JP5380854B2 - Disk device, data transfer method, data transfer processing program, and data backup system - Google Patents

Description

  The present invention relates to a technical field of backing up recorded data in a disk device such as a hard disk device that records a large amount of data.

  As this type of technology, for example, in Patent Document 1, when a backup management server receives a backup request from a user PC (Personal Computer), the backup target file is divided into a plurality of files and encrypted. Disclosed is a technology capable of distributing and backing up data to a plurality of HDDs by transferring a computerized piece to a plurality of user PCs on a LAN (Local Area Network) and storing them in the HDD (Hard Disk Drive) Has been.

For example, Patent Document 2 discloses a technique in which the disk array control device improves fault tolerance by simultaneously writing the same data to three recording devices HDD at the time of writing.
JP 2004-102842 A JP 2003-316525 A

  By the way, in the prior art, for example, data handled by application software running on a PC is written to the HDD or read from the HDD, as is well known by an operating system (hereinafter referred to as “OS”). It has come to be. This also applies to Patent Documents 1 and 2 described above. During the period when the data recorded on the HDD is being used by the application software running on the PC, it is generally prohibited by the operating system to transfer the data to another HDD for backup. It has become so.

  For this reason, in the prior art, for example, an application that operates on a PC that is accessed by a server connected to the Internet and that has data stored in the HDD in a server having a database in the HDD. During the period in which the software is used, the data cannot be transferred to another HDD or the like for backup, and the service of the server has to be stopped for backup. In particular, the larger the amount of data to be backed up, the longer the time spent for the backup. Therefore, in the case of a server having a large-capacity database, there is a problem that the service stop time becomes longer for the backup. is there. This results in an influence on fault tolerance.

  Further, the conventional backup technology is not sufficient from the viewpoint of information leakage.

  Therefore, the present invention has been made in view of the above points, and even during the period when the data to be backed up is being used by application software, the data is backed up quickly and efficiently, and is fault-tolerant. It is an object of the present invention to provide a disk device, a data transfer method, a data transfer processing program, and a data backup system that can improve performance and the like. Another object of the present invention is to provide a disk device, a data transfer method, a data transfer processing program, and a data backup system that can effectively prevent information leakage of backed up data.

In order to solve the above-mentioned problem, the invention according to claim 1 is a disk device that writes data to a disk or reads data from the disk in response to a command from the operating system, the operating system Data storage means for temporarily storing data subject to a write command from the key, key information storage means for storing key information, write control for writing the stored data to the disk, and the key information encrypting the stored data using, and a control means for controlling transfer of transferring the encrypted data to another disk device, wherein the control means includes data storage means for said data has been stored When the storage capacity in the disk exceeds a predetermined value, a power-on command is transmitted to the other disk device, and then And wherein the transfer of the encrypted data to the other disk devices.

  According to a second aspect of the present invention, in the disk device according to the first aspect, the control means sends a signal indicating completion of writing to the operating system when the data is stored in the data storage means. It further comprises a writing completion reply means for replying.

According to a third aspect of the present invention, in the disk device according to the first or second aspect, the control means performs transfer control for transferring the encrypted data to the plurality of other disk devices. To do.

According to a fourth aspect of the present invention, in the disk device according to any one of the first to third aspects, the control means reads and processes the stored data for each information unit, and the data for each information unit. And the encrypted data is encrypted using the key information for each of the divided data.

According to a fifth aspect of the present invention, in the disk apparatus according to the first or second aspect, the control means reads and processes the stored data for each information unit, and the data of each information unit. Is divided into three or more, each divided data is encrypted using the key information, and transfer control is performed to transfer the encrypted data to two or more other disk devices. To do.

According to a sixth aspect of the present invention, in the disk device according to the first or second aspect, the control means reads and processes the stored data for each information unit, and the data of each information unit. Is divided into first, second, and third data, each of the divided data is encrypted using the key information, and the encrypted first and second data are first And the encrypted second and third data are transferred to the second other disk device, and the encrypted first and third data are transferred to the third other disk device. It is characterized by performing transfer control to transfer to the apparatus.

According to a seventh aspect of the present invention, in the disk device according to the first or second aspect, the key information storage unit stores at least two different pieces of key information, and the control unit stores the stored data. Each information unit is read and processed, and the data of each information unit is divided into three pieces of first, second, and third data, and each of the divided pieces of data is used with the different key information. Encrypting, transferring the encrypted first and second data to the first other disk device, transferring the encrypted second and third data to the second other disk device, and Transfer control is performed to transfer the converted first and third data to the third other disk device.

The invention according to claim 8 is a data transfer method in a disk apparatus for writing data to a disk or reading data from the disk in accordance with a command from the operating system, wherein the data is written from the operating system. A step of temporarily storing data to be commanded in a data storage means, a step of storing key information, a write control for writing the stored data to the disk, and using the key information the stored data is encrypted, anda control step of controlling transfer of transferring the encrypted data to another disk device, in the control step, the storage in the data storage means the data is stored capacity When the value exceeds a predetermined value, a power ON command is transmitted to the other disk device, and the Characterized by transferring the encrypted data to the other disk devices.

The invention of the data transfer processing program according to claim 9 provides a computer in the disk device that writes data to the disk or reads data from the disk in response to a command from the operating system. Temporarily storing data to be subjected to a write command in the data storage means, storing key information, performing write control for writing the stored data to the disk, and storing the data using the key information encrypts data, performs transfer control for transferring the encrypted data to another disk device, when the storage capacity is equal to or greater than the predetermined value in the data storage means the data is stored, the power oN command The data is transmitted to another disk device, and then the encrypted data is transferred to the other disk device. Characterized in that to function to forward device.

The invention according to claim 10 is a disk device that writes data to a disk or reads data from the disk in response to a command from the operating system, and is a target of a write command from the operating system. Data storage means for temporarily storing data, key information storage means for storing key information, write control for writing the stored data to the disk, and storing the data using the key information It encrypts data, and a control means for controlling transfer of transferring the disk apparatus for data backup through the communication means the encrypted data, wherein the control means includes data storage means for said data has been stored When the storage capacity of the disk exceeds a predetermined value, a power ON command is sent to the other disk device. Thereafter, a disk device for transferring the encrypted data to the other disk device, a receiving means for receiving the data transferred from the disk device, and a control for writing the received data to the disk. And a data backup disk device comprising a control means.

According to an eleventh aspect of the present invention, in the data backup system according to the tenth aspect , the data is a sector having the same number as the sector written in the disk of the disk device of the data transfer source, and is used for the data backup. It is written in a sector in a disk of a disk device.

The invention according to claim 12 is the data backup system according to any one of claims 10 or 11 , further comprising key information storage means for storing key information in the disk device for data backup. The control means of the backup disk device encrypts the stored data using the key information, and writes the encrypted data to the data backup disk.

The invention according to claim 13 is the data backup system according to claim 10 or 11 , further comprising key information storage means for storing key information in the disk device for data backup, the disk device for data backup The key information is transferred from the disk device of the data transfer source to the disk device of the data transfer source, the data transfer source disk device that has received the transfer of the key information stores the key information, and the control means of the disk device of the data transfer source The backup target data is encrypted using the key information, and the encrypted backup target data is transferred to the data backup disk device.

According to a fourteenth aspect of the present invention, in the data backup system according to the thirteenth aspect , the key information transferred from the data backup disk device is stored in a volatile memory of the data transfer source disk device. And

The invention according to claim 15 is the data backup system according to claim 10 or 11 , further comprising key information storage means for storing key information in the disk device for data backup, wherein the disk device of the data transfer source Before or after transferring data from the data backup disk device to the data backup disk device, key information is transferred from the data transfer source disk device to the data backup disk device.

  According to the present invention, even during the period when the data to be backed up is being used by the application software, the data is backed up quickly and efficiently in real time, improving fault tolerance and effectively leaking information. Can be prevented.

  Hereinafter, the best embodiment of the present invention will be described in detail with reference to the drawings. The embodiment described below is an embodiment when the present invention is applied to a data backup system S that backs up data. The data backup system S constitutes the data transfer system of the present invention.

  First, the configuration and function of the data backup system in this embodiment will be described with reference to FIG.

  FIG. 1 is a diagram illustrating an example of the overall configuration of a data backup system.

  As shown in FIG. 1, the data backup system S includes a host H, a hard disk device HD_A (an example of a disk device) connected to the host H, and a network NW (communication means) such as the Internet. The hard disk devices HD_B1, HD_B2, and HD_B3 are connected to each other via an example).

  In the example of FIG. 1, the host H and the hard disk device HD_A are shown as separate bodies, but the hard disk device HD_A may be provided in the host H. Further, each of the hard disk devices HD_B1 to B3 may be connected to, for example, a PC, a workstation, or a host, and the PC may be connected to the network NW. In the example of FIG. 1, three hard disk devices HD_B1 to B3 are shown. However, one hard disk device may be used as a replication destination hard disk device to be described later, or more hard disk devices may be provided.

  The host H is composed of, for example, a general-purpose PC, and an OS is executed by a CPU (not shown), and application software operates on the OS. When the user makes a request to save predetermined data via the operation unit (not shown) during the operation of the application software, the OS gives a write command (write request) for the data to the hard disk device HD_A.

  The hard disk device HD_A includes an I / F (interface) 1, a cache memory 2 (an example of data storage means), a backup power source (capacitor, etc.) 3, a hard disk (magnetic disk) 4, a CPU 5 (an example of control means), a ROM 6, and a communication The unit 7 and the working RAM 8 are provided. In addition, the hard disk device HD_A further includes a magnetic head, an actuator, a spindle motor, a servo control unit, and the like, which are not illustrated.

  The cache memory 2 is a volatile memory, and normally retains data by power supplied from the outside (for example, power supplied from the host H or a commercial power supply via an adapter). When the supply is stopped (for example, due to a power failure or the like), data can be held for a certain period of time by the power supplied from the backup power supply 3. In addition, the cache memory 2 can guarantee writing and can respond quickly.

  The hard disk 4 has, for example, a ring-shaped recording area (which may be other than a ring shape) in which a large number of concentric tracks are arranged, and various data and programs are recorded in the recording area. Each track is assigned a track number and managed. Each track is equally divided, for example, radially from the center of the hard disk 4, and the equally divided portion is referred to as a sector, and each sector is assigned a sector number and managed. The sector is a minimum unit for reading from and writing to the hard disk 4. In general, the OS is accessed in units of a fixed-length cluster in which several sectors are collected.

  The ROM 6 stores a program (including a cache management program and the data transfer processing program of the present invention), and the CPU 5 executes overall control of the hard disk device HD_A by executing the program. The data is written to the hard disk 4 or read from the hard disk 4 in response to a command from the hard disk 4 (specifically, the data is read / written by the magnetic head attached to the tip of the actuator controlled by the CPU 5). Cache management and cache control are also performed).

  When the CPU 5 receives a data write command from the OS, the CPU 5 temporarily stores (stores) data that is the target of the write command passed from the OS in the cache memory 2 and further stores the data temporarily. Write data to the hard disk 4 and write control for returning a write completion (success) to the OS at the time of the writing, and the temporarily stored data is transferred to another hard disk via the communication unit 7 and the network NW. Transfer control for transferring to the devices HD_B1 to B3 is performed. That is, data delivered from the OS is transferred to the hard disk devices HD_B1 to B3 in parallel when written to the hard disk 4, and is also written to each hard disk. A function in which the hard disk device HD_A transfers data and writes it to the other hard disk devices HD_B1 to B3 in this way is defined as a replication function.

  The CPU 5 preferably encrypts the data and writes it to the hard disk 4 using predetermined key information (for example, RAM 8 (an example of a volatile memory), ROM 6 or hard disk 4 stored as key information storage means). In this case, the data read from the hard disk 4 is decrypted and passed to the OS).

  Further, the position information (for example, IP (Internet Protocol) address) of the hard disk device HD_A and the position information of each of the data transfer destination hard disk devices HD_B1 to B3 are stored in advance in the ROM or the hard disk 4, for example. . The location information of the hard disk devices HD_B1 to B3 may be IP addresses of the hard disk devices HD_B1 to B3. When the hard disk devices HD_B1 to B3 are connected to the network NW via the PC, May be the IP address of the PC. The transferred data is packetized by, for example, the communication unit 7, the source position information and the destination position information are described in the header, and are transmitted through the network NW. Each packet includes data of one or a plurality of sectors, but also includes the sector number of the sector.

  The hard disk devices HD_B1, HD_B2, and HD_B3 are for backing up the data recorded on the hard disk device HD_A (for data backup), and each includes a communication unit (11-31) (an example of a receiving unit), a cache memory ( 12 to 32), a hard disk (13 to 33), a CPU (14 to 34) (an example of a control means), a ROM (15 to 35), a working RAM (16 to 36), and the like. The basic configuration of the communication units (11-31), cache memory (12-32), and hard disk (13-33) is the same as that of the hard disk device HD_A.

  For example, a program is stored in the ROM 15 of the hard disk device HD_B1, and the CPU 14 performs overall control of the entire hard disk device HD_B1 by executing the program, and data transferred from the hard disk device HD_A via the network NW. Is received by the communication unit 11 and temporarily stored in the cache memory 12 while data is written to the hard disk 13 and the writing success is returned to the hard disk device HD_A at the time of writing (note that the response timing is not particularly limited). (The same applies to the hard disk devices HD_B2 and HD_B3). It is desirable that the CPU 14 encrypts the data using predetermined key information (for example, stored in the RAM 8, the ROM 15, or the hard disk 13) and writes it to the hard disk 13 (the same applies to the hard disk devices HD_B2 and HD_B3).

  Here, the data transferred from the hard disk device HD_A and written to the hard disk 13 of the hard disk device HD_B1, for example, is written to a sector (sector on the hard disk 13) having the same number as the sector in the hard disk 4 of the transfer source hard disk device HD_A. (The same applies to the hard disk devices HD_B2 and HD_B3).

  As described above, the data instructed by the OS is directly transferred to the other hard disk devices HD_B1, HD_B2, and HD_B3 via the replication function of the hard disk device HD_A, and written to the hard disks 13 to 33. Thus, since the backup recording is performed, it is possible to back up the data even during the period when the data to be backed up is used in the application software. In addition, in the replication destination, for example, the hard disk device HD_B1, other replication destinations are not known (the administrator of the hard disk device HD_B1 does not know to which hard disk device the data to be backed up has been replicated), thus improving security. Can be made.

  Next, the operation of the data backup system S in this embodiment will be described with reference to FIG.

  2 and 3 are diagrams showing processing in the CPU 5 of the hard disk device HD_A when replication is performed. Note that FIG. 2 is an example when the data transfer rate is sufficiently high, and FIG. 3 is an example when the data transfer rate is slow. FIG. 4 is a diagram showing processing in the CPU 14 of the hard disk device HD_B1 when replication is performed.

  First, as a preparation for using the data backup system S, the user can select “key information necessary for encryption (encryption key data)” and “replication destination hard disk devices HD_B1 to B3 (for three). Is recorded in the hard disk device HD_A. The key information may be recorded by the user himself / herself in the hard disk device HD_A before the user uses the hard disk device HD_A, or when the hard disk device HD_A can establish communication with any of the hard disk devices HD_B1 to 3 according to the IP address. Any one of the hard disk devices HD_B1 to 3 transfers the key information to the hard disk device HD_A (one of the hard disk devices HD_B1 to 3 may be representatively transmitted to the hard disk device HD_A, or each of the hard disk devices HD_B1 to 3). Or the hard disk device HD_A may store the key information in a volatile memory such as a RAM and use the key information. That is, the hard disk device HD_A does not have key information, but the key information is recorded in advance in the hard disk devices HD_B1 to B3, and at a predetermined timing (preferably, when the hard disk device HD_A and the hard disk device HD_B1 and the like become communicable). The key information recorded in the hard disk device HD_B1 is transferred to the hard disk device HD_A.

  Alternatively, before or after the data to be backed up is transferred from the hard disk device HD_A to the hard disk devices HD_B1 to 3 without the key information in the hard disk devices HD_B1 to B3, the key information is transferred from the hard disk device HD_A to the hard disk devices HD_B1 to HD3. May be configured to forward.

  First, the process of FIG. 2 will be described.

  When the process of FIG. 2 is started, the CPU 5 determines whether or not a data write command (write request) has been received from the host H (OS) (step S10), and the process is continued until the write command is received. Is repeated (step S10: NO). If a write command is received from the host (step S10: YES), the CPU 5 stores (stores) data that is the target of the write command in the cache memory 2 of the hard disk device HD_A (step S11).

  In the case of the example of FIG. 2, the cache memory 2 is shared because writing data to the hard disk 4 and transferring data via the communication unit 7 are almost the same speed. When the capacity of the cache memory 2 is full, the host H waits without receiving a command (command) (the same applies to FIG. 3).

  Next, when the data to be subjected to the write command is stored in the cache memory 2, the CPU 5 returns a signal indicating the completion of writing to the host H (step S12).

  Here, by guaranteeing that the data in the cache memory 2 will not disappear, it returns that the write command from the host H has been correctly completed (reply of a signal indicating the completion of write), so that the data has been correctly written to the hard disk 4. Compared with the case where a signal indicating the completion of writing is returned to the host H after confirmation, a dramatic improvement in speed is expected. A method for guaranteeing that the data in the cache memory 2 does not disappear is realized by providing the backup power source 3 using a large-capacitance capacitor to ensure that the power supply to the cache memory 2 is not suddenly cut off.

  Note that it is better in terms of speed improvement that the high-performance cache memory and the large-capacity capacitor (backup power supply) are also installed in the replication destination hard disk devices HD_B1 to B3. This is because, under this condition, the hard disk devices HD_B1 to B3 can return a write success notification immediately after receiving the data transfer from the hard disk device HD_A.

  Next, the CPU 5 determines in which sector number of the hard disk 4 the data is to be written (step S13).

  Then, the CPU 5 obtains the key information described above, encrypts the data stored in the cache memory 2 using the key information, and writes the encrypted data in the sector of the sector number determined in step S13 (step S14). At the same time, the sector number and the data stored in the cache memory 2 are transferred to the replication destination hard disk devices HD_B1 to B3 via the communication unit 7 and the network NW by parallel processing (step S15). The sector number and the data are packetized, and the IP addresses of the hard disk devices HD_B1 to B3 described above are added and transferred.

  Next, in step S16, the CPU 5 determines whether or not all data has been written in the sector. If it is determined that all the data has been written in the sector (step S16: YES), the process proceeds to step S18. . On the other hand, when the CPU 5 determines that all the data has not been written to the sector (step S16: NO), the CPU 5 returns to step S13.

  In step S17, the CPU 5 determines whether or not all the data is transferred to the replication destination hard disk devices HD_B1 to B3 and is OK (for example, when a write success notification is received from the hard disk devices HD_B1 to B3, it is OK). If it is determined that all the data has been transferred to the replication destination hard disk devices HD_B1 to B3 and is OK (step S17: YES), the process proceeds to step S18. On the other hand, when the CPU 5 determines that all the data is transferred to the replication destination hard disk devices HD_B1 to B3 and is not OK (step S17: NO), the CPU 5 returns to step S13.

  Next, in step S18, the CPU 5 clears (erases) the data stored in the cache memory 2, and returns to step S11. Here, the data stored in the cache memory 2 is, for example, that all data is written in the sector, and all data is transferred to the replication destination hard disk devices HD_B1 to B3 and written from the hard disk devices HD_B1 to B3. Cleared only when a success notification is received.

  In addition, although the process of said step S14 and the process of said step S15 were comprised so that it might be performed by a parallel process, you may be a serial (series) process. In this case, before the sector having the sector number determined in step S13 is searched (seeked), the data stored in the cache memory 2 is replicated via the communication unit 7 and the network NW as a replication destination hard disk device HD_B1. If it is configured to transfer to .about.B3, data transfer can be performed quickly, which is desirable.

  Next, the process of FIG. 3 will be described.

  When the process of FIG. 3 is started, as in the process of FIG. 2, the CPU 5 determines whether or not a data write command is received from the host H (OS) (step S20), and receives the write command. The process is repeated until NO (step S20: NO).

  In the example of FIG. 3, the storage area of the cache memory 2 is dynamically allocated to the storage area A that stores data to be written to the hard disk 4 and the storage area B that stores data to be transferred to the hard disk devices HD_B1 to B3. . Note that the storage capacity (size) of the storage area A and the storage capacity of the storage area B are not fixed.

  If a write command is received from the host H (step S20: YES), the CPU 5 stores the data to be subjected to the write command in each of the storage area A and the storage area B in the cache memory 2 of the hard disk device HD_A. (Store) (step S21).

  Next, when the data to be written is stored in the storage area A of the cache memory 2, the CPU 5 returns a signal indicating the completion of writing to the host H (step S22).

  Next, the CPU 5 determines in which sector number of the hard disk 4 the data is to be written (step S23).

  Then, the CPU 5 acquires the above key information, encrypts the data stored in the storage area A in the cache memory 2 using the key information, and writes the encrypted data in the sector of the sector number determined in step S23. (Step S24) and by parallel processing, the sector number and the data stored in the storage area B in the cache memory 2 are transferred to the replication destination hard disk devices HD_B1 to B3 via the communication unit 7 and the network NW (FIG. (Transfer in the same manner as in the process 2) (step S25).

  Next, in step S26, the CPU 5 clears (erases) the data stored in the storage area A in the cache memory 2, and proceeds to step S28. On the other hand, in step S27, the CPU 5 clears (erases) the data stored in the storage area B in the cache memory 2, and proceeds to step S29.

  Next, in step S28, the CPU 5 determines whether or not all data has been written in the sector. If it is determined that all the data has been written in the sector (step S28: YES), the process returns to step S21. If it is determined that all the data has not been written to the sector (step S28: NO), the process returns to step S23.

  On the other hand, in step S29, the CPU 5 determines whether all the data is transferred to the replication destination hard disk devices HD_B1 to B3 and is OK, and all the data is transferred to the replication destination hard disk devices HD_B1 to B3 and is OK. If it is determined (step S29: YES), the process returns to step S21. If it is determined that all the relevant data is transferred to the replication destination hard disk devices HD_B1 to B3 and is not OK (step S29: NO), step S23 is performed. Return to.

  In addition, although the process of said step S24 and the process of said step S25 were comprised so that it might be performed by a parallel process, you may be a serial (series) process. In this case, before searching for the sector having the sector number determined in step S23, the data stored in the cache memory 2 is replicated via the communication unit 7 and the network NW as a replication destination hard disk device HD_B1. If it is configured to transfer to .about.B3, data transfer can be performed quickly, which is desirable.

  Next, the process of FIG. 4 will be described. 4 is performed in the same manner in the CPU 24 of the hard disk device HD_B2 and the CPU 34 of the hard disk device HD_B3, the CPU 14 of the hard disk device HD_B1 will be described as a representative.

  When the process of FIG. 4 is started, the CPU 14 determines whether or not the sector number and the write data have been transferred from the hard disk device HD_A (step S30), and the process is repeated until the data is received (step S30). Step S30: NO).

  When the sector number and the write data are received (step S30: YES), the CPU 14 stores (stores) the received write data in the cache memory 12 of the hard disk device HD_B1 (step S31).

  Next, the CPU 14 encrypts the write data stored in the cache memory 12 using, for example, key information recorded in advance on the hard disk 13 (step S32), and the encrypted data is stored in the sector number ( The data is written in the sector of the sector number transferred from the hard disk device HD_A together with the write data (step S33).

  When there are two or more write data of the same sector number in the data stored in the cache memory 12, control is performed so that only the first (latest) data is written to the hard disk 13 (first ( Data other than the latest data is discarded, for example, before the process of step S32 is performed).

  Next, the CPU 14 determines whether or not the data has been successfully written (step S34). Then, the CPU 14 determines that the writing of the data has been successful (step S34: YES), and transmits information indicating the writing success notification to the replication source hard disk device HD_A via the communication unit 11 and the network NW ( Step S35).

  On the other hand, the CPU 14 determines that the writing of the data is not successful (step S34: NO), and determines whether or not the writing of the encrypted data in the sector of the sector number has been retried a specified number of times (step S36). . If the CPU 14 determines that the specified number of retries has not been performed (step S36: NO), the CPU 14 increments the number of retries by 1 (step S37) and returns to step S33. On the other hand, if the CPU 14 determines that the retry has been performed a specified number of times (step S36: YES), the CPU 14 resets the number of retries (step S38) and sends information indicating a write failure notification via the communication unit 11 and the network NW. The data is transmitted to the replication source hard disk device HD_A (step S39).

  In the above processing, the data to be replicated is encrypted in the replication destination hard disk devices HD_B1 to B3. However, in the replication source hard disk device HD_A, it is encrypted immediately before the transfer and is encrypted. Data may be transferred to the hard disk devices HD_B1 to B3. In this case, the data does not have to be encrypted on the hard disk devices HD_B1 to B3 side, but the data is further encrypted (multi-encrypted) on the hard disk devices HD_B1 to B3 side (that is, the replication source hard disk device HD_A The data is encrypted using the key information and then transferred to the hard disk devices HD_B1 to B3. The hard disk devices HD_B1 to B3 encrypt the received encrypted data using the key information and then encrypt the data. Further effects can be obtained by writing data to the hard disk 13).

  That is, the CPU 5 of the hard disk device HD_A has a large processing load for data division / distribution storage, and the CPUs 14 to 34 of the hard disk devices HD_B1 to B3 only receive data and write it in the designated sector, compared with the hard disk device HD_A. The load is small. For this reason, the hard disk device HD_A performs encryption with a small processing load such as a stream cipher, and the hard disk devices HD_B1 to B3 perform encryption processing with a large processing load such as a complex block cipher. Is also effective.

  In addition, the report of the NESSIE (New European Schemes for Signatures, Integrity, and Encryption) project (Portfolio of recommended cryptographic primitives ", NESSIE consortium, February 27, 2003) aimed at consensus on cryptographic algorithms in Europe is extremely long-term safe. If security is required, we recommend double encryption and triple encryption using encryption algorithms based on different security principles.

  As described above, when restoring the data replicated to the hard disk devices HD_B1 to B3, when the CPU 5 of the hard disk device HD_A receives a data restoration command (request) from the host H, it is stored in the hard disk 4, for example. Referring to the IP addresses of the replication destination hard disk devices HD_B1 to B3 (or the IP addresses of the PCs to which the hard disk devices HD_B1 to B3 are connected), one of the replication destination hard disk devices HD_B1 to B3 is selected. decide. Then, the CPU 5 transmits a read command to the determined hard disk device HD_B1, for example, via the communication unit 7 and the network NW. On the other hand, the CPU 14 of the hard disk device HD_B1 that has received the read command reads data from the hard disk 13, and sends the read data and the sector number in which the read data is recorded to the hard disk device HD_A via the communication unit 11 and the network NW. Send back. Then, the CPU 5 of the hard disk device HD_A that has received the read data or the like stores the read data in the cache memory 2 and stores the sector of the sector number in the hard disk 4 (the sector number transferred together with the read data from the hard disk device HD_B1). Will write to.

  As described above, according to the above-described embodiment, when a data write command is received from the OS, the data that is the target of the write command passed from the OS is temporarily stored in the cache memory 2. Write control for writing temporarily stored data to the hard disk 4 and transfer control for transferring the temporarily stored data to the other hard disk devices HD_B1 to B3 via the communication unit 7 and the network NW. Even if the data to be backed up is being used by application software, the data is replicated quickly and efficiently in real time (even if it is dynamically updated data). Replication), improving fault tolerance and effectively preventing information leakage You can.

  In addition, it is possible to automatically perform replication with confidentiality and fault tolerance without depending on (and not affected by) an application or OS.

  As a modification of the above embodiment, if each sector data is further divided into a plurality of pieces, and each piece of the divided data is encrypted using the key information, it is transferred to the hard disk devices HD_B1 to B3. More effective. Note that the processing of FIGS. 2 to 4 can also be applied to this modification.

  For example, at least two pieces of key information different from each other are recorded in the hard disk device HD_A, for example, on the hard disk 4, and the CPU 5 of the hard disk device HD_A stores the data stored in the cache memory 2 in the above-described step S15 or S25. (Or cluster) is read for each sector (or each cluster), and the fragment data A (first data), fragment data B (second data), and fragment data C (third data) are 3 The divided fragment data A and fragment data B are encrypted using the different key information, and the encrypted fragment data A, the encrypted fragment data B, etc. are stored for each sector (or each cluster) ( The data including the sector (or cluster) number is also added to the hard disk device HD_B1 (first hard disk Transferred to the click device) (in the case of such a modification also, the data containing each fragment data the encrypted is written to the sector in the hard disk 4). Further, the CPU 5 encrypts each of the divided fragment data B and fragment data C using the different key information, and encrypts the fragment data B, the encrypted fragment data C, etc. in each sector (or each cluster). The data included in each is transferred to the hard disk device HD_B2 (second hard disk device). Further, the CPU 5 encrypts each of the divided fragment data C and fragment data A using the different key information, and encrypts the fragment data C, the encrypted fragment data A, etc. in each sector (or each cluster). The data included in each is transferred to the hard disk device HD_B3 (third hard disk device).

  That is, if a part of fragment data (for example, fragment data A and fragment data B for the hard disk device HD_B1) is transferred in each sector (or each cluster) constituting the data to be replicated, replication is performed. The recording capacity of the previous hard disk can be reduced. If the name of each piece of fragment data is a character string that combines the sector number (or cluster number) in which the fragment data is included and information indicating which piece of fragment data is among the three pieces of divided data, the CPU side It is possible to immediately recognize which fragment data is included in a sector (or each cluster).

  In the replication destination hard disk devices HD_B1 to B3, in step S33, data including the received fragment data for each sector (or each cluster) is written to the hard disk. In this case, the hard disk devices HD_B1 to B3 do not need to be encrypted, but the hard disk devices HD_B1 to B3 further encrypt data (multi-encryption) (that is, the replication source hard disk device HD_A has The data is encrypted using the key information and then transferred to the hard disk devices HD_B1 to B3. The hard disk devices HD_B1 to B3 encrypt the received encrypted data using the key information and then encrypt the data. As described above, further effects can be obtained by writing data into the hard disk 13.

  Alternatively, in the modification, the hard disk device HD_A may transfer the data including the fragment data without encryption, and the data received on the hard disk devices HD_B1 to B3 side may be encrypted and written.

  FIG. 5 is a diagram illustrating an example of one sector in data to be replicated. FIG. 5A shows fragment data written to a sector in the hard disk 4, and in this case, all of the fragmented and encrypted fragment data A, fragment data B, and fragment data C are written to the sector. It is. On the other hand, FIG. 5B shows fragment data written in a sector in the hard disk 13, and in this case, only the fragmented and fragmented data A and fragment data B are written in the sector, and the fragment data is written. Information indicating which fragment data of the three fragment data is written to the sector is written at the position of the data C. FIG. 5C shows fragment data written to a sector in the hard disk 23. In this case, only fragment data B and fragment data C that have been divided and encrypted are written to the sector, and fragment data is written. In the position of data A, information indicating which fragment data among the three fragment data is written to the sector is written. FIG. 5D shows fragment data written in a sector in the hard disk 33. In this case, only the fragment data A and fragment data C that have been divided and encrypted are written in the sector, and the fragment data is written. Information indicating which fragment data of the three fragment data is written to the sector is written at the position of the data B.

  When restoring data (including each piece of fragmented and encrypted data) replicated to the hard disk devices HD_B1 to B3 as in the above modification, the CPU 5 of the hard disk device HD_A sends a data restoration command from the host H. (Request) is received, for example, referring to the IP addresses of the replication destination hard disk devices HD_B1 to B3 (or the IP addresses of the PCs to which the hard disk devices HD_B1 to B3 are connected) stored in the hard disk 4, for example. Two of the replication destination hard disk devices HD_B1 to B3 are determined. Then, the CPU 5 transmits a read command to the determined hard disk devices HD_B1 and B2, for example, via the communication unit 7 and the network NW. On the other hand, each of the hard disk devices HD_B1 and B2 that has received the read command reads data from the hard disk, and the read data, the sector number in which the read data is recorded, and which fragment data of the three fragment data are stored in the sector. Information indicating whether data is written is returned to the hard disk device HD_A via the communication unit 11 and the network NW. Then, the CPU 5 of the hard disk device HD_A that has received the read data or the like stores the read data in the cache memory 2, and information indicating which sector data and which fragment data among the three fragment data are written to the sector. The fragment data A, fragment data B and fragment data C are restored in each sector and written to the sector of the sector number in the hard disk 4.

  According to the configuration of such a modified example, the recording capacity of the replication destination hard disk can be suppressed, and data restoration can be performed efficiently even when one of the replication destination hard disk devices fails. .

  In the above modification, the example in which the data stored in the cache memory 2 is divided into three is shown. However, the data is divided into four or more, and each divided fragment data is two or more hard disk devices. It may be configured to be transferred to.

  As another modification of the above-described embodiment, the power sources of the hard disk devices HD_B1 to B3 are set to a standby power (power saving) mode (the drive of the hard disks 13 to 33 is stopped) during normal times (when no data is received). In addition, when there is a power-on command from the hard disk device HD_A, switching to the normal power mode (hard disk 13 to 33 drive) to enable writing to the hard disks 13 to 33 can reduce power consumption and global warming. It also leads to countermeasures. In this case, the transmission timing of the power-on command by the hard disk device HD_A is, for example, that the storage capacity of the cache memory 2 exceeds a predetermined value due to the backup target data stored in the cache memory 2 (for example, full The data to be backed up is transferred to the hard disk devices HD_B1 to B3 after the transmission of the power-on command. In addition, when all the data to be backed up stored in the cache memory 2 is discharged and a predetermined time elapses, a power OFF command is transmitted to the hard disk devices HD_B1 to B3.

  Further, as another modification of the above-described embodiment, for example, the standby power (until the storage capacity of the cache memories 12 to 32 becomes full (is likely to overflow) due to the data stored in step S31 of FIG. 4 described above, for example) When the storage capacity of the cache memories 12 to 32 becomes full, for example, the normal power mode is executed between the processing of step S31 and step S32, for example. It is possible to switch to (drive the hard disks 13 to 33) so that the hard disks 13 to 33 can be written. In this case, upon returning from step S35, the standby power (power saving) mode is switched again.

  In the above embodiment, the disk device of the present invention is applied to a hard disk device, but can also be applied to other disk drives.

  In another embodiment of the present invention, after the hard disk device HD_A does not have a cache system, the host computer interface unit uses write data as cache memory in the host RAM, and the interface unit returns write completion to the OS. Alternatively, the data may be written in the hard disk device HD_A.

  The present invention is configured as described above, but is not limited to the above-described embodiment, and various modifications can be made within the scope of the gist of the present invention.

It is a figure which shows the example of whole structure of a data backup system. It is a figure which shows the process in CPU5 of hard disk drive HD_A at the time of replication. It is a figure which shows the process in CPU5 of hard disk drive HD_A at the time of replication. It is a figure which shows the process in CPU14 of hard disk device HD_B1 at the time of replication. It is a figure which shows an example of one sector in the data used as the replication object.

Explanation of symbols

1 I / F
2, 12-32 Cache memory 3 Backup power supply 4, 13-33 Hard disk 5, 14-34 CPU
6, 15-35 ROM
7, 11-31 Communication unit 8, 16-36 RAM
HD_A Replication source hard disk device HD_B1 Replication destination hard disk device HD_B2 Replication destination hard disk device HD_B3 Replication destination hard disk device H Host S Data backup system

Claims (15)

A disk device that writes data to a disk or reads data from the disk in response to a command from an operating system,
Data storage means for temporarily storing data to be subjected to a write command from the operating system;
Key information storage means for storing key information;
Control means for performing write control for writing the stored data to the disk, encrypting the stored data using the key information, and performing transfer control for transferring the encrypted data to another disk device When,
With
Wherein, when the storage capacity in the data storage means in which the data is stored becomes a predetermined value or more, it transmits the power ON command to the other disk devices, then the other of the encrypted data A disk device characterized in that the disk device is transferred to a disk device. The disk device according to claim 1,
The disk device according to claim 1, wherein the control means further comprises a write completion return means for returning a signal indicating write completion to the operating system when the data is stored in the data storage means. The disk device according to claim 1 or 2,
The disk device according to claim 1, wherein the control means performs transfer control for transferring the encrypted data to a plurality of the other disk devices. The disk device according to any one of claims 1 to 3,
The control means reads the stored data for each information unit, divides the data of each information unit, and encrypts the divided data using the key information. A disk device characterized. The disk device according to claim 1 or 2,
The control means reads and processes the stored data for each information unit,
Transfer control that divides each information unit data into three or more, encrypts the divided data using the key information, and transfers the encrypted data to two or more other disk devices A disk device characterized by performing The disk device according to claim 1 or 2,
The control means reads and processes the stored data for each information unit, and divides the data of each information unit into first, second, and third data and divides the data. Each of the data is encrypted using the key information, the encrypted first and second data are transferred to the first other disk device, and the encrypted second and third data are transferred to the second And transferring the encrypted first and third data to the third other disk device, and performing a transfer control. The disk device according to claim 1 or 2,
The key information storage means stores at least two different pieces of key information;
The control means reads and processes the stored data for each information unit, and divides the data of each information unit into first, second, and third data and divides the data. Each of the data is encrypted using the different key information, the encrypted first and second data are transferred to the first other disk device, and the encrypted second and third data are transferred. A disk device that performs transfer control for transferring to the second other disk device and transferring the encrypted first and third data to the third other disk device. A data transfer method in a disk device for writing data to a disk or reading data from the disk in accordance with a command from an operating system,
Temporarily storing, in a data storage means, data to be subjected to a write command from the operating system;
Storing key information;
A control step of performing write control for writing the stored data to the disk, performing transfer control for encrypting the stored data using the key information, and transferring the encrypted data to another disk device When,
Including
In the control step, when the storage capacity in the data storage means in which the data is stored becomes a predetermined value or more, it transmits the power ON command to the other disk devices, then the said encrypted data A data transfer method comprising transferring data to another disk device. In response to a command from the operating system, a computer in the disk device that writes data to the disk or reads data from the disk,
Temporarily storing data to be written command from the operating system in the data storage means;
Remember key information,
Performing write control to write the stored data to the disk, encrypting the stored data using the key information, and performing transfer control to transfer the encrypted data to another disk device,
Forwarded if the storage capacity in the data storage means in which the data is stored becomes a predetermined value or more, transmits the power ON command to the other disk devices, then the encrypted data to the other disk devices A data transfer processing program which is made to function as described above. A disk device that writes data to a disk or reads data from the disk in response to a command from an operating system,
Data storage means for temporarily storing data to be subjected to a write command from the operating system;
Key information storage means for storing key information;
Write control to write the stored data to the disk, encrypt the stored data using the key information, and transfer the encrypted data to a disk device for data backup via communication means Control means for performing transfer control, and
With
Wherein, when the storage capacity in the data storage means in which the data is stored becomes a predetermined value or more, it transmits the power ON command to the other disk devices, then the other of the encrypted data A disk device to be transferred to the disk device,
Receiving means for receiving data transferred from the disk device;
Control means for performing control to write the received data to a disk;
A disk device for data backup comprising:
A data backup system comprising: The data backup system according to claim 10, wherein
The data backup system, wherein the data is written in a sector of the same number as a sector written in the disk of the disk device of the data transfer source and in the disk of the disk of the disk device for data backup. The data backup system according to claim 10 or 11,
Further comprising key information storage means for storing key information in the disk device for data backup,
The data backup system, wherein the control means of the disk device for data backup encrypts the stored data using the key information and writes the encrypted data to a data backup disk. The data backup system according to claim 10 or 11,
Further comprising key information storage means for storing key information in the disk device for data backup,
Transfer key information from the data backup disk device to the data transfer source disk device,
The disk device of the data transfer source that has received the transfer of the key information is
Memorize the key information,
The control means of the disk device of the data transfer source encrypts the data to be backed up using the key information,
A data backup system, wherein the encrypted data to be backed up is transferred to the data backup disk device. The data backup system according to claim 13,
A data backup system, wherein key information transferred from the data backup disk device is stored in a volatile memory of the data transfer source disk device. The data backup system according to claim 10 or 11,
Further comprising key information storage means for storing key information in the disk device for data backup,
Before or after data is transferred from the data transfer source disk device to the data backup disk device, key information is transferred from the data transfer source disk device to the data backup disk device. Data backup system.

Images