JP2000222358A - Data back-up and data recovery device - Google Patents

Abstract

PROBLEM TO BE SOLVED: To simplify the construction of the data back-up and data recovery system of the data file of the storage device of a host. SOLUTION: A data recovery box 15 incorporating a CPU 17 and a storage device 18 for data back-up in a case body 16 is connected through an LAN cable with the network of a host 10 as a device exclusively used for data back-up and data recovery. After the host 10 being the object of data back-up and data recovery is set in the data recovery box 15, the data file of the host 10 is automatically processed for data back-up and data recovery by the CPU 17.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

The present invention relates to a data backup and data recovery apparatus for backing up and recovering data files of a host in a network.

[0002]

2. Description of the Related Art A data file of a network host is recorded on an HD (hard disk), and a system for data backup and data recovery is provided in response to the loss or destruction of part or all of the data file due to an accident or the like. Has been taken. Conventional data backup of host data files uses multiple HDs and uses methods such as parallel recording and mirroring. These data backups are specially developed data backup and data recovery software. Is incorporated in the host, and is executed by the CPU of the host.

[0003]

The problems of the conventional data backup and data recovery are as follows. (A) Data backup requires complicated settings for connecting and driving external recording hardware to the host, and in addition to installing backup-dedicated software and setting up a backup program, it is necessary to construct a backup. Requires specialized knowledge. (B) Adding complicated settings and hardware to the host, and installing backup software makes it impossible to escape from problems such as troubles and failures, and provides an environment where problems tend to occur in terms of reliability. To address this,
In order to improve the reliability of the system, the system must be larger than necessary, the cost of the system increases, and it is not suitable for a small network system. (C) An operator is indispensable, and requires an expert operator in operation, and an operator is indispensable for periodically managing data backup, leading to an increase in cost. (D) In general, data backup of a host is usually stored in an external recording medium such as MO or DAT and stored near the host. However, in order to protect data from natural disasters, etc. Storage is required. For this reason, it has been required to periodically store the recording media in a remote place using a transportation means, but it is costly and troublesome, and is not suitable for a small-scale backup system.

An object of the present invention is to provide a data backup and data recovery device (15) which can overcome the above-mentioned problems.

[0005]

A data backup and data recovery apparatus (15) of the present invention includes a CPU (17), a program storage unit, and a data backup storage device (18) in a single housing (16). ), And a data backup module (22) and a data recovery module (23) to be executed by the CPU (17) are already installed in the program storage unit. It can be transported, and is detachably connected to a computer network host (10) via a network cable.During connection, the CPU (17) automatically executes the data backup module (22) and the data recovery module (23). Automatically backing up data files in the host storage device (12) of the host (10) to the data backup storage device (18), Adapted to automatic data recovery Kkuappu storage device backup file (18) a host storage device of the host (10) to (12).

This data backup storage device (18)
Is provided to the user as a substantially dedicated device for data backup and data recovery. However, some accessory software irrelevant to the data backup and data recovery processing may be provided for the convenience of the user. A common storage device is usually used for the program storage unit and the data backup storage device (18).
The housing (16) is, for example, about the size of a middle tower of a personal computer. The network cable is usually a LAN cable, and a data backup and data recovery device (1
When the host 5 is connected to the host 10 via a LAN, if the setting of the IP address is not automatic in the data backup storage device 18, the user is required to have knowledge about the setting of the IP address. The required specialized knowledge is lower in each step than in the setting operation in 10). The setting in the data backup storage device (18) by the user
Since the data backup and data recovery is performed not through the CPU (11) but through the CPU (18) of the data backup / data recovery device (15) itself, the data file (data file and data Is a database file in general, but also includes data files other than the database file.) The host (10) that manages the file is minimal and simple, such as setting any one of them. Note that, by default, the data backup and data recovery device (15) normally targets all data files of the host (10) set as a data backup source for data backup and data recovery. Preferably, the target data file can be limited. Thus,
The data backup and data recovery device (15) automatically backs up and recovers data files in the host storage device (12).

The data backup / data recovery device (15) is versatile, and the user purchases the data backup / data recovery device (15) by itself, and himself / herself connects the data backup / data recovery device via a network cable. By connecting (15) to the network and performing the necessary minimum settings sufficient with the knowledge of the user level, data backup and data recovery of the data file of the host (10) can be performed. In addition, the increase and decrease in the capacity of data backup and data recovery can be easily dealt with by increasing or decreasing the number of data backup and data recovery devices (15) connected to the network. In addition, one host (10)
Data backup and data recovery for one data file
If it is difficult for (15) to handle the data backup / data recovery device (15) due to the storage capacity of the data backup storage device (18), connect a plurality of data backup / data recovery devices (15) to the network. You may connect to. In such a case, the data backup and data recovery device (15) must use the data files to be backed up and recovered by the data backup and data recovery device (15) so that the data backup and data recovery are not duplicated. Make settings so that they differ or the data backup time is shifted. Even if there is a change in the network and there is a change in the host (10) in charge of the data file, it can be easily dealt with by changing the settings of the backup source host (10) in the data backup and data recovery device (15).

According to the data backup / data recovery device (15) of the present invention, the network cable
AN cable, IEEE 1394 cable, or USB
Cable.

When a data backup and data recovery device (15) is connected to a network using IEEE 1394 or USB, the user settings are automatically set to IP addresses, thereby further reducing the burden on the user. In addition, the data backup and data recovery device (15)
It is not assumed that only the LAN, the IEEE 1349, and the USB can be connected to the host (10).
349, and may be provided to the user as being compatible with any of the USB connections.

The data backup and data recovery device (15) of the present invention enables data backup and data recovery of data files of not only one host (10) connected to a network but also a plurality of hosts. ing.

Depending on the network, there may be a plurality of hosts (10) as database servers. The data backup and data recovery device (15)
A plurality of hosts (10) for data backup and data recovery can be set and registered by user setting. Data backup and data recovery device (15)
The capacity of the data backup and data recovery is limited by the storage capacity of the data backup storage device (18), but if the storage capacity of the data backup storage device (18) is sufficient, a plurality of hosts (10) Data backup and data recovery of the data file can be performed. Alternatively, reduce the number of generations that retain data backups or increase the time interval of data backup to reduce the limited storage capacity of the data backup storage device (18) of the data backup and data recovery device (15). Thus, data files of a plurality of hosts (10) can be backed up to a single data backup and data recovery device (15).

The data backup and data recovery apparatus (15) of the present invention is capable of arbitrarily setting data backup and data recovery targets from data files of the host (10).

According to the data backup / data recovery device (15) of the present invention, the data backup
The data file of (10) is encrypted and recorded in the data backup storage device (18), and the data recovery decrypts the encrypted data of the data backup storage device (18),
The data is returned to the host storage device (12) of the host (10).

Thus, even if a backup file is stolen from the data backup storage device (18) of the data backup / data recovery device (15), data security is ensured.

According to the data backup / data recovery device (15) of the present invention, the remote backup / recovery module is provided, and the CPU (17) executes the remote backup / recovery module to execute the data backup storage device (18). Copy the encrypted backup file to the communication
Connected remote backup device connected via (32)
In (31), data backup and data recovery are performed.

The communication path (32) may be an Internet communication path or a dedicated line. The data file of the data backup storage device (18) of the data backup and data recovery device (15) is a remote backup device
Automatic data recovery to (31) and automatic data recovery by the backup file of the remote location backup device (31) increases reliability. When the backup file of the data backup storage device (18) is in an encrypted format, security can be assured even by using the Internet communication path.

According to the data backup / data recovery device (15) of the present invention, the external key is authenticated by collating the password, and only when the external key is authenticated, is the encryption and decryption performed by the external key. Is being implemented.

The external key is recorded, for example, on an IC card. External keys are securely stored in place to prevent theft. In other words, if the thief removes the data backup and data recovery device (15) and tries to decrypt the data backup and data recovery device (15) elsewhere, if there is no external key, the external Even if there is, if it is not authenticated, the encrypted backup file cannot be decrypted. This increases data security.

According to the data backup / data recovery device (15) of the present invention, the key data of the authenticated external key is recorded in the internal volatile memory (24), and the volatile memory (24) Only when the contents of the key are stored in the memory, encryption and decryption are allowed, and the key data in the volatile memory (24) is
The power is lost when the power supply to the volatile memory (24) is interrupted.

The volatile memory (24) stores volatile memory
As soon as the power supply to (24) is cut off, it will disappear. The supply of power to the volatile memory (24) occurs when the power supply of the data backup and data recovery device (15) is turned off when there is no backup power supply (19). If there is a backup power supply (19), the power supply to the volatile memory is cut off as soon as the power of the backup power supply (19) is lost. When the thief tries to steal the data backup and data recovery device (15), the power cable of the data backup and data recovery device (15) is disconnected from the outlet,
Further, even if the backup power supply (19) is provided, since the power backup time by the backup power supply (19) is limited, the key data in the volatile memory (24) will eventually be lost. Therefore, those who carry out the data backup and data recovery device (15) and try to steal the data of the data backup and data recovery device (15) must also steal the external key together, and the data backup The burden of stealing the data recovery device (15) can be increased.

According to the data backup / data recovery device (15) of the present invention, the data backup storage device (18) includes a plurality of types of recording media having different recording formats, and each recording medium has a host (10). The backup file of the data file was recorded.

The types of the data backup storage device (18) are, for example, HD, MO, DVD, and DAT. The type of data backup storage device (18) has advantages and disadvantages as a data backup recording medium, and by performing data backup on these multiple types of recording media, the advantages of each recording medium can be comprehensively evaluated as a whole. Can demonstrate.

According to the data backup / data recovery device (15) of the present invention, the recording medium is equipped with one main recording medium and at least one sub recording medium, and is recorded on the sub recording medium. It is determined whether the backup file that is being used has a backup generation closer to the present time than the backup file recorded on the main recording medium, or the backup generation has been skipped.

Depending on the type of recording medium, the storage capacity is limited, and it is impossible to perform the same data backup uniformly regardless of the type of recording medium. The main recording medium can be a recording medium of a sufficient storage capacity, for example, HD, and the sub-recording medium can be a recording medium with a small storage capacity, for example, MO.
In this way, it is possible to perform data recovery with little trouble at the time of actual data recovery while securing data backup to a plurality of types of recording media.

According to the data backup / data recovery apparatus (15) of the present invention, a backup power supply (19) for coping with a power failure during the data backup processing and the data recovery processing and securing power until the processing is completed. ) Is equipped.

Data backup and data recovery device
In (15), even if there is a power failure of the main power supply during data backup or data recovery, the power supply of the backup power supply (19) terminates the data backup and data recovery and then stops. Thus, interruption of data backup and data recovery due to a power failure can be prevented, and reliability can be improved.

According to the data backup / data recovery device (15) of the present invention, the data backup / data recovery device (15) is provided with a movement detecting means for detecting that the casing (16) has been moved. Even though the power supply (19) is in operation, the CPU (17) writes null data in the volatile memory (24) and loses the key data.

Conversely, the equipment of the back-up power supply (19) is designed so that the thief can use the data backup and data recovery device (15).
In order to steal the key data, the volatile memory (24) leads to holding the key data by the power from the backup power supply (19). Therefore, the CPU (17) forcibly writes null data to the volatile memory (24), so that the data backup and data recovery device (15) is taken out, but the volatile memory (24) Key data can be prevented from remaining.

According to the data backup and data recovery device (15) of the present invention, the CPU (17) of the data backup and data recovery device (15) and the CPU of the host (10)
The operation of (11) is monitored, and if an abnormality is found, an alarm transmission unit (20) for alarming a manager via a public telephone line is provided.

The administrator is released from the necessity of always waiting near the data backup / data recovery device (15).

[0031]

Embodiments of the present invention will be described below with reference to the drawings. FIG. 1 is an explanatory diagram of data backup and data recovery using the data recovery box 15. The host 10 includes a CPU 11 and a storage device 12 for storing a plaintext data file (generally, a plaintext database file or a plaintext data file other than other database files is also included).
Presents corresponding data file data in response to a request for reading, searching, writing, updating, etc. of a data file from each terminal connected via the AN and the WAN,
They are added and updated. Commands and data file data are sent and received in plain text to and from the terminals in the LAN. However, with the WAN terminal, the data file data is encrypted at the entrance to the Internet line or public line, and the data is transmitted to the Internet line or public line. Commands and data file data are transmitted in the line by encryption. Data Recovery Box (DRA-BOX: Data
Recovery Archives-BOX) 15
Is connected to a network including the host 10 via a LAN cable. In the data recovery box 15, a CPU 17, a data backup storage device 18, an UP
S (uninterruptible power supply) 19, alarm transmission unit 20, monitoring function unit 21,
A data backup module 22, a data recovery module 23, and a volatile memory 24 are built in the housing 16. In addition to the data recovery box 15, an IC card 26 is handed to the administrator of the data recovery box 15, and an encryption key is recorded on the IC card 26. The administrator carries a telephone or pager 27. Remote location 30 has a remote storage device
31 is prepared, and data can be transmitted and received between the data backup storage device 18 of the data recovery box 15 and the remote storage device 31 of the remote location 30 via the communication path 32.

Once the data recovery box 15 is started,
It comes into operation without stopping. Data recovery box
When the 15 is activated, the display that is integrated with or separate from the data recovery box 15 indicates that the IC card 26 is to be inserted into a card reader (not shown) attached to the data recovery box 15. 26, and then enter the password from the keyboard attached to the data recovery box 15. If the password entered by the administrator matches the password already registered in the IC card 26, it is authenticated that the IC card 26 has been presented by an authorized administrator, and the key data of the IC card 26 is stored in the volatile memory 24. I do. After authentication, the IC card 26 is stored in a secure management place. Note that the password itself recorded on the IC card 26 used for this authentication is also encrypted and recorded, and a third party including a user can read the password recorded on the IC card 26 and read the password. However, it is difficult to know what a flat data format password is. At the first start-up after connection to the network, prior to the start of use of the data recovery box 15, the administrator performs data backup and data recovery on the display screen integrated with or separate from the data recovery box 15. The host 10 having the data file performs any setting. Also, by default,
All data files in the storage device 12 of the host 10 set as the data backup source are targeted for data backup and data recovery.
On the 15th screen, you can select the data files to be backed up and recovered and set them again. After startup, the data recovery box 15 automatically backs up data files in the storage device 12 of the host 10. The data backup does not copy the data file of the storage device 12 to the data backup storage device 18 as it is, but uses the key backup data stored in the volatile memory 24 and the data backup module.
After being converted into an encryption by 22, it is written into the data backup storage device 18 in an encryption format. When it is detected that the data file of the storage device 12 has been lost or damaged,
The encrypted data file in the data backup storage device 18 is decrypted by the data recovery module 23 while using the key data held in the volatile memory 24, returned to the original plaintext state, and then stored. Write to device 12. Encryption and decryption using the data backup module 22 and the data recovery module 23 are performed by the host 10.
The monitoring is performed by the CPU 17 independent of the monitoring function unit 21. Therefore, the host 10 does not require installation of backup software or special settings, and can be easily set with the skill of a personal computer user. In addition, data backup uses the number of generations of backup files specified by user settings to the data backup storage device.
18 and the data recovery is performed by referring to the log, going back to the past generation that needs to be recovered. Further, the CPU 17 of the data recovery box 15 constantly monitors the status of the CPU 11 of the host 10 independently, thereby enhancing backup security.

The data backup storage device 18 of the data recovery box 15 is composed of a plurality of types of recording media. The main backup is assigned to the HD that can secure a large capacity and has a high read / write speed, and the sub backup is
At least one type of recording medium, if possible, a plurality of types of recording media, for example, MO, DVD, and / or DAT, and after completion of the main backup, a file of a generation set for each medium is transferred to the main recording medium. Will be copied to the secondary recording medium. The main and sub recording media are different in recording method, standard, and medium type, and construct a local backup that exceeds the reliability of data backup as a whole.

The data recovery box 15 stores the data in the data backup storage device 18 as soon as the data backup is completed.
Next, the recorded backup file is sent to the remote storage device 31 at the remote location 30 via the communication path 32, and the data is backed up to the remote storage device 31. Data Recovery Box 15
When the backup file of the data backup storage device 18 is destroyed, the remote storage device
31 backup files are obtained, and the data is recovered to the data backup storage device 18. Communication channel
The exchange of data between the data recovery box 15 and the remote place 30 via 32 is performed in ciphertext, so that the contents are prevented from leaking.

The UPS 19 prevents the execution of the data backup module 22 and the data recovery module 23 from being interrupted due to a sudden power failure during the execution of the data backup module 22 and the data recovery module 23. When a thief or the like attempts to move the data recovery box 15 in order to steal the contents recorded in the data backup storage device 18, a micro switch or a magnetic switch provided at the bottom of the housing 16 may be used. , It is detected. With the detection, the CPU 17 writes a null (zero) in the volatile memory 24, and erases the key data held in the volatile memory 24 until then. Volatile memory 24
Also, when the power supply is cut off, the stored data is lost. After the loss of the key data in the volatile memory 24, it is difficult to decrypt the backup file in the data backup storage device 18 by the data recovery module 23 unless the key data of the IC card 26 is read again and the authentication is not performed again. .

The monitoring function unit 21 receives the CP via the CPU 17
It is possible to monitor whether or not U11 is operating normally, and it is also possible to directly monitor whether or not CPU 17 is operating normally. If it is determined that the CPU 11 or 17 is not operating normally, this is notified to the alarm transmitting unit 20, and the alarm transmitting unit 20 notifies the telephone or pager 27 of the administrator via the public line. The monitoring function unit 21 further provides an alarm when a thief or the like attempts to move the data recovery box 15 from a predetermined position, the power plug is unplugged, or the above-described microswitch or the like detects the movement of the data recovery box 15. Telephone or pager 27 via transmitter 20
It also serves to send an alert to In the UPS 19, after the main power of the data recovery box 15 is turned off, the monitoring function unit 21 operates the alarm transmitting unit.
Guarantee the power before sending an alert to the telephone or pager 27 via 20. The alarm transmitting unit 20 not only transmits the alarm itself to the telephone or the pager 27 by voice, but also transmits the contents of the emergency itself (the CPU 17 goes down, the data recovery box 15 moves, and / or the main power supply of the data recovery box 15 turns off). Was it.)
May be notified by voice to a telephone or pager 27.

[Brief description of the drawings]

FIG. 1 is an explanatory diagram of data backup and data recovery.

[Explanation of symbols]

DESCRIPTION OF SYMBOLS 10 Host 11 CPU 12 Storage device (storage device for host) 15 Data recovery box (data backup and data recovery device) 16 Case 17 CPU 18 Storage device for data backup 19 UPS (backup power supply) 20 Alarm transmission part 21 Monitoring function Part 22 Data backup module 23 Data recovery module 24 Volatile memory 30 Remote location 31 Remote storage device (remote backup device) 32 Communication path

 ──────────────────────────────────────────────────続 き Continuing on the front page (72) Inventor Ogasawara ▲ Taka ▼ History 1-14-6 Dogenzaka, Shibuya-ku, Tokyo Inside Kenwood Co., Ltd. (72) Inventor Isamu Usui 1-16-16 Dogenzaka, Shibuya-ku, Tokyo Inside Kenwood Co., Ltd. (72) Inventor Masaru Ishida 1-14-6 Dogenzaka, Shibuya-ku, Tokyo Inside Kenwood Co., Ltd. (72) Inventor Hideo Arikawa 10th Ichibancho, Chiyoda-ku, Tokyo Inside Ars System Co., Ltd. (72 ) Inventor Masakazu Udagawa 10th Ichibancho, Chiyoda-ku, Tokyo F-term in ARS System Co., Ltd. (reference) 5B082 DC12 5B085 AC03 AC16 BG07 5J104 AA07 KA01 KA04 NA02 NA05 NA27 PA07

Claims (13)

[Claims] 1. A CPU (17), a program storage unit, and a data backup storage device (18) are incorporated in one housing (16), and the CPU (1) is stored in the program storage unit.
It is assumed that the data backup module (22) and the data recovery module (23) to be executed in 7) have been installed, and the entire chassis (16) can be transported to any location,
It is detachably connected to the host (10) of the computer network via a network cable.
The data backup module (2) by the CPU (17)
2) and automatic execution of the data recovery module (23), automatically backing up the data file of the host storage device (12) of the host (10) to the data backup storage device (18), Host backup file of backup storage device (18)
(10) A data backup and data recovery apparatus characterized in that automatic data recovery is performed on the host storage device (12). 2. The data backup and data recovery device according to claim 1, wherein the network cable is a LAN cable, an IEEE 1394 cable, or a USB cable. 3. The data backup and data recovery of data files of not only one host connected to the network but also a plurality of hosts is possible. Data backup and data recovery device as described. 4. The data backup and data recovery target can be arbitrarily set from the data files of the host (10).
3. The data backup and data recovery device according to any one of 3. 5. The data backup encrypts the data file of the host (10) and records it in the data backup storage device (18), and the data recovery decrypts the encrypted data of the data backup storage device (18). 5. The data backup and data recovery apparatus according to claim 1, wherein the data is returned to the host storage device (12) of the host (10). 6. A remote backup / recovery module is provided, and the CPU (17) executes the remote backup / recovery module to transfer an encrypted backup file of the data backup storage device (18) to a communication path (32). The data backup and data recovery apparatus according to any one of claims 1 to 5, wherein data backup and data recovery are performed on a remote backup apparatus (31) connected via the PC. 7. An external key is authenticated by collating a password, and only when the external key is authenticated, encryption and decryption are performed with the external key. A data backup and data recovery device according to claim 1. 8. The key data of an authenticated external key is recorded in an internal volatile memory (24), and decryption is performed only when the content of the key is held in the volatile memory (24). The apparatus according to any one of claims 1 to 7, wherein the key data of the volatile memory (24) is allowed to be lost when power supply to the volatile memory (24) is interrupted. Data backup and data recovery device as described. 9. The data backup storage device (18).
90. A storage medium comprising a plurality of types of recording media having different recording formats, and a backup file of the data file of the host (10) is recorded on each recording medium. Data backup and data recovery device. 10. The recording medium includes one main recording medium and at least one sub recording medium, and a backup file recorded on the sub recording medium is recorded on the main recording medium. 10. The data backup and data recovery apparatus according to claim 9, wherein the backup generation is limited to a backup generation closer to the present time or the backup generation is thinned out. 11. A backup power supply (19) for coping with a power failure during a data backup process and a data recovery process and securing power until the process is completed. 10. The data backup and data recovery device according to 10. 12. A movement detecting means for detecting that the housing (16) has been moved, and as soon as the movement is detected by the movement detecting means, the backup power supply (19) may be in operation. The CPU (17) is the volatile memory
12. The data backup and data recovery apparatus according to claim 11, wherein the key data is lost by writing null data in (24). 13. The CPU of the host (10) and the CPU (17) of the data backup / data recovery device (15).
The system according to any one of claims 1 to 12, further comprising an alarm transmitter (20) for monitoring the operation of the PU (11) and alerting an administrator via a public telephone line if an abnormality is found. Data backup and data recovery device as described.