JP2020030580A - Information processing apparatus, data management method, and data management program - Google Patents

Abstract

To back up highly important data within battery duration according to a failure occurrence situation.SOLUTION: A battery 13 supplies power for storing data from a volatile storage apparatus 11 to a non-volatile storage apparatus 12 at the time of power failure of a power supply. A control unit 14 executes a backup process of storing data groups DG1 to DG3, stored in the volatile storage apparatus 11, in the non-volatile storage apparatus 12 in the descending order of priority at the time of power failure. In this backup process, the control unit 14 determines a failure state related to voltage supply from the battery 13 based on the supply voltage supplied from the battery 13 each time the storage of the data groups DG1 to DG3 in the non-volatile storage apparatus 12 is completed; and determines whether the data group having the next highest priority among the data groups DG1 to DG3 is to be stored in the non-volatile storage apparatus 12 based on the failure state.SELECTED DRAWING: Figure 1

Description

  The present invention relates to an information processing device, a data management method, and a data management program.

  Since the data stored in the volatile storage device is lost when a power failure occurs, when a power failure occurs, the data in the volatile storage device can be backed up to the non-volatile memory using the power of the battery. Is being done.

  As an example of such a technique, a storage system has been proposed in which which information element stored in a volatile memory is to be placed in the event of a power failure in accordance with the state of charge of a battery. . A disk control device that starts a data save process of only data having a write data attribute in a cache memory when a remaining power amount of a battery unit becomes equal to or less than a save energy amount required for executing the data save process during a power failure. Has been proposed.

International Publication No. 2010/064280 JP-A-9-330277

  By the way, when a failure occurs in a circuit on the voltage path from the data backup battery as described above, the failure may increase the power consumption of the battery and shorten the duration of the battery. If such a failure occurs unexpectedly, the backup process is interrupted and important data is not completed before the data is lost.

  In one aspect, an object of the present invention is to provide an information processing apparatus, a data management method, and a data management program that can back up highly important data within a battery duration corresponding to a failure occurrence situation. .

  In one scheme, a volatile storage device, a non-volatile storage device, a battery that supplies power for storing data from the volatile storage device to the non-volatile storage device during a power failure, and a volatile storage device during a power failure. There is provided an information processing apparatus having a control unit for executing a backup process of storing a plurality of types of data groups of which priorities have been set in advance and stored in a nonvolatile storage device in descending order of priority. . Further, in this information processing device, the control unit performs the backup process based on the supply voltage supplied from the battery every time the storage of the plurality of types of data groups in the nonvolatile storage device is completed. A failure state regarding voltage supply is determined, and based on the failure state, it is determined whether or not a data group having the next highest priority among a plurality of types of data groups is to be stored in the nonvolatile storage device.

According to another aspect, there is provided a data management method in which the same processing as that performed by the control unit of the information processing apparatus is executed by a computer.
Further, in one proposal, a data management program for causing a computer to execute the same processing as that of the control unit of the information processing apparatus is provided.

  In one aspect, highly important data can be backed up within the battery duration according to the failure occurrence situation.

FIG. 2 is a diagram illustrating a configuration example and a processing example of the information processing apparatus according to the first embodiment. FIG. 14 illustrates a configuration example of a storage system according to a second embodiment. FIG. 3 is a diagram illustrating a hardware configuration example of a CM. FIG. 11 is a diagram for describing cache mirroring between CMs. It is a figure for explaining backup processing at the time of a power failure. FIG. 3 is a diagram illustrating an example of an internal configuration of a power control circuit. It is a figure showing an example of transition of a battery voltage. FIG. 3 is a block diagram illustrating a configuration example of a processing function included in a CM. FIG. 3 is a diagram illustrating a configuration example of a cache management table. FIG. 9 is a diagram for describing data priorities. FIG. 4 is a diagram illustrating a configuration example of a backup management table. FIG. 13 is a diagram illustrating an example of a backup process according to priority. It is an example of the flowchart which shows the processing procedure of CM at the time of a power failure. It is an example (the 1) of the flowchart which shows the processing procedure of CM at the time of power restoration. It is the example (the 2) of the flowchart which shows the processing procedure of CM at the time of power restoration.

Hereinafter, embodiments of the present invention will be described with reference to the drawings.
[First Embodiment]
FIG. 1 is a diagram illustrating a configuration example and a processing example of the information processing apparatus according to the first embodiment. The information processing device 10 includes a volatile storage device 11, a nonvolatile storage device 12, a battery 13, and a control unit 14.

  The volatile storage device 11 stores a plurality of data groups in which priorities are set in advance. In the example of FIG. 1, the data group DG1 with the highest priority “priority 1” is set, the data group DG2 with the next highest priority “priority 2” is set, and the lowest priority is set. It is assumed that a data group DG3 to which "priority 3" is set is stored.

  Here, a higher priority is set for a data group with higher importance. For example, a higher priority is set for data used by the information processing apparatus 10 by itself than backup data of another information processing apparatus.

The data groups DG1 to DG3 stored in the volatile storage device 11 are backed up in the nonvolatile storage device 12 at the time of power failure.
The battery 13 supplies power for storing the data groups DG1 to DG3 stored in the volatile storage device 11 in the non-volatile storage device 12 at the time of a power failure. Since the storage of such data is executed under the control of the control unit 14, the power from the battery 13 at the time of the power failure is supplied to the volatile storage device 11, the nonvolatile storage device 12, and the control unit 14.

  The control unit 14 is realized, for example, as a processor. At the time of a power failure, the control unit 14 executes a backup process of storing the data groups DG1 to DG3 stored in the volatile storage device 11 in the nonvolatile storage device 12 in descending order of priority. In addition, every time the process of storing one data group in the nonvolatile storage device 12 is completed in the backup process, the control unit 14 controls the voltage supply from the battery 13 based on the supply voltage supplied from the battery 13. The failure state of Then, the control unit 14 determines whether or not the data group having the next highest priority is to be stored in the nonvolatile storage device 12 based on the determined failure state.

  For example, the control unit 14 first stores the data group DG1 having the highest priority in the nonvolatile storage device 12 (step S1). When the storage is completed, the control unit 14 determines a failure state based on the supply voltage from the battery 13 (step S2), and stores the next highest priority data group DG2 in the nonvolatile storage device 12 based on the failure state. Is determined (step S3). When the control unit 14 determines that a specific failure has occurred, the control unit 14 ends the backup processing at that time. On the other hand, when determining that there is no failure, the control unit 14 executes steps S1 to S3 for the next data group DG2. In this way, the data groups DG2 and DG3 are sequentially stored in the non-volatile storage device 12 while it is determined that there is no failure. On the other hand, when it is determined that a failure has occurred, the backup processing ends.

  Here, various failures may occur in the circuit on the voltage supply path from the battery 13. Due to these failures, the power consumption of the battery 13 increases, which may shorten the duration of the battery 13. Depending on the type of such a failure, for example, the supply voltage from the battery 13 may be lower by a certain level than in a normal state, or the supply voltage may decrease earlier than in a normal state. In the above step S2, it can be determined from the supply voltage from the battery 13 whether or not such a specific failure has occurred. If it is determined that such a failure has occurred, the duration of the battery 13 is short. Can be estimated.

  According to the above-described processing by the control unit 14, the backup is performed in units of data groups, and the higher the priority of the data group, the earlier the backup is performed, and it is determined that a specific failure has occurred. In this case, the backup processing is terminated. Thereby, highly important data can be backed up within the duration of the battery 13 according to the failure occurrence situation.

[Second embodiment]
Next, a storage system will be described as an example of an information processing system including the information processing apparatus 10 in FIG.

  FIG. 2 is a diagram illustrating a configuration example of the storage system according to the second embodiment. The storage system illustrated in FIG. 2 includes a storage device 1000 including CMs (Controller Modules) 100 and 200, a drive unit 300, and a PSU (Power Supply Unit) 400, and a host device 1100. The host device 1100 is connected to the CMs 100 and 200 via, for example, a SAN (Storage Area Network).

  The CMs 100 and 200 are storage control devices that control access to a storage device mounted on the drive unit 300 in response to a request from the host device 1100. The CM 100 controls access to a storage device in the drive unit 300 by using a cache inside the CM 100. Similarly, the CM 200 controls access to a storage device in the drive unit 300 by using a cache inside the CM 200.

  Further, the CM 100 and the CM 200 are connected to each other and can transmit and receive data to and from each other. Data transfer between the CM 100 and the CM 200 is used for cache mirroring. That is, the data in the cache of the CM 100 is mirrored to the CM 200, and the data in the cache of the CM 200 is mirrored to the CM 100.

  The drive unit 300 includes a plurality of storage devices to be accessed by the host device 1100. As the storage device, a nonvolatile storage device such as a hard disk drive (HDD) or a solid state drive (SSD) is mounted.

The PSU 400 receives power supplied from an external power supply (not shown), and supplies power to the CMs 100 and 200 and the drive unit 300 based on the power.
FIG. 3 is a diagram illustrating an example of a hardware configuration of a CM.

  First, the CM 100 includes a CPU (Central Processing Unit) 101, a RAM (Random Access Memory) 102, a PCIe (PCI express, PCI: Peripheral Component Interconnect) switch 103, an SSD 104, a host controller (CONT) 105, a SAS (Serial Attached SCSI, It includes a SCSI (Small Computer System Interface) expander (EXP) 106, a battery 107, and a power control circuit 108.

The CPU 101 controls the entire CM 100 as a whole. The CPU 101 includes, for example, one or a plurality of processor cores.
The RAM 102 is used as a main storage device of the CM 100. The RAM 102 temporarily stores at least a part of an OS (Operating System) program and application programs to be executed by the CPU 101. Further, the RAM 102 stores various data necessary for processing by the CPU 101. For example, in the RAM 102, a cache area used for controlling access to a storage device in the drive unit 300 in response to a request from the host device 1100 is secured.

  The SSD 104 is connected to the CPU 101 via the PCIe switch 103. The PCIe switch 103 controls data transmission and reception between the SSD 104 and the CPU 101.

  The SSD 104 is used as an auxiliary storage device of the CM 100. The SSD 104 stores an OS program, an application program, and various data. In the SSD 104, a backup area for backing up some data in the RAM 102 at the time of power failure is secured. Note that, instead of the SSD 104, another type of nonvolatile storage device such as an HDD may be used.

The host controller 105 is an interface circuit for communicating with the host device 1100.
The SAS expander 106 relays data transmitted and received between the CPU 101 and a storage device in the drive unit 300. In FIG. 3, as an example, the drive unit 300 includes n storage devices DK1, DK2, DK3,..., DKn. Communication is performed between the SAS expander 106 and the storage devices DK1, DK2, DK3,..., DKn in the drive unit 300 in accordance with the SAS standard.

  The battery 107 is a backup power supply at the time of a power failure. The battery 107 supplies power for backing up data to be backed up in the RAM 102 to a backup area of the SSD 204 inside the CM 100 when a power failure occurs.

  The power supply control circuit 108 selectively supplies one of the power supplied from the PSU 400 and the power supplied from the battery 107 to the inside of the CM 100. Specifically, the power supply control circuit 108 normally supplies the power from the PSU 400 to the inside of the CM 100, and when the occurrence of a power failure is detected, supplies the power from the battery 107 to the inside of the CM 100.

  The CM 200 has the same hardware configuration as the CM 100. That is, the CM 200 includes a CPU 201, a RAM 202, a PCIe switch 203, an SSD 204, a host controller (CONT) 205, a SAS expander (EXP) 206, a battery 207, and a power control circuit 208. The CPU 201, the RAM 202, the PCIe switch 203, the SSD 204, the host controller 205, the SAS expander 206, the battery 207, and the power control circuit 208 include the CPU 101, the RAM 102, the PCIe switch 103, the SSD 104, the host controller 105, the SAS expander 106, the battery 107, Since the components correspond to the power supply control circuit 108, the description is omitted here.

FIG. 4 is a diagram for explaining cache mirroring between CMs.
The CMs 100 and 200 receive access to the logical volume from the host device 1100. The logical volume is a logical storage area realized by one or more storage devices mounted on the drive unit 300. In the present embodiment, it is assumed that the CMs 100 and 200 each receive access to an individual logical volume. Note that the logical volume may be a virtual volume using the thin provisioning technology. In this case, a storage area of a virtual volume is dynamically allocated from a logical storage area called a “pool” realized by a plurality of storage devices in the drive unit 300.

  The CM 100 uses a part of the storage area of the RAM 102 as a cache, and controls access to the logical volume by a write-back method. Similarly, the CM 200 uses a part of the storage area of the RAM 202 as a cache and controls access to the logical volume by a write-back method. In addition, the CMs 100 and 200 mirror the data in the caches of the CMs in the other RAM. This reduces the possibility of losing data in the cache. Also, when one device fails, the other device can take over the access control process that was being performed by one device by using the data in the mirrored cache.

  As shown in FIG. 4, a local table area 102a, a local cache area 102b, a remote table area 102c, and a remote cache area 102d are secured in the RAM 102 of the CM 100. In the RAM 202 of the CM 200, a local table area 202a, a local cache area 202b, a remote table area 202c, and a remote cache area 202d are secured.

  In the own table area 102a of the CM 100, data of various management tables used for the CM 100 to control access to the logical volume is stored. The local cache area 102b of the CM 100 is used as a cache when the CM 100 controls access to the logical volume.

  Similarly, data of various management tables used for controlling access to the logical volume by the CM 200 is stored in the own table area 202a of the CM 200. The own cache area 202b of the CM 200 is used as a cache when the CM 200 controls access to the logical volume.

  On the other hand, the same data as the own system table area 202a of the CM 200 is stored in the other system table area 102c of the CM 100. The same data as that of the own cache area 202b of the CM 200 is stored in the other cache area 102d of the CM 100. Similarly, the same data as the own system table area 102a of the CM 100 is stored in the other system table area 202c of the CM 200. The same data as that of the own cache area 102b of the CM 100 is stored in the other cache area 202d of the CM 200.

  That is, the CM 100 mirrors the data in the own table area 102a and the own cache area 102b in the other table area 202c and the other cache area 202d of the CM 200, respectively. In addition, the CM 200 mirrors the data in the local table area 202a and the local cache area 202b in the remote table area 102c and the remote cache area 102d of the CM 100, respectively.

  For example, when the CM 100 receives a request to write data to a certain logical volume from the host device 1100 (step S11), the following processing is executed. The CPU 101 of the CM 100 writes the data requested to be written (write data) to the own cache area 102b and updates the own table area 102a (step S12). For example, the cache management table stored in the own table area 102a is updated.

  Further, the CPU 101 transmits the write data and the data indicating the update content of the own system table area 102a to the CPU 201 of the CM 200. The CPU 201 writes the write data to the other-system cache area 202d, and updates the other-system table area 202c based on the data indicating the update content (step S13).

  When the above processing is completed, the CPU 101 of the CM 100 transmits a write completion notification to the host device 1100 (Step S14). Through such processing, the data in the own system table area 102a and the own system cache area 102b are mirrored in the other system table area 202c and the other system cache area 202d of the CM 200, respectively.

  Although not shown, the CPU 101 writes the write data written in the own cache area 102b in step S12 to a corresponding storage device in the drive unit 300 (write back) at an asynchronous timing thereafter.

FIG. 5 is a diagram for explaining a backup process at the time of a power failure.
As described above with reference to FIG. 4, in the CMs 100 and 200, write-back access control is performed, and the cache areas (the own cache areas 102b and 202b) are secured in the RAMs 102 and 202 which are volatile storage devices. . In such a configuration, when a power failure occurs, dirty data that has not been written back is lost among the data in the cache area.

  In order to prevent such data loss, batteries 107 and 207 are mounted on the CMs 100 and 200, respectively. When a power failure occurs, the dirty data in the cache area is stored in a non-volatile memory using the power from the batteries 107 and 207. It is evacuated to the device. As shown in FIG. 5, a backup area 104a for storing backup data at the time of a power failure is secured in the SSD 104 of the CM 100, and dirty data in the cache area is backed up in the backup area 104a. Although not shown, a similar backup area is secured in the SSD 204 of the CM 200.

  As shown in FIG. 4, in addition to the own system cache area 102b, the own system table area 102a, the other system table area 102c, and the other system cache area 102d are secured in the RAM 102. The own table area 102a stores management data required for accessing the logical volume, such as a cache management table. Therefore, as shown in FIG. 5, at the time of a power failure, data of the management table stored in the own system table area 102a is also backed up in the backup area 104a of the SSD 104. Similarly, although not shown, data stored in the local table area 202a of the CM 200 is also subject to backup to the backup area of the SSD 204.

  Further, in the present embodiment, as shown in FIG. 5, the data of the management table stored in the other system table area 102c and the dirty data of the data of the other system cache area 102d are also backed up to the backup area 104a. . Similarly, although not shown, the data of the management table stored in the other system table area 202c of the CM 200 and the dirty data among the data of the other system cache area 202d are also backed up in the backup area of the SSD 204.

  For example, the following merits can be obtained by backing up the dirty data among the data of the management table stored in the other system table area 102c and the data of the other system cache area 102d. For example, if the data in the own table area 202a and the own cache area 202b of the CM 200 is lost for some reason, the CM 200 reads the data in the other table area 102c and the other cache area 102d, Operation can be resumed.

  Further, even when the CMs 100 and 200 both start normally when the power is restored from the power failure state, the data is not stored in the other system table area 102c and the other system cache area 102d of the CM 100 from the backup area 104a of the CM 100 instead of the other CM 200. Can be restored. Therefore, the time from the power recovery to the start of the CMs 100 and 200 in a state where the own table area 202a and the own cache area 102b of the CM 200 and the other table area 102c and the other cache area 102d of the CM 100 are mirrored. Can be shortened. As a result, the access control processing by the CM 200 can be restarted in a short time in a state where the cache data and the data of the management table are made redundant.

  Note that writing of data to the flash memory of the SSD 104 is performed in units of cells of a fixed size. In the present embodiment, the size of the cell is 4 kilobytes. In the present embodiment, data to be backed up in the RAM 102 is also managed in units of 4 kilobytes, so that data can be easily written from the RAM 102 to the backup area 104a of the SSD 104 in units of 4 kilobytes. As an example, in the present embodiment, the size of the cache page is 4 kilobytes.

  FIG. 6 is a diagram illustrating an example of the internal configuration of the power supply control circuit. Although FIG. 6 shows the power control circuit 108 of the CM 100 as an example, the power control circuit 208 of the CM 200 has a similar internal configuration.

  As shown in FIG. 6A, the power supply control circuit 108 includes switch circuits 111 and 112. The switch circuit 111 switches between energization and interruption of electric power from the PSU 400 to each unit in the CM 100. The switch circuit 112 switches between energization and interruption of electric power from the battery 107 to each unit in the CM 100.

  Each of the switch circuits 111 and 112 detects the voltage on the input side and the voltage on the output side and compares them to detect whether or not a power failure has occurred. In a state in which there is no power failure (a state in which power is supplied from the PSU 400), the switch circuit 111 is turned on and the switch circuit 112 is turned off. In the power failure state, the switch circuit 111 is turned off, and the switch circuit 112 is turned on.

  FIG. 6B shows an example of the internal configuration of the switch circuits 111 and 112. The switch circuit 111 includes FETs (Field Effect Transistors) 111a and 111b and a controller 111c. The switch circuit 112 includes FETs 112a and 112b and a controller 112c. Each of the FETs 111a, 111b, 112a, and 112b is an N-channel MOSFET (Metal-Oxide-Semiconductor FET).

  In the switch circuit 111, a voltage of 12 V from the PSU 400 is input to each drain of the FETs 111a and 111b, and each source is connected to an output terminal for the inside of the CM 100. Further, a common control signal from the controller 111c is input to each gate of the FETs 111a and 111b, and the conduction and cutoff between the respective drains and sources of the FETs 111a and 111b are controlled by the control signals. With this configuration, the switching element that controls the output of the voltage from the PSU 400 is made redundant, and the reliability of the switching operation of the voltage output is improved.

  In the switch circuit 112, a voltage of 12 V from the battery 107 is input to each drain of the FETs 112a and 112b, and each source is connected to an output terminal for the inside of the CM 100. A common control signal from the controller 112c is input to each gate of the FETs 112a and 112b, and the control signal controls the conduction and cutoff between the respective drains and sources of the FETs 112a and 112b. With this configuration, the switching element that controls the output of the voltage from the battery 107 is made redundant, and the reliability of the switching operation of the voltage output is improved.

  The controller 111c detects the input voltage Va1 and the output voltage Vc1, and outputs a control signal for each gate of the FETs 111a and 111b based on the comparison result. The controller 112c detects the input voltage Va2 and the output voltage Vc2, and outputs a control signal for each gate of the FETs 112a and 112b based on the comparison result.

  When (Va1−Vc1)> TH1, the controller 111c sets the control signal to a high level to make the FETs 111a and 111b conductive, and otherwise sets the control signal to a low level to cut off the FETs 111a and 111b. The threshold value TH1 is set to a value (for example, 10 mV) smaller than the voltage drop between the drain and the source of the FETs 111a, 111b, 112a, and 112b. On the other hand, when (Va2−Vc2)> TH2, the controller 112c sets the control signal to low level to cut off the FETs 112a and 112b, and otherwise sets the control signal to high level to turn on the FETs 112a and 111b. The threshold value TH2 is set to a value larger than the above-described voltage drop amount.

  Thus, when the power of the CM 100 is turned on, if a voltage of 12 V is supplied from the PSU 400, the control signal from the controller 111c becomes high level, and the power from the PSU 400 is supplied to the inside of the CM 100. At this time, the control signal from the controller 112c becomes low level, and power from the battery 107 is not supplied to the inside of the CM 100.

  In this state, when a power failure occurs and the voltage is not output from the PSU 400, the control signal from the controller 111c becomes low level, and the power supply path from the PSU 400 is cut off. On the other hand, the control signal from the controller 112c becomes high level, and the electric power from the battery 107 is supplied to the inside of the CM 100. By such autonomous processing by the controllers 111c and 112c, when a power failure occurs, the power supply source for the inside of the CM 100 is switched from the PSU 400 to the battery 107.

  When a power failure occurs, the operations of the host controller 105 and the SAS expander 106 are stopped by the processing of the CPU 101. Therefore, after a power failure occurs, the power from the battery 107 is supplied only to the CPU 101, the RAM 102, the PCIe switch 103, and the SSD 104 related to the backup process. Similarly, in the CM 200, after a power failure occurs, the power from the battery 207 is supplied only to the CPU 201, the RAM 202, the PCIe switch 203, and the SSD 204 related to the backup process.

Next, a problem in a case where the switch circuit 112 fails will be described with reference to FIG.
FIG. 7 is a diagram illustrating a transition example of the battery voltage. FIG. 7 shows a transition of the output voltage from the battery 107 starting from the time of the occurrence of the power failure. The output voltage referred to here is, to be precise, the output voltage of the battery 107 via the power supply control circuit 108 (that is, the output voltage Vc2 from the switch circuit 112 when driven by the battery 107).

  There are two states in which the switch circuit 112 for the battery 107 fails: a "failure state A" in which only one of the FETs 112a and 112b has failed, and a "failure state B" in which both the FETs 112a and 112b have failed. Is assumed. In both of the failure states A and B, the power consumption of the FET increases due to the influence of the parasitic diode of the failed FET. As a result, as shown in FIG. 7, the duration of the battery 107 becomes shorter than in the normal state.

  Specifically, in the failure state A, the electric power from the battery 107 continues to be output to the inside of the CM 100 by the other non-failed FET. For example, if the FET 111a fails, the power from the battery 107 continues to be output because the FET 111b remains on, and the output voltage of the switch circuit 112 is maintained at 12.0V. However, at this time, a large current flows through the parasitic diode of the failed FET 111a, and power is consumed. As a result, as shown in FIG. 7, the duration of the battery 107 is shorter than in the normal state where the FETs 112a and 112b are not out of order.

  In FIG. 7, the voltage of 9.6 V indicates the lower limit voltage (operation lower limit voltage) at which the CM 100 can execute the backup operation. In the example of FIG. 7, in the normal state, the time required for the output voltage of the battery 107 via the power supply control circuit 108 to drop below the operation lower limit voltage of 9.6 V is 300 seconds. On the other hand, in the failure state A, the time required for the output voltage of the battery 107 via the power supply control circuit 108 to drop below the operation lower limit voltage of 9.6 V is reduced to 250 seconds.

  In the failure state B, both of the failed FETs 111a and 111b are turned off. However, since the voltage from the battery 107 is applied to both parasitic diodes of the FETs 111a and 111b, and a current flows through these two parasitic diodes, for example, a voltage of 11.4 V is output as shown in FIG. Is done. Further, when a current flows through more parasitic diodes than in the failure state A, more power is consumed than in the failure state A. As a result, as shown in FIG. 7, the duration of the battery 107 becomes even shorter than the failure state A. In the example of FIG. 7, in the failure state B, the time required for the output voltage of the battery 107 via the power supply control circuit 108 to drop below the operation lower limit voltage of 9.6 V is further reduced to 200 seconds.

  As described above, when the failure states A and B occur, the duration of the battery 107 is shortened. Therefore, there is a possibility that a part of the data to be backed up cannot be backed up to the backup area 104a and is lost.

  Here, as an example of the failure detection method, when the output voltage of the battery 107 via the power supply control circuit 108 becomes lower than the above-described operation lower limit voltage (9.6 V), it is determined that the battery 107 has failed. There is. However, this method cannot detect the fault states A and B in which the output voltage higher than the operation lower limit voltage is maintained for a certain period of time as in the example of FIG.

  In addition, by increasing the number of FETs and increasing the redundancy of the path passing through the FETs, it is possible to prevent power from being consumed as in the failure state B. However, in this method, the circuit mounting area increases, the power supply control circuit 108 becomes large, and the cost of the power supply control circuit 108 also increases. Further, this method cannot prevent the power consumption by the parasitic diode such as the failure state A.

  In response to such a problem, the CM 100 assigns a priority to the data to be backed up, and backs up the data in the backup area 104a in descending order of the priority. Further, each time the CM 100 completes backup of data of a certain priority, the CM 100 detects the output voltage of the battery 107 via the power supply control circuit 108 and estimates the subsequent power supply capability of the battery 107. When it is determined that the CM 100 has the power supply capability enough to complete the backup of the next priority data, the CM 100 executes the backup of the data. By such processing, the maximum data can be backed up in units of data having the same priority in descending order of priority within the range of the power supply capability from the battery 107 according to the failure state of the switch circuit 112. To do.

  Although the failure in the CM 100 has been described with reference to FIG. 7, the same problem may occur in the CM 200 due to the similar failure. Then, the CM 200 can execute the same processing as the CM 100.

FIG. 8 is a block diagram illustrating a configuration example of a processing function included in the CM. Although the CM 100 is shown in FIG. 8 as an example, the CM 200 also has the same processing function as the CM 100.
The CM 100 includes an access control unit 121, a mirror data reception processing unit 122, a backup control unit 123, and a restore control unit 124. Note that the processes of the access control unit 121, the mirror data reception processing unit 122, the backup control unit 123, and the restore control unit 124 are realized, for example, by the CPU 101 executing a predetermined program.

  The access control unit 121 controls access to a logical volume in response to a request from the host device 1100. At the time of the access control, the access control unit 121 uses the own cache area 102b as a cache. Normally, as described with reference to FIG. 4, the access control unit 121 controls writing of data to the logical volume by the write-back method while using the own cache area 102b as a cache. Further, the access control unit 121 mirrors the data in the own system cache area 102b to the other system cache area 102d via the mirror data reception processing unit (not shown) of the CM 200.

  Further, when controlling access to the logical volume, the access control unit 121 refers to the management table stored in the own system table area 102a. Then, every time the access control unit 121 updates the data in the own system table area 102a, the data update is reflected in the other system cache area via the mirror data reception processing unit (not shown) of the CM 200.

  For example, as shown in FIG. 8, a cache management table 131 and a volume management table 132 are stored in the own system cache area 102b as management tables referred to by the access control unit 121. The cache management table 131 is management information for managing data stored in the local cache area 102b. The volume management table 132 is management information used for address conversion for accessing a logical volume.

  Here, FIG. 9 is a diagram illustrating a configuration example of the cache management table. In the cache management table 131, a logical address, a dirty flag, and an attribute are registered in association with a page number indicating each page of the own cache area 102b.

  The logical address indicates an address on the logical volume for data stored in the page. The dirty flag indicates whether the data stored in the page is dirty data. The dirty flag indicates “1” for dirty data, and indicates “0” for non-dirty data. The attribute indicates whether the data is stored in the page in response to a write request or a read request.

  A cache management table of the same format as the cache management table 131 of FIG. 9 is stored in the other system table area 202c of the other CM 200. When updating the cache management table 131, the access control unit 121 reflects the updated content in the cache management table of the other system table area 202c.

  For example, when writing data to a certain page in response to a request from the host device 1100, the access control unit 121 registers a write destination address on the logical volume as a logical address corresponding to the corresponding page number in the cache management table 131. . At the same time, the access control unit 121 sets the dirty flag corresponding to the page number to “1”, and sets “write” as the attribute. Further, the access control unit 121 also updates the logical address, dirty flag, and attribute corresponding to the same page number in the cache management table of the other system table area 202c in the same manner.

  After that, when executing the data write-back, the access control unit 121 updates the dirty flag of the corresponding record in the cache management table 131 to “0”. At the same time, the access control unit 121 also updates the dirty flag of the corresponding record to “0” in the cache management table of the other system table area 202c.

Hereinafter, returning to FIG. 8, the description will be continued.
As described above, the volume management table 132 is management information used for address conversion for accessing a logical volume. In the volume management table 132, for example, the following data is registered.

  For example, in the volume management table 132, information indicating the correspondence between addresses of logical storage areas realized by one or more storage devices in the drive unit 300 and addresses of logical volumes is registered. When the logical storage area is implemented as a RAID (Redundant Arrays of Inexpensive Disks) group, the volume management table 132 registers information about the RAID group, such as identification information of a storage device belonging to the RAID group and a RAID level.

  When a logical volume is generated as a virtual volume using the thin provisioning technology, for example, of the unit areas obtained by dividing the logical volume, only the logical storage area (pool ) Is allocated a storage area. In this case, the volume management table 132 registers information indicating the correspondence between the unit area on the logical volume and the storage area allocated from the logical storage area. Each time new data is written to a free unit area on a logical volume, the access control unit 121 allocates a new storage area from the logical storage area to the unit area. At this time, the access control unit 121 registers information indicating the correspondence between the unit area and the storage area to which the unit area is allocated in the volume management table 132, and the same in the volume management table in the other system table area 202c of the CM 200. Register information.

  The mirror data reception processing unit 122 receives updated data in its own cache area 202b or its own table area 202a from an access control unit (not shown) of the CM 200. The mirror data reception processing unit 122 updates the relevant part of the other-system cache area 102d or the other-system table area 102c with the received data.

  When a power failure occurs, the backup control unit 123 backs up the data of the own system table area 102a, the own system cache area 102b, the other system table area 102c, and the other system cache area 102d to the backup area 104a of the SSD 104. At this time, the backup control unit 123 executes the backup process according to the priority of each data described later while referring to the voltage output from the battery 107 via the power supply control circuit 108.

  In the SSD 104, a backup management table 133 is stored. The backup control unit 123 updates the backup management table 133 according to the progress of the backup processing.

  When the supply of the external power is resumed (power is restored), the restore control unit 124 writes the data backed up in the backup area 104 a of the SSD 104 back to the RAM 102 and restores the data while referring to the backup management table 133. .

Next, a backup process performed by the backup control unit 123 will be described with reference to FIGS.
FIG. 10 is a diagram for explaining the priority of data. In the CMs 100 and 200, the priority is set for the data to be backed up, and the data is backed up to the backup area 104a of the SSD 104 in descending order of priority.

  As shown in FIG. 10, in the CM 100, the data (table data) of the management table stored in the own system table area 102a and the dirty data of the data stored in the own system cache area 102b are most frequently used. “Priority 1” having a higher priority is set. By increasing the reliability of backup of these data, access control can be quickly resumed without losing data using only the data stored in the CM 100 at the time of power recovery.

  Further, “priority 2” having the next highest priority is set for the data (table data) of the management table stored in the other system table area 102c. Further, “priority 3” having the lowest priority is set for the dirty data among the data stored in the other-system cache area 102d.

  In the CM 200, the priority is set to the data to be backed up in the same manner as described above. That is, “priority 1” is set for the management table data (table data) stored in the own table area 202a and the dirty data among the data stored in the own cache area 202b. . “Priority 2” is set for the management table data (table data) stored in the other system table area 202c. Further, “priority 3” is set for dirty data among the data stored in the other-system cache area 202d.

  FIG. 11 is a diagram illustrating a configuration example of the backup management table. As described above, the backup management table 133 is stored in the SSD 104. The backup management table 133 is associated with a backup flag for each priority. The backup flag is flag information indicating whether the backup of the data of the corresponding priority has been completed. The backup flag is set to “0” when the backup of the corresponding data is not completed, and is set to “1” when the backup of the corresponding data is completed.

Note that a backup management table having a data configuration similar to that of FIG. 11 is also stored in the SSD 204 of the CM 200.
FIG. 12 is a diagram illustrating an example of backup processing according to priority. As in FIG. 7, the vertical axis of the graph in FIG. 12 indicates the output voltage of the battery 107 via the power supply control circuit 108.

  The backup control unit 123 starts the backup of the data corresponding to the priority 1 at the timing T0 when the power failure is detected. As a result, the data of the management table stored in the own table area 102a and the dirty data of the data stored in the own cache area 102b are backed up to the backup area 104a of the SSD 104.

  When the backup of the data corresponding to the priority 1 is completed at the timing T1, the backup control unit 123 updates the backup flag corresponding to the priority 1 in the backup management table 133 from “0” to “1”. At the same time, the backup control unit 123 acquires the output voltage of the battery 107 via the power supply control circuit 108 (that is, the output voltage Vc2 from the switch circuit 112) from the controller 112c of the switch circuit 112. The backup control unit 123 determines whether the acquired output voltage is 11.4 V or less.

  Here, when the output voltage obtained at the timing T1 is equal to or lower than 11.4 V, it is estimated that both the FETs 112a and 112b of the switch circuit 112 are in the failure state B in which the failure has occurred. In this case, the remaining time of the battery 107 is very short, and it is estimated that it is difficult to complete the backup of the data corresponding to the priority 2. Therefore, the backup control unit 123 ends the backup processing.

  On the other hand, when the output voltage acquired at the timing T1 is higher than 11.4 V, it is estimated that at least the failure state B has not been attained and the remaining time of the battery 107 is somewhat longer. Therefore, the backup control unit 123 starts backing up the data corresponding to the next priority 2. Thereby, the data of the management table stored in the other system table area 102c is backed up to the backup area 104a of the SSD 104.

  In the above-described determination at the timing T1, a value of 11.4 V or more and less than 12.0 V may be used as the voltage determination threshold. It can be said that this determination threshold is determined based on the difference between the output voltage Vc2 when both FETs 112a and 112b are normal and the output voltage Vc2 when both FETs are faulty.

  When the backup of the data corresponding to the priority 2 is completed at the timing T2, the backup control unit 123 updates the backup flag corresponding to the priority 2 in the backup management table 133 from “0” to “1”. At the same time, the backup control unit 123 acquires the output voltage of the battery 107 via the power supply control circuit 108 from the controller 112c of the switch circuit 112.

  The backup control unit 123 determines whether the obtained output voltage is 11.8 V or less. This 11.8V is a voltage for determining whether the output voltage has begun to drop from 12.0V in a normal state. When the output voltage starts dropping from 12.0 V in a normal state, it is in the failure state A in which only one of the FETs 112a and 112b has failed, and the output voltage starts decreasing due to extra power consumption due to such a failure. It is estimated that there is. Therefore, it is estimated that the remaining time of the battery 107 is very short, and it is difficult to complete the backup of the data corresponding to the priority 3. Therefore, the backup control unit 123 ends the backup processing.

  On the other hand, when the output voltage acquired at the timing T2 is higher than 11.8 V, it is estimated that there is a high possibility that the state is the normal state. Therefore, the backup control unit 123 starts backing up data corresponding to the next priority 3. As a result, the data of the management table stored in the other-system cache area 102d is backed up to the backup area 104a of the SSD 104.

  When the backup of the data corresponding to the priority 3 is completed at the timing T3, the backup control unit 123 updates the backup flag corresponding to the priority 3 in the backup management table 133 from “0” to “1”. Then, the backup control unit 123 ends the backup processing.

  The backup management table 133 is referred to by the restore control unit 124 at the time of restoration processing after power recovery. Based on the backup flag in the backup management table 133, it is determined which data is backed up to the backup area 104a of the SSD 104 and which data should be acquired from the backup area of the other SSD 204. The restore processing using the backup management table 133 will be described later in detail with reference to FIGS.

  According to the above processing, backup is performed in order of data having a higher priority. Also, each time backup of data corresponding to one priority is completed, the output voltage of battery 107 via power supply control circuit 108 is detected, and the remaining power supply capability of battery 107 is estimated. Then, if it is estimated that there is enough power, the data corresponding to the next priority is backed up, while if it is estimated that there is no remaining power, the backup processing is terminated at that point.

  By such processing, even when the power supply capability of the battery 107 is reduced due to the failure of the FET on the discharge path from the battery 107, the maximum priority is set within the range of the capability in units of the same priority data group. Data can be backed up. At this time, by backing up data in descending order of priority, it is possible to reduce the possibility of losing important data (particularly, data necessary for accurately and quickly restarting access control after power recovery).

  When it is determined that the remaining power supply capacity of the battery 107 is small, the backup process is terminated at that time, so that the discharge of the battery 107 is terminated at that time, and the decrease in the remaining amount of the battery 107 is stopped. I do. For this reason, the remaining amount of the battery 107 at the time of power restoration is larger than in the case where the backup process is continued until the power supply capability of the battery 107 is lost.

  After the power is restored, the access control is restarted by the write-through method in order to prevent the cache data from being lost until the remaining amount of the battery 107 reaches at least the lower limit amount at which the data corresponding to the priority 1 can be backed up. . When the remaining amount of the battery 107 reaches the lower limit, the access control method is switched to the write-back method. In the write-through method, when data writing is requested, not only the writing of the data to the cache but also the completion of the writing of the data is notified to the host device 1100 after the writing back of the data is completed. Therefore, the response speed to the write request from the host device 1100 is lower than that of the write-back method.

  As described above, by increasing the remaining amount of the battery 107 at the time of power recovery, it is possible to reduce the time required for switching access control from the write-through method to the write-back method after power recovery. As a result, the response performance to a write request from the host device 1100 can be recovered in a short time after power recovery, and the overall response performance can be improved.

Next, the processing of the CM 100 will be described using a flowchart.
FIG. 13 is an example of a flowchart showing the processing procedure of a CM at the time of a power failure.
[Step S21] The backup control unit 123 enters a standby state until a power failure is detected, and upon detecting a power failure, executes the process of step S22. The backup control unit 123 detects the occurrence of a power failure based on, for example, a notification from the controller 111c of the switch circuit 111 of the power supply control circuit 108. Further, the backup control unit 123 records the backup management table 133 in which all the backup flags are set to “0” in the SSD 104.

  [Step S22] The backup control unit 123 saves the data of the priority 1. That is, the backup control unit 123 stores the data of the management table stored in the own table area 102a and the dirty data of the data stored in the own cache area 102b in the backup area 104a of the SSD 104. The dirty data among the data stored in the own cache area 102b is determined based on the dirty flag of the cache management table 131 stored in the own table area 102a.

[Step S23] The backup control unit 123 updates the backup flag corresponding to the priority 1 in the backup management table 133 to “1”.
[Step S24] The backup control unit 123 acquires the output voltage of the battery 107 via the power supply control circuit 108 (that is, the output voltage Vc2 from the switch 112) from the controller 112c of the switch circuit 112. When the obtained output voltage is equal to or lower than 11.4 V, the backup control unit 123 ends the processing. In this case, the operation of the CM 100 stops. On the other hand, when the obtained output voltage is higher than 11.4 V, the backup control unit 123 executes the process of step S25.

  [Step S25] The backup control unit 123 saves the data of the priority 2. That is, the backup control unit 123 stores the data of the management table stored in the other system table area 102c in the backup area 104a of the SSD 104.

[Step S26] The backup control unit 123 updates the backup flag corresponding to the priority 2 in the backup management table 133 to “1”.
[Step S27] The backup control unit 123 acquires the output voltage of the battery 107 via the power supply control circuit 108 from the controller 112c of the switch circuit 112. When the obtained output voltage is 11.8 V or less, the backup control unit 123 ends the processing. In this case, the operation of the CM 100 stops. On the other hand, when the obtained output voltage is higher than 11.8 V, the backup control unit 123 executes the process of step S28.

  [Step S28] The backup control unit 123 saves the data of the priority 3. That is, the backup control unit 123 stores dirty data of the data stored in the other-system cache area 102d in the backup area 104a of the SSD 104. The dirty data of the data stored in the other system cache area 102d is determined based on the dirty flag of the CM 200 cache management table stored in the other system table area 102c.

  [Step S29] The backup control unit 123 updates the backup flag corresponding to the priority 3 in the backup management table 133 to “1”. When this process is completed, the operation of the CM 100 stops.

FIG. 14 and FIG. 15 are flowchart examples illustrating the processing procedure of the CM at the time of power restoration.
[Step S31] When the power supply from the external power supply is restored, the power supply from the PSU 400 is restarted (power is restored). When the CM 100 is activated by the electric power from the PSU 400, the restore control unit 124 executes the processing after Step S32. When the power supply from PSU 400 is restarted, power supply control circuit 108 starts charging battery 107 using the power from PSU 400.

  [Step S32] The restore control unit 124 refers to the backup management table 133 stored in the SSD 104 and reads the backup flag corresponding to the priority level 1. When the backup flag is “1”, the restore control unit 124 executes the process of step S33, and when the backup flag is “0”, executes the process of step S34.

  [Step S33] The restore control unit 124 restores the data of the priority 1 from the backup area 104a of the SSD 104 of the CM 100. That is, the restore control unit 124 writes the management table data backed up from the own table area 102a back to the own table area 102a from the backup area 104a. In addition, the restore control unit 124 writes back the dirty data backed up from the own cache area 102b from the backup area 104a to the own cache area 102b.

  [Step S34] The restore control unit 124 restores the data of priority 1 from the backup area of the SSD 204 included in the other CM 200. Specifically, the restore control unit 124 requests the restore control unit of the other CM 200 to transfer the data of the other system table area 202c and the dirty data of the other system cache area 202d. The restore control unit of the CM 200 reads the management table data backed up from the other system table area 202c and the dirty data backed up from the other system cache area 202d from the backup area of the SSD 204, and transfers them to the CM 100. The restore control unit 124 of the CM 100 stores the transferred management table data in the own table area 102a, and stores the transferred dirty data in the own cache area 102b.

  [Step S35] The restore control unit 124 reads the backup flag corresponding to the priority 2 with reference to the backup management table 133 stored in the SSD 104. When the backup flag is “1”, the restore control unit 124 executes the process of step S36, and when the backup flag is “0”, executes the process of step S37.

  [Step S36] The restore control unit 124 restores the data of the priority 2 from the backup area 104a of the SSD 104 of the CM 100. That is, the restore control unit 124 writes the management table data backed up from the other system table area 102c back to the other system table area 102c from the backup area 104a.

  [Step S37] The restore control unit 124 restores the data of the priority 2 from the backup area of the SSD 204 provided in the other CM 200. Specifically, the restore control unit 124 requests the restore control unit of the other CM 200 to transfer the data of the own system table area 202a. The restore control unit of the CM 200 reads data of the management table backed up from the own system table area 202 a from the backup area of the SSD 204 and transfers the data to the CM 100. The restore control unit 124 of the CM 100 stores the transferred management table data in the other system table area 102c.

  [Step S38] The restore control unit 124 refers to the backup management table 133 stored in the SSD 104 and reads a backup flag corresponding to the priority level 3. When the backup flag is “1”, the restore control unit 124 executes the process of step S39, and when the backup flag is “0”, executes the process of step S40.

  [Step S39] The restore control unit 124 restores data of priority 3 from the backup area 104a of the SSD 104 of the CM 100. That is, the restore control unit 124 writes the dirty data backed up from the other system cache area 102d back to the other system cache area 102d from the backup area 104a.

  [Step S40] The restore control unit 124 restores data of priority 3 from the backup area of the SSD 204 provided in the other CM 200. Specifically, the restore control unit 124 requests the restore control unit of the other CM 200 to transfer the data in the own cache area 202b. The restore control unit of the CM 200 reads the dirty data backed up from the own cache area 202 b from the backup area of the SSD 204 and transfers the dirty data to the CM 100. The restore control unit 124 of the CM 100 stores the transferred dirty data in the other-system cache area 102d.

  With the above processing, the restoration processing is completed. In the above-described restore processing, the restore control unit 124 can determine from where the data to be restored should be read based on the backup flag for each priority in the backup management table 133. Therefore, data can be restored reliably and quickly.

Hereinafter, the description will be continued with reference to FIG.
[Step S41] The restore control unit 124 inquires of the restore control unit of the CM 200 whether the restore process in the other CM 200 has been completed. If the restore processing in the CM 200 has not been completed, the restore control unit 124 enters a wait state and makes an inquiry again at regular intervals. Then, when the restore processing in the CM 200 ends, the restore control unit 124 executes the processing of step S42.

  [Step S42] The restore control unit 124 determines whether the remaining amount of the battery 107 is equal to or greater than a predetermined threshold. As this threshold, for example, a lower limit of the remaining amount of the battery 107 that can execute backup of data corresponding to the priority 1 is set. If the remaining capacity of the battery 107 is equal to or more than the lower limit, even if access control by the write-back method is restarted, at least data corresponding to the priority 1 can be backed up when a power failure occurs, Data can be guaranteed. When the remaining amount of the battery 107 is less than the threshold, the restore control unit 124 executes the process of step S43, and when the remaining amount is equal to or more than the threshold, executes the process of step S45.

  [Step S43] The restore control unit 124 notifies the access control unit 121 that the remaining amount of the battery 107 is less than the threshold. The access control unit 121 starts access control to the logical volume in response to the request from the host device 1100 in response to the notification. At this time, the access control unit 121 executes the write control by a write-through method. That is, when writing of data is requested from the host device 1100, the access control unit 121 writes the data to the own system cache area 102b, writes the data back to the drive unit 300, and sends the data to the host device 1100. Notifies completion of writing.

  [Step S44] It is determined whether or not the remaining amount of the battery 107 is equal to or greater than the above threshold. The restore control unit 124 enters a standby state until the remaining amount of the battery 107 becomes equal to or greater than the threshold, and executes the process of step S45 when the remaining amount becomes equal to or greater than the threshold.

  [Step S45] The restore control unit 124 notifies the access control unit 121 that the remaining amount of the battery 107 has become equal to or greater than the threshold. When step S45 is executed after step S42, the access control unit 121 starts access control to the logical volume in response to the request from the host device 1100 in response to the notification. At this time, the access control unit 121 executes the write control by a write-back method. On the other hand, if step S45 is executed after step S44, that is, if access control has already been started, the access control unit 121 switches the write control method from the write-through method to the write-back method.

  Here, in the process at the time of power failure shown in FIG. 13, when backup of data of a certain priority is completed, if it is estimated that the remaining power supply capacity of the battery 107 is small, the backup process is performed at that time. Will be terminated. This makes it possible to suppress the discharge amount of the battery 107 as compared with the case where the backup process is continued until the remaining amount of the battery 107 decreases to the lower limit amount at which the backup process can be performed. As a result, in the processing of FIGS. 14 and 15, the time from power recovery until the remaining amount of the battery 107 becomes equal to or greater than the threshold is reduced. As a result, the time from power recovery to the time when the access control unit 121 can execute access control by the write-back method can be shortened, and the response performance to a write request from the host device 1100 can be improved as a whole.

  Note that the processing functions of the devices (for example, the information processing device 10, the CMs 100 and 200) described in each of the above embodiments can be realized by a computer. In this case, a program describing the processing content of the function that each device should have is provided, and the processing function is realized on the computer by executing the program on the computer. The program describing the processing content can be recorded on a computer-readable recording medium. Computer-readable recording media include magnetic storage devices, optical disks, magneto-optical recording media, and semiconductor memories. The magnetic storage device includes a hard disk device (HDD), a magnetic tape, and the like. Optical disks include CDs (Compact Discs), DVDs (Digital Versatile Discs), and Blu-ray Discs (Blu-ray Discs: BD, registered trademark). Examples of the magneto-optical recording medium include an MO (Magneto-Optical disk).

  When distributing the program, for example, portable recording media such as DVDs and CDs on which the program is recorded are sold. Alternatively, the program may be stored in a storage device of a server computer, and the program may be transferred from the server computer to another computer via a network.

  The computer that executes the program stores, for example, the program recorded on the portable recording medium or the program transferred from the server computer in its own storage device. Then, the computer reads the program from its own storage device and executes processing according to the program. Note that the computer can also read the program directly from the portable recording medium and execute processing according to the program. Further, the computer can also execute processing according to the received program each time the program is transferred from a server computer connected via a network.

DESCRIPTION OF SYMBOLS 10 Information processing apparatus 11 Volatile storage device 12 Nonvolatile storage device 13 Battery 14 Control unit DG1-DG3 Data group S1-S3 Step

Claims (9)

A volatile storage device;
A non-volatile storage device,
A battery that supplies power for storing data from the volatile storage device to the non-volatile storage device during a power outage;
At the time of the power outage, a control unit that executes a backup process of storing a plurality of types of data groups in which priorities are stored in the volatile storage device in advance in the nonvolatile storage device in the order of the priority, and ,
Has,
In the backup process, each time the storage of the plurality of types of data groups in the nonvolatile storage device is completed, the control unit supplies a voltage from the battery based on a supply voltage supplied from the battery. Determining a failure state with respect to, based on the failure state, determines whether to store the next higher priority data group among the plurality of types of data groups in the nonvolatile storage device,
Information processing device. The information processing device further includes a switch circuit that is controlled to output power from the battery to the inside of the information processing device during the power outage,
The supply voltage is an output voltage of the switch circuit,
The control unit determines the state of the switch circuit as the failure state by comparing the supply voltage with a predetermined voltage threshold,
The information processing device according to claim 1. The voltage threshold is a value based on a difference between voltages output from the battery via the switch circuit in each of a normal state and a failed state of the switch circuit.
The information processing device according to claim 2. The information processing apparatus has a first power path and a second power path in parallel for supplying power from the battery to the inside of the information processing apparatus, and the first power path is used as the switch circuit. A first switch circuit provided on a path, and a second switch circuit provided on the second power path,
As the voltage threshold, in each of the normal state where both the first switch circuit and the second switch circuit are normal and the state where both the first switch circuit and the second switch circuit have failed, A first threshold value based on a difference between voltages output from the battery via the switch circuit, and a second threshold value for determining that the voltage output from the battery via the switch circuit has dropped below the normal state. And a threshold of
The control unit includes:
When the storage of the first data group of the plurality of types of data groups in the nonvolatile storage device is completed, and the supply voltage is higher than the first threshold, Storing the second data group having the second highest priority next to the first data group in the nonvolatile storage device;
When the storage of the second data group is completed, if the supply voltage is higher than the second threshold, the priority is next to the second data group among the plurality of types of data groups. Storing a third data group in the nonvolatile storage device;
The information processing device according to claim 2. In the volatile storage device, a first data group used when the information processing device executes a predetermined process is stored as one of the plurality of types of data groups, and as another one, A second data group that is backup data of data stored in another information processing device is stored,
The first data group has the higher priority set than the second data group,
The information processing apparatus according to claim 1. In the volatile storage device, by the backup process, management information in which whether or not storage of the plurality of types of data groups in the nonvolatile storage device is completed is stored,
The control unit further includes:
Mirroring the first data group to the other information processing device,
When the power supply from the power supply is restored and the information processing apparatus is started, the first data group and the second data group are respectively stored in the nonvolatile storage device and the non-volatile storage device based on the management information. Determining which of the other information processing devices to read and restore to the volatile storage device,
The information processing device according to claim 5. The predetermined process is an access control process for controlling access to a storage device while using the volatile storage device as a cache,
The first data group is dirty data that is not written back to the storage device among the data of the cache,
When the power supply from the power supply is restored, the battery starts charging with the power from the power supply,
The control unit is configured such that after the power supply from the power supply is restored, the information processing apparatus is started, and after restoring the first data to the volatile storage device, the remaining amount of the battery is less than a predetermined amount. Executing the access control process in a write-through mode, and when the remaining amount of the battery becomes equal to or more than the predetermined amount, switching the processing mode of the access control process from a write-through mode to a write-back mode;
The information processing apparatus according to claim 5. A computer having a volatile storage device, a non-volatile storage device, and a battery that supplies power for storing data from the volatile storage device to the non-volatile storage device when a power failure occurs,
At the time of the power failure, a plurality of types of data groups stored in the volatile storage device, in which priorities are set in advance, perform a backup process of storing in the nonvolatile storage device in order of the priority,
In the backup processing, each time the storage of the plurality of types of data groups in the nonvolatile storage device is completed, a failure state regarding the voltage supply from the battery is determined based on the supply voltage supplied from the battery. And determining, based on the failure state, whether to store the next higher priority data group among the plurality of types of data groups in the nonvolatile storage device,
Data management method. A computer having a volatile storage device, a non-volatile storage device, and a battery that supplies power for storing data from the volatile storage device to the non-volatile storage device when a power failure occurs,
At the time of the power failure, a plurality of types of data groups stored in the volatile storage device, in which priorities are set in advance, a backup process of storing the plurality of data groups in the nonvolatile storage device in the order of higher priority,
In the backup processing, each time the storage of the plurality of types of data groups in the nonvolatile storage device is completed, a failure state regarding the voltage supply from the battery is determined based on the supply voltage supplied from the battery. And determining, based on the failure state, whether to store the next higher priority data group among the plurality of types of data groups in the nonvolatile storage device,
Data management program.

Images