the structure of journal data and write-control information. It is a block diagram which shows the program structure of a host computer and a disk control apparatus. It is a flowchart which shows a write-control process. It is a flowchart which shows a journal disk management process. It is a flowchart which shows the data recovery control processing when the recovery opportunity is notified from the host computer. It is a flowchart which shows the data recovery control process when transmission of a recovery opportunity list | wrist is requested | required from a host computer. It is a flowchart which shows the data recovery process when recovery is instruct | indicated from the host computer. It is a schematic diagram in the case of performing data management in multiple generations.

Explanation of symbols

DESCRIPTION OF SYMBOLS 10 Storage device control apparatus 11 Channel control part 12 Shared memory 13 Cache memory 14 Disk control part 15 Connection part 16 Management terminal 17 Internal LAN
20 Information processing device 30 Storage device 40 LAN
50 SAN
60, 61 Storage system 70, 71 Backup device 100 Host computer 110 Application program 120 OS
130 API
131 API for data writing
132 Recovery timing notification API
133 Recovery request acquisition API
134 Recovery instruction API
140 Memory 200 Disk Controller 210 Channel Port 220 Microprocessor 230 Buffer Memory 300 Disk Control Program 310 Write Control Processing 320 Write Data Processing 330 Disk Management Processing 340 Data Recovery Control Processing 350 Data Recovery Processing 360 Data Synchronization Processing 400 Mass Storage Device 410 Data storage disk device 420 Backup data storage disk device 430 Journal data storage disk device

Claims (10)

A storage system connected to a plurality of computers,
A control device for receiving an update request from at least one of the plurality of computers; A data storage volume in which data is updated by update data of the update request;
A journal data storage volume for storing a plurality of restore points, which are information for identifying data at a certain point in the data storage volume that can be restored, and journal data including data corresponding to update data in the data storage volume; ,
A backup data storage volume for storing a backup of the data stored in the data storage volume,
The controller is
After reflecting data corresponding to at least one of the plurality of journal data stored in the journal data storage volume to the backup data storage volume, the journal data corresponding to the reflected data is written. Write the journal data to be newly written to the journal storage volume using the area that has been
Sending information including a plurality of restoration points that can be restored with the journal data and the backup data to computers included in the plurality of computers,
Using the journal data identified by the restoration point designated by the computer that receives the information including the plurality of restoration points among the plurality of restoration points, and the backup stored in the backup data storage volume, A storage system, wherein data corresponding to a specified restoration point is restored to an area different from the data storage volume.
The storage system of claim 1,
The control apparatus transmits the information on the plurality of restoration points to a computer included in the plurality of computers in response to a request from the computer included in the plurality of computers.
The storage system according to claim 1 or 2,
  The storage system, wherein the computer that transmits update data is the same as the computer that receives the information including the plurality of restoration points from the control device.
The storage system according to any one of claims 1 to 3,
The storage system, wherein a computer that receives the information including the plurality of restoration points from the control device is a host computer.
The storage system according to any one of claims 1 to 4,
The storage system, wherein the plurality of computers includes a plurality of types of computers.
A storage system according to any one of claims 1 to 5,
The storage system, wherein the information including the plurality of restoration points is a list including the plurality of restoration points.
The storage system according to any one of claims 1 to 6,
The storage system, wherein the journal data includes information necessary for restoring data of the data storage volume corresponding to one of the plurality of restoration points.
A storage system according to any one of claims 1 to 7,
The storage system according to claim 1, wherein at least one of the plurality of restoration points is set by at least one of the plurality of computers.
A storage system according to any one of claims 1 to 8,
The control device stores the information on the plurality of restoration points in the control device.
A storage system according to any one of claims 1 to 9,
The storage system, wherein the control device stores information on at least one of the plurality of restoration points in the control device.

Images