WO2015198449A1 - ストレージシステム - Google Patents
ストレージシステム Download PDFInfo
- Publication number
- WO2015198449A1 WO2015198449A1 PCT/JP2014/066989 JP2014066989W WO2015198449A1 WO 2015198449 A1 WO2015198449 A1 WO 2015198449A1 JP 2014066989 W JP2014066989 W JP 2014066989W WO 2015198449 A1 WO2015198449 A1 WO 2015198449A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- storage device
- dkc
- volume
- storage
- health check
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/0703—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
- G06F11/0706—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment
- G06F11/0727—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment in a storage system, e.g. in a DASD or network based storage system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/0703—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
- G06F11/079—Root cause analysis, i.e. error or fault diagnosis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/0703—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
- G06F11/0751—Error or fault detection not based on redundancy
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/0703—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
- G06F11/0766—Error or fault reporting or storing
- G06F11/0787—Storage of error reports, e.g. persistent data storage, storage using memory protection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
- G06F11/1402—Saving, restoring, recovering or retrying
- G06F11/1446—Point-in-time backing up or restoration of persistent data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/16—Error detection or correction of the data by redundancy in hardware
- G06F11/20—Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements
- G06F11/202—Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements where processing functionality is redundant
- G06F11/2023—Failover techniques
- G06F11/2028—Failover techniques eliminating a faulty processor or activating a spare
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/16—Error detection or correction of the data by redundancy in hardware
- G06F11/20—Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements
- G06F11/2053—Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements where persistent mass storage functionality or persistent mass storage control functionality is redundant
- G06F11/2056—Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements where persistent mass storage functionality or persistent mass storage control functionality is redundant by mirroring
- G06F11/2058—Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements where persistent mass storage functionality or persistent mass storage control functionality is redundant by mirroring using more than 2 mirrored copies
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/16—Error detection or correction of the data by redundancy in hardware
- G06F11/20—Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements
- G06F11/2053—Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements where persistent mass storage functionality or persistent mass storage control functionality is redundant
- G06F11/2056—Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements where persistent mass storage functionality or persistent mass storage control functionality is redundant by mirroring
- G06F11/2069—Management of state, configuration or failover
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/16—Error detection or correction of the data by redundancy in hardware
- G06F11/20—Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements
- G06F11/2053—Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements where persistent mass storage functionality or persistent mass storage control functionality is redundant
- G06F11/2056—Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements where persistent mass storage functionality or persistent mass storage control functionality is redundant by mirroring
- G06F11/2082—Data synchronisation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/16—Error detection or correction of the data by redundancy in hardware
- G06F11/20—Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements
- G06F11/2097—Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements maintaining the standby controller/processing unit updated
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F13/00—Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
- G06F13/10—Program control for peripheral devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/0703—Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
- G06F11/0751—Error or fault detection not based on redundancy
- G06F11/0754—Error or fault detection not based on redundancy by exceeding limits
- G06F11/0757—Error or fault detection not based on redundancy by exceeding limits by exceeding a time limit, i.e. time-out, e.g. watchdogs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/16—Error detection or correction of the data by redundancy in hardware
- G06F11/20—Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements
- G06F11/2053—Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements where persistent mass storage functionality or persistent mass storage control functionality is redundant
- G06F11/2056—Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements where persistent mass storage functionality or persistent mass storage control functionality is redundant by mirroring
- G06F11/2071—Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements where persistent mass storage functionality or persistent mass storage control functionality is redundant by mirroring using a plurality of controllers
Definitions
- the present invention relates to a high availability technology for a storage system.
- RAID Redundant Array of Independent (or Inexpensive) Disks
- Patent Document 1 an information system using a plurality of (for example, two) storage apparatuses (hereinafter referred to as apparatus A and apparatus B).
- apparatus A and apparatus B There is a technique for duplicating data between the device A and the device B.
- a volume is written twice by the device A and the device B, and the host normally accesses the volume of the device A. If the host fails to access the volume of the device A (I / O processing), the business destination can be continued by switching the access destination so as to access the volume of the device B.
- Patent Document 1 discloses an example in which volume duplication (copy) between device A and device B fails as a result of the link between device A and device B being disconnected. In this case, it is conceivable that the host A switches to access to the device B because a failure has occurred in the device A after the host has used the volume of the device A for a while. However, since only data older than the volume of the device A is stored in the volume of the device B at that time, it is desirable to perform control so that access from the host is not accepted.
- a problem detection volume that can be accessed in common by apparatus A and apparatus B is provided, and this problem is solved by using it.
- the device A fails in the volume duplication processing, the device A reads the contents of the failure detection volume and checks whether the failure information flag is written by the device B. When the failure information flag is not written, the device A writes the failure detection flag, and then resumes the processing related to the access request from the host.
- the host switches the access destination from device A to device B. Then, the device B reads the contents of the failure detection volume and checks whether the failure information flag is written by the device A. In this case, since the failure information flag is written, the device B returns an I / O failure to the host. This prevents the host from reading old data.
- a system configuration as disclosed in Patent Document 1 is called a so-called Active / Standby configuration.
- one device for example, device B
- the host is usually configured to access the volume of device A.
- a storage system includes a first storage device and a second storage device each having one or more volumes, and a third storage device accessible by the first storage device and the second storage device. Composed.
- the storage system operates to replicate data written from the host to the volume in the first or second storage device to the volume of the second or first storage device.
- the first storage device and the second storage device regularly write health check information to the third storage device.
- the second storage device is based on the contents of the health check information written in the third storage device. It is determined whether or not the current volume is in an I / O disabled state, and after determining that the volume is in an I / O disabled state, the processing related to the write request is resumed.
- FIG. 1 shows a configuration example of a computer system according to an embodiment of the present invention.
- the computer system includes a storage system 1 and a host 2.
- the storage system 1 includes a storage device 10a, a storage device 10b, and a quorum storage 15.
- the storage device 10a is connected to the host 2 and the storage device 10b via the SAN 6.
- the SAN 6 is a network configured using, for example, transmission lines (cables), switches, and the like that comply with the fiber channel standard.
- the storage apparatus 10b is connected to the host 2 and the storage apparatus 10a via the SAN 6.
- the storage apparatuses 10 are connected below.
- the path is referred to as “inter-storage device path” or “inter-DKC path”.
- the storage device 10 a is composed of a storage controller (hereinafter also abbreviated as “controller”) 11 and a disk unit 12 including a plurality of drives 121.
- the storage controller 11 includes an MPB 111 that is a processor board that executes control such as I / O processing performed in the storage apparatus 10a, a front-end package (FEPK) 112 that is a data transfer interface with the host 2 and the storage apparatus 10b, and a disk unit.
- a back-end package (BEPK) 113 which is a data transfer interface with the memory 12, and a memory package (CMPK) 114 having a memory for storing cache data and control information are interconnected by a switch (SW) 115.
- the number of each component (MPB 111, FEPK 112, BEPK 113, CMPK 114) is not limited to the number shown in FIG. 1, but usually there are a plurality of each component to ensure high availability. It is also possible to add these components later.
- Each MPB 111 is a package board having a processor (also referred to as MP) 141 and a local memory (LM) 142 for storing data used by the processor 141.
- FIG. 1 shows an example in which only one MP 141 is mounted on the MPB 111, the number of MPs 141 is not limited to one.
- the storage device 10a has a clock (not shown), and the MP 141 can acquire current time information from the clock. The timepiece may be built in the MP 141.
- CMPK 114 includes SM 143 and CM 144.
- the CM 144 is an area used as a so-called disk cache that temporarily stores write data from the host 2 or data read from the drive 121.
- the SM 143 is an area for storing control information used by the MPB 111. Information stored in the SM 143 can be accessed from all the MPs 141 of all the MPBs 111.
- the CMPK 114 preferably includes a means such as a battery backup in order to prevent data loss when a failure such as a power failure occurs.
- the FEPK 112 is a package board for performing data transmission / reception with respect to other devices (the host 2 and the storage device 10b), and has one or more interfaces for connecting to the SAN 6. For example, a fiber channel interface is used as the interface.
- the storage apparatus 10a and the storage apparatus 10b are connected via a single transmission line, but in reality, the storage apparatus 10a and the storage apparatus 10b are connected by a plurality of transmission lines. Further, the number of transmission lines between the host 2 and the storage apparatus 10 is not limited to the configuration shown in FIG. A plurality of transmission lines may be provided between the host 2 and the storage apparatus 10.
- the BEPK 113 is a package board for performing data transmission / reception with the drive 121, and has one or more interfaces for connecting to the disk unit 12.
- SAS Serial Attached SCSI
- the disk unit 12 includes a plurality of drives 121, and each drive 121 mainly stores write data from the host 2.
- a magnetic disk such as an HDD is used for the drive 121, but a storage medium other than the HDD such as an SSD (Solid State Drive) may be used.
- SSD Solid State Drive
- the storage device 10b is a device having the same components as the storage device 10a (the internal configuration is not shown in FIG. 1). However, the number of components (MPB 111, FEPK 112, drive 121, etc.) need not be the same as that of the storage apparatus 10a.
- the storage apparatus 10a and the storage apparatus 10b are not distinguished from each other and are referred to as “storage apparatus 10”.
- the Quorum Storage 15 is connected to the storage device 10a and the storage 10b. Details of the Quorum Storage 15 will be described later.
- the host 2 is a computer having at least a processor, a memory, and an HBA (Host Bus Adapter) that is an interface for connecting to the SAN 6.
- the processor executes a program stored in the memory 302.
- an application program such as a database management system (DBMS) is executed to access data stored in the storage apparatus 10.
- DBMS database management system
- the storage apparatus 10 forms one or more logical volumes (also referred to as volumes or LDEVs) using storage areas of a plurality of drives 121 existing in its own disk unit 12.
- the storage apparatus 10 manages each logical volume with a unique identification number (logical volume number or LDEV #).
- the host 2 is provided with this logical volume.
- the logical volume creation method and the method of providing the created logical volume to the host 2 are the same as those performed in a known storage device.
- write data from the host 2 is written to both the logical volume of the storage apparatus 10a and the logical volume of the storage apparatus 10b (so-called data duplication is performed).
- data duplication is performed in the storage system 1.
- the solid line in FIG. 2 represents the flow of write data when the storage apparatus 10 a receives a write request and write data from the host 2.
- the storage apparatus 10a stores the write data in its own logical volume 125a.
- the storage apparatus 10a sends a copy of the write data and an instruction (write request) to write the copy of the write data to the logical volume 125b to the storage apparatus 10b.
- a copy of the data is stored in the logical volume 125b.
- data duplexing is also performed when the host 2 issues a write request to the storage apparatus 10b.
- the dotted line in FIG. 2 represents the flow of write data when the storage apparatus 10b receives a write request and write data from the host 2. That is, when the storage apparatus 10b receives a write request and write data from the host 2, the write data is stored in both the logical volume 125b and the logical volume 125a.
- the same data is stored in both the logical volume 125b and the logical volume 125a except when the data cannot be duplicated due to a failure in the storage system 1 or the like. It is in a stored state (called a synchronization state). Therefore, the host 2 may access (read or write) either the logical volume 125a or the logical volume 125b.
- the order of data writing to the two logical volumes is determined by a kind of attribute information set in the logical volume.
- the first logical volume to which data is written is called a primary volume (sometimes referred to as P-VOL), and the second logical volume to which data is written is referred to as a secondary volume (S-VOL).
- P-VOL primary volume
- S-VOL secondary volume
- FIG. 2 shows an example in which the logical volume 125a is defined as P-VOL, and the logical volume 125b is defined as S-VOL.
- the application 502 of the host 2 does not recognize that the logical volume 125a and the logical volume 125b are logical volumes in different storage apparatuses 10, respectively.
- the alternate path software 501 of the host 2 is used. To make you recognize.
- the alternate path software 501 is running on the host 2.
- the alternate path software 501 recognizes when there are a plurality of access paths (called paths) from the host 2 to the logical volume, and selects a path to be used from among the plurality of paths when accessing the logical volume. It has a function to do.
- the alternate path software 501 issues a command for acquiring volume identification information, such as an INQUIRY command defined in the SCSI standard, to a logical volume that can be recognized by the host 2. Get the volume identifier.
- the alternate path software 501 recognizes that the logical volume 125a and the logical volume 125b are the same volume.
- the alternate path of the path from the host 2 to the logical volume 125a (in the figure, the solid line arrow from the host 2 to the logical volume 125a. This path is hereinafter referred to as "path 1") is changed from the host 2 to the logical volume 125b.
- path 2 (A dotted line arrow from the host 2 to the logical volume 125b in the figure. This path is hereinafter referred to as “path 2”).
- path 2 An access request is issued via path 2 (that is, an access request is issued to the logical volume 125b). Even if the alternate path software 501 issues an access request to the logical volume 125b, it operates without any problem because the same data as the logical volume 125a is stored in the logical volume 125b.
- the Quorum Storage 15 is a storage device having at least one volume. Further, the storage apparatus 10 has a function of allowing access (reading or writing) to a volume of the storage device when a storage device such as the Quorum Storage 15 is connected to the FEPK 112 interface. Hereinafter, in this embodiment, it is assumed that the Quorum Storage 15 has one volume. This volume is called “Quorum Disk”.
- the storage device 10a periodically writes information to the Quorum Disk.
- the detailed contents of the information will be described later, but the information written here is a kind of health check information and includes information indicating that the storage apparatus 10a is operating (not stopped due to a failure or the like). It is.
- information such as communication failure as a result of communication with another storage device 10 (storage device 10b or the like) is also included.
- the storage apparatus 10b periodically reads information from the Quorum Disk in order to determine the state of the storage apparatus 10a.
- the storage device 10b periodically writes information to the Quorum Disk.
- the storage apparatus 10a periodically reads this written information in order to determine the state of the storage apparatus 10b.
- the configuration in which the quorum storage 15 is connected to the interface of the FEPK 112 of the storage apparatus 10 has been described.
- the configuration of the storage system 1 is not limited to this configuration.
- all the storage devices 10a and 10b may be connected so that the Quorum Disk can be accessed.
- the quorum storage 15 may be connected via the BEPK 113 of the storage apparatus 10.
- the hardware configuration of the Quorum Storage 15 may be the same hardware configuration as the storage device 10 or a different hardware configuration.
- 1 shows a configuration in which the storage device 10a (or the storage device 10b) and the Quorum Storage 15 are connected via one transmission line, the storage device 10a (or the storage device 10b) and the Quorum Storage 15 are shown.
- There may be a configuration in which a plurality of transmission lines between the two are present.
- the configuration in which two storage apparatuses 10 (storage apparatuses 10a and 10b) are connected to the quorum storage 15 will be mainly described.
- a configuration in which more than two storage apparatuses 10 are connected to the quorum storage 15 is described. It may be.
- the storage apparatuses 10a, 10b, and 10c may be connected to the quorum storage 15.
- the storage apparatus 10 of this embodiment stores at least management information called pair management information T300 and LDEV status information T400 in the SM 143.
- the SM 143 is provided with a DKC management information staging area 200 ′ and a quorum storage time area 250.
- DKC management information staging area 200 ′ DKC management information (described later) stored on the Quorum Disk is temporarily stored (staged).
- the quorum storage time area 250 stores the time when the MP 141 updates the DKC management information on the quorum disk.
- the information is stored in the SM 143, and the MP 141 accesses the SM 143 to perform the reference update of the above information.
- the MP 141 stores the information. A part of the stored information may be copied (cached) to the LM 142, and the MP 141 may access the information cached on the LM 142.
- the pair management information T300 will be described.
- the storage system 1 stores write data from the host 2 in two logical volumes. For example, when the storage apparatus 10a receives a write request and write data for the logical volume 125a from the host 2, the write data is stored in the logical volume 125a of the storage apparatus 10a and the logical volume 125b of the storage apparatus 10b.
- FIG. 5 shows the configuration of the pair management table T300. Information on one volume pair is stored in each row of the pair management table T300.
- a pair of a P-VOL and an S-VOL in which a copy of the P-VOL is written is referred to as a “volume pair”.
- An S-VOL in which a copy of a P-VOL is stored is called a “volume that is paired with a P-VOL” or a “P-VOL pair volume”.
- a P-VOL that is a logical volume in which copy data of an S-VOL is stored is also referred to as “a volume that is paired with an S-VOL” or “a pair volume of an S-VOL”.
- the storage apparatus 10 manages each pair with an identifier called a pair number (Pair #), and the pair number is stored in Pair # (T301).
- Pair # an identifier
- P-VOL information belonging to the volume pair (PDKC # and P-VOL which are the serial numbers of the storage devices to which the P-VOL belongs) LDEV #) is stored.
- the SDKC # (T305) and S-VOL # (T306) include S-VOL information belonging to the volume pair (SDKC #, S-VOL LDEV that is an identification number for identifying the storage device to which the S-VOL belongs). #) Is stored.
- the pair status (pair status) is stored in Pair Status (T302).
- the pair status will be described later.
- the changing flag (T307) is set to 1 (ON) when the pair status needs to be changed, and is set to 0 (OFF) in other cases. Specific usage will be described later.
- Each volume pair has one of the states described below. These states are referred to as “pair status” in this specification.
- (A) Initial-Copy state When the storage system 1 forms a volume pair, it first performs a process of copying all the contents of the P-VOL to the S-VOL (referred to as an initial copy process). This state during processing is referred to as an “Initial-Copy state”.
- Duplex state The state of the volume pair in which the contents of the P-VOL and the contents of the S-VOL are the same by the initial copy process or the resynchronization process described later is referred to as a “Duplex state”.
- (C) Suspend state A state in which the contents of the P-VOL are not reflected in the S-VOL is referred to as a “Suspend state”. For example, when the transmission line connecting the storage apparatus 10a and the storage apparatus 10b is cut off and copying becomes impossible, the volume pair becomes “Suspend state”. Alternatively, the volume pair may enter the “Suspend state” according to an instruction from the user. Note that the process of setting the volume pair to the “Suspend state” is referred to as a suspend process.
- (D) Duplex-Pending state When the volume pair is in a transitional state from the Suspend state to the Duplex state, the state of the volume pair is referred to as a “Duplex-Pending state”. In this state, the P-VOL (or S-VOL) data is S-VOL (or P-VOL) to match (synchronize) the contents of the P-VOL and S-VOL for the volume pair that was in the Suspend state. VOL). When the copying is completed, the state of the volume pair becomes “Duplex state”. The process of transitioning the “Suspend state” volume pair to the Duplex state is referred to as resynchronization processing (resync processing).
- resynchronization processing resynchronization processing
- Pair Status (T302) of the pair management table T300.
- T302 Pair Status
- the status of the volume pair is "Initial-Copy status”.
- the status of the volume pair is "Duplex status” Represents that.
- the volume pair status is “Suspend status”.
- the volume pair status is “Duplex-Pending status”. Represents something.
- the volume pair in the Suspend state will be described in some detail. There is not one reason why the volume pair is changed to the Suspend state. For example, as described above, there may be a case where the transmission line connecting the storage apparatus 10a and the storage apparatus 10b is cut off, but in addition, a failure occurs in the storage apparatus 10a or the logical volume 125a, and the logical volume There may be a case where the access to the logical volume 125b becomes impossible because the storage device 10b or the logical volume 125b has failed.
- the logical volume 125b should be accessible from the host 2.
- the logical volume 125a should be accessible from the host 2. Therefore, it is necessary for the storage apparatus 10 to manage information on whether or not each logical volume can be accessed.
- the LDEV status information T400 is used for managing the accessibility status of each logical volume.
- FIG. 6 shows an example of the LDEV status information T400.
- Status (T402) stores the status of the logical volume specified by LDEV # (T401).
- LDEV # T401
- the state of the logical volume is referred to as a “Valid state”.
- the state of the logical volume is called an “Invalid state” or a “blocked state”.
- T402 can be either 0 or 1. 0 indicates that the logical volume is in the “Valid state”, and 1 indicates that the logical volume is in the “Invalid state”.
- the pair status of the volume pair is “Duplex state”
- the states of the P-VOL and S-VOL belonging to the volume pair are “Valid state”.
- the LDEV status information T400 is information that each storage device 10 has.
- one LDEV status information T400 only information about the logical volume of the storage apparatus 10 in which the LDEV status information T400 is stored is stored (for example, the LDEV status information T400 of the storage apparatus 10b includes a storage Only the status of the logical volume of the device 10b is stored).
- the storage apparatus 10 periodically stores information in the Quorum Disk. Further, the storage apparatus 10 periodically refers to information stored in the Quorum Disk.
- the Quorum Disk has an area called a DKC array allocation table 201 and an area called a DKC management information storage area 202.
- the position where this area is provided is determined in advance (for example, the head of the area is positioned at the head (address 0) of the volume). In the initial state, no data is written in any area (for example, 0 is written in all areas).
- the DKC management information storage area 202 is an area where each storage apparatus 10 periodically stores information.
- the DKC management information storage area 202 includes DKC management information [0] (202-0), DKC management information [1] (202-0),. . . , DKC management information [n-1] (202- (n-1)) is divided into n partial areas.
- DKC management information [0] (202-0) When each storage apparatus 10 regularly writes information, information is stored in any one area of DKC management information [0] (202-0) to DKC management information [n-1] (202- (n-1)). Write.
- the area in which each storage device 10 writes information is determined by performing a process called “Quorum Disk registration process”. For example, when one or a plurality of storage apparatuses 10 are installed in the storage system 1, the user performs registration processing on the Quorum Disk using a management terminal or the like. It is executed by instructing. Upon receiving the instruction, the MP 141 of the storage apparatus 10 executes the DKC registration program 1002 stored in the LM 142. When the DKC registration program 1002 is executed, the MP 141 determines an area in which the storage apparatus 10 writes information based on the content of information stored in the DKC array allocation table 201 of the Quorum Disk.
- DKC array allocation table 201 as shown in FIG. 4, areas of product numbers [0] (201-0) to product numbers [n-1] (201- (n-1)) are provided. ing. Each time the storage device 10 connected to the quorum storage 15 performs the registration process to the quorum disk, the storage device 10 receives the product number [0] (201-0) to the product number [n-1] (201- ( Of n-1)), the product number is stored in the area closest to the top of the areas whose contents are 0.
- the quorum disk that executes the registration process stores the product number in the product number [k] (201-k).
- the storage apparatus 10 is determined to use the DKC management information [k] (202-k) (update the contents of the DKC management information [k] (202-k)) when writing the information. .
- the storage apparatus 10 Since the registration process to the Quorum Disk is performed by the above method, the storage apparatus 10 that has executed the registration process to the Quorum Disk for the (k + 1) th time writes information to the DKC management information [k]. It is determined.
- the storage device 10 that writes information to the DKC management information [k] (202-k) (it can be said that the storage device 10 stores the product number in the product number [k] (201-k)). Is expressed as “DKC # k”. This value k may also be called “array number” (or “array #”).
- DKC # k refers to all information of DKC management information [0] (202-0) to DKC management information [n-1] (202- [n-1]). However, the DKC # k updates only the DKC management information [k] (202-k) when storing information in the Quorum Disk. That is, since each storage device 10 does not write data in the same area, it is not always necessary to perform exclusive control when each storage device 10 reads and writes the quorum disk.
- each DKC management information [k] is continuously arranged on the Quorum Disk, but each DKC management information [k] is not necessarily arranged continuously.
- the storage apparatus 10 reads the DKC management information [k] from the quorum disk or writes it to the quorum disk, it is an arrangement method that can uniquely identify the address to be read / written for each DKC management information [k].
- the DKC management information [k] may be arranged such that the head of the DKC management information [k] is positioned at the head of a block (for example, 512 bytes) that is the minimum access unit of the volume.
- the DKC management information [k] includes at least the product number (2020), the update generation number (2021), the incommunicable bitmap A (2022), and the incommunicable bitmap B (2023).
- the product number of DKC # k is stored in the product number (2020). Therefore, the product number (2020) stores the same value as the value stored in the product number [k] (201-k) of the DKC array allocation table 201.
- the update generation number (2021) a value corresponding to the number of times DKC # k stores information in the DKC management information [k] is stored. Although details will be described later, during operation of the storage apparatus 10, the DKC # k repeatedly executes information storage in the DKC management information [k]. Each time DKC # k stores information in the DKC management information [k], the value stored in the update generation number (2021) is incremented by 1 (for example, in the current storage process, the update generation number (2021) is added). When m is stored, (m + 1) is stored in the update generation number (2021) in the next storage process).
- the incommunicable bitmap A (2022) is n-bit information, and each bit indicates whether or not communication is possible via a path (DKC path) between the DKC # k and the other storage device 10. .
- DKC # k passes through a path between DKC # k and DKC # j (j is an integer value satisfying 0 ⁇ j ⁇ (n ⁇ 1) and j ⁇ k).
- DKC # k is j of the incommunicable bitmap A (2022), for example, when data transfer from DKC # k to DKC # j fails. 1 is stored in the bit information (conversely, if it is not detected that communication via the path between DKC # j and DKC # j is impossible, 0 is stored in the bit. ) Details will be described later.
- the incommunicable bitmap B (2023) is n-bit information and is related to the state of the path between the DKC # k and the other storage apparatus 10.
- DKC # k detects that DKC # j has detected that communication via the path between DKC # j and DKC # k is impossible, DKC # k cannot communicate 1 is stored in the j-th bit information of the bitmap B (2023). Details will be described later.
- the closure acknowledgment bitmap (2024) is also n-bit information.
- DKC # k detects the fact that “DKC # j has detected that communication via a path between DKC # j and DKC # k is impossible”, and DKC # j at that time
- DKC # k sets 1 to the j-th bit information in the incommunicable bitmap B (2023).
- setting the volume state to the Invalid state may be referred to as “blocking”.
- the unresponsive bitmap A (2025) is also n-bit information, and each bit is in a state in which the health check process for writing information to the Quorum Disk cannot be performed because the storage apparatus 10 is stopped due to a failure or the like. It represents whether or not.
- DKC # k detects that DKC # j has not written information to the Quorum Disk for a predetermined time or more, and the DKC # k's communication disabled bitmap A (2022) is the jth bit
- DKC # k stores 1 in the j-th bit information of the response impossible bitmap A (2025). In this state, since the storage apparatus 10 is in a stopped state, an I / O request for a logical volume from the host 2 is not accepted.
- the non-response bitmap B (2026) is n-bit information similar to the non-response bitmap A (2025), and stores information when the storage device 10 other than the DKC #k detects the state of the DKC #k.
- the recovery bitmap (2027) is information indicating that resync processing is in progress.
- DKC # k executes a resync process with DKC # j
- DKC # k stores 1 in the j-th bit information of the recovering bitmap (2027).
- Previous generation [0] (2028-0) to previous generation [n-1] (2028- [n-1]), previous time [0] (2029-0) to previous time [n-1] (2029- [ n ⁇ 1]) is used when DKC # k refers to the information of the update generation number (2021) stored in the DKC management information [j] (where j ⁇ k).
- DKC # k updates the contents of the DKC management information storage area 202, only DKC management information [k] (202-k) is updated.
- DKC # k can refer to all the information of DKC management information [0] (202-0) to DKC management information [n-1] (202- [n-1]).
- DKC # k refers to DKC management information [0] (202-0) to DKC management information [n-1] (202- [n-1]), so that the other storage apparatus 10 operates normally. It is determined whether or not.
- DKC # k refers to the update generation number (2021) of DKC management information [j] (where j ⁇ k), that information is stored in the previous generation [j] of DKC management information [k].
- the previous time [j] of the DKC management information [k] stores the time when the DKC #k refers to the update generation number (2021) of the DKC management information [j]. Details will be described later.
- FIG. 4 shows a program stored on the LM 142.
- the LM 142 there are an I / O program 1001, a DKC registration program 1002, a mirroring program 1003, a resync program 1004, a health check program 1005, and a health check / pair status change processing program 1006 using Quorum.
- the I / O program 1001 is a program that is executed when the storage apparatus 10 receives an access request to the logical volume from the host 2.
- the DKC registration program 1002 is a program that is executed during the registration process to the Quorum Disk as described above. Since the registration process to the Quorum Disk has already been described above, a description thereof will be omitted below.
- the mirroring program 1003 is a program that is executed when data is duplicated (data is written to the P-VOL and S-VOL). For example, when data written in the P-VOL is also written in the S-VOL, it is called from the I / O program 1001 and executed.
- the resync program 1004 is a program that is executed when a Suspend state volume pair is changed to a Duplex state.
- the resync program 1004 is started in response to an instruction from the user.
- the health check program 1005 is a program for performing health check processing described later.
- the health check program 1005 determines the state of each storage device 10 by referring to the information stored in the Quorum Disk, and writes the determination result in the Quorum Disk.
- the health check / pair status change processing program 1006 using Quorum is executed in a form called from each program described above.
- the processing performed by executing the health check / pair status change processing program 1006 using Quorum is referred to as “Quorum health check / pair status change processing”.
- each program calls the health check / pair status change processing program 1006 using Quorum (hereinafter, the program that calls the health check / pair status change processing program 1006 using Quorum is called a “calling source program”)
- the original program passes at least the following two parameters to the health check / pair status change processing program 1006 using Quorum.
- the first parameter is called “Process Type”. There are three types of processing: “failure suspend”, “resync”, and “health check”, and the caller program designates one of these as the first parameter.
- the second parameter is the serial number of the processing target storage device. However, the second parameter may not be specified. In this case, the calling program passes “0” as the second parameter to the health check / pair status change processing program 1006 using Quorum. Details of processing executed by the health check / pair status change processing program 1006 using Quorum will be described later.
- the write request (write command) issued by the host 2 to the storage apparatus 10 includes an access target logical volume such as a logical unit number (LUN). Information that identifies is included.
- the access target logical volume is specified based on the information for specifying the access target logical volume included in the write request. Subsequently, the pair management information T300 is referred to and it is determined whether the access target logical volume is a P-VOL or an S-VOL.
- the MP 141 checks the pair status of the access target logical volume by referring to the pair management information T300 (S1). If the pair status is not Duplex, Initial Copy, or Duplex Pending (S1: N), data is not duplicated (written only to P-VOL). Therefore, the MP 141 executes only the process of writing data to the P-VOL (S9) and ends the process. In S9, the MP 141 confirms the state of the logical volume by referring to the LDEV status information T400. When the logical volume is in the Invalid state, an error is returned to the host 2 and the process is terminated.
- the processing after S2 is performed.
- the MP 141 executes data write processing to the P-VOL.
- the MP 141 issues a write request to the storage device 10 in which the S-VOL that is paired with the P-VOL exists (hereinafter referred to as a partner storage device), and from the partner storage device, Receives response information of processing results.
- the partner storage device executes write processing to the S-VOL based on the received write request, and when the write processing is completed, the storage device that issued the write request (the storage device in which the P-VOL exists) Returns a response that the process is completed (if the process is successful, returns “success”).
- the host 2 is informed that the write processing has been completed (S5), and the processing is terminated.
- the processing result in the partner storage device is not “success” (S4: N.
- the partner storage device is stopped and the processing result is not returned from the partner storage device within a predetermined time.
- the processing after S10 is performed.
- the MP 141 sets the changing flag (T307) to 1 for all volume pairs in the pair management table T300 that are paired with the other storage device.
- the MP 141 executes the failure suspend process by calling the health check / pair status change process program 1006 using Quorum.
- the MP 141 passes, as parameters, two types of information, that is, the processing type and the serial number of the target storage device, to the health check / pair status change processing program 1006 that uses Quorum.
- the MP 141 designates “failure suspend” as the process type, and designates the serial number of the other storage device as the serial number of the target storage device. Details of the processing will be described later.
- the MP 141 refers to the state of the volume pair in the storage apparatus 10.
- the status change of all the volume pairs is completed (S13). Specifically, referring to the pair management table T300, if all the changing flags (T307) are 0, it is determined that the state change of all volume pairs has been completed.
- the processing flow described above is an example when the volume pair is in a kind of steady state, in principle, the Duplex state or the Suspend state.
- the pair status is in a transient state such as the Initial Copy or Duplex Pending state, the processing is slightly different.
- the pair status is Initial Copy or Duplex Pending
- the processing result in the other storage device is not “successful” (S4: N).
- the pair status (Pair Status (T302)) of the access target volume (volume pair) is set to the “Suspend” state
- the status of the P-VOL (Status (T402)) is set to the “Valid” state, and the processing ends. .
- the MP 141 checks the pair status of the access target logical volume by referring to the pair management information T300 (S1). If the pair status is not Duplex state (S1: N), the data is not duplicated (written only to the S-VOL), so only the process of writing data to the S-VOL is executed (S9 '), and the process ends. .
- the MP 141 confirms the status of the logical volume by referring to the LDEV status information T ⁇ b> 400. When the logical volume is in the Invalid state, an error is returned to the host 2 and the process is terminated.
- the S-VOL status (Status (T402)) is set to the Invalid status (the same data as P-VOL is not stored, that is, it is valid). Since no data is stored), an error is returned to the host 2 and the process is terminated.
- the processing after S3 ' is performed.
- the MP 141 issues a write request to the storage device 10 in which the P-VOL that is paired with the S-VOL exists (hereinafter referred to as a partner storage device), and the partner storage device Receives response information of processing results.
- the MP 141 executes data write processing to the S-VOL (S2 ′), and the write processing to the host 2 is completed. (S5), and the process ends.
- the processing result in the other storage device is not “success” (S4: N)
- the processing from S11 is performed.
- S11 to S14 are the same as those described in FIG.
- the host 2 may access either the storage device 10a (P-VOL) or the storage device 10b (S-VOL) when reading data. .
- the storage apparatus 10a (P-VOL) receives a read request from the host 2, the storage apparatus 10a returns the data read from the P-VOL to the host 2, and the storage apparatus 10b (S-VOL) When a read request is received from the host 2, the storage apparatus 10b returns the data read from the S-VOL to the host 2. At this time, even if the volume targeted for the read request is an S-VOL, only the data read from the S-VOL is performed, and the P-VOL is not accessed.
- a flow of processing performed when the storage apparatus 10 receives a resynchronization (resync) instruction from the user will be described with reference to FIG.
- the resync program 1004 is executed in the MP 141, and the processing described below is performed.
- the MP 141 receives a resync instruction from the user.
- the user can issue a resync instruction to the storage apparatus 10 from the host 2 (or management terminal).
- the resync instruction includes information on the volume pair to be resynchronized (P-VOL or S-VOL identifier).
- the MP 141 refers to the pair management information T300 and confirms the pair status of the volume pair included in the resync instruction.
- the serial number of the storage device 10 in which the volume in the pair relationship exists is passed to the serial number of the target storage device.
- the serial number of the storage apparatus 10b is changed to Quorum It is passed as an argument of the health check / pair status change processing program 1006 in use.
- the health check process is performed by the MP 141 executing the health check program 1005.
- the MP 141 calls the health check / pair status change processing program 1006 using Quorum (S41).
- “health check” is specified as the processing type, and “0” is specified as the product number of the target storage device.
- it waits for a predetermined time (as an example, 500 ms) (S42), and the MP 141 repeats executing S41 again. Accordingly, the health check / pair status change processing program 1006 using Quorum is periodically executed.
- the health check / pair status change processing program 1006 using Quorum is executed. Called (executed).
- the flow of processing executed by the health check / pair status change processing program 1006 using Quorum will be described with reference to FIG. 13 and subsequent drawings.
- FIG. 13 shows the overall flow of processing executed by the health check / pair status change processing program 1006 using Quorum.
- the processing of FIG. 13 is executed in all the storage apparatuses 10, but in the following, in the MP 141 of DKC # k (the storage apparatus 10 that writes information to the DKC management information [k] (202-k)) A case where the health check / pair status change processing program 1006 using Quorum is executed will be described. Further, DKC # k may be described as “own DKC” or “own device”.
- the MP 141 When the health check / pair status change processing program 1006 using Quorum is called from the caller program, the MP 141 first reads information stored in the DKC array allocation table 201 and the DKC management information storage area 202 on the Quorum Disk. And stored in the DKC management information staging area 200 '(S101).
- the MP 141 performs S102 (no response determination process), S103 (MR communication failure notification reception process), and S104 (communication bitmap editing process). ), S105 (update generation number setting processing) is executed.
- S102 no response determination process
- S103 MR communication failure notification reception process
- S104 communication bitmap editing process
- S105 update generation number setting processing
- the MP 141 When the processing up to S105 is completed, the MP 141 writes the information stored in the DKC management information staging area 200 'back to the Quorum Disk (S106).
- the information read in S101 is all of the information stored in the DKC array allocation table 201 and the DKC management information storage area 202 on the Quorum Disk, but the information written back to the Quorum Disk in S106 is Only the information that the device (DKC # k) is determined to write, that is, DKC management information [k] (202-k).
- the MP 141 acquires the current time information from the clock, and writes the acquired time information in the Quorum storage time area 250.
- the MP 141 performs its own DKC pair status change process.
- the volume pair status of the own device is changed. If it is necessary to change the pair status of the volume pair to the “Suspend state” as a result of performing the processing up to S106, the pair status is changed to the Suspend state (the volume pair stored in the pair management information T300). For example, changing the Pair Status (T302) to “2”).
- the product number [0] (201-0) to the product number [n ⁇ 1] (201- (n ⁇ 1)) of the DKC array allocation table 201 For example, the product number of DKC # m is expressed as “DKC array assignment table. Product number [m]”.
- each information in the DKC management information [0] (202-0) to DKC management information [n-1] (202- (n-1)) stored in the DKC management information staging area 200 ' is clearly specified. Therefore, the following notation method is adopted.
- each information such as the product number (2020) and the update generation number (2021) in the own DKC management information
- the "own DKC management information" and the name of each information are set to ".”
- the product number and the update generation number in the own DKC management information are expressed as “own DKC management information.product number” and “own DKC management information.update generation number”, respectively.
- the previous generation [i] (2028-i) and the previous time [i] (2029-i) are also “own DKC management information. Previous generation [i]”, “own DKC management information. Last time [i]”. (I is an integer of 0 ⁇ i ⁇ (n ⁇ 1)).
- the communication disabled bitmap A (2022), the communication disabled bitmap B (2023), the blocking acknowledgment bitmap (2024), the response disabled bitmap A (2025), and the response disabled bitmap For B (2026) and recovering bitmap (2027), reference and update are performed for each bit. Therefore, in order to specify a specific bit (for example, the j-th bit) of each of these bitmaps, the following notation method is used (j is an integer of 0 ⁇ j ⁇ (n ⁇ 1)).
- the j-th bit of the incommunicable bitmap A is denoted as incommunicable BM_A ⁇ j ⁇ .
- the j-th bit of the incommunicable bitmap B is denoted as incommunicable BM_B ⁇ j ⁇ .
- the j-th bit of the block acknowledge bitmap is denoted as block acknowledge BM ⁇ j ⁇ .
- the j-th bit of the unresponsive bitmap A is denoted as unresponsive BM_A ⁇ j ⁇ .
- the jth bit of the unresponsive bitmap B is denoted as unresponsive BM_B ⁇ j ⁇ .
- the j-th bit of the recovering bitmap is denoted as recovering BM ⁇ j ⁇ .
- the j-th bit of the incommunicable bitmap A included in the own DKC management information is expressed as “Own DKC management information.
- the same notation is used when specifying each bit.
- DKC management information other than its own DKC management information is described using the same notation method as described above. That is, when expressing each piece of information in the DKC management information [m] (m is an integer value satisfying 0 ⁇ m ⁇ (n ⁇ 1)), “DKC management information [m]” and the name of each information are A notation format concatenated using “.” Is used.
- the DKC # m (such as a failure) is mainly checked by checking whether the DKC management information [m] (0 ⁇ m ⁇ (n ⁇ 1)) is updated (by the DKC # m). To determine whether it has stopped (depending on the cause of).
- step S201 the MP 141 identifies the device array number. Specifically, the DKC sequence assignment table. Serial number [0] to DKC sequence assignment table. Among the product numbers [n ⁇ 1], the one that stores the same value as the product number of the own device is specified. For example, DKC sequence assignment table. When the product number [k] (0 ⁇ k ⁇ (n ⁇ 1)) is equal to the product number of the own device, k is specified as the array number of the own device. Hereinafter, a case where the device's array number is k will be described as an example. In S201, the MP 141 prepares a variable selfbl and substitutes the value k into the variable selfbl.
- the MP 141 causes the information stored in the DKC management information staging area 200 '(DKC management information [0] (202-0) to DKC management information [n-1] (202- (n-1)) to be stored. )),
- the DKC management information [selfbl] can be specified as the own DKC management information.
- the MP 141 executes the loop process of S203 to S217 for the DKC management information [0] to DKC management information [n-1].
- the MP 141 prepares a variable ctc and substitutes 0 for an initial value.
- the MP 141 adds 1 to the value of the variable ctc when executing the processing of S204 to S216 once and executes the processing of S204 to S216 again.
- the MP 141 ends the loop process.
- MP141 is a DKC sequence assignment table.
- the storage device with the array number ctc has not been registered in the Quorum Disk (the storage device with the array number ctc does not exist in the storage system 1). ) Means. Therefore, in this case, the processing after S205 is not performed, and the process proceeds to S217 (loop end).
- DKC sequence assignment table Product number [ctc] and DKC management information [ctc]. If none of the product number values is NULL (S204: No), the processing after S206 is performed.
- the MP 141 determines whether or not the values of the variable selfbl and the variable ctc are equal (S206: Yes), the process from S209 is not performed, and the process returns to S203. This is because, after S209, referring to the contents of the DKC management information [ctc] of the storage device other than the own DKC (hereinafter referred to as “the partner DKC”), the partner DKC (DKC # ctc) is stopped. It is determined whether or not.
- the DKC management information [ctc] is the same as the own DKC management information, and there is no meaning to refer to it, so the processing after S209 is not performed (proceed to S217).
- the values of the variable selfbl and the variable ctc are not equal (S206: No), the processing from S207 is performed.
- the MP 141 performs DKC management information [ctc].
- the updated generation has its own DKC management information. It is determined whether it is equal to the previous generation [ctc]. DKC management information [ctc].
- the updated generation has its own DKC management information. If it is equal to the previous generation [ctc] (S209: Yes), the DKC management information [ctc]. This means that the update generation value has not been changed. In this case, since DKC # ctc may have stopped due to a failure or the like, further confirmation is performed after S211.
- the DKC management information [ctc] This means that the value of the update generation has been changed (DKC # ctc can be determined to be operating). In that case, the MP 141 sends its own DKC management information.
- the MP 141 stores its own DKC management information. It is determined whether the previous time is 0. If it is not 0 (S211: No), the process of S213 is executed. If it is 0 (S211: Yes), the process of S212 is executed. Own DKC management information.
- the case where the previous time is 0 means that S210 was executed when the own DKC executed the previous no-response determination process. That is, it corresponds to the case where it is detected that DKC # ctc is normal and the update generation is not updated for the first time this time until the previous no-response determination process is executed.
- the MP 141 sends its own DKC management information.
- the current time and own DKC management information In S213, the current time and own DKC management information.
- the previous time [ctc] is compared, and it is determined whether DKC # ctc has been in a no-response state for a predetermined time or longer (whether it is timed out). In particular, (Current time-Own DKC management information. Previous time [ctc]) ⁇ A threshold value is compared (the threshold value is a value such as 5 seconds). Hereinafter, this threshold value is sometimes referred to as “timeout time”. Own DKC management information.
- the previous time [ctc] stores the time when S212 was executed (the time when it was first detected that the update generation was not updated).
- the MP 141 determines that DKC # ctc has not written to the Quorum Disk for a predetermined time or more in its own DKC management information (that is, DKC # ctc has stopped, Stores information indicating that it has been determined that it cannot respond. Specifically, own DKC management information.
- the value of non-response BM_A ⁇ ctc ⁇ is set to “1” (S215).
- the MP 141 is the own DKC management information. Communication disabled BM_A ⁇ ctc ⁇ is “1” and DKC management information [ctc]. It is determined whether BM_A ⁇ selfbl ⁇ that cannot respond is 0 (S214), and if this determination is affirmative, S215 is executed. The reason why the determination in S214 is made is that the DKC management information [ctc].
- the process in S215 is not performed. Instead, own DKC management information.
- a time (for example, a time 0.5 seconds before the timeout time) before the timeout time is substituted for the previous time [ctc] (S216), and the process proceeds to S217.
- the MP 141 stores its own DKC management information. It is determined whether the recovering BM ⁇ ctc ⁇ is “1”. Own DKC management information. When the BM ⁇ ctc ⁇ being recovered is “1” (S307: Yes), the processes of S308 and S309 are performed.
- the MP 141 determines that the DKC management information [ctc]. Communication failure BM_A ⁇ selfbl ⁇ , DKC management information [ctc]. Communication disabled BM_B ⁇ selfbl ⁇ , DKC management information [ctc]. Blocking acknowledgment BM ⁇ selfbl ⁇ , DKC management information [ctc]. Unresponsive BM_A ⁇ selfbl ⁇ , DKC management information [ctc]. It is determined whether one or more of the unresponsive BM_B ⁇ selfbl ⁇ is “1”. The case where any one of these bits is “1” means that DKC # ctc is being recovered. Therefore, if any of these bits is “1” (S308: Yes), the process proceeds to S322 (loop end). When all of these bits are [0] (S308: No), the MP 141 stores its own DKC management information. The BM ⁇ ctc ⁇ during recovery is set to “0” (S309).
- the self-DKC management information after the processing of S309 or in the determination of S307.
- the MP 141 stores the DKC management information [ctc]. It is determined whether the incommunicable BM_A ⁇ selfbl ⁇ is “1” (S310). DKC management information [ctc].
- the incommunicable BM_A ⁇ selfbl ⁇ is “1” (S310: Yes)
- the other side DKC (DKC # ctc) cannot perform data communication through the path between the own DKC and the DKC # ctc. It means that you are judging.
- the MP 141 executes the processing after S313 to determine whether the logical volume of the own device should be blocked.
- DKC management information [ctc].
- the MP 131 stores the own DKC management information. Blocking acknowledgment BM ⁇ ctc ⁇ and own DKC management information. Communication impossible BM_B ⁇ ctc ⁇ is set to “0” (S311 and S312), and the process proceeds to S318 and subsequent steps.
- the MP 141 determines whether any of the following three conditions (a) to (c) is satisfied.
- (A) The own device has not yet detected that the path between the own device and DKC # ctc is blocked (Own DKC management information. Incommunicable BM_A ⁇ ctc ⁇ is 0)
- (B) The own device detects that the path between the own device and the DKC # ctc is cut off (own DKC management information.
- Incommunicable BM_A ⁇ ctc ⁇ is 1), and the serial number of the own device is It is larger than the serial number of DKC # ctc (own DKC management information. Serial number> DKC management information [ctc].
- Serial number (C) DKC # ctc determines that its own device is in a state incapable of responding (actual DKC management information [ctc]. Incapable of responding BM_A ⁇ selfbl ⁇ is 1)
- the volume of the storage apparatus 10 when a path between the storage apparatuses 10 is interrupted, the volume of the storage apparatus 10 cannot be I / Oed for one storage apparatus 10 (Invalid state. I / O from the host 2). O request acceptance is prohibited).
- the volume of the storage apparatus 10 that is accepting an I / O request from the host 2 is controlled so as not to disable I / O. Therefore, for example, when data transfer from the storage device 10a to the storage device 10b fails (FIG. 9, when the determination in S4 is N), in principle, the volume (P-VOL) of the storage device 10a cannot be I / O. It is controlled not to be.
- both the storage apparatus 10a and the storage apparatus 10b may perform data transfer to the counterpart storage apparatus almost at the same time (both the storage apparatuses 10a and 10b perform the processing of FIG. 9 or FIG. 10). If you are).
- the incommunicable BM_A is 1 in both storage apparatuses 10.
- the serial numbers of the own DKC and the counterpart storage apparatus are compared, and the volume of the storage apparatus 10 having a large serial number is controlled so that I / O is disabled. Therefore, condition (b) is provided.
- the MP 141 further determines whether all of the following three conditions (d) to (f) are satisfied.
- D The volume of DKC # ctc is not in an invalid state (DKC management information [ctc]. Blocking acknowledgment BM ⁇ selfbl ⁇ is 0)
- E The own device does not determine that DKC # ctc is unresponsive (Own DKC management information. Unresponsive BM_A ⁇ ctc ⁇ is 0)
- the volume of the own device is not in the Invalid state (Own DKC management information. Blocking acknowledgment BM ⁇ ctc ⁇ is 0)
- Condition (f) is provided to determine this.
- the MP 141 puts its own logical volume into an I / O disabled (Invalid) state (S315). Specifically, the logical volume status (Status (T402) of LDEV status information T400) is set to “Invalid”, and the pair status of the volume pair to which the logical volume of the own device belongs (Pair Status (T302) of the pair management table T300). ) To “Suspend state”.
- the MP 141 After S315, the MP 141 stores its own DKC management information.
- the block approval BM ⁇ ctc ⁇ is set to “1” (S316), and the processes after S317 are executed.
- the process of S317 is as described above.
- S318 and subsequent steps are processing when the counterpart DKC (DKC # ctc) determines that its own device is in a response impossible state. In this case, the logical volume of the own device is put into a blocked state.
- the MP 141 causes the DKC management information [ctc]. By checking whether BM_A ⁇ selfbl ⁇ is unresponsive, it is determined whether DKC # ctc determines that the device is unresponsive. DKC management information [ctc]. When the unresponsive BM_A ⁇ selfbl ⁇ is not 1 (S318: No), the MP 141 stores its own DKC management information. Unresponsive BM_B ⁇ ctc ⁇ is set to 0 (S325), and the process proceeds to S322. The process of S325 is a process executed in the case of the resync process.
- the MP 141 stores its own DKC management information. It is determined whether the unresponsive BM_B ⁇ ctc ⁇ is 0 (S319). Own DKC management information.
- the process of S320 is executed. This process is the same as S315.
- the response impossible BM_B ⁇ ctc ⁇ is set to 1 (S321), and the process proceeds to S322.
- the incommunicable bitmap editing process is the own DKC management information. This is processing for setting or resetting incommunicable BM_A. Own DKC management information.
- the incommunicable BM_A is information indicating a state in which the own DKC cannot communicate with the partner DKC, and is not set in the case of the health check process (FIG. 12).
- the own DKC management information if data writing to the partner DKC fails in the process of the write request from the host 2 (for example, S4: N in FIG. 9), the own DKC management information.
- Incommunicable BM_A is set. In the case of the resync process (FIG. 11), the own DKC can communicate with the partner DKC, so that the own DKC management information.
- Incommunicable BM_A is reset.
- S401 is the same processing as S201 in FIG.
- the MP 141 refers to the process type passed from the caller program and determines whether the process type is “health check”. When the process type is “health check” (S403: Yes), the process ends. When the process type is not “health check” (S403: No), the processes after S404 are executed.
- the MP 141 identifies the sequence number of the partner DKC.
- the DKC sequence assignment table Serial number [0] to DKC sequence assignment table.
- the product numbers [n ⁇ 1] the one that stores a value equal to the product number of the counterpart device passed from the caller program is specified.
- DKC sequence assignment table If the product number [j] (0 ⁇ j ⁇ (n ⁇ 1)) is equal to the product number of the counterpart device, j is specified as the array number of the counterpart DKC.
- the array number of the counterpart DKC is j will be described as an example.
- the MP 141 prepares a variable matebl and substitutes the value j into the variable matebl.
- the DKC management information [matebl] can be specified as the DKC management information of the partner DKC.
- the DKC management information [matebl] is referred to as “partner DKC management information”.
- the MP 141 refers to the process type passed from the caller program and determines whether the process type is “failure suspend”.
- the process type is “failure suspend” (S406: Yes)
- the process of S407 is executed.
- the process type is not “failure suspend” (S406: No)
- “Resync” is specified as the process type. In this case, the process proceeds to S409 and subsequent steps (FIG. 21).
- the MP 141 stores its own DKC management information. It is determined whether the block approval BM ⁇ matebl ⁇ is 0. That is, it is determined whether or not the volume of the own DKC that is paired with the volume of the partner DKC is blocked. Own DKC management information. When the block approval BM ⁇ matebl ⁇ is 0 (S407: Yes, that is, when the volume of the local DKC that is paired with the volume of the partner DKC is not blocked), the MP 141 stores the local DKC management information. Communication impossible BM_A ⁇ matebl ⁇ is set to 1 (S408).
- MP141 is its own DKC management information.
- Incommunicable BM_A ⁇ matebl ⁇ own DKC management information.
- Communication impossible BM_B ⁇ matebl ⁇ own DKC management information.
- Blocking acknowledgment BM ⁇ matebl ⁇ own DKC management information.
- Unresponsive BM_A ⁇ matebl ⁇ own DKC management information. All unresponsive BM_B ⁇ matebl ⁇ are set to 0 (S409 to S413).
- the MP 141 is the partner DKC management information. Communication impossible BM_A ⁇ matebl ⁇ , partner DKC management information. Communication impossible BM_B ⁇ matebl ⁇ , partner DKC management information. Blocking acknowledgment BM ⁇ matebl ⁇ , partner DKC management information. Unresponsive BM_A ⁇ matebl ⁇ , partner DKC management information. It is determined whether any one or more bits of unresponsive BM_B ⁇ matebl ⁇ are 1. If any one of these bits is 1, the state of the partner DKC is not yet normal, so that the MP 141 stores its own DKC management information. During recovery, BM_A ⁇ matebl ⁇ is set to 1 (S415), and the process ends. When all the bits are 0 (S414: No), the process is terminated without executing S415.
- the incommunicable bitmap editing process at the time of resync is executed in parallel by both the own DKC and the partner DKC. Since it is desired to complete the resync process in synchronization with both the own DKC and the partner DKC, the partner DKC cannot communicate BM_A ⁇ matebl ⁇ , cannot communicate BM_B ⁇ matebl ⁇ , block acknowledge BM ⁇ matebl ⁇ , response Until all of the disabled BM_A ⁇ matebl ⁇ and the unresponsive BM_B ⁇ matebl ⁇ are turned off (0), the recovery BM_A ⁇ matebl ⁇ is set to 1, and the state during the resync process is maintained. The same processing is also performed at the counterpart DKC.
- FIG. 22 is a flowchart of the update generation number setting process.
- the update generation number setting process is DKC management information of its own DKC (this is called “own DKC management information” as in the previously set process). This is a process of adding 1 to the updated generation number.
- the MP 141 stores its own DKC management information. 1 is added to the update generation number (that is, DKC management information [k]. Update generation number), and the process ends.
- FIG. 23 is a flowchart of the DKC pair status change process.
- S601 is a process of specifying the sequence number of the own DKC. This is the same as S201 and the like. Further, S603 is processing for specifying the sequence number of the counterpart DKC. This is the same processing as S404.
- the MP 141 determines whether the processing type passed from the caller program is resync, and if it is resync, executes the processing of S607 and S608. In cases other than resync, the processing of S605 and S606 is executed.
- the MP 141 determines whether the volume is in the invalid state at the other party DKC (whether the DKC management information [matebl] .blocking acknowledgment BM ⁇ selfbl ⁇ is 1) or whether the other party DKC is in an unresponsive state ( Self-DKC management information. Cannot respond BM_A ⁇ matebl ⁇ is 1). If any of the conditions is met (S605: Yes), the MP 141 changes the pair status (T302) of the volume in the pair management table T300 that is paired with the volume of the partner DKC, and is also changing it. The flag (T307) is turned off (S606), and the process is terminated. If none of the conditions is satisfied in the determination in S605 (S605: No), the MP 141 ends the process without executing S606.
- the volume pair cannot be synchronized.
- the pair status (Pair Status (T302) of the pair management table T300) is changed to 2 (Suspend) for the volume that is paired with the volume of the partner DKC (DKC # matebl).
- the volume status (Status (T402)) is "Valid”.
- the MP 141 stores its own DKC management information. It is determined whether the recovering BM ⁇ matebl ⁇ is ON (1). If it is OFF (0) (S607: No), it means that the other party DKC has also been recovered. Therefore, the MP 141 changes the pair status (T302) of the volume in the pair management table T300 that is paired with the volume of the partner DKC to 3 (Duplex-Pending), and also sets the changing flag (T307) to OFF. (S608), the process ends.
- the storage system 1 may include a configuration including more than two storage apparatuses 10. However, for the sake of simplicity of explanation, the storage system 1 includes the host 2 and the Quorum Storage 15 below. In addition, a configuration in which only two storage apparatuses 10 (storage apparatuses 10a and 10b) exist will be described as an example. It is assumed that the storage apparatus 10a has a P-VOL, and the storage apparatus 10b has an S-VOL that is paired with the P-VOL. Further, it is assumed that the array number of the storage device 10a is determined to be 0 and the array number of the storage device 10b is determined to be 1 as a result of the registration process to the Quorum Disk.
- the I / O program 1001 is executed in the storage apparatus 10a, that is, the processing of FIG. 9 is executed.
- a write request is issued to the S-VOL (the storage apparatus 10b having the S-VOL) (S3 in FIG. 9), but the storage apparatus 10b is stopped due to a failure. Therefore, the write process for the S-VOL fails. Therefore, the I / O program 1001 calls the health check / pair status change processing program 1006 using Quorum (S11).
- the MP 141 reads the information of the DKC array allocation table 201 and the DKC management information storage area 202 into the DKC management information staging area 200 ′ as described above. , S102 and subsequent processes are performed.
- the DKC management information [0] is the own DKC management information
- the DKC management information [1] is the partner side. This is DKC management information (because the array numbers of the storage apparatuses 10a and 10b are 0 and 1, respectively).
- the MP 141 of the storage apparatus 10a executes S103 (M-R communication failure notification reception process).
- S103 M-R communication failure notification reception process
- no conspicuous processing such as turning on a specific bitmap
- the own DKC management information When the determination of S307 is executed, the own DKC management information. Since BM [1] during recovery is 0, the processing of S308 and S309 is not performed, and the determination of S310 is performed. In the determination in S310, the DKC management information [1]. Incommunicable BM_A ⁇ 0 ⁇ is OFF (0) (because the storage device 10b has stopped due to a failure, DKC management information [1]. This is because the incommunicable BM_A ⁇ 0 ⁇ is stopped without being turned on) Therefore, in S311, S312, the own DKC management information. Blocking acknowledgment BM ⁇ 1 ⁇ , own DKC management information. The incommunicable BM ⁇ 1 ⁇ is turned off. Thereafter, the processing after S318 is executed.
- DKC management information [1].
- the unresponsive BM_A ⁇ 0 ⁇ is OFF (0) (same as the reason described above. Since the storage apparatus 10b has stopped due to a failure, the DKC management information [1].
- the unresponsive BM_A ⁇ 0 ⁇ is turned ON. So that the DKC management information.
- the response impossible BM_B ⁇ 1 ⁇ is turned OFF (S325), and the MR communication failure notification receiving process is terminated.
- the MP 141 of the storage device 10a executes S104 (incommunicable bitmap editing process).
- S104 communicateable bitmap editing process
- the processes of S407 and S408 are executed.
- the MP 141 has received the own DKC management information.
- the communication impossible BM_A ⁇ 1 ⁇ is turned ON and the processing is terminated (note that since the processing for setting the volume to the Invalid state is not performed in the own DKC (storage device 10a), the determination in S407 (Own DKC management information. Blocking approval) Is BM ⁇ 1 ⁇ OFF?) Becomes Yes).
- the MP 141 of the storage apparatus 10a executes S105 (update generation number setting process).
- the own DKC management information is incremented by one.
- the own DKC management information is written back to the Quorum Disk.
- S107 is executed.
- the own DKC management information Since the unresponsive BM_A ⁇ 1 ⁇ is 0, the health check / pair status change processing program 1006 using Quorum ends without changing the pair status in S107.
- the health check / pair status change processing program 1006 using Quorum is executed repeatedly (S11).
- S11 is executed in the storage apparatus 10a after the timeout period has elapsed after the storage apparatus 10b has become unresponsive (no longer writing to the Quorum Disk) will be described below.
- the determination of S214 is performed by performing the timeout determination (S213) in S102 (no response determination processing). Before this processing is performed, the own DKC management information. Incommunicable BM_A ⁇ 1 ⁇ is turned ON (by executing the incommunicable bitmap editing process S408). Also, DKC management information [1]. Since the unresponsive BM_A ⁇ 0 ⁇ is OFF, the own DKC management information. Unresponsive BM_A ⁇ 1 ⁇ is turned ON (S215).
- the storage device 10a displays the Suspend status of the volume pair that is paired with the storage device 10b.
- the status of the volume (Status (T402)) is set to “Valid” and the I / O request from the host 2 can be accepted), and the health check using Quorum / The execution (S11) of the pair status change processing program 1006 is terminated. Thereafter, the storage apparatus 10a resumes the I / O processing received from the host 2 (S12, S13, S5).
- the storage apparatus 10a is stopped by referring to the health check information (DKC management information) periodically written to the Quorum Disk by the storage apparatus 10b (that is, the S-VOL is I / O processing is resumed after confirming that the storage device 10b is stopped. This prevents the host 2 from accessing erroneous data (S-VOL).
- DKC management information the health check information periodically written to the Quorum Disk by the storage apparatus 10b
- the storage device 10b is restarted after the failure that occurred in the storage device 10b is repaired.
- the storage apparatus 10b executes the health check program 1005 to read out the quorum disk and refer to the contents of the DKC management information read out from the quorum disk.
- the storage apparatus 10b is DKC management information [0]. Confirm that the unresponsive BM_A ⁇ 1 ⁇ is ON.
- the storage device 10b understands that the storage device 10a is in the Suspend state because the storage device 10b has become unresponsive (stopped due to a failure or the like).
- the storage apparatus 10b sets the pair status (T302) of each volume pair in the pair management table T300 to 2 (Suspend).
- the status (T402) of the logical volume that is paired with the volume of the storage apparatus 10a is set to 1 (Invalid). Accordingly, the storage apparatus 10b does not accept an I / O request for a volume that is paired with the volume of the storage apparatus 10a from the host 2, and prevents the host 2 from accessing erroneous data.
- resync re-synchronization
- the storage system 1 starts operating normally as usual.
- the case where the unresponsive BM_A ⁇ 1 ⁇ is not ON includes, for example, the case where the storage apparatus 10b has stopped due to a failure but no write request has arrived from the host 2 during that time. In this case, since the contents of the volumes are the same (synchronized) in the storage apparatuses 10a and 10b, there is no need for resynchronization (the Duplex state may be maintained). Therefore, in the storage system 1 of this embodiment, the DKC management information [0].
- the storage apparatus 10b does not set the volume status (T402) to Invalid upon restart.
- the status (T402) of each logical volume may be set to uniform invalid.
- (6-2) When a Failure Occurs Between DKC Paths As an example, a case where a failure occurs in a path between the storage apparatuses 10a and 10b (however, the storage apparatus 10 is operating normally) will be described.
- the storage system 1 As in (6-1), the storage system 1 will be described by taking as an example a configuration in which only the two storage devices 10 (storage devices 10a and 10b) exist in addition to the host 2 and the Quorum Storage 15. It is assumed that the storage apparatus 10a has a P-VOL, and the storage apparatus 10b has an S-VOL that is paired with the P-VOL. Further, it is assumed that the array number of the storage device 10a is determined to be 0 and the array number of the storage device 10b is determined to be 1 as a result of the registration process to the Quorum Disk.
- the processing of FIG. 9 is executed.
- a write request is issued to the S-VOL (the storage apparatus 10b with the S-VOL) (S3 in FIG. 9), but a failure has occurred in the inter-DKC path.
- the write process for -VOL fails (Note that when there are a plurality of inter-DKC paths, the write process for S-VOL fails when all inter-DKC paths fail). Therefore, the I / O program 1001 calls the health check / pair status change processing program 1006 using Quorum (S11).
- the health check / pair status change processing program 1006 using Quorum is executed several times (until the change of the pair status is completed).
- processing similar to that described in (6-1) is executed, and the own DKC management information.
- Incommunicable BM_A ⁇ 1 ⁇ is set to ON.
- the storage apparatus 10b has its own DKC management information (DKC management information) written in the Quorum Disk by the health check process (S41) periodically executed by the storage apparatus 10b. Refer to the contents of [0]). As a result, the own DKC management information. It detects that the contents of the incommunicable BM_A ⁇ 1 ⁇ have changed.
- the storage apparatus 10a has its own DKC management information. The state transition in the storage apparatus 10b after turning on the incommunicable BM_A ⁇ 1 ⁇ will be described.
- the health check processing is executed in the storage device 10b
- the health check / pair status change processing program 1006 using Quorum is called, and the processing of S101 to S107 is executed. Of these, nothing is performed in the no-response determination process (S102). This is because both the storage apparatuses 10a and 10b are not stopped, and the update generation number is periodically written in the Quorum Disk.
- the storage device 10b is the own DKC management information in S317.
- Communication disabled BM_B ⁇ 0 ⁇ (DKC management information [1].
- Communication disabled BM_B ⁇ 0 ⁇ ) is set to “1” (that is, the path between the partner DKC (DKC # 0) and its own device (DKC # 1) The fact that the device has detected the fact that it has detected that the device has been blocked is recorded).
- the information updated here (DKC management information [1].
- Incommunicable BM_B ⁇ 0 ⁇ ) is written in the Quorum Disk in S106.
- the information written in the Quorum Disk by the health check process (S41) of the storage apparatus 10b is read by the Quorum use health check / pair status change processing program 1006 executed in the storage apparatus 10a.
- the DKC management information [1] It is detected that the block approval BM ⁇ 0 ⁇ is ON (S605).
- DKC management information [1].
- DKC # 1 that is, the storage apparatus 10b
- the volume that is paired with DKC # 0 storage apparatus 10a
- the pair status is simultaneously Suspend state.
- the storage apparatus 10a it can be understood that the S-VOL of the storage apparatus 10b cannot accept an I / O request from the host 2, so the storage apparatus 10a has a pair relationship with the storage apparatus 10b.
- the pair status is changed to Suspend (however, the volume status (Status (T402) of the LDEV status information T400 is set to 0 (Valid) so that I / O from the host 2 can be accepted)).
- the storage apparatus 10a resumes the processing related to the write request received from the host 2 and returns a response to the host (S5).
- the state transition of the storage system 1 when the host 2 issues a write request to the P-VOL (of the storage apparatus 10a) has been described.
- a write request is issued to the device 10b
- the storage apparatus 10b confirms that the P-VOL (in the storage apparatus 10a) is in the blocked (Invalid) state, and resumes the processing related to the write request.
- the storage apparatus 10b is operating normally, the health check information is not written to the Quorum Disk, so that the storage apparatus 10a manages its own DKC as described in (6-1). information.
- the response impossible BM_A ⁇ 1 ⁇ is turned ON (S215), and the pair status of the volume (P-VOL) paired with the storage apparatus 10b is changed to Suspend (S107 (own DKC pair status change process) is executed. To change the volume pair status).
- the status of the volume of the storage device 10a is not set to the Invalid state (it remains in the Valid state). For this reason, when a write request arrives from the host 2 to the volume (P-VOL) of the storage apparatus 10a thereafter, data is written to the P-VOL.
- the storage apparatus 10b is operating normally, but the health check process cannot be performed periodically. Therefore, in the storage apparatus 10b, the volume pair status (T302) and the volume status (T402) are not changed. That is, in the storage apparatus 10b, all the volumes that are paired with the volume of the storage apparatus 10a have the pair status (T302) of “Pair” and the volume status (T402) of “Valid”.
- the host 2 changes to an area with P-VOL (assuming that the address (LBA) of this area is A). If data is written, the data is not reflected in the volume (S-VOL) of the storage apparatus 10b. Thereafter, when the host 2 issues a request to read the data in the same area (address A) of the S-VOL to the storage apparatus 10b, the host 2 returns P when the storage apparatus 10b returns the data stored in the S-VOL. -Data written to the VOL is not returned, and incorrect data is returned.
- FIG. 24 shows the flow of processing performed when the storage apparatus 10 receives a read request for a logical volume (P-VOL or S-VOL).
- the MP 141 first refers to the pair management information T300 to check whether or not the access target logical volume is in a Duplex state (S51).
- S51 the state of the logical volume is not the Duplex state (S51: No)
- the processing after S54 is performed.
- the MP 141 refers to the LDEV status information T400, and determines whether the status (T402) of the access target logical volume is in the “Invalid” state. If the status is Invalid (S54: Yes), an error is returned to the request source (such as host 2) of the read request (S56), and the process is terminated. If it is in the Valid state (S54: No), the data is read from the access target volume, and the read data and a response indicating that the processing is successful are returned to the request source (host 2 or the like) of the read request (S55). The process ends.
- the MP 141 reads time information stored in the quorum storage time area 250 (hereinafter referred to as “storage time”) (S52). ).
- storage time the MP 141 determines whether or not the difference between the current time and the storage time exceeds a predetermined upper limit, and if it does not exceed the predetermined upper limit (S53: No), it has been described above.
- the process after S54 is performed. If it exceeds the predetermined upper limit (S53: Yes), it waits for a predetermined time (S58), and then executes the process of S51 again.
- the upper limit value in S53 is, for example, a time such as (timeout time-0.5 seconds described above).
- the storage apparatus 10 When the storage apparatus 10 writes health check information to the Quorum Disk by executing the health check process or the like, the time information at that time is stored in the Quorum storage time area 250 (S106). Therefore, the determination of S52 and S53 allows the MP 141 to know the elapsed time since the storage device 10 last wrote to the Quorum Disk.
- the storage device 10 waits for writing to the Quorum Disk (S58) before performing the read process.
- processing order described above is not limited to the order described above. It is only necessary to confirm that writing to the Quorum Disk has been performed within a predetermined time from the current time before data reading from the volume. Therefore, for example, the processing of S52, S53, and S58 may be executed before the processing of S51 (processing for checking the pair status).
- the storage apparatus 10b receives a read request from the host 2 to the S-VOL of the storage apparatus 10b when the health check process has not been performed for a certain period of time (for example, the timeout period or more described above), it will be explained above.
- the process (FIG. 24) performed is performed.
- the current time and the storage time are Since it is determined that there is a relationship of (current time ⁇ storage time)> upper limit value, a predetermined time is waited (S58), and the processing from S51 is performed again.
- the health check process (writing to the Quorum Disk) is executed in the storage apparatus 10b while the process related to the read request is waiting for a predetermined time (S58).
- the status (Status (T402)) of the volume of the storage apparatus 10b is “ "Invalid” is changed (and the pair status is "Suspend”).
- a storage system includes a first storage device and a second storage device each having one or more volumes, and a quorum disk accessible to the first storage device and the second storage device, Data is duplicated between the first volume of the first storage device and the second volume of the second storage device.
- the first storage device and the second storage device also periodically write health check information to the Quorum Disk, and periodically read the health check information written on the Quorum Disk to check the status of each storage device. I have confirmed.
- each storage device periodically writes health check information to the Quorum Disk, if the data transfer from the first storage device to the second storage device fails, the first storage device By confirming the written health check information, it can be determined whether the second storage device is in a stopped state or whether the second volume is in an I / O disabled state.
- the second storage device when data duplication cannot be performed between the first storage device and the second storage device, but the second storage device is not stopped (for example, the case where the inter-DKC path is blocked), the second If the storage device is left unstopped, the host may access the wrong data. For example, when the host continues to access the first storage device, and then the host switches the access path to access the second storage device, only data older than the first volume is stored in the second volume. Because. Therefore, in such a case, it is necessary for the first storage device to continue the access from the host after stopping the second storage device.
- the first storage device displays a communication disabled bitmap on the Quorum Disk. Information indicating that communication with the second storage device through the inter-DKC path is impossible is written.
- the second storage device detects that the first storage device cannot communicate with the second storage device via the inter-DKC path by periodically reading the quorum disk. In response to this, the second storage device closes the second volume so that it cannot accept I / O from the host. The Quorum Disk then shuts down the second volume and the information that the second storage device has confirmed that “the first storage device has detected that communication with the second storage device is not possible”. Information indicating that it has been made (I / O disabled state) is stored.
- the first storage device periodically checks the information on the Quorum Disk, and resumes the I / O processing when detecting that the second volume is blocked. As a result, the first storage device confirms that the second volume of the second storage device is blocked and then resumes I / O processing from the host, so that the host accesses wrong data. Can be prevented.
- each of the above-described configurations, functions, processing units, processing means, and the like may be realized by hardware by designing a part or all of them with, for example, an integrated circuit.
- Each of the above-described configurations, functions, and the like may be realized by software by interpreting and executing a program that realizes each function by the processor.
- Information such as programs, tables, and files for realizing each function may be stored in a memory, a hard disk, a recording device such as an SSD (Solid State Drive), or a recording medium such as an IC card, an SD card, or a DVD.
- a recording device such as an SSD (Solid State Drive)
- a recording medium such as an IC card, an SD card, or a DVD.
- control lines and information lines indicate what is considered necessary for the explanation, and not all the control lines and information lines on the product are necessarily shown.
- Storage system 2 Host 6: SAN 10a: Storage device 10b: Storage device 11: Storage controller 12: Disk unit 15: Quorum Storage 111: MPB 112: FEPK 113: BEPK 114: CMPK 115: Switch (SW) 121: Drive 141: MP 142: LM 143: SM 144: CM
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Quality & Reliability (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
Description
図1は、本発明の一実施形態に係る計算機システムの構成例を示す。計算機システムは、ストレージシステム1とホスト2から構成される。ストレージシステム1は、ストレージ装置10a、ストレージ装置10b、Quorum Storage15からなる。
続いて、ストレージシステム1で行われる、ホスト2からのI/O要求に係る処理の概要を説明する。まずストレージ装置10がホスト2に提供するボリュームについて説明する。ストレージ装置10は、自身のディスクユニット12に存在する複数のドライブ121の記憶領域を用いて1以上の論理ボリューム(ボリューム、またはLDEVとも呼ばれる)を形成する。またストレージ装置10は、各論理ボリュームに一意な識別番号(論理ボリューム番号またはLDEV#)を付して管理している。そしてホスト2には、この論理ボリュームを提供する。論理ボリュームの形成方法、及び形成された論理ボリュームをホスト2に提供する方法は、公知のストレージ装置で行われているものと同じである。
続いて、ストレージ装置10とQuorum Storage15との関係について説明する。Quorum Storage15は、少なくとも1つのボリュームを有するストレージデバイスである。またストレージ装置10は、FEPK112のインタフェースにQuorum Storage15等のストレージデバイスが接続された場合、当該ストレージデバイスが有するボリュームにアクセス(リードやライト)できる機能を有している。以下、本実施例では、Quorum Storage15は1つのボリュームを有しているとする。そしてこのボリュームのことを、「Quorum Disk」と呼ぶ。
続いて、図4~図6を用いて、ストレージ装置10が有する管理情報の内容について説明する。本実施例のストレージ装置10は少なくとも、ペア管理情報T300とLDEVステータス情報T400という管理情報をSM143に格納している。また、SM143には、DKC管理情報ステージングエリア200’、Quorum格納時刻領域250という領域が設けられている。DKC管理情報ステージングエリア200’には、Quorum Disk上に格納されているDKC管理情報(後述)が一時格納(ステージング)される。そして、Quorum格納時刻領域250には、MP141がQuorum Disk上のDKC管理情報を更新した時の時刻が格納される。なお、本実施例では、これらの情報がSM143に格納されていて、MP141はSM143にアクセスすることで上記情報の参照更新を行う例について説明するが、アクセス性能向上のために、SM143に格納されている情報の一部をLM142に複製(キャッシング)しておき、MP141はLM142上にキャッシングされた情報にアクセスするようにしてもよい。
ストレージシステム1は、ボリュームペアを形成する際、最初にP-VOLの内容をすべてS-VOLへとコピーする処理(初期コピー処理と呼ばれる)を行う。この処理中の状態のことを「Initial-Copy状態」と呼ぶ。
初期コピー処理または後述する再同期処理により、P-VOLの内容とS-VOLの内容が同一になったボリュームペアの状態を「Duplex状態」と呼ぶ。
P-VOLの内容がS-VOLに反映されない状態のことを「Suspend状態」と呼ぶ。たとえばストレージ装置10aとストレージ装置10bを接続する伝送線が遮断されて、コピーが不可能になった場合に、ボリュームペアは「Suspend状態」になる。あるいはユーザからの指示によって、ボリュームペアが「Suspend状態」になることもある。なお、ボリュームペアを「Suspend状態」にする処理のことを、サスペンド(Suspend)処理と呼ぶ。
ボリュームペアが、Suspend状態からDuplex状態に遷移するまでの過渡状態にある場合、そのボリュームペアの状態は「Duplex-Pending状態」と呼ばれる。この状態の時、Suspend状態にあったボリュームペアについて、P-VOLとS-VOLの内容を一致(同期)させるため、P-VOL(またはS-VOL)のデータがS-VOL(またはP-VOL)へとコピーされる。コピーが完了した時点で、そのボリュームペアの状態は「Duplex状態」になる。なお、「Suspend状態」のボリュームペアをDuplex状態に遷移させる処理のことを、再同期処理(リシンク処理)と呼ぶ。
続いて、ストレージシステム1で実行される処理の流れを説明していく。以下で説明する処理は、ストレージ装置10のMP141が、LM142上に格納されているプログラムを実行することによって行われる。ストレージ装置10のMP141で実行されるプログラムについて、図4を用いて説明する。
(b) 通信不能ビットマップBのj番目のビットは、通信不能BM_B{j}と表記される。
(c) 閉塞了承ビットマップのj番目のビットは、閉塞了承BM{j}と表記される。
(d) 応答不能ビットマップAのj番目のビットは、応答不能BM_A{j}と表記される。
(e) 応答不能ビットマップBのj番目のビットは、応答不能BM_B{j}と表記される。
(f) 回復中ビットマップのj番目のビットは、回復中BM{j}と表記される。
(現在の時刻-自DKC管理情報.前回時刻[ctc])≧閾値
であるか比較する(閾値はたとえば5秒等の値である)。この閾値のことを、以下では「タイムアウト時間」と呼ぶこともある。自DKC管理情報.前回時刻[ctc]にはS212を実行した時刻(更新世代が更新されていないことを初めて検出した時刻)が格納されている。つまりここでは、更新世代が更新されていないことを初めて検出した時刻から、タイムアウト時間に相当する時間が経過したかを判定しているといえる。タイムアウトでない(更新世代が更新されていないことを初めて検出した時刻から、まだタイムアウト時間に相当する時間は経過していない)場合には(S213:No)、S217に進む。
(更新世代が更新されていないことを検知した時刻した時刻(S212が行われた時刻))+タイムアウト時間=タイムアウト時刻
の関係にある。
(a) 自装置が、自装置とDKC#ctcとの間のパスが遮断されていることをまだ検知していない(自DKC管理情報.通信不能BM_A{ctc}が0)
(b) 自装置が、自装置とDKC#ctcとの間のパスが遮断されていることを検知し(自DKC管理情報.通信不能BM_A{ctc}が1)、かつ自装置の製番がDKC#ctcの製番よりも大きい(自DKC管理情報.製番>DKC管理情報[ctc].製番)
(c) DKC#ctcは、自装置が応答不能の状態にあると判断している(実DKC管理情報[ctc].応答不能BM_A{selfbl}が1である)
(d) DKC#ctcのボリュームがInvalid状態でない(DKC管理情報[ctc].閉塞了承BM{selfbl}が0)
(e) 自装置は、DKC#ctcが応答不能と判定していない(自DKC管理情報.応答不能BM_A{ctc}が0)
(f) 自装置のボリュームがInvalid状態でない(自DKC管理情報.閉塞了承BM{ctc}が0)
以下では、ストレージ装置10に障害が発生した時、またはストレージ装置10aとストレージ装置10b間のパス(DKC間パス)に障害が発生した場合を例にとって、ストレージシステム1で行われる処理の流れを説明する。また最後に、Quorum Diskへの書き込みが遅延した場合の、ストレージシステム1の動作について説明する。
以下では一例として、ストレージ装置10bに障害が発生し、ストレージ装置10bが停止した場合について説明する。なお、上で述べたとおり、ストレージシステム1には、2台より多くのストレージ装置10が含まれる構成もあり得るが、以下では説明の簡単化のため、ストレージシステム1にはホスト2とQuorum Storage15の他には、2台のストレージ装置10(ストレージ装置10a及び10b)のみが存在する構成を例にとって説明する。ストレージ装置10aにはP-VOLが存在し、当該P-VOLとペア関係にあるS-VOLがストレージ装置10bに存在しているものとする。また、Quorum Diskへの登録処理が行われた結果、ストレージ装置10aの配列番号が0、ストレージ装置10bの配列番号が1に決定されているものとする。
以下では一例として、ストレージ装置10a、10b間のパスに障害が発生した場合(ただしストレージ装置10は正常に稼動している)について説明する。なお、(6-1)と同様、ストレージシステム1にはホスト2とQuorum Storage15の他には、2台のストレージ装置10(ストレージ装置10a及び10b)のみが存在する構成を例にとって説明する。ストレージ装置10aにはP-VOLが存在し、当該P-VOLとペア関係にあるS-VOLがストレージ装置10bに存在しているものとする。また、Quorum Diskへの登録処理が行われた結果、ストレージ装置10aの配列番号が0、ストレージ装置10bの配列番号が1に決定されているものとする。
上で説明した(6-2)のケースでは、ストレージ装置10bは、ストレージ装置10bで定期的にヘルスチェック処理(S41)を実行していることが前提のケースである。ただし、ストレージ装置10bで定期的にヘルスチェック処理が行われず、Quorum Diskへの書き込みが遅延する場合もある。これはたとえば、ストレージ装置10bのMP141の負荷が高くなりすぎた場合に発生し得る。このような場合でも、ホスト2が誤ったデータにアクセスすることを防ぐ必要がある。
(現在時刻―格納時刻)>上限値
の関係にあると判定されるため、所定時間待機し(S58)、ふたたびS51からの処理が行われる。
2: ホスト
6: SAN
10a: ストレージ装置
10b: ストレージ装置
11: ストレージコントローラ
12: ディスクユニット
15: Quorum Storage
111: MPB
112: FEPK
113: BEPK
114: CMPK
115: スイッチ(SW)
121: ドライブ
141: MP
142: LM
143: SM
144: CM
Claims (12)
- 第1ストレージ装置と、装置間パスを介して前記第1ストレージ装置に接続された第2ストレージ装置と、前記第1ストレージ装置及び前記第2ストレージ装置に接続された第3ストレージ装置とから構成されるストレージシステムであって、
前記第1ストレージ装置と前記第2ストレージ装置はそれぞれ、ボリュームと、1以上の記憶デバイスを有し、定期的に前記第3ストレージ装置にヘルスチェック情報を書き込むように構成されており、
前記第1ストレージ装置は、ホスト計算機から前記第1ストレージ装置内の第1ボリュームに対するライトデータ及び該ライトデータのライト要求を受け付けると、前記第1ボリュームに前記ライトデータを書き込むとともに、前記装置間パスを介して前記第2ストレージ装置に、前記第2ストレージ装置内の第2ボリュームに前記ライトデータを書き込む指示を発行するよう構成され、
前記第2ストレージ装置は、前記ホスト計算機から前記第2ボリュームに対するライトデータ及び該ライトデータのライト要求を受け付けると、前記装置間パスを介して前記第1ストレージ装置に、前記第1ボリュームに前記ライトデータを書き込む指示を発行するとともに、前記第2ボリュームに前記ライトデータを書き込むように構成されており、
前記第1ストレージ装置は、前記ホスト計算機から受け付けた前記ライト要求の処理中に、前記第2ボリュームへのライトデータの書き込みに失敗した場合、
前記第3ストレージ装置に書き込まれた前記ヘルスチェック情報を読み出し、
前記読み出したヘルスチェック情報に基づいて、前記第2ボリュームがI/O不可状態にあるか否かを判断し、
前記第2ボリュームがI/O不可状態にあると判断した後、前記ライト要求に係る処理を再開する、
ことを特徴とする、ストレージシステム。 - 前記第2ストレージ装置は、前記ホスト計算機から受け付けた前記ライト要求の処理中に、前記第1ボリュームへのライトデータの書き込みに失敗した場合、
前記第3ストレージ装置に書き込まれた前記ヘルスチェック情報を読み出し、
前記読み出したヘルスチェック情報に基づいて、前記第1ボリュームがI/O不可状態にあるか否かを判断し、
前記第1ボリュームがI/O不可状態にあると判断した後、前記ライト要求に係る処理を再開する、
ことを特徴とする、請求項1に記載のストレージシステム。 - 前記第1ストレージ装置は、前記ホスト計算機から受け付けたライト要求の処理中に、前記第2ボリュームへのライトデータの書き込みに失敗した場合、
前記装置間パスを介した通信ができない状態である旨を表す情報を、前記ヘルスチェック情報に含めて前記第3ストレージ装置に格納し、
前記第2ストレージ装置は、前記第1ストレージ装置が格納した前記ヘルスチェック情報の中に、前記装置間パスを介した通信ができない状態である旨を表す情報が含まれていることを確認すると、前記第2ボリュームをI/O不可状態にする、
ことを特徴とする、請求項1に記載のストレージシステム。 - 前記第2ストレージ装置は、前記第2ボリュームをI/O不可状態にした後、前記第2ボリュームがI/O不可状態にある旨を表す情報を前記ヘルスチェック情報に含めて前記第3ストレージ装置に格納し、
前記第1ストレージ装置は、前記第2ストレージ装置が格納した前記ヘルスチェック情報の中に、前記第2ボリュームがI/O不可状態にある旨を表す情報が含まれていることを確認すると、前記ライト要求に係る処理を再開する、
ことを特徴とする、請求項3に記載のストレージシステム。 - 前記第1ストレージ装置は、前記第3ストレージ装置に書き込まれた前記ヘルスチェック情報を読み出した時、前記第2ストレージ装置が前記ヘルスチェック情報を所定時間以上の間、前記第3ストレージ装置に書き込んでいないか否かを判断し、
前記第2ストレージ装置が前記ヘルスチェック情報を所定時間以上、前記第3ストレージ装置に書き込んでいない場合、前記第1ストレージ装置は前記第2ストレージ装置が停止状態にあると判断する、
ことを特徴とする、請求項1に記載のストレージシステム。 - 前記第1ストレージ装置及び前記第2ストレージ装置は、前記ヘルスチェック情報の更新回数に相当する値である更新世代番号を、前記ヘルスチェック情報に含めて前記第3ストレージ装置に格納するよう構成されており、
前記第1ストレージ装置は、前記第2ストレージ装置の書き込んだ更新世代番号が、所定時間以上の間変更されていない場合、前記第2ストレージ装置が停止状態にあると判断することを特徴とする、
請求項5に記載のストレージシステム。 - 前記第1ストレージ装置は、前記第3ストレージ装置に書き込まれた前記ヘルスチェック情報を読み出すたびに、前記ヘルスチェック情報に含まれる、前記第2ストレージ装置の書き込んだ更新世代番号を記録しており、
前記第1ストレージ装置はまた、前記第3ストレージ装置に書き込まれた前記ヘルスチェック情報を読み出すと、前記読み出されたヘルスチェック情報に含まれる前記第2ストレージ装置の書き込んだ更新世代番号が、前記記録されている更新世代番号と同じか否かを判定することによって、前記第2ストレージ装置の書き込んだ更新世代番号が変更されていないことを判定することを特徴とする、
請求項6に記載のストレージシステム。 - 前記第1ストレージ装置は、前記ヘルスチェック情報に含まれる、前記第2ストレージ装置の書き込んだ更新世代番号が、前記記録されている更新世代番号と同じであることを、初めて検知した時点の時刻を記録しておき、
前記第1ストレージ装置が、前記記録された時刻から所定時間以上経過した後に前記第3ストレージ装置に書き込まれた前記ヘルスチェック情報を読み出した時、
前記読み出されたヘルスチェック情報に含まれる前記第2ストレージ装置の書き込んだ更新世代番号と、前記記録されている更新世代番号が同じである場合、前記第2ストレージ装置の書き込んだ更新世代番号が所定時間以上の間更新されていないと判断することを特徴とする、
請求項7に記載のストレージシステム。 - 前記第1ストレージ装置は前記第2ストレージ装置が停止状態にあると判断すると、前記第2ストレージ装置が停止状態にある旨を表す情報を前記ヘルスチェック情報に含めて前記第3ストレージ装置に書き込み、
前記第2ストレージ装置は起動時に、第3ストレージ装置から前記ヘルスチェック情報を読み出し、
前記ヘルスチェック情報に、前記第2ストレージ装置が停止状態にある旨を表す情報が前記第1ストレージ装置によって書き込まれていることを検出すると、
前記第2ボリュームをI/O不可状態にすることを特徴とする、
請求項5に記載のストレージシステム。 - 前記第2ストレージ装置は、前記第1ボリュームがI/O不可状態にあることを確認した後、前記第2ボリュームに前記ライトデータを書き込むことを特徴とする、
請求項2に記載のストレージシステム。 - 前記第1ストレージ装置及び前記第2ストレージ装置は、前記第3ストレージ装置に前記ヘルスチェック情報を書き込むたびに、前記ヘルスチェック情報を書き込んだ時刻を記憶しており、
前記第2ストレージ装置は、前記ホスト計算機から前記第2ボリュームに対するリード要求を受け付けると、
前記記憶された時刻に基づいて、前記第2ストレージ装置が前記ヘルスチェック情報を一定時間以内に更新したか判定し、
前記ヘルスチェック情報が一定時間以内に更新されていない場合、前記ヘルスチェック情報が更新されるまで、前記リード要求に係る処理を所定時間待機する、
ことを特徴とする、請求項1に記載のストレージシステム。 - 前記ヘルスチェック情報が一定時間以内に更新されている場合、前記第2ボリュームからデータをリードして、前記ホスト計算機に返送する、
ことを特徴とする、請求項11に記載のストレージシステム。
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/JP2014/066989 WO2015198449A1 (ja) | 2014-06-26 | 2014-06-26 | ストレージシステム |
JP2016528943A JP6230707B2 (ja) | 2014-06-26 | 2014-06-26 | ストレージシステム |
US15/120,888 US10025655B2 (en) | 2014-06-26 | 2014-06-26 | Storage system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/JP2014/066989 WO2015198449A1 (ja) | 2014-06-26 | 2014-06-26 | ストレージシステム |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2015198449A1 true WO2015198449A1 (ja) | 2015-12-30 |
Family
ID=54937579
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2014/066989 WO2015198449A1 (ja) | 2014-06-26 | 2014-06-26 | ストレージシステム |
Country Status (3)
Country | Link |
---|---|
US (1) | US10025655B2 (ja) |
JP (1) | JP6230707B2 (ja) |
WO (1) | WO2015198449A1 (ja) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107480014A (zh) * | 2017-07-24 | 2017-12-15 | 北京奇安信科技有限公司 | 一种高可用设备切换方法及装置 |
JP2021174357A (ja) * | 2020-04-28 | 2021-11-01 | Necプラットフォームズ株式会社 | ストレージ装置、ストレージ装置の処理方法、及びプログラム |
US11487459B2 (en) | 2019-11-27 | 2022-11-01 | Fujitsu Limited | Information processing apparatus, information processing system, and recording medium storing program |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107329698B (zh) * | 2017-06-29 | 2020-08-11 | 杭州宏杉科技股份有限公司 | 一种数据保护方法及存储设备 |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2008225753A (ja) * | 2007-03-12 | 2008-09-25 | Hitachi Ltd | 計算機システム、アクセス制御方法及び管理計算機 |
JP2009266120A (ja) * | 2008-04-28 | 2009-11-12 | Hitachi Ltd | 情報システム及びi/o処理方法 |
JP2010170542A (ja) * | 2008-12-24 | 2010-08-05 | National Institute Of Advanced Industrial Science & Technology | ストレージ管理システム、ストレージ管理方法およびプログラム |
US20110179231A1 (en) * | 2010-01-21 | 2011-07-21 | Sun Microsystems, Inc. | System and method for controlling access to shared storage device |
JP2012504793A (ja) * | 2009-01-20 | 2012-02-23 | 株式会社日立製作所 | ストレージシステム及びストレージシステムの制御方法 |
JP2013041353A (ja) * | 2011-08-12 | 2013-02-28 | Fujitsu Ltd | 情報処理装置、ストレージ制御方法およびプログラム |
US20130086349A1 (en) * | 2011-09-29 | 2013-04-04 | Hitachi, Ltd. | Computer system |
Family Cites Families (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2003076592A (ja) * | 2001-09-04 | 2003-03-14 | Hitachi Ltd | データ格納システム |
US7191298B2 (en) * | 2002-08-02 | 2007-03-13 | International Business Machines Corporation | Flexible system and method for mirroring data |
US7412576B2 (en) * | 2004-12-08 | 2008-08-12 | Hitachi, Ltd. | Remote copy system having multiple data centers |
US20060259815A1 (en) * | 2005-05-10 | 2006-11-16 | Stratus Technologies Bermuda Ltd. | Systems and methods for ensuring high availability |
JP5244332B2 (ja) * | 2006-10-30 | 2013-07-24 | 株式会社日立製作所 | 情報システム、データ転送方法及びデータ保護方法 |
US7610510B2 (en) * | 2007-02-16 | 2009-10-27 | Symantec Corporation | Method and apparatus for transactional fault tolerance in a client-server system |
US7805632B1 (en) * | 2007-09-24 | 2010-09-28 | Net App, Inc. | Storage system and method for rapidly recovering from a system failure |
WO2009141752A2 (en) * | 2008-05-19 | 2009-11-26 | Axxana (Israel) Ltd. | Resilient data storage in the presence of replication faults and rolling disasters |
JP4693867B2 (ja) * | 2008-05-22 | 2011-06-01 | 株式会社東芝 | 計算機システム |
JP5486793B2 (ja) * | 2008-11-07 | 2014-05-07 | 株式会社日立製作所 | リモートコピー管理システム、方法及び装置 |
JP5226125B2 (ja) * | 2009-03-19 | 2013-07-03 | 株式会社日立製作所 | ストレージシステム及びストレージシステムの制御方法 |
US8484510B2 (en) * | 2009-12-15 | 2013-07-09 | Symantec Corporation | Enhanced cluster failover management |
CN104424048A (zh) * | 2013-08-29 | 2015-03-18 | 国际商业机器公司 | 用于数据存储的方法和装置 |
-
2014
- 2014-06-26 WO PCT/JP2014/066989 patent/WO2015198449A1/ja active Application Filing
- 2014-06-26 US US15/120,888 patent/US10025655B2/en active Active
- 2014-06-26 JP JP2016528943A patent/JP6230707B2/ja active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2008225753A (ja) * | 2007-03-12 | 2008-09-25 | Hitachi Ltd | 計算機システム、アクセス制御方法及び管理計算機 |
JP2009266120A (ja) * | 2008-04-28 | 2009-11-12 | Hitachi Ltd | 情報システム及びi/o処理方法 |
JP2010170542A (ja) * | 2008-12-24 | 2010-08-05 | National Institute Of Advanced Industrial Science & Technology | ストレージ管理システム、ストレージ管理方法およびプログラム |
JP2012504793A (ja) * | 2009-01-20 | 2012-02-23 | 株式会社日立製作所 | ストレージシステム及びストレージシステムの制御方法 |
US20110179231A1 (en) * | 2010-01-21 | 2011-07-21 | Sun Microsystems, Inc. | System and method for controlling access to shared storage device |
JP2013041353A (ja) * | 2011-08-12 | 2013-02-28 | Fujitsu Ltd | 情報処理装置、ストレージ制御方法およびプログラム |
US20130086349A1 (en) * | 2011-09-29 | 2013-04-04 | Hitachi, Ltd. | Computer system |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107480014A (zh) * | 2017-07-24 | 2017-12-15 | 北京奇安信科技有限公司 | 一种高可用设备切换方法及装置 |
US11487459B2 (en) | 2019-11-27 | 2022-11-01 | Fujitsu Limited | Information processing apparatus, information processing system, and recording medium storing program |
JP2021174357A (ja) * | 2020-04-28 | 2021-11-01 | Necプラットフォームズ株式会社 | ストレージ装置、ストレージ装置の処理方法、及びプログラム |
JP7315222B2 (ja) | 2020-04-28 | 2023-07-26 | Necプラットフォームズ株式会社 | ストレージ装置、ストレージ装置の処理方法、及びプログラム |
Also Published As
Publication number | Publication date |
---|---|
JPWO2015198449A1 (ja) | 2017-04-20 |
US10025655B2 (en) | 2018-07-17 |
JP6230707B2 (ja) | 2017-11-15 |
US20160371136A1 (en) | 2016-12-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US6510500B2 (en) | System and method for minimizing message transactions for fault-tolerant snapshots in a dual-controller environment | |
US6732231B1 (en) | System and method for management of mirrored storage devices storing device serial numbers | |
US7827367B2 (en) | Backup control method for acquiring plurality of backups in one or more secondary storage systems | |
RU2596585C2 (ru) | Способ отправки данных, способ приема данных и устройство хранения данных | |
EP0902923B1 (en) | Method for independent and simultaneous access to a common data set | |
KR101091225B1 (ko) | 메타데이터를 이용한 연속 원격 복사에서 부정합의 검출을 위한 장치, 시스템, 및 방법 | |
US6330642B1 (en) | Three interconnected raid disk controller data processing system architecture | |
US7464236B2 (en) | Storage system and storage management method | |
US7421550B2 (en) | Storage system and storage system management method | |
EP2002339B1 (en) | Use of volume containers in replication and provisioning management | |
JP5286212B2 (ja) | ストレージクラスタ環境でのリモートコピー制御方法及びシステム | |
US20100036896A1 (en) | Computer System and Method of Managing Backup of Data | |
US7146526B2 (en) | Data I/O system using a plurality of mirror volumes | |
JP2005301590A (ja) | ストレージシステム及びデータ複製方法 | |
JP6230707B2 (ja) | ストレージシステム | |
US20110196825A1 (en) | Storage system and data duplication method in the same | |
JP2018073231A (ja) | ストレージシステムおよびストレージ装置 | |
JP6039818B2 (ja) | 情報システム、ホストシステム、及びアクセス制御方法 | |
JP2016119062A (ja) | ストレージ装置、ストレージシステムおよびストレージ制御プログラム | |
JP4898609B2 (ja) | ストレージ装置、データ回復方法及び計算機システム | |
US10248511B2 (en) | Storage system having multiple local and remote volumes and multiple journal volumes using dummy journals for sequence control | |
JP2021033782A (ja) | リモートコピーシステム | |
US20060004889A1 (en) | Dynamic, policy-based control of copy service precedence | |
US11256586B2 (en) | Remote copy system and remote copy management method | |
US11379328B2 (en) | Transitioning from a donor four site data replication system to a target four site data replication system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 14895656 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2016528943 Country of ref document: JP Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 15120888 Country of ref document: US |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 14895656 Country of ref document: EP Kind code of ref document: A1 |