WO2021052231A1 - Data detection method and device - Google Patents

Data detection method and device Download PDF

Info

Publication number
WO2021052231A1
WO2021052231A1 PCT/CN2020/114350 CN2020114350W WO2021052231A1 WO 2021052231 A1 WO2021052231 A1 WO 2021052231A1 CN 2020114350 W CN2020114350 W CN 2020114350W WO 2021052231 A1 WO2021052231 A1 WO 2021052231A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
detection
file
disaster recovery
array
Prior art date
Application number
PCT/CN2020/114350
Other languages
French (fr)
Chinese (zh)
Inventor
李永辉
侯杰
Original Assignee
华为技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 华为技术有限公司 filed Critical 华为技术有限公司
Publication of WO2021052231A1 publication Critical patent/WO2021052231A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/568Computer malware detection or handling, e.g. anti-virus arrangements eliminating virus, restoring damaged files
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/16File or folder operations, e.g. details of user interfaces specifically adapted to file systems
    • G06F16/162Delete operations
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/18File system types
    • G06F16/1805Append-only file systems, e.g. using logs or journals to store data
    • G06F16/1815Journaling file systems

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Virology (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Human Computer Interaction (AREA)
  • General Health & Medical Sciences (AREA)
  • Debugging And Monitoring (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

A data detection method and device. The method comprises: upon generating first snapshot data of a first moment, acquiring data in a first disaster recovery array, the data in the first disaster recovery array comprising the first snapshot data (101); performing detection on the data in the first disaster recovery array to obtain a first detection result (102); and generating, according to the first detection result, a detection report on the first snapshot data (103). The method can be used to perform real-time detection on file data backed up in a disaster recovery array upon generating snapshot data corresponding to a local disk array at any time, so as to immediately detect whether data at a recovery point has changed after generating the recovery point, thereby helping users quickly locate a target recovery point, and preventing the users from blindly and tentatively searching for the target recovery point and thus wasting a lot of time.

Description

一种数据检测方法和装置Data detection method and device 技术领域Technical field
本申请涉及数据存储领域,尤其是涉及在CDP系统中的一种数据检测方法和装置。This application relates to the field of data storage, and in particular to a data detection method and device in the CDP system.
背景技术Background technique
持续数据保护(continuous data protection,CDP)是一种在不影响主要数据运行的前提下,实现持续捕捉或跟踪目标数据所发生的任何改变,并且能够恢复到此前任意时间点的方法。CDP系统能够提供块级、文件级和应用级的备份,以及恢复目标的无限的任意可变的恢复点。Continuous data protection (CDP) is a method that continuously captures or tracks any changes in target data without affecting the operation of the main data, and can be restored to any previous point in time. The CDP system can provide block-level, file-level, and application-level backups, as well as unlimited and arbitrary variable recovery points for recovery targets.
CDP技术通过在操作系统核心层中植入文件过滤驱动程序,例如IoSplitter,来实时捕获所有文件访问操作。对于需要CDP连续备份保护的文件,当CDP管理模块经由文件过滤驱动拦截到其改写操作时,则预先将文件数据变化部分连同当前的系统时间戳(system time stamp)一起自动备份到存储设备,比如快照磁盘。从理论上说,任何一次的文件数据变化都会被自动记录,因而称之为持续数据保护。所述CDP可以实现秒级的恢复点目标(Recovery Point Objective,RPO)和恢复时间目标(Recovery Time Objective,RTO),也就是说,CPD备份的快照数据达到间隔数秒的时间段,每个恢复点对应一个快照磁盘或存储阵列,CDP系统中丰富的恢复点保证了用户能从任何灾难场景恢复并丢失最少的数据。CDP technology captures all file access operations in real time by implanting file filtering drivers, such as IoSplitter, in the core layer of the operating system. For files that require continuous CDP backup protection, when the CDP management module intercepts the rewriting operation through the file filter driver, it will automatically back up the file data changes together with the current system time stamp to the storage device in advance, such as Snapshot disk. In theory, any file data change will be automatically recorded, so it is called continuous data protection. The CDP can achieve the second-level Recovery Point Objective (RPO) and Recovery Time Objective (RTO), that is, the snapshot data backed up by the CPD reaches the interval of several seconds, and each recovery point Corresponding to a snapshot disk or storage array, the abundant recovery points in the CDP system ensure that users can recover from any disaster scenario with minimal data loss.
但是,当用户面对过多的恢复点时也会产生困扰。比如当系统被勒索病毒感染时,导致一些文件被加密而不能继续访问,但操作系统仍能够正常运行,这时当用户察觉到这种状况时可能是从勒索病毒感染系统文件起经过数小时以后了。于是,当用户想恢复数据时,由于CPD系统秒级的RPO在数小时内会产生几十甚至上百个恢复点,所以用户想要查找出被病毒感染之前最后的一个恢复点(即目标恢复点)将变得困难,其中,在该目标恢复点做数据恢复既可以消除病毒,又能丢失最少的数据。However, when users are faced with too many recovery points, they can also be troubled. For example, when the system is infected by a ransomware virus, some files are encrypted and cannot be accessed, but the operating system can still operate normally. At this time, when the user notices this situation, it may be several hours after the ransomware infects the system files. Up. Therefore, when a user wants to restore data, because the second-level RPO of the CPD system will generate tens or even hundreds of recovery points within a few hours, the user wants to find the last recovery point before being infected by the virus (that is, the target recovery point). Point) will become difficult, in which data recovery at the target recovery point can eliminate the virus and also lose the least data.
一般的查找方法是,CDP系统将数小时内产生的所有恢复点推送给用户,用户试着从他认为可能获得健康数据的恢复点做数据恢复,一旦不能得到健康数据,则从下一个恢复点继续做数据恢复,直到在某一个恢复点中得到健康数据为止。在这一过程中,用户可能要尝试N个恢复点后才能确定出目标恢复点,导致CDP系统实际查找到目标恢复点的时间是给用户承诺的RTO的N倍,不能兑现在预期时间的检测并恢复数据的承诺。The general search method is that the CDP system pushes all the recovery points generated within a few hours to the user. The user tries to recover the data from the recovery point that he thinks may obtain healthy data. Once the healthy data cannot be obtained, the next recovery point Continue to do data recovery until you get healthy data at a certain recovery point. In this process, the user may have to try N recovery points before determining the target recovery point. As a result, the actual time for the CDP system to find the target recovery point is N times the RTO promised to the user, and the detection of the expected time cannot be fulfilled. And restore the promise of data.
发明内容Summary of the invention
本申请实施例提供了一种恢复点的数据检测方法,用于解决现有的恢复点查找过程盲目、耗时较大的问题,为了解决该技术问题,本申请实施例具体公开了如下技术方案:The embodiment of the present application provides a method for detecting recovery point data, which is used to solve the blind and time-consuming problem of the existing recovery point search process. In order to solve the technical problem, the embodiment of the present application specifically discloses the following technical solutions :
第一方面,本申请实施例提供了一种数据检测方法,该方法可以由数据分析模块来执行,具体地,所述方法包括:在生成第一时刻的第一快照数据时,获取第一灾备阵列中的数据,所述第一灾备阵列中的数据包括所述第一快照数据;对所述第一灾备阵列中的数据进行检测得到第一检测结果,根据所述第一检测结果生成所述第一快照数据的检测报告。In the first aspect, an embodiment of the present application provides a data detection method, which may be executed by a data analysis module. Specifically, the method includes: when generating the first snapshot data at the first moment, acquiring the first disaster Data in the backup array, the data in the first disaster recovery array includes the first snapshot data; detecting the data in the first disaster recovery array to obtain a first detection result, and according to the first detection result A detection report of the first snapshot data is generated.
本方面提供的方法,灾备中心在任一时刻生成本地磁盘阵列所对应的快照数据时,对备份在灾备阵列中的文件数据进行实时检测,从而在恢复点生成后立即检查恢复点的数据是否发生变化,并将变化和检测结果生成检测报告,显示给用户。当用户检查恢复点或者希望恢 复在前某一时刻的数据时,只需通过实时生成的检测报告所显示的文件变化情况,就可以确定目标恢复点,从而快速地在目标恢复点做数据恢复,达到了用户所见即所得的效果,避免用户再盲目、试验地查找目标恢复点,导致耗费大量时间。In the method provided in this aspect, when the disaster recovery center generates the snapshot data corresponding to the local disk array at any time, it detects the file data backed up in the disaster recovery array in real time, so as to check whether the data at the recovery point is immediately after the recovery point is generated. When changes occur, a test report is generated for the change and test results and displayed to the user. When the user checks the recovery point or wants to recover the data at a certain time, the target recovery point can be determined only by the file change shown in the detection report generated in real time, so as to quickly restore the data at the target recovery point. It achieves the effect of what users see is what you get, and avoids users from blindly and experimentally finding the target recovery point, which will consume a lot of time.
结合第一方面,在第一方面的一种可能的实现中,对所述第一灾备阵列中的数据进行检测,包括:对所述第一灾备阵列中的数据进行第一层检测,所述第一层检测包括检测所述第一灾备阵列的数据所在的块设备是否发生变化;如果未发生变化,则进行第二层检测,所述第二层检测包括对所述块设备中的文件进行检测。With reference to the first aspect, in a possible implementation of the first aspect, detecting data in the first disaster recovery array includes: performing a first layer detection on the data in the first disaster recovery array, The first layer detection includes detecting whether the block device where the data of the first disaster recovery array is changed; if there is no change, the second layer detection is performed, and the second layer detection includes checking the block device Files to be detected.
其中,所述块设备包括逻辑单元LUN、卷或盘等设备。Wherein, the block device includes devices such as logical unit LUNs, volumes, or disks.
进一步地,当在第一层检测中快照数据的块设备发生变化时,就停止进行第二层检测,并直接上报第一层检测的检测结果,生成检测报告。当第一层检测未发生变化时执行第二层检测,并对第二层检测的所有文件的变化情况进行统计和汇总,生成对应的检测报告。Further, when the block device of the snapshot data changes during the first-level detection, the second-level detection is stopped, and the detection result of the first-level detection is directly reported, and a detection report is generated. When the first-level detection has not changed, the second-level detection is performed, and the changes of all files detected in the second-level are counted and summarized, and the corresponding detection report is generated.
结合第一方面,在第一方面的另一种可能的实现中,所述文件包括:文件系统日志文件、操作系统配置文件和操作系统日志文件中的至少一种。With reference to the first aspect, in another possible implementation of the first aspect, the file includes at least one of a file system log file, an operating system configuration file, and an operating system log file.
进一步地,对所述文件进行检测包括:Further, detecting the file includes:
对于所述文件系统日志文件进行检测,具体包括:读取每个所述文件系统日志文件,分析每个日志文件的增加、删除、修改情况等。The detection of the file system log files specifically includes: reading each of the file system log files, and analyzing the addition, deletion, and modification of each log file.
对于所述操作系统配置文件进行检测,具体包括:读取每个所述操作系统配置文件,分析每个配置文件,与前一时刻的关键配置文件进行对比,获得每个所述配置文件变化情况等。Detecting the operating system configuration files specifically includes: reading each operating system configuration file, analyzing each configuration file, comparing it with the key configuration file at the previous moment, and obtaining changes in each configuration file Wait.
对于所述操作系统日志文件进行检测,具体包括:读取每个所述操作系统日志文件,分析每个日志文件,获得所述日志文件中被记录为错误或警告的日志,并记录所述错误或警告的日志。Detecting the operating system log files specifically includes: reading each operating system log file, analyzing each log file, obtaining a log recorded as an error or warning in the log file, and recording the error Or warning log.
本实现方式通过对灾备阵列的数据进行逐层检测,检测类别从块设备,比如盘、分区、卷,再到块设备中的文件系统,比如文件系统日志文件、操作系统配置文件和操作系统日志文件的细致检测,从而达到对灾备阵列中的快照数据精细至文件级别的健康检测,具体到每个文件,所以能够通过检测报告上报给用户各个时间戳的灾备阵列的变化情况,方便用户快速确定可以做恢复的最佳恢复点。This implementation method detects the data of the disaster recovery array layer by layer, and the detection categories range from block devices, such as disks, partitions, and volumes, to file systems in block devices, such as file system log files, operating system configuration files, and operating systems. The detailed detection of log files can achieve fine-grained health detection of the snapshot data in the disaster recovery array to the file level, specific to each file, so it can report to the user the changes in the disaster recovery array of each time stamp through the detection report, which is convenient The user quickly determines the best recovery point for recovery.
结合第一方面,在第一方面的又一种可能的实现中,所述第一快照数据中还包括至少一个应用所产生的应用数据;所述方法还包括:利用第三方程序对所述至少一个应用所产生的应用数据的增加、删除、修改情况进行检测。With reference to the first aspect, in yet another possible implementation of the first aspect, the first snapshot data further includes application data generated by at least one application; the method further includes: using a third-party program to compare the at least one application to the at least one application. The addition, deletion, and modification of application data generated by an application are detected.
本实现方式,在对应用所产生的应用数据(或称强背景数据)进行检测时,通过在某一时刻的快照磁盘上拉起虚拟机系统,并依赖第三方应用程序在该虚拟机系统下运行和分析应用的日志文件,并记录检测结果,从而实现了对应用数据的检测,生成包含对特定应用的日志文件的修改记录,从而帮助用户确定恢复到对象修改之前的最佳恢复点。In this implementation method, when detecting the application data (or strong background data) generated by the application, the virtual machine system is pulled up on the snapshot disk at a certain moment, and the third-party application is dependent on the virtual machine system. Run and analyze the application log files, and record the detection results, thereby realizing the detection of application data, generating modification records containing the log files of a specific application, and helping users determine the best recovery point before the object is modified.
第二方面,本申请实施例提供了一种数据检测装置,所述装置包括获取单元和处理单元,其中,获取单元用于在生成第一时刻的第一快照数据时,获取第一灾备阵列中的数据,所述第一灾备阵列中的数据包括所述第一快照数据;处理单元用于对所述第一灾备阵列中的数据进行检测得到第一检测结果,以及根据所述第一检测结果生成所述第一快照数据的检测报告。In a second aspect, an embodiment of the present application provides a data detection device. The device includes an acquisition unit and a processing unit. The acquisition unit is configured to acquire the first disaster recovery array when generating the first snapshot data at the first moment. The data in the first disaster recovery array includes the first snapshot data; the processing unit is configured to detect the data in the first disaster recovery array to obtain a first detection result, and according to the first A detection report of the first snapshot data is generated as a result of the detection.
结合第二方面,在第二方面的一种可能的实现中,所述处理单元,具体用于对所述第一灾备阵列中的数据进行第一层检测,所述第一层检测包括检测所述第一灾备阵列的数据所在的块设备是否发生变化;如果未发生变化,则进行第二层检测,所述第二层检测包括对所述块设备中的文件进行检测。With reference to the second aspect, in a possible implementation of the second aspect, the processing unit is specifically configured to perform a first layer detection on the data in the first disaster recovery array, and the first layer detection includes detection Whether the block device where the data of the first disaster recovery array is located has changed; if there is no change, a second layer detection is performed, and the second layer detection includes detection of files in the block device.
可选的,所述文件包括文件系统日志文件、操作系统配置文件和操作系统日志文件中的至少一种。Optionally, the file includes at least one of a file system log file, an operating system configuration file, and an operating system log file.
结合第二方面,在第二方面的另一种可能的实现中,所述第一快照数据中还包括至少一个应用所产生的应用数据;所述处理单元,还用于利用第三方程序对所述至少一个应用所产生的应用数据的增加、删除、修改情况进行检测。With reference to the second aspect, in another possible implementation of the second aspect, the first snapshot data further includes application data generated by at least one application; the processing unit is further configured to use a third-party program to The addition, deletion, and modification of application data generated by the at least one application are detected.
第三方面,本申请实施例还提供了一种通信装置,所述通信装置包括处理器,所述控制器与存储器耦合,所述存储器用于存储指令;所述控制器用于执行所述存储器中的指令,使得所述通信装置执行前述第一方面以及第一方面各种实现方式中的方法。In a third aspect, an embodiment of the present application also provides a communication device. The communication device includes a processor, the controller is coupled to a memory, and the memory is used for storing instructions; and the controller is used for executing instructions in the memory. The instructions for causing the communication device to execute the foregoing first aspect and the methods in various implementation manners of the first aspect.
第四方面,本申请实施例还提供了一种计算机可读存储介质,所述存储介质中存储有指令,当所述指令在计算机或处理器上运行时,用于执行前述第一方面以及第一方面各种实现方式中的方法。In a fourth aspect, the embodiments of the present application also provide a computer-readable storage medium. The storage medium stores instructions. When the instructions run on a computer or a processor, they are used to execute the aforementioned first aspect and the first aspect. On the one hand, the methods in various implementations.
第五方面,本申请实施例还提供了一种计算机程序产品,所述计算机程序产品包括计算机指令,当所述指令被计算机或处理器执行时,可实现前述第一方面以及第一方面各种实现方式中的方法。In the fifth aspect, the embodiments of the present application also provide a computer program product. The computer program product includes computer instructions. When the instructions are executed by a computer or a processor, the foregoing first aspect and various aspects of the first aspect can be implemented. The method in the implementation mode.
第六方面,本申请实施例还提供了一种芯片系统,所述芯片系统包括处理器和接口电路,所述接口电路与所述处理器耦合,所述处理器用于执行计算机程序或指令,以实现前述第一方面以及第一方面各种实现方式中的方法;所述接口电路用于与所述芯片系统之外的其它模块进行通信。In a sixth aspect, an embodiment of the present application also provides a chip system, the chip system includes a processor and an interface circuit, the interface circuit is coupled with the processor, and the processor is used to execute computer programs or instructions to The foregoing first aspect and the methods in the various implementation manners of the first aspect are implemented; the interface circuit is used to communicate with modules other than the chip system.
本实施例提供的方法,CDP系统在本地磁盘的文件生成对应的快照数据时,对备份在灾备阵列中的文件数据进行实时检测,从而在恢复点生成后立即检查恢复点的数据、分区、盘、卷、各种文件等是否发生变化,并将变化和检测结果生成检测报告,显示给用户。In the method provided in this embodiment, the CDP system performs real-time detection of the file data backed up in the disaster recovery array when the file on the local disk generates the corresponding snapshot data, so as to check the data, partitions, and partitions of the recovery point immediately after the recovery point is generated. Whether the disk, volume, various files, etc. have changed, and generate a test report for the change and test results, and display it to the user.
由于本方法对灾备阵列中的快照数据进行文件级别的健康检测,细致到每个具体的文件,所以当系统有病毒入侵时,能够反映出前后两个时刻的灾备阵列的变化,所以当用户检查恢复点或者希望恢复在前某一时刻的数据时,只需通过实时生成的检测报告所显示的文件变化情况,就可以确定目标恢复点,从而快速地在目标恢复点做数据恢复,达到了用户所见即所得的效果,避免用户再盲目、试验地查找目标恢复点,导致耗费大量时间。Since this method performs file-level health detection on the snapshot data in the disaster recovery array, it is detailed to each specific file, so when the system has a virus intrusion, it can reflect the changes of the disaster recovery array at two moments before and after. When the user checks the recovery point or wants to recover the data at a certain time, the target recovery point can be determined only by the file change shown in the detection report generated in real time, so as to quickly restore the data at the target recovery point to achieve In order to avoid the user from blindly and experimentally searching for the target recovery point, the user sees is what they get, which causes a lot of time-consuming.
附图说明Description of the drawings
图1为本申请实施例提供的一种持续数据保护CDP系统的结构示意图;FIG. 1 is a schematic structural diagram of a continuous data protection CDP system provided by an embodiment of this application;
图2为本申请实施例提供的一种存储阵列或灾备阵列的结构示意图;2 is a schematic structural diagram of a storage array or disaster recovery array provided by an embodiment of the application;
图3为本申请实施例提供的另一种CDP系统的结构示意图;FIG. 3 is a schematic structural diagram of another CDP system provided by an embodiment of this application;
图4为本申请实施例提供的一种数据检测方法的流程图;FIG. 4 is a flowchart of a data detection method provided by an embodiment of the application;
图5为本申请实施例提供的一种弱数据检测流程的示意图;FIG. 5 is a schematic diagram of a weak data detection process provided by an embodiment of the application;
图6为本申请实施例提供的一种强数据检测流程的示意图;FIG. 6 is a schematic diagram of a strong data detection process provided by an embodiment of this application;
图7为本申请实施例提供的一种数据检测装置的结构示意图;FIG. 7 is a schematic structural diagram of a data detection device provided by an embodiment of the application;
图8为本申请实施例提供的另一种灾备阵列的结构示意图。FIG. 8 is a schematic structural diagram of another disaster recovery array provided by an embodiment of the application.
具体实施方式detailed description
为了使本技术领域的人员更好地理解本申请实施例中的技术方案,并使本申请实施例的上述目的、特征和优点能够更加明显易懂,下面结合附图对本申请实施例中的技术方案作详细的说明。In order to enable those skilled in the art to better understand the technical solutions in the embodiments of this application, and to make the above-mentioned objectives, features, and advantages of the embodiments of the present application more obvious and understandable, the following describes the technology in the embodiments of the present application with reference to the accompanying drawings. The plan is explained in detail.
在说明本申请实施例的技术方案之前,首先结合附图对本申请的技术场景进行介绍。Before describing the technical solutions of the embodiments of the present application, first, the technical scenarios of the present application will be introduced with reference to the accompanying drawings.
本实施例的技术方案应用于数据存储的领域,进一步地,在数据存储领域中可应用于持续数据保护(continuous data protection,CDP)系统或副本数据管理(copy data management,CDM)系统。比如参见图1,示出了一种CDP系统的结构示意图,该CDP系统中包括服务器集群10、生产中心20、灾备中心30和CDP管理模块40。The technical solution of this embodiment is applied to the field of data storage. Further, in the field of data storage, it can be applied to a continuous data protection (CDP) system or a copy data management (copy data management, CDM) system. For example, referring to FIG. 1, there is shown a schematic structural diagram of a CDP system. The CDP system includes a server cluster 10, a production center 20, a disaster recovery center 30 and a CDP management module 40.
其中,服务器集群10中包括至少一个服务器,比如包括但不限于Web服务器11、文件服务器12和数据库服务器13,且每个服务器中有至少一个本地磁盘或阵列,每个本地磁盘/阵列用于存储服务器的数据。The server cluster 10 includes at least one server, such as but not limited to a Web server 11, a file server 12, and a database server 13, and each server has at least one local disk or array, and each local disk/array is used for storage. The data of the server.
生产中心20包括至少一个存储阵列,所述存储阵列用于存储服务器集群10发送的数据,例如生产中心20包括存储阵列1、2和3,其中,存储阵列1用于存储来自Web服务器11的数据,存储阵列2用于存储来自文件服务器12的数据,存储阵列3用于存储来自数据库服务器13的数据。The production center 20 includes at least one storage array that is used to store data sent by the server cluster 10. For example, the production center 20 includes storage arrays 1, 2 and 3, where the storage array 1 is used to store data from the Web server 11. The storage array 2 is used to store data from the file server 12, and the storage array 3 is used to store data from the database server 13.
进一步地,每个存储阵列可以是当前技术已知的存储设备,比如独立磁盘冗余阵列(Redundant Arrays of Inexpensive Disks,RAID)、磁盘簇(Just a Bunch Of Disks,JBOD)、直接存取存储器(Direct Access Storage Device,DASD)的一个或多个互连的磁盘驱动器,诸如磁带库、一个或多个存储单元的磁带存储设备。Further, each storage array may be a storage device known in the current technology, such as redundant arrays of independent disks (Redundant Arrays of Inexpensive Disks, RAID), disk clusters (Just a Bunch Of Disks, JBOD), and direct access storage ( Direct Access Storage Device (DASD) is one or more interconnected disk drives, such as a tape library, and one or more storage unit tape storage devices.
具体地,如图2所示,每个存储阵列可以包括控制器21和存储器22。其中,控制器21包含处理器211和缓存212。处理器211用于执行输入输出IO命令以及其他数据业务;缓存212是存在于控制器21与硬盘之间的存储器,存储容量虽然较硬盘小,但是运行速度比硬盘快许多。所述存储器22中主要为存储介质,所述存储介质用于提供存储空间,通常情况下是指非易失性存储介质(non-volatile memory,NVM),例如只读存储器(read-only memory,ROM)、可编程只读内存(Programmable read-only memory,PROM)、可擦可编程只读内存(Erasable programmable read only memory,EPROM)和闪存(flash memory)等。Specifically, as shown in FIG. 2, each storage array may include a controller 21 and a memory 22. Among them, the controller 21 includes a processor 211 and a cache 212. The processor 211 is used to execute input and output IO commands and other data services; the cache 212 is a memory existing between the controller 21 and the hard disk. Although the storage capacity is smaller than that of the hard disk, the operating speed is much faster than that of the hard disk. The memory 22 is mainly a storage medium, and the storage medium is used to provide storage space. Generally, it refers to a non-volatile memory (NVM), such as a read-only memory, ROM), Programmable Read-only Memory (PROM), Erasable Programmable Read-Only Memory (EPROM), Flash Memory (flash memory), etc.
灾备中心30与生产中心20的结构类似,所述灾备中心30中包括至少一个存储阵列,所述存储阵列又可称为灾备阵列,具体地,所述灾备阵列的结构与前述生产中心20的存储阵列结构相同,此处不再赘述。The structure of the disaster recovery center 30 is similar to that of the production center 20. The disaster recovery center 30 includes at least one storage array. The storage array may also be called a disaster recovery array. Specifically, the structure of the disaster recovery array is the same as that of the production center. The storage array structure of the center 20 is the same, and will not be repeated here.
其中,在生产中心20和灾备中心30中,每个存储阵列或灾备阵列的存储空间可以包括至少一个数据卷,每个数据卷是由物理存储空间映射而成的一段逻辑存储空间,例如,数据卷可以是逻辑单元号(Logic Unit Number,LUN),也可以是文件系统。Wherein, in the production center 20 and the disaster recovery center 30, the storage space of each storage array or disaster recovery array may include at least one data volume, and each data volume is a segment of logical storage space mapped from physical storage space, for example The data volume can be a logical unit number (Logic Unit Number, LUN) or a file system.
需要说明的是,所述存储阵列也可称为存储单元(图1所示生产中心20的圆柱体),进一步地,所述存储单元既可以是物理上的硬盘(例如磁盘、记忆棒、固态硬盘或者其他非易失性存储介质),或者硬盘中的一个分区,也可以是由硬盘提供的物理空间虚拟化而成的一段逻辑空间,例如逻辑卷(logical volume)或者LUN。It should be noted that the storage array may also be referred to as a storage unit (the cylinder of the production center 20 shown in FIG. 1), and further, the storage unit may be a physical hard disk (such as a magnetic disk, a memory stick, a solid state). A hard disk or other non-volatile storage medium), or a partition in a hard disk, can also be a segment of logical space virtualized by the physical space provided by the hard disk, such as a logical volume or LUN.
在本申请实施例中,存储阵列(或灾备阵列)的上层还可以包括文件系统,通过所述文件系统实现了在生产中心20和灾备中心30的存储阵列之间以文件的形式管理和访问数据。In the embodiment of the present application, the upper layer of the storage array (or disaster recovery array) may also include a file system, through which file system management and management in the form of files between the storage arrays of the production center 20 and the disaster recovery center 30 are realized. Access data.
另外,图1所示的CDP系统中还包括CDP管理模块40,CDP管理模块40可用于实时捕获服务器集群发送的所有文件访问操作,并将文件数据变化部分连同当前的系统时间戳(system time stamp)一起自动备份到灾备中心。In addition, the CDP system shown in FIG. 1 also includes a CDP management module 40. The CDP management module 40 can be used to capture all file access operations sent by the server cluster in real time, and combine the file data changes with the current system time stamp. ) Together with automatic backup to the disaster recovery center.
举例说明,生产中心20和CDP管理模块40可以部署在同一个城市的两个不同位置,其距离可以在100km以内。生产中心20与CDP管理模块40之间可以通过IP协议(Internet Protocol)或者光纤通道(fiber chanel,FC)进行数据传输。生产中心20和灾备中心30 之间可以采用同步远程复制的方式实现数据容灾。例如,当生产中心20接收到Web服务器11发送的写数据请求时,可以将所述写数据请求携带的数据写入生产中心的存储阵列1中,再将所述写数据请求携带的数据发送灾备中心30,灾备中心30接收后将该数据存储在灾备阵列1中。待所述数据成功写入灾备阵列1之后,生产中心20再向Web服务器11返回所述写数据请求的写完成响应(又称所述写数据请求的响应消息)。For example, the production center 20 and the CDP management module 40 can be deployed in two different locations in the same city, and the distance between them can be within 100 km. Data transmission may be performed between the production center 20 and the CDP management module 40 through an IP protocol (Internet Protocol) or a fiber channel (fiber channel, FC). The production center 20 and the disaster recovery center 30 can use synchronous remote replication to achieve data disaster recovery. For example, when the production center 20 receives a data write request sent by the Web server 11, it can write the data carried in the data write request into the storage array 1 of the production center, and then send the data carried in the data write request. The backup center 30 stores the data in the disaster backup array 1 after receiving the data. After the data is successfully written into the disaster recovery array 1, the production center 20 returns the write completion response of the data write request (also called the response message of the data write request) to the Web server 11.
可选的,所述CDP管理模块40可通过软件、硬件或软硬件结合的方式来实现。对于软件而言,该CDP管理模块可设置在服务器集群10中的任一服务器上,也可以设置在生产中心20中。对于硬件实现层面,该CDP管理模块40可以是一独立设备,比如是一个站点或服务器。本申请实施例对CDP管理模块40的集成位置和具体形态不予限制。Optionally, the CDP management module 40 may be implemented by software, hardware, or a combination of software and hardware. For software, the CDP management module can be installed on any server in the server cluster 10, or in the production center 20. For the hardware implementation level, the CDP management module 40 may be an independent device, such as a site or a server. The embodiment of the present application does not limit the integrated location and specific form of the CDP management module 40.
在容灾备份过程中,CDP管理模块40每经过一个时间间隔就对灾备中心30中的灾备阵列打快照,生成快照数据。例如图1中,CDP管理模块40在每间隔30分钟(min)更新一次灾备阵列中的数据,比如在10:00、10:30、11:00时刻生成对于生产中心20的存储阵列1的三个快照数据。同时,还包括生成其他存储阵列中的快照数据,比如还生成生产中心20的存储阵列2和存储阵列3的三个快照数据等。During the disaster recovery backup process, the CDP management module 40 takes a snapshot of the disaster recovery array in the disaster recovery center 30 every time a time interval has elapsed to generate snapshot data. For example, in Figure 1, the CDP management module 40 updates the data in the disaster recovery array every 30 minutes (min). For example, at 10:00, 10:30, and 11:00, the data for the storage array 1 of the production center 20 is generated. Three snapshot data. At the same time, it also includes generating snapshot data in other storage arrays, for example, generating three snapshot data of the storage array 2 and the storage array 3 of the production center 20.
所述快照可理解为是数据在某个时间点的映像。生成快照的目的是为数据卷创建一个在特定时间点的状态视图,通过这个视图只可以看到数据卷在创建时刻的数据,在此时间点之后数据卷的修改(有新的数据写入),不会反映在快照视图中。利用这个快照视图,就可以实现对某创建时刻数据的复制。当某一创建时刻作为恢复时刻时,又可称为恢复时间(Recovery Time)。将该恢复时间备份的数据作为恢复点目标(Recovery Point Objective,RPO)或恢复时间目标(Recovery Time Objective,RTO)。The snapshot can be understood as an image of the data at a certain point in time. The purpose of generating a snapshot is to create a state view for the data volume at a specific point in time. Through this view, you can only see the data of the data volume at the time of creation. After this point in time, the data volume is modified (new data is written) , Will not be reflected in the snapshot view. Using this snapshot view, you can copy the data at a certain creation time. When a certain creation time is regarded as the recovery time, it can also be called Recovery Time. The data backed up at the recovery time is used as a recovery point objective (RPO) or recovery time objective (RTO).
其中,本实施例对容灾备份(或创建时刻)的时间间隔不予限制,可以是分钟级,比如30min、10min;还可以是秒级的时间间隔,比如30秒(s)、20s、10s等,时间间隔越小,产生的快照数据越多,可便于在用户做数据恢复时能从任何灾难场景进行恢复,从而使得丢失的数据最少。Among them, this embodiment does not limit the time interval of disaster recovery backup (or creation time), which can be minutes, such as 30min, 10min; it can also be seconds, such as 30 seconds (s), 20s, 10s Etc., the smaller the time interval, the more snapshot data will be generated, which can facilitate the recovery from any disaster scenario when the user performs data recovery, thereby minimizing the loss of data.
参见图3,为本申请实施例提供的另一种CDP系统的结构示意图。该系统包括生产中心、灾备中心、CDP管理模块、控制面和用户界面(User Interface,UI)。其中,所述CDP管理模块位于生产中心中,用于截获每个IO请求,并将截获的IO请求发送给灾备中心做容灾备份。另外,在生产中心的一个存储阵列中存储有应用程序、文件系统、卷和硬盘等文件数据。在灾备中心中存储有不同时刻生成的快照数据,每个快照数据可以存储在一个快照磁盘上,例如,图3示出了包括从t1时刻到tn时刻共打了n个快照,生成n个快照数据并存储在n快照磁盘上。Refer to FIG. 3, which is a schematic structural diagram of another CDP system provided by an embodiment of this application. The system includes a production center, a disaster recovery center, a CDP management module, a control plane and a user interface (UI). Wherein, the CDP management module is located in the production center, and is used to intercept each IO request and send the intercepted IO request to the disaster recovery center for disaster recovery backup. In addition, file data such as application programs, file systems, volumes, and hard disks are stored in a storage array in the production center. Snapshot data generated at different times are stored in the disaster recovery center. Each snapshot data can be stored on a snapshot disk. For example, Figure 3 shows a total of n snapshots taken from time t1 to time tn, and n snapshots are generated. The snapshot data is stored on the n snapshot disk.
此外,系统还包括数据分析模块,所述数据分析模块用于获取每个创建时刻生成的快照数据,并对各个时刻的快照数据进行检测,生成检测结果。进一步地,所述数据分析模块可通过软件、硬件或软硬件的形式实现,本实施例对所述数据分析模块的具体形态不予限制。In addition, the system also includes a data analysis module, which is used to obtain the snapshot data generated at each creation time, and detect the snapshot data at each time to generate a detection result. Further, the data analysis module can be implemented in the form of software, hardware, or software and hardware, and this embodiment does not limit the specific form of the data analysis module.
下面对本申请实施例提供的方法进行详细说明。The method provided by the embodiment of the present application will be described in detail below.
如图4所示,本实施例提供一种数据检测方法,该方法应用于对本地磁盘阵列中的数据进行CDP备份。所述方法可以由图3所示的数据分析模块来实现,具体地,所述方法包括:As shown in FIG. 4, this embodiment provides a data detection method, which is applied to CDP backup of data in a local disk array. The method may be implemented by the data analysis module shown in FIG. 3. Specifically, the method includes:
步骤101:在生成第一时刻的第一快照数据时,获取第一灾备阵列中的数据。Step 101: When generating the first snapshot data at the first moment, obtain the data in the first disaster recovery array.
其中,第一灾备阵列中的数据包括所述第一快照数据。所述第一灾备阵列是灾备中心里的任一存储阵列或存储单元,灾备中心包括至少一个灾备阵列。进一步地,在服务器集群中,CDP管理模块将第一服务器的第一本地磁盘阵列中的数据写入到生产中心的第一存储阵列中, 同时备份在灾备中心的第一灾备阵列中,并在不同的时间戳生成快照数据,比如在第一时刻生成第一快照数据。其中,每个时刻生成的快照数据可以是一个恢复点RPO。Wherein, the data in the first disaster recovery array includes the first snapshot data. The first disaster recovery array is any storage array or storage unit in the disaster recovery center, and the disaster recovery center includes at least one disaster recovery array. Further, in the server cluster, the CDP management module writes the data in the first local disk array of the first server to the first storage array of the production center, and at the same time backs up the data in the first disaster recovery array of the disaster recovery center. And generate snapshot data at different timestamps, for example, generate the first snapshot data at the first moment. Among them, the snapshot data generated at each moment can be a recovery point RPO.
步骤102:对所述第一灾备阵列中的数据进行检测得到第一检测结果。Step 102: Detect data in the first disaster recovery array to obtain a first detection result.
具体地,对第一灾备阵列中的数据进行检测包括第一层检测和第二层检测。Specifically, the detection of the data in the first disaster recovery array includes first-level detection and second-level detection.
(1)第一层检测具体包括:对所述第一灾备阵列中的数据所在的块设备进行检测。(1) The first layer detection specifically includes: detecting the block device where the data in the first disaster recovery array is located.
其中,所述块设备可以是一种磁盘,比如C盘、D盘等。所述块设备中包括卷和分区,一种具体的实现方式是,在第一层检测过程中,如果块设备,比如某一磁盘被删除,或者磁盘中的卷或分区被增加或删除,则确定所述第一灾备阵列的块设备发生变化;否则,确定为未发生变化。Wherein, the block device may be a kind of disk, such as C disk, D disk and so on. The block device includes volumes and partitions. A specific implementation is that in the first-level detection process, if a block device, such as a disk, is deleted, or a volume or partition in the disk is added or deleted, then It is determined that the block device of the first disaster recovery array has changed; otherwise, it is determined that there is no change.
进一步地,判断磁盘,或磁盘中的卷、分区是否增加或删除的过程具体包括:分析LUN中的磁盘信息,并将当前磁盘信息与上一个恢复点的磁盘信息进行对比,获取磁盘变化情况,记入分析数据。本实施例中,将第一时刻的第一灾备阵列的卷信息与上一个恢复点的卷信息进行对比,获取卷变化情况,记入分析数据。Further, the process of judging whether the disk, or the volume or partition in the disk is added or deleted, specifically includes: analyzing the disk information in the LUN, and comparing the current disk information with the disk information of the last recovery point, to obtain the disk changes, Enter the analysis data. In this embodiment, the volume information of the first disaster recovery array at the first moment is compared with the volume information of the last recovery point to obtain the volume change and record it in the analysis data.
应理解,本实施例所述的LUN是LUN设备(LUN Device)的简称。It should be understood that the LUN described in this embodiment is an abbreviation for LUN Device (LUN Device).
在第一层检测未发生变化时进行第二层检测。The second layer of detection is performed when the first layer of detection has not changed.
(2)第二层检测具体包括:对所述块设备中的文件进行检测。(2) The second layer detection specifically includes: detecting files in the block device.
其中,所述块设备中的文件被存储在卷中,所以第二层检测也是对卷上的文件数据的变化情况进行检测。具体地,数据分析模块识别卷上的文件系统数据,分析文件系统数据的完整性和一致性,记入分析数据,在一示例中,可通过对所述文件系统数据的分析,获得至少一个文件读取接口。所述文件系统中的文件包括以下至少一种:Wherein, the files in the block device are stored in the volume, so the second layer detection is also to detect the change of the file data on the volume. Specifically, the data analysis module identifies the file system data on the volume, analyzes the integrity and consistency of the file system data, and records the analysis data. In one example, at least one file can be obtained by analyzing the file system data. Read the interface. The files in the file system include at least one of the following:
a、文件系统日志文件;a. File system log files;
b、操作系统配置文件;b. Operating system configuration files;
c、操作系统日志文件。c. Operating system log files.
其中,所述文件系统日志文件记录了文件系统的日常活动,包括错误、报警等。所述操作系统配置文件是操作系统的核心配置文件,比如Windows的注册表文件等,能够影响操作系统是否正常启动和运行。所述操作系统日志文件日志保存了一段时间内操作系统的活动情况,比如增加、删除、修改某个文件/目录一系列活动等。Wherein, the file system log file records the daily activities of the file system, including errors, alarms, and so on. The operating system configuration file is a core configuration file of the operating system, such as a Windows registry file, etc., which can affect whether the operating system starts and runs normally. The operating system log file log saves operating system activities within a period of time, such as a series of activities such as adding, deleting, and modifying a certain file/directory.
对于“a”文件的检测,一种实施方式包括:通过文件读取接口来读取每个文件系统日志文件;进一步地,通过日志文件分析每个日志文件的变化情况,比如日志文件的增加、删除、修改等,并记入分析数据。For the detection of "a" files, one implementation method includes: reading each file system log file through the file reading interface; further, analyzing the change of each log file through the log file, such as the increase of log files, Delete, modify, etc., and record the analysis data.
对于“b”文件的检测,一种实施方式包括:通过文件系统接口读取操作系统配置文件;进一步地,分析所述操作系统配置文件,将其与上一个恢复点的关键配置文件进行对比,获取配置文件的变化情况,并记入分析数据。For the detection of the "b" file, an implementation method includes: reading the operating system configuration file through the file system interface; further, analyzing the operating system configuration file and comparing it with the key configuration file of the previous recovery point, Obtain the changes of the configuration file and record it in the analysis data.
对于“c”文件的检测,一种实施方式包括:通过文件系统接口读取操作系统日志文件;进一步地,分析所述操作系统日志文件,获得其中的错误、报警日志,将关键的错误和报警日志记入分析数据。For the detection of the "c" file, one implementation method includes: reading the operating system log file through the file system interface; further, analyzing the operating system log file to obtain the error and alarm logs therein, and resolving key errors and alarms. The log is recorded in the analysis data.
步骤103:根据所述第一检测结果生成所述第一快照数据的检测报告。Step 103: Generate a detection report of the first snapshot data according to the first detection result.
所述第一快照数据的检测报告中包括上述对块设备、文件系统中的所有文件的检测结果。比如块设备中的某一个分区被删除,则所述检测报告中记录当前第一时刻的第一灾备阵列中备份的分区名称和数量。又比如,在检测所述文件系统日志文件时,检测到新增有至少一个错误和报警日志,则将这些新增的错误和报警日志都记录下来。The detection report of the first snapshot data includes the detection results of all files in the block device and the file system. For example, if a certain partition in the block device is deleted, the detection report records the name and number of the partitions backed up in the first disaster recovery array at the first moment. For another example, when detecting the file system log file, it is detected that at least one new error and alarm log is added, and then these newly added error and alarm logs are recorded.
另外,所述方法还包括:数据分析模块存储所述第一时刻的第一快照数据的检测报告,控制面通过访问该检测报告,并将该检测报告显示在用户界面上。In addition, the method further includes: the data analysis module stores the detection report of the first snapshot data at the first moment, and the control plane accesses the detection report and displays the detection report on the user interface.
在一种可能的实施方式中,所述方法还包括:In a possible implementation manner, the method further includes:
所述数据分析模块在生成第二时刻的第一快照数据时,所述第二时刻的第一快照数据存储在第一灾备阵列中,获取第二时刻存储的第一灾备阵列的数据;对第二时刻的所述第一灾备阵列中的数据进行检测得到第二检测结果;根据所述第二检测结果和所述第一时刻的第一快照数据的检测报告,生成所述第二时刻的第一快照数据的检测报告。When the data analysis module generates the first snapshot data at the second time, the first snapshot data at the second time is stored in the first disaster recovery array, and the data of the first disaster recovery array stored at the second time is acquired; Detect the data in the first disaster recovery array at the second time to obtain a second detection result; generate the second detection result according to the second detection result and the detection report of the first snapshot data at the first time The detection report of the first snapshot data at the moment.
具体地,在生成第二时刻的检测报告过程中,将第一时刻的检测结果与第二时刻的检测结果进行对比,获得第一灾备阵列中文件数据的变化情况,比如在第二时刻的第一灾备阵列中的操作系统配置文件数量是第一时刻文件数据的3倍以上,则在第二时刻的检测报告中将该变化情况记录其中。Specifically, in the process of generating the detection report at the second time, the detection result at the first time is compared with the detection result at the second time to obtain the change of the file data in the first disaster recovery array, for example, at the second time The number of operating system configuration files in the first disaster recovery array is more than three times the file data at the first time, and the change is recorded in the detection report at the second time.
应理解,数据分析模块在每一个时刻生成快照数据后,都立即对该快照数据进行检测,并生成检测报告,从达到对各恢复点的文件数据实时检测的效果。It should be understood that after the data analysis module generates snapshot data at each moment, it immediately detects the snapshot data and generates a detection report, so as to achieve the effect of real-time detection of file data at each recovery point.
本实施例提供的方法,CDP系统在本地磁盘的文件生成对应的快照数据时,对备份在灾备阵列中的文件数据进行实时检测,从而在恢复点生成后立即检查恢复点的数据、分区、盘、卷、各种文件等是否发生变化,并将变化和检测结果生成检测报告,显示给用户。In the method provided in this embodiment, the CDP system performs real-time detection of the file data backed up in the disaster recovery array when the file on the local disk generates the corresponding snapshot data, so as to check the data, partitions, and partitions of the recovery point immediately after the recovery point is generated. Whether the disk, volume, various files, etc. have changed, and generate a test report for the change and test results, and display it to the user.
本申请提供的方法对灾备阵列中的数据进行文件级别的健康检测,细致到每个具体的文件,所以当系统有病毒入侵时,能够反映出前后两个时刻的灾备阵列的变化,所以当用户检查恢复点或者希望恢复在前某一时刻的数据时,只需通过实时生成的检测报告所显示的文件变化情况,就可以确定目标恢复点,从而快速地在目标恢复点做数据恢复,达到了用户所见即所得的效果,避免用户再盲目、试验地查找目标恢复点,导致耗费大量时间。The method provided in this application performs a file-level health check on the data in the disaster recovery array, which is detailed to each specific file. Therefore, when the system has a virus intrusion, it can reflect the changes of the disaster recovery array at two moments before and after. When the user checks the recovery point or wants to recover the data at a certain time, the target recovery point can be determined only by the file change shown in the detection report generated in real time, so as to quickly restore the data at the target recovery point. It achieves the effect of what users see is what you get, and avoids users from blindly and experimentally finding the target recovery point, which will consume a lot of time.
需要说明的是,本实施例中,灾备阵列中存储的数据可以划分为弱背景数据和强背景数据。所述弱背景数据是指,CDP系统能够自行分析和处理的数据格式,例如分区、盘、卷、文件系统数据等。一般采用静态数据分析的方式,通过对数据格式的解析,查找出有用的数据和文件,并分析这些数据和文件的健康情况。It should be noted that, in this embodiment, the data stored in the disaster recovery array can be divided into weak background data and strong background data. The weak background data refers to data formats that the CDP system can analyze and process on its own, such as partitions, disks, volumes, file system data, and so on. Generally, static data analysis is used to find useful data and files through the analysis of the data format, and analyze the health of these data and files.
所述强背景数据是指,CDP系统不能够自行分析和处理的数据格式,需要依赖第三方程序进行分析,比如一些应用数据。所述应用数据包括用户指定某一应用对象的数据,例如某个数据库。由于应用数据的文件格式一般是非公开的,所以需要依赖于应用本身的第三方程序来对数据进行分析。The strong background data refers to a data format that the CDP system cannot analyze and process by itself, and needs to rely on a third-party program for analysis, such as some application data. The application data includes data that a user specifies a certain application object, such as a certain database. Since the file format of application data is generally non-public, it is necessary to rely on a third-party program of the application itself to analyze the data.
进一步地,对于存储在灾备阵列中的强背景数据的检测,一种实施方式是,在第一时刻所述第一灾备阵列的第一快照数据中包括至少一个应用所产生的应用数据的情况下,运行所述第一快照数据,并利用第三方程序对所述至少一个应用产生的应用数据的增加、删除、修改情况进行检测。具体的检测过程与前述检测所述文件系统日志文件、操作系统配置文件和操作系统日志文件的过程相同,参见上述“a”、“b”和“c”中关于各文件的检测,本实施例此处不再赘述。Further, for the detection of strong background data stored in the disaster recovery array, one implementation manner is that the first snapshot data of the first disaster recovery array at the first moment includes at least one application data generated by an application. In this case, the first snapshot data is run, and a third-party program is used to detect the addition, deletion, and modification of the application data generated by the at least one application. The specific detection process is the same as the foregoing detection process of the file system log file, operating system configuration file, and operating system log file. Refer to the above "a", "b" and "c" for the detection of each file, this embodiment I won't repeat them here.
在一具体的实施例中,如图5所示,为一种对弱数据检测的流程示意图。且该检测流程可以由数据分析模块来执行,具体地,所述方法包括:In a specific embodiment, as shown in FIG. 5, it is a schematic diagram of a process for detecting weak data. And the detection process can be executed by a data analysis module. Specifically, the method includes:
步骤501:打开当前时刻生成的灾备阵列,启动所述灾备阵列中存储的块设备,比如LUN。Step 501: Open the disaster recovery array generated at the current moment, and start the block device, such as LUN, stored in the disaster recovery array.
LUN即逻辑单元号,其主要作用是为了给相连的服务器分配逻辑单元号(LUN)。磁盘阵列(Redundant Arrays of Independent Disks,RAID)上的硬盘组成RAID组后,通常连接磁 盘阵列的服务器并不能直接访问RAID组,而是要再划分为逻辑单元才能分配给服务器。这是因为小型计算机系统接口(Small Computer System Interface,SCSI)总线上可挂接的设备数量是有限的,一般为8个或者16个,一般可以用控制器(Target)ID(也有称为SCSI ID的)来描述这些设备,设备加入到系统,就会被分配一个代号,该代号用于区分各个设备。例如引入逻辑单元号标识LUN ID,其中,所述LUN ID可用于扩充Target ID。每个Target下都可以有多个LUN设备(Device),本实施例将所述LUN Device简称为LUN。LUN is the logical unit number, and its main function is to assign logical unit numbers (LUNs) to connected servers. After the hard disks on the Redundant Arrays (Redundant Arrays of Independent Disks, RAID) form a RAID group, usually the servers connected to the disk arrays cannot directly access the RAID group, but must be divided into logical units before they can be allocated to the servers. This is because the number of devices that can be attached to the Small Computer System Interface (SCSI) bus is limited, generally 8 or 16, generally you can use the controller (Target) ID (also called SCSI ID) ) To describe these devices. When a device is added to the system, it will be assigned a code, which is used to distinguish each device. For example, a logical unit number is introduced to identify the LUN ID, where the LUN ID can be used to expand the Target ID. There may be multiple LUN devices (Devices) under each target. In this embodiment, the LUN Device is referred to as LUN for short.
步骤502:分析所述灾备阵列中的块设备数据,具体地,将当前时刻的块设备数据与上一个时刻的块设备数据进行对比,获取磁盘变化情况,记入分析数据。另外,如果检测所述块设备数据未发生变化时,执行步骤403。Step 502: Analyze the block device data in the disaster recovery array, specifically, compare the block device data at the current moment with the block device data at the previous moment to obtain disk changes and record them in the analysis data. In addition, if it is detected that the block device data has not changed, step 403 is executed.
步骤503:分析磁盘上的卷信息,将卷信息与上一个时刻的灾备阵列存储的卷信息进行对比,获取卷变化情况,记入分析数据。当检测所述卷信息未发生变化时,执行步骤404。Step 503: Analyze the volume information on the disk, compare the volume information with the volume information stored in the disaster recovery array at the previous moment, obtain volume changes, and record the analysis data. When it is detected that the volume information has not changed, step 404 is executed.
步骤504:识别所述卷上的文件系统;Step 504: Identify the file system on the volume;
步骤505:分析所述文件系统中的数据并记入分析数据。进一步地,步骤405具体包括:Step 505: Analyze the data in the file system and record the analysis data. Further, step 405 specifically includes:
步骤5051:通过文件系统配置接口读取操作系统配置文件。Step 5051: Read the operating system configuration file through the file system configuration interface.
步骤5052:获取配置文件中的错误和报警日志,记入分析数据。Step 5052: Obtain the error and alarm logs in the configuration file, and record them in the analysis data.
步骤5053:通过操作系统接口读取操作系统日志文件。Step 5053: Read the operating system log file through the operating system interface.
步骤5054:获取日志文件中的错误和报警日志,记入分析数据。Step 5054: Obtain the error and alarm logs in the log file, and record the analysis data.
步骤5055:通过文件系统接口读取文件系统日志文件。Step 5055: Read the file system log file through the file system interface.
步骤5056:分析并获取日志文件的改变情况,所述改变情况包括:日志文件的增加、删除、修改等,并记入分析数据。Step 5056: Analyze and obtain the change situation of the log file, and the change situation includes: addition, deletion, modification, etc. of the log file, and record the analysis data.
需要说明的是,本实施例中对上述步骤5051、步骤5053和步骤5055的执行顺序不予限制,且这三个步骤可以按顺序执行,也可以同时执行,并且,本实施例对步骤5052、步骤5054和步骤5056的执行顺序也不予限制。It should be noted that in this embodiment, the execution order of the above steps 5051, 5053, and 5055 is not limited, and these three steps can be executed in order or at the same time. In addition, in this embodiment, step 5052 is performed at the same time. The execution order of step 5054 and step 5056 is also not limited.
步骤506:汇总上述步骤503、步骤5052、步骤5054和步骤5056的数据,分析这些数据得到检测结果,并生成检测报告。Step 506: Summarize the data of the above step 503, step 5052, step 5054, and step 5056, analyze the data to obtain the detection result, and generate a detection report.
步骤507:关闭LUN,完成检测。Step 507: Shut down the LUN and complete the detection.
需要说明的是,本实施例中的步骤506可以由数据分析模块来执行,或者也可以由其他模块或单元来执行,本实施例对此不进行限制。It should be noted that step 506 in this embodiment may be executed by a data analysis module, or may also be executed by other modules or units, which is not limited in this embodiment.
在另一种具体的实现方式中,对于强背景数据,在所述数据分析模块不具备分析和处理某些应用的数据时,比如用户指定的数据、数据库,则需要通过第三应用程序进行分析和检测。其中所述强背景数据可以是数据分析模块在获取灾备阵列的备份数据时获得,或者在对弱背景数据检测完之后剩余的文件包括所述强背景数据,本实施例对所述强背景数据的获取方式不进行限定。In another specific implementation, for strong background data, when the data analysis module does not have the ability to analyze and process some application data, such as user-specified data and database, it needs to be analyzed through a third application. And detection. The strong background data may be obtained when the data analysis module obtains the backup data of the disaster recovery array, or the remaining files after detecting the weak background data include the strong background data. This embodiment compares the strong background data The method of obtaining is not limited.
具体地,在一示例中,如图6所示,所述方法包括:Specifically, in an example, as shown in FIG. 6, the method includes:
步骤601:数据分析模块将LUN挂载到虚拟机上,并将虚拟机开机;Step 601: The data analysis module mounts the LUN to the virtual machine, and powers on the virtual machine;
在CDP系统的生产中心中产生的存储阵列(比如某一快照磁盘)可以支持导出为vmdk格式的虚拟磁盘,并可以将导出的vmdk虚拟磁盘直接挂载到虚拟机使用,实现快照系统与虚拟化之间的无缝结合,即快照磁盘可以转换为虚拟化磁盘格式,直接用于虚拟化系统。The storage array (such as a snapshot disk) produced in the production center of the CDP system can support exporting to a virtual disk in vmdk format, and the exported vmdk virtual disk can be directly mounted to the virtual machine for use, realizing the snapshot system and virtualization The seamless combination between the snapshot disks can be converted to a virtualized disk format and directly used in the virtualized system.
步骤602:启动虚拟机系统。Step 602: Start the virtual machine system.
步骤603:利用第三方应用程序获取应用日志访问接口。Step 603: Use a third-party application to obtain an application log access interface.
步骤604:利用所述应用日志访问接口对应用日志进行检测。Step 604: Use the application log access interface to detect the application log.
进一步地,通过应用日志访问接口分析每个应用日志文件的变化情况,比如应用日志文件的增加、删除、修改等,并记入分析数据。其中,在应用日志文件中包含的应用数据可以是用户指定某个应用对象(比如某个数据库)数据,Further, the change of each application log file is analyzed through the application log access interface, such as the addition, deletion, modification, etc. of the application log file, and the analysis data is recorded. Among them, the application data contained in the application log file can be the data of a certain application object (such as a certain database) specified by the user,
步骤605:数据分析模块获取每个应用日志文件的检测结果,并结合之前对弱背景数据的检测结果,汇总和分析记入的数据,并生成检测报告。Step 605: The data analysis module obtains the detection results of each application log file, and combines the previous detection results of the weak background data to summarize and analyze the recorded data, and generate a detection report.
步骤606:关闭虚拟机系统。Step 606: Shut down the virtual machine system.
步骤607:卸载所述LUN,检测完毕。Step 607: Uninstall the LUN, and the detection is complete.
本方法,在对强背景数据进行检测时,通过在某一时刻的快照磁盘上拉起虚拟机系统,并依赖第三方应用程序在该虚拟机系统下运行和分析应用的日志文件,并记录检测结果,从而实现了对强背景数据的检测,生成包含对特定应用的日志文件的修改记录,从而帮助用户决定恢复到对象修改之前的最佳恢复点。In this method, when detecting strong background data, the virtual machine system is pulled up on the snapshot disk at a certain moment, and the third-party application program runs and analyzes the log file of the application under the virtual machine system, and records the detection As a result, the detection of strong background data is realized, and the modification record of the log file containing the specific application is generated, thereby helping the user to determine the best recovery point before the object modification.
本实施例的方法,通过对灾备阵列中的备份数据实时分析,包括分析弱背景数据和强背景数据的增加、删除、修改,以及错误和报警,从而获得每个时间戳的灾备阵列中备份数据的健康情况,对用户做到恢复点数据所见即所得,为用户能够迅速查找出目标恢复点做铺垫。The method of this embodiment analyzes the backup data in the disaster recovery array in real time, including analysis of weak background data and strong background data addition, deletion, modification, errors and alarms, so as to obtain the disaster recovery array of each time stamp. The health of the backup data is what you see is what you get for the user's recovery point data, paving the way for the user to quickly find the target recovery point.
应理解,在检测灾备阵列的备份数据时,对备份数据的检测项目可以进行扩展,比如与反病毒数据库相结合,或者,通过分析病毒数据库提供的病毒特征文件来准确判断在各个快照磁盘中的数据里是否被病毒感染,本申请实施例对备份数据的具体检测流程不予限定。It should be understood that when detecting the backup data of the disaster recovery array, the detection items of the backup data can be expanded, for example, combined with the anti-virus database, or by analyzing the virus signature files provided by the virus database to accurately determine the information in each snapshot disk Whether the data in is infected by a virus, the embodiment of this application does not limit the specific detection process of the backup data.
参见图7,为本实施例提供的一种数据检测装置,该装置应用于对本地磁盘阵列中的数据进行CDP容灾备份的场景,并执行前述实施例中的方法。具体地,所述装置包括:获取单元710和处理单元720,此外,所述装置还可以包括更多单元,例如发送单元、存储单元等,本实施例对此不予限制。Referring to FIG. 7, a data detection device provided in this embodiment is applied to a scenario where CDP disaster recovery backup of data in a local disk array is performed, and the method in the foregoing embodiment is executed. Specifically, the device includes: an acquisition unit 710 and a processing unit 720. In addition, the device may further include more units, such as a sending unit, a storage unit, etc., which are not limited in this embodiment.
具体地,获取单元710用于在生成第一时刻的第一快照数据时,获取第一灾备阵列中的数据,所述第一灾备阵列中的数据包括所述第一快照数据;处理单元720用于对所述第一灾备阵列中的数据进行检测得到第一检测结果,以及根据所述第一检测结果生成所述第一快照数据的检测报告。Specifically, the acquiring unit 710 is configured to acquire data in the first disaster recovery array when generating the first snapshot data at the first moment, where the data in the first disaster recovery array includes the first snapshot data; the processing unit 720 is configured to detect data in the first disaster recovery array to obtain a first detection result, and generate a detection report of the first snapshot data according to the first detection result.
可选的,在本实施例的一种具体的实现方式中,处理单元720具体用于对所述第一灾备阵列中的数据进行第一层检测,所述第一层检测包括检测所述第一灾备阵列的数据所在的块设备是否发生变化;如果未发生变化,则进行第二层检测,所述第二层检测包括对所述块设备中的文件进行检测。Optionally, in a specific implementation of this embodiment, the processing unit 720 is specifically configured to perform a first layer detection on the data in the first disaster recovery array, and the first layer detection includes detecting the Whether the block device where the data of the first disaster recovery array is located has changed; if there is no change, a second layer detection is performed, and the second layer detection includes detection of files in the block device.
其中,所述的文件包括:文件系统日志文件、操作系统配置文件和操作系统日志文件中的至少一种。Wherein, the file includes: at least one of a file system log file, an operating system configuration file, and an operating system log file.
进一步地,处理单元720具体用于在对所述文件系统日志文件检测检测时,读取每个所述文件系统日志文件,分析每个日志文件的增加、删除、修改情况;在对所述操作系统配置文件检测时,读取每个所述操作系统配置文件,分析每个配置文件,与前一时刻的关键配置文件进行对比,获得每个所述配置文件变化情况;在对所述操作系统日志文件检测时,读取每个所述操作系统日志文件,分析每个日志文件,获得所述日志文件中被记录为错误或警告的日志,并记录所述错误或警告的日志。Further, the processing unit 720 is specifically configured to read each of the file system log files and analyze the addition, deletion, and modification of each log file when the file system log file is detected; During system configuration file detection, read each of the operating system configuration files, analyze each configuration file, compare it with the key configuration file at the previous moment, and obtain the changes in each configuration file; When the log file is detected, each of the operating system log files is read, each log file is analyzed, and the log recorded as an error or warning in the log file is obtained, and the log of the error or warning is recorded.
可选的,在本实施例的又一种具体的实现方式中,所述第一快照数据中还包括至少一个应用所产生的应用数据,处理单元720还用于利用第三方程序对所述至少一个应用的所述应用数据的增加、删除、修改情况进行检测,并得到检测结果。Optionally, in another specific implementation manner of this embodiment, the first snapshot data further includes application data generated by at least one application, and the processing unit 720 is further configured to use a third-party program to perform data processing on the at least one application. The addition, deletion, and modification of the application data of an application are detected, and the detection result is obtained.
可选的,在本实施例的又一种具体的实现方式中,获取单元710还用于在生成第二时刻的第一快照数据时,获取所述第二时刻的第一灾备阵列中存储的第二快照数据;处理单元720还用于对所述第二快照数据进行检测得到第二检测结果;以及,根据所述第二检测结果和所述第一时刻的第一快照数据的检测报告,生成所述第二时刻的第二快照数据的检测报告。Optionally, in another specific implementation manner of this embodiment, the obtaining unit 710 is further configured to obtain the storage in the first disaster recovery array at the second time when the first snapshot data at the second time is generated. The processing unit 720 is further configured to detect the second snapshot data to obtain a second detection result; and, according to the second detection result and the detection report of the first snapshot data at the first moment To generate a detection report of the second snapshot data at the second moment.
需要说明的是,实施例中所述的装置可以由软件,比如数据分析模块来实现,或者,还可以通过由硬件或软件与硬件结合的方式实现,比如将软件运行于计算机或处理器上。具体地,获取单元710和处理单元720可以是集成在计算机或处理器内部,或者是处理运行所需的软件模块或者是二者的结合。It should be noted that the devices described in the embodiments can be implemented by software, such as a data analysis module, or can also be implemented by hardware or a combination of software and hardware, such as running the software on a computer or a processor. Specifically, the acquiring unit 710 and the processing unit 720 may be integrated in a computer or a processor, or a software module required for processing operation, or a combination of the two.
一种可能的实施方式是,所述数据分析模块位于一个灾备阵列中,比如在上述图2的灾备阵列中加入所述数据分析模块,结构如图8所示,包括控制器21和存储器22,其中所述控制器21中包括处理器211和缓存212,进一步地,在处理器211中包括数据分析模块2110。A possible implementation manner is that the data analysis module is located in a disaster recovery array. For example, the data analysis module is added to the disaster recovery array of FIG. 2. The structure is shown in FIG. 8, and includes a controller 21 and a memory. 22. The controller 21 includes a processor 211 and a cache 212, and further, the processor 211 includes a data analysis module 2110.
控制器21为灾备阵列的控制中心,利用各种接口和线路连接整个灾备阵列的各个部分,通过运行或执行存储在存储器22内的软件程序和/或单元,以及调用存储在存储器730内的数据,以执行灾备阵列的各种功能。The controller 21 is the control center of the disaster recovery array. It uses various interfaces and lines to connect the various parts of the entire disaster recovery array, runs or executes the software programs and/or units stored in the memory 22, and calls the memory 730. Data to perform various functions of the disaster recovery array.
进一步地,处理器211可以由集成电路(Integrated Circuit,IC)组成,例如可以由单颗封装的IC所组成,也可以由连接多颗相同功能或不同功能的封装IC而组成。举例来说,处理器211可以仅包括中央处理器(Central Processing Unit,CPU),也可以是GPU、数字信号处理器(Digital Signal Processor,DSP)、及控制芯片的组合。处理器211还可以进一步包括硬件芯片。所述硬件芯片可以是专用集成电路(application specific integrated circuit,ASIC),可编程逻辑器件(programmable logic device,PLD)或其组合。上述PLD可以是复杂可编程逻辑器件(complex programmable logic device,CPLD),现场可编程逻辑门阵列(field-programmable gate array,FPGA),通用阵列逻辑(generic array logic,GAL)或其任意组合。Further, the processor 211 may be composed of an integrated circuit (Integrated Circuit, IC), for example, may be composed of a single packaged IC, or may be composed of connecting multiple packaged ICs with the same function or different functions. For example, the processor 211 may only include a central processing unit (CPU), or may be a combination of a GPU, a digital signal processor (DSP), and a control chip. The processor 211 may further include a hardware chip. The hardware chip may be an application specific integrated circuit (ASIC), a programmable logic device (PLD) or a combination thereof. The above-mentioned PLD may be a complex programmable logic device (CPLD), a field-programmable gate array (FPGA), a generic array logic (GAL) or any combination thereof.
存储器22可以包括非易失性存储介质,例如快闪存储器,硬盘(Hard Sisk Drive,HDD)或固态硬盘(Solid-State Drive,SSD)。所述存储器中可以存储有程序或代码,处理器211通过执行所述程序或代码可以实现上述数据检测装置的功能。The memory 22 may include a non-volatile storage medium, such as a flash memory, a hard disk (Hard Sisk Drive, HDD), or a solid-state hard disk (Solid-State Drive, SSD). A program or code may be stored in the memory, and the processor 211 may implement the functions of the above-mentioned data detection device by executing the program or code.
在上述实施例中,可以全部或部分通过软件、硬件、固件或者其任意组合来实现。当使用软件实现时,可以全部或部分地以计算机程序产品的形式实现,本实施例不予限制。例如,在前述图7所示装置实施例中的获取单元710和处理单元720的功能可以由控制器21实现,所述存储单元的功能可以由存储器22实现。In the above-mentioned embodiments, all or part of it may be implemented by software, hardware, firmware or any combination thereof. When implemented by software, it may be implemented in the form of a computer program product in whole or in part, which is not limited in this embodiment. For example, the functions of the acquisition unit 710 and the processing unit 720 in the aforementioned device embodiment shown in FIG. 7 may be implemented by the controller 21, and the functions of the storage unit may be implemented by the memory 22.
在一种可能的实施方式是,所述数据检测装置可以被配置在一个单独设备,例如该单独设备为一种通信装置,该通信装置的结构可以与图7所示的灾备阵列相同,包括控制器和存储器。所述控制器与存储器耦合,所述存储器中存储有程序指令;当所述控制器用于执行所述存储器中的程序指令时,能够使得通信装置执行前述实施例图4至图6中的方法。In a possible implementation manner, the data detection device may be configured in a separate device, for example, the separate device is a communication device, and the structure of the communication device may be the same as the disaster recovery array shown in FIG. 7, including Controller and memory. The controller is coupled with a memory, and program instructions are stored in the memory; when the controller is used to execute the program instructions in the memory, it can cause the communication device to execute the methods in FIGS. 4 to 6 of the foregoing embodiment.
可选的,所述通信装置为一种网络设备,比如服务器。Optionally, the communication device is a network device, such as a server.
本申请实施例还提供一种计算机程序产品,所述计算机程序产品包括一个或多个计算机程序指令。在计算机加载和执行所述计算机程序指令时,全部或部分地产生按照本申请上述各个实施例所述的流程或功能。所述计算机可以是通用计算机、专用计算机、计算机网络或者其他可编程装置。The embodiments of the present application also provide a computer program product, and the computer program product includes one or more computer program instructions. When the computer loads and executes the computer program instructions, all or part of the processes or functions described in the foregoing embodiments of the present application are generated. The computer may be a general-purpose computer, a special-purpose computer, a computer network, or other programmable devices.
本申请中所描述的方法的步骤可以直接嵌入硬件、处理器执行的软件单元、或者这两者的结合。软件单元可以存储于闪存、ROM、EPROM、EEPROM、寄存器、硬盘、可移动磁盘或本 领域中其它任意形式的存储媒介中。示例性地,存储媒介可以与处理器连接,以使得处理器可以从存储媒介中读取信息,并可以向存储媒介存写信息。可选的,存储媒介还可以集成到处理器中。The steps of the method described in this application can be directly embedded in hardware, a software unit executed by a processor, or a combination of the two. The software unit can be stored in flash memory, ROM, EPROM, EEPROM, register, hard disk, removable disk, or any other storage medium in the field. Exemplarily, the storage medium may be connected to the processor, so that the processor can read information from the storage medium, and can store and write information to the storage medium. Optionally, the storage medium can also be integrated into the processor.
另外,本申请的说明书和权利要求书及上述附图中的术语“第一”、“第二”等是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。应该理解这样使用的数据在适当情况下可以互换,以便这里描述的实施例能够以除了在这里图示或描述的内容以外的顺序实施。此外,术语“包括”和“具有”以及他们的任何变形,意图在于覆盖不排他的包含,例如,包含了一系列步骤或单元的过程、方法、系统、产品或设备不必限于清楚地列出的那些步骤或单元,而是可包括没有清楚地列出的或对于这些过程、方法、产品或设备固有的其它步骤或单元。In addition, the terms "first" and "second" in the description and claims of the present application and the above-mentioned drawings are used to distinguish similar objects, and are not necessarily used to describe a specific sequence or sequence. It should be understood that the data used in this way can be interchanged under appropriate circumstances, so that the embodiments described herein can be implemented in a sequence other than the content illustrated or described herein. In addition, the terms "including" and "having" and any variations of them are intended to cover non-exclusive inclusions. For example, a process, method, system, product, or device that includes a series of steps or units is not necessarily limited to those clearly listed. Those steps or units may include other steps or units that are not clearly listed or are inherent to these processes, methods, products, or equipment.
本说明书中各个实施例之间相同相似的部分互相参见即可。尤其,对于装置实施例而言,由于其基本相似于方法实施例,所以描述的比较简单,相关之处参见方法实施例中的说明即可。The same or similar parts in the various embodiments in this specification can be referred to each other. In particular, as for the device embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and for related parts, please refer to the description in the method embodiment.
以上所述的本申请实施方式并不构成对本申请保护范围的限定。The implementation manners of the application described above do not constitute a limitation on the protection scope of the application.

Claims (10)

  1. 一种数据检测方法,其特征在于,所述方法包括:A data detection method, characterized in that the method includes:
    在生成第一时刻的第一快照数据时,获取第一灾备阵列中的数据,所述第一灾备阵列中的数据包括所述第一快照数据;When generating the first snapshot data at the first moment, acquiring data in a first disaster recovery array, where the data in the first disaster recovery array includes the first snapshot data;
    对所述第一灾备阵列中的数据进行检测得到第一检测结果;Detecting data in the first disaster recovery array to obtain a first detection result;
    根据所述第一检测结果生成所述第一快照数据的检测报告。A detection report of the first snapshot data is generated according to the first detection result.
  2. 根据权利要求1所述的方法,其特征在于,对所述第一灾备阵列中的数据进行检测,包括:The method according to claim 1, wherein detecting data in the first disaster recovery array comprises:
    对所述第一灾备阵列中的数据进行第一层检测,所述第一层检测包括检测所述第一灾备阵列的数据所在的块设备是否发生变化;Performing a first layer detection on the data in the first disaster recovery array, the first layer detection including detecting whether the block device where the data of the first disaster recovery array is located has changed;
    如果未发生变化,则进行第二层检测,所述第二层检测包括对所述块设备中的文件进行检测。If there is no change, a second-level detection is performed, and the second-level detection includes detection of the file in the block device.
  3. 根据权利要求2所述的方法,其特征在于,所述文件包括:文件系统日志文件、操作系统配置文件和操作系统日志文件中的至少一种。The method according to claim 2, wherein the file comprises at least one of a file system log file, an operating system configuration file, and an operating system log file.
  4. 根据权利要求3所述的方法,其特征在于,所述第一快照数据中还包括至少一个应用所产生的应用数据;The method according to claim 3, wherein the first snapshot data further includes application data generated by at least one application;
    所述方法还包括:利用第三方程序对所述至少一个应用所产生的应用数据的增加、删除、修改情况进行检测。The method further includes: using a third-party program to detect the addition, deletion, and modification of the application data generated by the at least one application.
  5. 一种数据检测装置,其特征在于,所述装置包括:A data detection device, characterized in that the device includes:
    获取单元,用于在生成第一时刻的第一快照数据时,获取第一灾备阵列中的数据,所述第一灾备阵列中的数据包括所述第一快照数据;An obtaining unit, configured to obtain data in a first disaster recovery array when generating the first snapshot data at the first moment, where the data in the first disaster recovery array includes the first snapshot data;
    处理单元,用于对所述第一灾备阵列中的数据进行检测得到第一检测结果,以及根据所述第一检测结果生成所述第一快照数据的检测报告。The processing unit is configured to detect the data in the first disaster recovery array to obtain a first detection result, and generate a detection report of the first snapshot data according to the first detection result.
  6. 根据权利要求5所述的装置,其特征在于,The device of claim 5, wherein:
    所述处理单元,具体用于对所述第一灾备阵列中的数据进行第一层检测,所述第一层检测包括检测所述第一灾备阵列的数据所在的块设备是否发生变化;如果未发生变化,则进行第二层检测,所述第二层检测包括对所述块设备中的文件进行检测。The processing unit is specifically configured to perform a first layer detection on data in the first disaster recovery array, and the first layer detection includes detecting whether a block device where the data of the first disaster recovery array is located has changed; If there is no change, a second-level detection is performed, and the second-level detection includes detection of the file in the block device.
  7. 根据权利要求6所述的装置,其特征在于,所述文件包括:文件系统日志文件、操作系统配置文件和操作系统日志文件中的至少一种。The device according to claim 6, wherein the file comprises at least one of a file system log file, an operating system configuration file, and an operating system log file.
  8. 根据权利要求7所述的装置,其特征在于,所述第一快照数据中还包括至少一个应用所产生的应用数据;8. The device according to claim 7, wherein the first snapshot data further includes application data generated by at least one application;
    所述处理单元,还用于利用第三方程序对所述至少一个应用所产生的应用数据的增加、删除、修改情况进行检测。The processing unit is further configured to use a third-party program to detect the addition, deletion, and modification of the application data generated by the at least one application.
  9. 一种通信装置,包括控制器,所述控制器与存储器耦合,其特征在于,A communication device includes a controller, the controller is coupled with a memory, and is characterized in that:
    所述存储器,用于存储计算机程序指令;The memory is used to store computer program instructions;
    所述控制器,用于执行所述存储器中存储的所述指令,以使得所述通信装置执行如权利要求1至4中任一项所述的方法。The controller is configured to execute the instructions stored in the memory, so that the communication device executes the method according to any one of claims 1 to 4.
  10. 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质中存储有计算机程序指令,A computer-readable storage medium, characterized in that computer program instructions are stored in the computer-readable storage medium,
    当所述计算机程序指令被运行时,实现如权利要求1至4中任一项所述的方法。When the computer program instructions are executed, the method according to any one of claims 1 to 4 is implemented.
PCT/CN2020/114350 2019-09-19 2020-09-10 Data detection method and device WO2021052231A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910886507.4A CN110674502A (en) 2019-09-19 2019-09-19 Data detection method and device
CN201910886507.4 2019-09-19

Publications (1)

Publication Number Publication Date
WO2021052231A1 true WO2021052231A1 (en) 2021-03-25

Family

ID=69078240

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/114350 WO2021052231A1 (en) 2019-09-19 2020-09-10 Data detection method and device

Country Status (2)

Country Link
CN (1) CN110674502A (en)
WO (1) WO2021052231A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110674502A (en) * 2019-09-19 2020-01-10 华为技术有限公司 Data detection method and device
IT202000028874A1 (en) 2020-11-27 2022-05-27 F&F S R L METHOD, SYSTEM, DEVICE AND ANTI-RANSOMWARE USE OF RESTORE AND DATA PROTECTION FOR ENDPOINTS
CN112464044B (en) * 2020-12-09 2023-04-07 上海爱数信息技术股份有限公司 File data block change information monitoring and management system and method thereof
CN112667153A (en) * 2020-12-22 2021-04-16 军事科学院系统工程研究院网络信息研究所 Multi-site disaster recovery backup method based on distributed raid slices

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103365743A (en) * 2012-03-29 2013-10-23 国际商业机器公司 Method and system for treating snapshot in computing environment
US8607342B1 (en) * 2006-11-08 2013-12-10 Trend Micro Incorporated Evaluation of incremental backup copies for presence of malicious codes in computer systems
CN103914359A (en) * 2012-12-31 2014-07-09 中国移动通信集团浙江有限公司 Data recovery method and device
CN106371771A (en) * 2016-09-13 2017-02-01 郑州云海信息技术有限公司 Disk management method and system in storage system
CN109284205A (en) * 2018-09-21 2019-01-29 平安科技(深圳)有限公司 Snap backup method, device, computer equipment and storage medium
CN109445993A (en) * 2018-11-02 2019-03-08 郑州云海信息技术有限公司 A kind of detection method and relevant apparatus of file system health status
CN110674502A (en) * 2019-09-19 2020-01-10 华为技术有限公司 Data detection method and device

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101901173A (en) * 2010-07-22 2010-12-01 上海骊畅信息科技有限公司 Disaster preparation system and method thereof
US20170329543A1 (en) * 2014-10-22 2017-11-16 Hewlett Packard Enterprise Development Lp Data restoration using block disk presentations
CN105550062B (en) * 2015-12-03 2018-10-12 上海爱数信息技术股份有限公司 The data reflow method restored based on continuous data protection and time point browsing
CN106708662A (en) * 2016-12-13 2017-05-24 上海上讯信息技术股份有限公司 Method for restoring database and equipment
CN109710453A (en) * 2017-10-26 2019-05-03 深圳市沃土科技有限公司 A kind of continuous data store method

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8607342B1 (en) * 2006-11-08 2013-12-10 Trend Micro Incorporated Evaluation of incremental backup copies for presence of malicious codes in computer systems
CN103365743A (en) * 2012-03-29 2013-10-23 国际商业机器公司 Method and system for treating snapshot in computing environment
CN103914359A (en) * 2012-12-31 2014-07-09 中国移动通信集团浙江有限公司 Data recovery method and device
CN106371771A (en) * 2016-09-13 2017-02-01 郑州云海信息技术有限公司 Disk management method and system in storage system
CN109284205A (en) * 2018-09-21 2019-01-29 平安科技(深圳)有限公司 Snap backup method, device, computer equipment and storage medium
CN109445993A (en) * 2018-11-02 2019-03-08 郑州云海信息技术有限公司 A kind of detection method and relevant apparatus of file system health status
CN110674502A (en) * 2019-09-19 2020-01-10 华为技术有限公司 Data detection method and device

Also Published As

Publication number Publication date
CN110674502A (en) 2020-01-10

Similar Documents

Publication Publication Date Title
WO2021052231A1 (en) Data detection method and device
US8117410B2 (en) Tracking block-level changes using snapshots
US11748319B2 (en) Method and system for executing workload orchestration across data centers
US8315991B2 (en) Detecting inadvertent or malicious data corruption in storage subsystems and recovering data
US8046547B1 (en) Storage system snapshots for continuous file protection
JP4321705B2 (en) Apparatus and storage system for controlling acquisition of snapshot
AU2014328493B2 (en) Improving backup system performance
US10810162B2 (en) Physical file verification
US20170093890A1 (en) Security detection
US10838912B1 (en) Intelligent selection of backup levels
US20200110655A1 (en) Proactive data protection on predicted failures
JP4903244B2 (en) Computer system and failure recovery method
US9075755B1 (en) Optimizing data less writes for restore operations
US10346260B1 (en) Replication based security
US9128973B1 (en) Method and system for tracking re-sizing and re-creation of volumes using modification time
US10262023B1 (en) Managing data inconsistencies in file systems
US9811542B1 (en) Method for performing targeted backup
US9477675B1 (en) Managing file system checking in file systems
US11899540B2 (en) Regenerating a chain of backups
US11217324B2 (en) Validating data in storage systems
US11222005B1 (en) Proactive storage system configuration consistency validation
US9773006B1 (en) Techniques for managing non-snappable volumes
US11782799B2 (en) Using bitmaps to validate data
US20230205643A1 (en) Differential checksum validation
US20230205641A1 (en) Disaster recovery drills based on checksum validations

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20866802

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20866802

Country of ref document: EP

Kind code of ref document: A1