JP2000082008A - Data security method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide the data security method which is usable from a remote place even in the case of an areal-scale disaster and protects a disturbing change by a cracker. SOLUTION: Host computers 1, 2 and 3 are provided and the host computer 1 forms part of a network and is connected to the Internet; and the host computer 2 form a master and the host computer 3 forms a slave. The host computers 1, 2 and 3 are connected and the hosts 2 and 3 share data and data are secured by local backup in emergency. The same data are stored in a similar storage system at a remote place through the host computer 1 and in the case of a large-scale disaster, etc., the data stored in the remote storage system are used by other CPUs to continue the service.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

The present invention relates to a data security method for securing data from an unexpected accident such as a large-scale disaster.

[0002]

2. Description of the Related Art With the spread of computers, data is gathered in a server by a server / client connection, and is shared by many users.
However, when data is used in such a situation, the data may be destroyed due to a failure of the storage device or a trouble of the computer itself.

[0003] Therefore, so-called RAID, in which a plurality of disk drives are arranged as storage devices and data is distributed to these disk drives and accessed in parallel, mirroring which is a multiplex storage of storage contents, parallel computing, backup by a tape device, and the like are considered. It has been quite effective. However, when these data security methods are used, in the event of a regional disaster such as a large earthquake, the data evacuated for security is stored almost in a geographically close place, so it is completely powerless. is there.

Meanwhile, in order to guarantee data, a method of periodically backing up and storing a disk of a file server that collectively manages data by a tape device and coping with troubles such as a disk crash. . In addition, a method based on disk mirroring also deals with troubles such as disk crashes. Furthermore, the method of making the disk have a RAID structure is mainly used to guarantee the reliability of writing / reading to / from the disk, and therefore, a function such as error correction is also used.

In an environment using a mainframe or the like, backup is often performed mainly on tape. However, when data is stored in a remote place or when the data is mutually used, a dedicated connection is required. The use is limited to companies and the like that set up the line, and it has been difficult for many users to share data storage locations and exchange data with each other.

[0006]

As described above, many of the data security methods that have been used in the past are mainly for improving the reliability of storage, and for protecting the contents of the storage device, a tape is often used. Has been done with backup to. However, there is a problem in that if the CPU managing the disk itself stops, data cannot be used, and there is a danger that data will be substantially destroyed if a regional disaster occurs.

SUMMARY OF THE INVENTION An object of the present invention is to provide a data security method which can be used from a remote location even in the event of a disaster on a regional scale, and which is not affected by a cracker or the like.

[0008]

According to a first aspect of the present invention, there is provided a data security method comprising: a slave provided at a position within a predetermined narrow geographical range from a position where a first host computer forming a master is connected; Is stored in the same directory location as the directory location in the first host computer at every predetermined time interval, and shared by the second host computer that forms the data. It is characterized by data.

According to the data security method according to the first aspect of the present invention, the data stored in the first host computer is stored in the second host computer with the directory position and the ownership being matched. Even if the use of the data stored in the first host computer is hindered, the data stored in the second host computer can be used and the data is guaranteed.

According to a second aspect of the present invention, there is provided the data security method according to the first aspect, wherein the data having the same content as the data stored in the first host computer is compressed at predetermined time intervals. And storing the data in another storage area in the first host computer as backup data.

According to the data security method of the second aspect of the present invention, data having the same content as the data stored in the first host computer is compressed and stored in the first host computer at predetermined time intervals. Is stored in the storage area and used as backup data, so data is guaranteed by the backup data.

According to a third aspect of the present invention, there is provided a method for securing data to a third host computer which forms another master and which is provided at a geographically remote location from the contact position of the first host computer which forms the master. In addition, data having the same contents as the data stored in the first host computer is transferred and stored at predetermined time intervals via a firewall to be shared data.

According to the data security method of the third aspect of the present invention, the third host forming another master provided at a location geographically remote from the contact position of the first host computer forming the master. Since the same data as the data stored in the first host computer is transferred to and stored in the computer at predetermined time intervals via a firewall, and is used as shared data, the first host computer Even if the stored data cannot be used, the data transferred to and stored in the third host computer can be used, and the data is guaranteed.

[0014]

DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, a data security method according to the present invention will be described with reference to embodiments.

FIG. 1 is a block diagram showing a configuration of an apparatus to which a data security method according to an embodiment of the present invention is applied.

An apparatus according to an embodiment of the present invention includes a host computer (hereinafter, simply referred to as a host) 1, a host 2 and a host 3. Host 1 forms part of a network and is connected to the Internet, Host 2 forms a master, Host 3 forms a slave, and Host 1 and Hosts 2 and 3 are connected, mainly by Host 2 and Host 3. Data is backed up within a predetermined narrow geographical area (also referred to as local) indicated by a broken line in FIG.

In this way, in an emergency, data is guaranteed by local backup, and the same data is stored via the host 1 in a similar remote storage system. When local data cannot be guaranteed due to a disaster or the like, the service can be continued by using another host for data stored in a remote storage system.

Furthermore, the host 2 and the host 3 prevent cracking from an external network by the function of a firewall provided in the host 1, and protect data and devices.

The host 3 periodically backs up the data stored in the host 2, and if the host 2
When the operation stops, a normal user uses the host 3 as a shared disk.

The contents of the data stored in the host 2 are periodically transmitted to another host connected to the network via the host 1. Conversely, the data contents of another host are also backed up.

The operation of the above-described device is as shown in FIG. 2 and will be described in detail.

For example, in the host 2, data in the personal data storage area 21 that is always used, data in the group data storage area 22, and unspecified multiple data storage area 23
Are written and used as a file 24 in the host 2 forming the master. Host 2
Are periodically grouped together in a file, compressed, and stored in another local backup area 26 in the host 2. Therefore, data is also backed up in the host 2.

The data compressed and stored in the file 24 in the host 2 is transferred by the transfer means 25 to the host 3 forming a slave. The transferred data is stored in the host 3 and decompressed (decompressed) separately in the host 3, and the data content is expanded in the same directory position as the host 2.

As a result, even if the host 2 stops operating, the data can be used at exactly the same directory location by changing the access destination to the host 3. Further, since the files are collectively collected together with the permissions of each file, the access right of each file is also restored.

The above is the backup operation between the local hosts. By exactly the same procedure, the files at the remote location, that is, the host 5 at the other side of the network are collectively collected into a file and the compressed file is compressed. To exchange and save data with the host. Here, the host 5 corresponds to the hosts 1, 2 and 3 similar to those shown in FIG.

As described above, according to the embodiment of the present invention, the host 2 is used as a normal file server. However, since data having the same contents is also prepared in the directory position of the host 3, Even if the host 2 stops operating, data can be used by connecting to the host 3.

In order to perform file sharing, a domain name service needs to be provided in this network. According to the embodiment of the present invention, the host 2 normally performs the primary name service, but by providing the host 3 with the secondary name service, the file sharing operation can be performed without any trouble even when the host 2 stops operating. Can continue.

The backup of data from the host 2 to the host 3 according to the embodiment of the present invention is compressed in a lump including the positional relationship of the file directory and the permission account, and is transferred to the host 3. By expanding the data as it is on the host 3, the positional relationship and permissions of the user data of the two hosts become the same, and the data directly transferred to the host 3 can be used.

According to the embodiment of the present invention, since the host 2 and the host 3 are protected by the firewall provided by the host 1, security against cracking from the Internet or the like is improved. I have. Also, the connection destination can be restricted.

According to the embodiment of the present invention, since the unnecessary firewall does not exist at all in the network in which the host 2 and the host 3 exist by providing the firewall, the communication between the host 2 and the host 3 is performed. Data exchange between them can be performed at high speed.

In the embodiment of the present invention, a case where two sets of backup domains are used has been described as an example.
By connecting such sites using the Internet, etc. and backing up each other, not only can data in an emergency be protected, but also the same data can be stored in geographically separated locations. Is also prepared, so that the data can be referred to only one place, the access can be distributed and the network traffic can be improved.

[0032]

As described above, according to the data security method according to the present invention, it is possible to use the data security method from a remote location even in the event of a disaster on a regional scale.

[Brief description of the drawings]

FIG. 1 is a block diagram showing a configuration of a device to which a data security method according to an embodiment of the present invention is applied.

FIG. 2 is a schematic diagram for explaining the operation of a device to which the data security method according to one embodiment of the present invention is applied;

[Explanation of symbols]

 1, 2, and 3 Host computer 21 Personal data storage area 22 Group data storage area 23 Unspecified large number data storage area 23 24 File 25 Transfer means 26 Local backup area

Claims (3)

[Claims] 1. A first host computer which is stored in a second host computer which forms a slave and is provided at a position within a predetermined narrow geographical area from a contact position of the first host computer which forms a master. A data security method comprising storing data having the same content as data at a predetermined time interval at the same directory position as the directory position in the first host computer, to thereby form shared data. 2. The data security method according to claim 1,
A data security method comprising compressing data having the same contents as data stored in a first host computer and storing the compressed data in another storage area in the first host computer at predetermined time intervals to obtain backup data. . 3. The data stored in the first host computer, the data being stored in a third host computer forming another master, which is geographically remote from the contact position of the first host computer forming the master. A data security method characterized in that data having the same content is transferred and stored at predetermined time intervals via a firewall, and is used as shared data.