[go: up one dir, main page]

EP1982261A2 - Long term backup on disk - Google Patents

Long term backup on disk

Info

Publication number
EP1982261A2
EP1982261A2 EP07706042A EP07706042A EP1982261A2 EP 1982261 A2 EP1982261 A2 EP 1982261A2 EP 07706042 A EP07706042 A EP 07706042A EP 07706042 A EP07706042 A EP 07706042A EP 1982261 A2 EP1982261 A2 EP 1982261A2
Authority
EP
European Patent Office
Prior art keywords
copy
computer
storage medium
computerized data
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP07706042A
Other languages
German (de)
French (fr)
Inventor
Alon Cohen
Aviram Cohen
Eran Raichstein
Dror Alba
Irit Manny-Meitav
Wolf Oren
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
FilesX Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp, FilesX Inc filed Critical International Business Machines Corp
Publication of EP1982261A2 publication Critical patent/EP1982261A2/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1446Point-in-time backing up or restoration of persistent data
    • G06F11/1458Management of the backup or restore process
    • G06F11/1461Backup scheduling policy
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/08Error detection or correction by redundancy in data representation, e.g. by using checking codes
    • G06F11/10Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's
    • G06F11/1004Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's to protect a block of data words, e.g. CRC or checksum
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1446Point-in-time backing up or restoration of persistent data
    • G06F11/1456Hardware arrangements for backup
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1446Point-in-time backing up or restoration of persistent data
    • G06F11/1458Management of the backup or restore process
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1446Point-in-time backing up or restoration of persistent data
    • G06F11/1458Management of the backup or restore process
    • G06F11/1469Backup restoration techniques
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1446Point-in-time backing up or restoration of persistent data
    • G06F11/1448Management of the data involved in backup or backup restore
    • G06F11/1451Management of the data involved in backup or backup restore by selection of backup contents

Definitions

  • the present invention relates to storage of computerized data. Specifically, the present invention provides a long term backup and storage of computerized data while maintaining availability of the data for several years for auditing purposes and for retrieval of historical data
  • Backup operation in an enterprise data network is at times a time-consuming, expensive, and an unreliable practice. While the volume of data generated in an average enterprise is increasing, the time available for backup is decreasing and backup is conducted much more frequently. Building an effective data protection system requires a large investment in servers, networks, tape technology, and proficient people, in addition to the recurring costs of data storage media, such as tape media Tape-based back up and restore operations often interrupt business operations and data availability, costing money and lowering productivity. Tape restore operations fail often because of the low reliability of the physical media. Since there typically are no automatic checking procedures and thus there are many cases that old tapes disappear or do not have all the relevant data needed when a restore is required.
  • restore operations are extremely slow and labor-intensive: most restore operations target a small amount of data, typically a single file or directory. But restoring that data requires locating the appropriate tape or set of tapes, and the mounting thereof. Enough disk space needs to be allocated for restoring the whole volume of data, the whole volume of data is restored, and then the desired files or directories need to be located. Often, the whole process may have to be iterated until the desired file is located. In addition, restoring a corrupted or destroyed volume requires a separate, dedicated block-level backup and restore process, since file-level backup cannot restore system files.
  • FBSRD Fast Backup Storage and fast Recovery of Data
  • FBSRD is coupled to a network with servers and workstations, and operates in both a storage mode and a recovery mode.
  • FBSRD includes a primary storage, a repository, and a Backup Appliance (BA) computer which runs a backup application.
  • BA Backup Appliance
  • recovery mode backed-up data is retrieved from repository and recovered into primary storage in either one of both block format and file format.
  • the BA runs interactively with an Agent Computer Program residing in each server and workstation, and with a Backup User Interface management computer program operated by a user. Regulatory compliance and legal pressure necessitate reliable and accessible long-term business data storage.
  • HHS Health Insurance Portability and Accountability Act
  • HIPAA Health Insurance Portability and Accountability Act
  • the Privacy Rule standards address the use and disclosure of individuals' health information as well as standards for individuals' privacy rights to understand and control how their health information is used.
  • a major goal of the Privacy Rule is to assure that individuals' health information is properly protected while allowing the flow of health information needed to provide and promote high quality health care and to protect public health and well being.
  • the Sarbanes-Oxley Act of 2002 (Pub. L. No. 107-204, 116 Stat.
  • SEC Rule 17a-4 (in combination with 17a- 3) of the Securities Exchange Act of 1934 requires broker-dealers to create and preserve in an easily accessible manner, a comprehensive record of each securities transaction and their securities business in general. These preserved records are used by the SEC to monitor compliance with applicable securities laws including anti fraud provisions and financial responsibility standards. To ensure compliance with SEC Rule 17a-4, broker-dealers must: maintain and retain certain records for the required retention period, store the records in a manner that prevents them from being overwritten, erased or otherwise altered, have in place a system to show the audit trail of each record and provide verification that the records were not altered NASD, Inc.
  • NASD 3110 National Association of Securities Dealers
  • SEC Rule 17a-4 i.e. non-rewritable, non-erasable, and time- stamped. All e-mails and Internet communications which relate to the broker/dealer's business must be retained for at least three years, the first two years in an easily accessible place.
  • OS Operating System
  • File System a component of the operating system used to organize, access and modify information in a hierarchical logical structure.
  • File system volume a volume, or fixed amount of storage that an operating system uses to organize and keep track of file system data such as directories and files.
  • Kernel The kernel is the central component of most computer operating systems (OSs). The Kernel manages system resources and the communication between hardware and software components. As a basic component of an operating system, a kernel provides the lowest level abstraction layer for the resources (e.g. memory, processors and I/O devices) that applications must control to perform their • function and makes the resources available to application processes through interprocess communication mechanisms and system calls. (http://en.wikipediaorg/wiki/Kernel_%28computer_science%29)
  • SCSI Small Computer System Interface
  • SCSI is a standard interface and command set for transferring data between devices on both internal and external computer buses. SCSI is most commonly used for hard disks and tape storage devices, but also connects a wide range of other devices, including scanners, printers, CD-ROM drives, CD recorders, and DVD drives.
  • Checksum is a form of redundancy check, for protecting the integrity of data by detecting errors in data by adding up typically the asserted bits, and storing the resulting value.
  • the simplest form of checksum which adds up the asserted bits in the data, cannot detect a number of types of errors. In particular, such a checksum is not changed by: reordering of the bytes in the message, inserting or deleting zero- valued bytes and multiple errors which sum to zero.
  • More sophisticated types of redundancy check including Fletcher's checksum, Adler-32, and cyclic redundancy checks (CRCs), are designed to address these weaknesses by considering not only the value of each byte but also its position.
  • redundancy check The cost of the ability to detect more types of errors is the increased complexity of computing the redundancy check value. These types of redundancy check are useful in detecting accidental modification such as corruption to stored data or errors in a communication channel. (http://en.wikipedia.org/wiki/Checksum)
  • WORM Write-once-read-many
  • WORM is a data storage technology that allows information to be written to a disc a single time and prevents the drive from erasing or otherwise modifying the data
  • Computer a machine, which executes computer program's instructions recorded on a computer readable medium, also having a memory for storing computer programs, and typically coupled to a communication link.
  • LAN Local Area Network
  • SAN Storage Area Network
  • Workstation a computer attached to the LAN but not to Hie SAN.
  • Server a computer attached to the LAN and to the SAN.
  • Data Block a fixed-size unit of a number of consecutive sectors accessed as a single unit.
  • Data in block format is organized as at least one consecutive data block and tagged with physical location information, which is preserved together with the data.
  • the block structure is flat, meaning that there is no association of blocks into a higher-level structure.
  • Primary storage medium a storage device (usually a block storage device such as a magnetic disk) used by a computer to store non-volatile data.
  • Secondary Storage medium a storage device or repository for storing data backed-up from primary storage.
  • restore or “restoration” is used hereinbefore to refer to restore original data back onto storage attached to a server and/or workstation attached to a network.
  • the terms “restore” and “restoration” refer to data restored between primary and secondary storage media both as part of a backup appliance of the present invention.
  • computer hereinafter refers to the machine which performs backup, verification and restoration processes of embodiments of the present invention, not a server computer or workstation computer unless otherwise indicated.
  • parameter as used herein referring to data is a redundancy check or other value derived from the data in order to determine integrity of 1he data.
  • a computerized method for verification and restoration of computerized data stored within a backup appliance attached to a computer network includes a computer attached to a computer network and a primary storage medium storing the computerized data connected to the computer.
  • a secondary storage medium is partitioned into storage bins. Each of storage bin is either operatively attached to Ihe computer, i.e. mounted or operatively detached from the computer, Le. unmounted.
  • the storage bins are operatively attached solely for reading operations.
  • a stored value is maintained of a parameter, e.g. Checksum of the copy.
  • the stored value is periodically compared to a corresponding value of the parameter of the computerized data Upon detecting a discrepancy between the stored value and the corresponding value, when the discrepancy originates from the computerized data, the computerized data is restored from the copy and when the discrepancy originates from the copy either: (i) the copy is restored from the computerized data or ( ⁇ ) another copy of 1he computerized data is restored in another storage bin.
  • the storage bin is operatively attached for writing operations solely for updating the copy.
  • the step of operatively attaching for writing operations is logged or documented for auditing purposes.
  • the backing up is preferably performed by operatively attaching the storage bin for writing operations.
  • the computerized data is backed up by writing an updated copy of the computerized data to the storage bin; and upon completing the back up, the storage bin is operatively attached solely for reading operations. All writing operations on the secondary storage medium and all reading operations from the secondary storage medium are preferably logged with a time stamp. When a storage bin fails while storing the copy of the data, another copy of the data is preferably restored in another storage bin.
  • the secondary storage medium is preferably secured and direct access prevented using any of an operating system, a file system manager and a volume manager, all running on the computer.
  • the securing is preferably performed by accessing the secondary storage medium solely through a single input/output interface using a software driver, e.g a dedicated block level kernel driver which controls every read and write operation to the secondary storage medium.
  • the securing is also preferably performed by placing a private signature on the secondary storage medium, thereby hiding content of the secondary storage medium from an operating system, a file system manager and a volume manager.
  • the stored value and the corresponding value of the parameter includes a respective checksum of all files of the copy and the computerized data.
  • the backup appliance including the computer, primary storage and the secondary storage partitioned into the storage bins, which perform the methods disclosed herein.
  • a backup appliance for verification and restoration of computerized data including a computer attached to a computer network, a primary storage medium which stores the computerized data and a secondary storage medium.
  • the secondary storage medium is partitioned into storage bins.
  • the storage bins are each, either operatively attached (mounted) to the computer or operatively detached (unmounted) from the computer.
  • a processor of the computer upon storing a copy of the computerized data in one of the storage bins, operatively attaches or mounts the storage bin solely for reading operations and maintains a stored value of a parameter (e.g checksum) of the copy.
  • the processor periodically compares the stored value to a corresponding value of the checksum of the computerized data Upon detecting a discrepancy between the stored value and the corresponding value: when the discrepancy originates from the computerized data, the computerized data is restored from the copy and when the discrepancy originates from the copy, either: (i) the copy is restored from the computerized data or (ii) another copy of the computerized data is restored in another storage bin.
  • the stored value and the corresponding value of the parameter preferably includes a respective checksum or other redundancy check of all files of the copy and the computerized data.
  • the backup appliance preferably includes a mechanism which operatively attaches (mounts) the storage bin for writing operations solely for updating the copy, a logging mechanism which documents each instance of operatively attaching (mounting) the storage bin for writing operations and a security mechanism which secures the secondary storage medium and thereby prevents access to the secondary storage mechanism using any of the operating system, the file system manager and the volume manager, all running on the computer.
  • the security mechanism preferably includes a software driver which controls every read and write operation through a single input/output interface to the secondary storage medium.
  • the security mechanism preferably places a private signature on the secondary storage medium, thereby hiding content of the secondary storage medium from an operating system, a file system manager and a volume manager all running on the computer.
  • a program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform a method for verification and restoration of computerized data stored in a primary storage medium, the primary storage medium operatively connected to a computer, the method as disclosed herein.
  • FIG. 1 is a simplified system drawing illustrating a network environment, according to an embodiment of the present invention
  • FIG. 2 is a simplified system drawing according to an embodiment of the present invention
  • FIG. 3 is a simplified drawing of computer architecture abstraction layers in accordance with embodiments of the present invention
  • FIG. 4 is a simplified flow diagram of a backup process, according to an embodiment of the present invention
  • FIG. 5 is a simplified flow diagram of a verification and restore process, according to an embodiment of the present invention.
  • FIG. 6 is a simplified flow diagram of a logging process, according to an embodiment of the present invention.
  • FIG. 7 is a simplified flow diagram of a repair/duplication process, according to an embodiment of the present invention.
  • FIG. 8 is a simplified flow diagram of a cleanup process, according to an embodiment of the present invention.
  • the present invention is of a system and method for providing backup and storage of computerized data
  • the present invention provides a long term backup and storage of computerized data with simple and rapid data recovery, while insuring data integrity and availability for predefined periods of up to several years while complying with requirements of regulatory agencies for data integrity, data privacy and accountability.
  • embodiment of the present invention use storage repositories that include a set of two storage media, e.g. disks: a primary disk and a secondary disk.
  • the primary disk is typically managed conventionally such as by file system.
  • the secondary disk stores copies of the primary disk data in innovative storage bins or small disk partitions, which store data components in a static and sealed form and are opened and written into in accordance with regulations
  • the storage bins do not interact with the operating system in a conventional fashion using a volume manager and/or file system manager. Storage bins are accessible only when required, using an innovative software driver which interacts on a physical level with the hardware interface, e.g. SCSI, of the storage medium.
  • the primary and secondary disks in a pair might be located on different storage devices. The devices might be physically located at separate rooms and connected to different power supplies to allow for further redundancy.
  • Embodiments of the present invention perform a process of auto-verification and self-healing for data stored in primary disk and in the secondary disk in the storage bins.
  • Problems and/or corruption are typically detected in backup snapshots stored on disks using a parameter of the data such as a redundancy check, e.g. checksum typically using all the copies of files stored in a storage bin in the secondary disk and the similar files stored in the primary disk. If the checksum indicates corruption or tampering with one or more files in the storage bin, the files of the storage bin may be restored from the parallel files in the primary disk. Similarly, if the one or more files in the primary disk is corrupted the files may be restored from the copies in the storage bin.
  • the auto-verification and self healing process is preferably performed regularly in 1he background when the computer system is otherwise relatively inactive.
  • Some embodiments of the present invention perform disk and data life management (DDLM) which monitors physical condition or "health" of a disk, life span or even impending disk failure and performs automatic data relocation based on the physical condition of the disk and/or overrides preset expiration periods.
  • DDLM disk and data life management
  • Some embodiments of the present invention detect file system corruption and prevent continuation of storage activities until the problem is identified and solved.
  • Embodiments of the present invention preferably include a reporting mechanism to indicate that data is valid in the repository, for regulatory purpose and for the peace of mind of the owner.
  • Each repository disk storage has an expiration date and data is moved from one physical disk to another when expiration approaches or when there is an indication that the storage might fail soon.
  • the embodiments of the present invention may comprise a general-purpose or special-purpose computer system including various computer hardware components, which are discussed in greater detail below.
  • Embodiments within the scope of the present invention also include computer-readable media for carrying or having computer-executable instructions, computer-readable instructions, or data structures stored thereon.
  • Such computer-readable media may be any available media, which is accessible by a general-purpose or special-purpose computer system.
  • such computer-readable media include physical storage media such as RAM, ROM, EPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other media which can be used to carry or store desired program code means in the form of computer- executable instructions, computer-readable instructions, or data structures and which may be accessed by a general-purpose or special-purpose computer system.
  • physical storage media such as RAM, ROM, EPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other media which can be used to carry or store desired program code means in the form of computer- executable instructions, computer-readable instructions, or data structures and which may be accessed by a general-purpose or special-purpose computer system.
  • a "network” is defined as any architecture where two or more computer systems may exchange data. Exchanged data may be in the form of electrical signals that are meaningful to the two or more computer systems.
  • a network or another communications connection either hardwired, wireless, or a combination of hardwired or wireless
  • the connection is properly viewed as a computer-readable medium.
  • any such connection is properly termed a computer-readable medium.
  • Computer-executable instructions comprise, for example, instructions and data which cause a general- purpose computer system or special-purpose computer system to perform a certain function or group of functions.
  • computer or “computer system” is defined as one or more software modules, one or more hardware modules, or combinations thereof, which work together to perform operations on electronic data.
  • computer system includes the hardware components of a personal computer, as well as software modules, such as the operating system of the personal computer.
  • the physical layout of the modules is not important.
  • a computer system may include one or more computers coupled via a computer network.
  • a computer system may include a single physical device (such as a mobile phone or Personal Digital Assistant "PDA") where internal modules (such as a memory and processor) work together to perform operations on electronic data.
  • PDA Personal Digital Assistant
  • the invention may be practiced in network computing environments with many types of computer system configurations, including mobile telephones, PDA's, pagers, hand-held devices, laptop computers, personal computers, multi-processor systems, micropro'cessor-based or programmable consumer electronics, network PCs, minicomputers, mainframe computers, and the like.
  • the invention may also be practiced in distributed computing environments where local and remote computer systems, which are linked (either by hardwired links, wireless links, or by a combination of hardwired or wireless links) through a communication network, both perform tasks.
  • program modules may be located in both local and remote memory storage devices.
  • Implementation of the method and system of the present invention involves performing or completing selected tasks or steps manually, automatically, or a combination thereof.
  • several selected steps could be implemented by hardware or by software on any operating system of any firmware or a combination thereof.
  • selected steps of the invention could be implemented as a chip or a circuit.
  • selected steps of the invention could be implemented as a plurality of software instructions being executed by a computer using any suitable operating system.
  • selected steps of the method and system of the invention could be described as being performed by a data processor, such as a computing platform for executing multiple instructions.
  • Network environment 10 includes a network 100, e.g. LAN, a workstation computer 106, a server 108, and a backup and storage system 101 which performs backup of production data stored on production storage 114 attached to server 108, according to embodiments of the present invention.
  • Backup and storage system 101 or repository storage 101 is attached to network 100 through network interface 104, and includes a primary storage medium 110 and a secondary storage medium 112, e.g. magnetic storage disks.
  • Server 108 which is appropriate for embodiments of the present invention is HP ProLiant DL380 G4 Server.
  • Repository storage implementing primary storage medium 110 and secondary storage medium 112 is for example, EMC CLARiiON CX500 (EMC Corporation, Hopkinton, MA, USA) which provides up to 64Tbyte of storage.
  • Backup and storage system 101 includes a processor 5 201, a storage mechanism including a memory bus 207 to store information in random access memory 209 and network interface 104 operatively connected to processor 201 with a peripheral bus 203.
  • Backup and storage system 101 further includes a data input mechanism 205, e.g. disk drive from a program storage device 213, e.g. optical disk.
  • Data input mechanism 205 is operatively connected to processor 201 with a 0 peripheral bus 203.
  • Interfaces 215, e.g. SCSI connect primary storage medium 110 and secondary storage medium 112 to processor 201 through peripheral bus 203.
  • Secondary storage medium 112 is shown schematically as partitioned into storage bins 217. Storage bins may be implemented as individual disks which are managed together within secondary storage medium 112 or as different partitions within a 5 single large disk.
  • FIG. 3 is a simplified drawing of abstraction layers 30 in system 101.
  • the lowest abstraction layer is a physical layer 309 including physical operations, e.g. reading and writing on primary storage medium 110 and secondary storage medium 112.
  • Physical layer 309 operations are 0 controlled by an interface layer 307, e.g. SCSI .
  • interface layer 307 e.g. SCSI .
  • Kernel layers Above interface layer 307, are Kernel layers, volume manager 305 which manages volumes and a file system manager 303 which manages files on primary storage medium 110.
  • An application layer 301 is accessible to user applications. According to embodiments of the present invention, access to secondary storage medium 112 is limited to layer 307 and access to 5 secondary storage medium 112 from layers 301, 303 and 305 is permitted only mediated by a driver, e.g.
  • the WORM manager for secondary storage medium 112 is preferably implemented in layer 307 by the SCSI driver.
  • the SCSI driver is used to control and monitor all read/write operations to secondary storage medium 112.
  • Another level of protection to the repository data is achieved by protection of secondary storage medium 112 by placing a signature on secondary storage medium 112 that allows recognition as storage by embodiments of the present invention.
  • Backup is typically of one or more data files stored on primary storage medium 110. Backup is often performed when a snapshot is initiated, and files stored in primary storage medium are copied into storage bins of secondary storage medium 112.
  • a backup procedure is initiated (step 401) one or more storage bins 217 are allocated (step 403) on secondary storage medium 112. If active storage bins 217 in use are full, a new storage bin is optionally created and allocated. Storage bins 217 are mounted (step 405) for read and write operations.
  • Backup is performed (step 407) for instance of storage 114 attached directly to server computer 108 and the data files are copied into primary repository 110 and corresponding files in allocated storage bins 217 on secondary storage medium 112.
  • backup procedure ends (step 409) and the one or more storage bins 217 are unmounted (step 411) in order to prevent any further read or write operations.
  • FIG. 5 illustrating a flow diagram of a verification and restore process 50, according to an exemplary embodiment of the present invention.
  • the backup copies of data are maintained in unmounted storage bins 217, and are accessed and mounted for read operations only if needed.
  • Storage bins 217 are partitioned (step 502) and allocated in secondary storage medium 112, storage bins 217 are mounted (step 405) for read/write operations and a copy of data files from primary storage medium 110 is stored in storage bins 217.
  • storage bins 217 are mounted (step 508) only for read operations.
  • a redundancy check e.g. checksum, or other parameter which indicates integrity is calculated both for the original data stored on primary storage medium 110 and for the copy stored in storage bins 217. If checksums are the same, storage bins are unmounted (not shown) and then after a period of time storage bins 217 are mounted only for read operations (step 508) and checksums are compared (step 510) again. However, if checksums are different (decision box 512) then a determination occurs regarding which checksum has changed (decision box 514) indicating whether the data stored on primary storage medium 110 or the copy on secondary storage medium 112 is corrupted or tampered with.
  • Logging process 60 preferably fulfills the regulatory requirements of WARM (write-once-read-many)
  • a log is opened preferably 5 with a time stamp and preferably all read operations are logged (step 607).
  • a log is opened for read/write operations (step 405)
  • a log is opened for both read and write operations.
  • Write operations are logged (step 605) and read operations are logged (step 607).
  • the log(s) is/are closed (step 609), optionally with time stamps and storage bin 217 is
  • Logging (steps 605, 607) and/or documenting for auditing purposes of mounting of storage bins 217 for write operations are typically performed by writing into one or more storage bins 217L accessible only by the dedicated Kernel driver which performs the reading and writing operations.
  • logging steps 605, 607
  • FIG. 7 illustrating a storage bin repair process 70, according to embodiments of the present invention.
  • a cleanup operation, according to embodiments of the present invention is illustrated in Figure 8.
  • a storage bin 217 is mounted for read/write operations and the data within storage bin and optionally the partition of storage bin 217 is deleted (step 803).

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Quality & Reliability (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Techniques For Improving Reliability Of Storages (AREA)

Abstract

A backup appliance comprising secondary storage medium partitioned into storage bins, either operatively attached to the computer or operatively detached from the computer Upon storing a copy of the computerized data in one of the storage bins, operatively attaches or mounts the storage bin solely for reading operations and maintains a stored value of a parameter of the copy The processor penodically compares the stored value to a corresponding value of the checksum of the computerized data Upon detecting a discrepancy between the stored value and the corresponding value when the discrepancy originates from the computerized data, the computerized data is restored from the copy and when the discrepancy originates from the copy, either (ι) the copy is restored from the computerized data or (ιι) another copy of the computerized data is restored in another storage bin.

Description

LONG TERM BACKUP ON DISK
FIELD AND BACKGROUND OF THE INVENTION
The present invention relates to storage of computerized data. Specifically, the present invention provides a long term backup and storage of computerized data while maintaining availability of the data for several years for auditing purposes and for retrieval of historical data
Backup operation in an enterprise data network is at times a time-consuming, expensive, and an unreliable practice. While the volume of data generated in an average enterprise is increasing, the time available for backup is decreasing and backup is conducted much more frequently. Building an effective data protection system requires a large investment in servers, networks, tape technology, and proficient people, in addition to the recurring costs of data storage media, such as tape media Tape-based back up and restore operations often interrupt business operations and data availability, costing money and lowering productivity. Tape restore operations fail often because of the low reliability of the physical media. Since there typically are no automatic checking procedures and thus there are many cases that old tapes disappear or do not have all the relevant data needed when a restore is required.
Likewise, one of the problems with data restoration operations is that restore operations are extremely slow and labor-intensive: most restore operations target a small amount of data, typically a single file or directory. But restoring that data requires locating the appropriate tape or set of tapes, and the mounting thereof. Enough disk space needs to be allocated for restoring the whole volume of data, the whole volume of data is restored, and then the desired files or directories need to be located. Often, the whole process may have to be iterated until the desired file is located. In addition, restoring a corrupted or destroyed volume requires a separate, dedicated block-level backup and restore process, since file-level backup cannot restore system files.
United States Patent Application 20050216788 entitled Fast Backup Storage and fast Recovery of Data (FBSRD) method, is included herein by reference for all purposes as if entirely set forth herein. FBSRD is coupled to a network with servers and workstations, and operates in both a storage mode and a recovery mode. FBSRD includes a primary storage, a repository, and a Backup Appliance (BA) computer which runs a backup application. When in storage mode, data is retrieved out of primary storage for backup, by taking snapshots and the retrieved data is saved into a repository in block format. In recovery mode, backed-up data is retrieved from repository and recovered into primary storage in either one of both block format and file format. The BA runs interactively with an Agent Computer Program residing in each server and workstation, and with a Backup User Interface management computer program operated by a user. Regulatory compliance and legal pressure necessitate reliable and accessible long-term business data storage.
The U.S. Department of Health and Human Services ("HHS") issued Standards for Privacy of Individually Identifiable Health Information ("Privacy Rule") to implement the requirement of the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"). The Privacy Rule standards address the use and disclosure of individuals' health information as well as standards for individuals' privacy rights to understand and control how their health information is used. A major goal of the Privacy Rule is to assure that individuals' health information is properly protected while allowing the flow of health information needed to provide and promote high quality health care and to protect public health and well being. The Sarbanes-Oxley Act of 2002 (Pub. L. No. 107-204, 116 Stat. 745, also known as the Public Company Accounting Reform and Investor Protection Act of 2002, July 30, 2002) is a United States federal law passed in response to a number of major corporate and accounting scandals which resulted in a decline of public trust in accounting and reporting practices have specific requirements concerning the integrity, reliability and retrieval of stored business records.
Security Exchange Commission (SEC) Rule 17a-4 (in combination with 17a- 3) of the Securities Exchange Act of 1934 requires broker-dealers to create and preserve in an easily accessible manner, a comprehensive record of each securities transaction and their securities business in general. These preserved records are used by the SEC to monitor compliance with applicable securities laws including anti fraud provisions and financial responsibility standards. To ensure compliance with SEC Rule 17a-4, broker-dealers must: maintain and retain certain records for the required retention period, store the records in a manner that prevents them from being overwritten, erased or otherwise altered, have in place a system to show the audit trail of each record and provide verification that the records were not altered NASD, Inc. (National Association of Securities Dealers) is the primary self regulatory organization responsible for the regulation of persons and companies involved in the securities industry in the United States, with delegated authority from the Securities and Exchange Commission. NASD 3110 requires that all books, accounts, records, memoranda and correspondence should be retained in the same format as stated in SEC Rule 17a-4 (i.e. non-rewritable, non-erasable, and time- stamped). All e-mails and Internet communications which relate to the broker/dealer's business must be retained for at least three years, the first two years in an easily accessible place.
21 Code of Federal Regulations (CFR), Part 11, issued by U.S. Food and Drug (FDA) Administration "sets forth the criteria under which the agency considers electronic records, electronic signatures, and handwritten signatures executed to electronic records to be trustworthy, reliable, and generally equivalent to paper records and handwritten signatures executed on paper."
There is thus a need for, and it would be highly advantageous to have a system and for providing backup and storage of computerized data which guarantees integrity and availability of the data for predefined periods of several years and meet regulatory requirements, protecting data while maintaining direct availability of data for auditing purposes.
DEFINITIONS:
Terms as used herein are defined as follows:
Operating System (OS): a software program used to control computer resources such as I/O operations, memory resources and program execution. File System: a component of the operating system used to organize, access and modify information in a hierarchical logical structure.
File system volume: a volume, or fixed amount of storage that an operating system uses to organize and keep track of file system data such as directories and files. Kernel: The kernel is the central component of most computer operating systems (OSs). The Kernel manages system resources and the communication between hardware and software components. As a basic component of an operating system, a kernel provides the lowest level abstraction layer for the resources (e.g. memory, processors and I/O devices) that applications must control to perform their • function and makes the resources available to application processes through interprocess communication mechanisms and system calls. (http://en.wikipediaorg/wiki/Kernel_%28computer_science%29) SCSI ("Small Computer System Interface") is a standard interface and command set for transferring data between devices on both internal and external computer buses. SCSI is most commonly used for hard disks and tape storage devices, but also connects a wide range of other devices, including scanners, printers, CD-ROM drives, CD recorders, and DVD drives.
Checksum is a form of redundancy check, for protecting the integrity of data by detecting errors in data by adding up typically the asserted bits, and storing the resulting value. The simplest form of checksum, which adds up the asserted bits in the data, cannot detect a number of types of errors. In particular, such a checksum is not changed by: reordering of the bytes in the message, inserting or deleting zero- valued bytes and multiple errors which sum to zero. More sophisticated types of redundancy check, including Fletcher's checksum, Adler-32, and cyclic redundancy checks (CRCs), are designed to address these weaknesses by considering not only the value of each byte but also its position. The cost of the ability to detect more types of errors is the increased complexity of computing the redundancy check value. These types of redundancy check are useful in detecting accidental modification such as corruption to stored data or errors in a communication channel. (http://en.wikipedia.org/wiki/Checksum)
Write-once-read-many (WORM) is a data storage technology that allows information to be written to a disc a single time and prevents the drive from erasing or otherwise modifying the data Computer: a machine, which executes computer program's instructions recorded on a computer readable medium, also having a memory for storing computer programs, and typically coupled to a communication link.
Local Area Network (LAN) such as an Ethernet; used for communications between computers located in near physical proximity (typically less than 500 m). Storage Area Network (SAN): a high speed, dedicated network used to connect a number of computers with storage devices. Workstation: a computer attached to the LAN but not to Hie SAN. Server: a computer attached to the LAN and to the SAN.
Data Block: a fixed-size unit of a number of consecutive sectors accessed as a single unit. Data in block format is organized as at least one consecutive data block and tagged with physical location information, which is preserved together with the data. The block structure is flat, meaning that there is no association of blocks into a higher-level structure.
Primary storage medium: a storage device (usually a block storage device such as a magnetic disk) used by a computer to store non-volatile data. Secondary Storage medium: a storage device or repository for storing data backed-up from primary storage.
The term "restore" or "restoration" is used hereinbefore to refer to restore original data back onto storage attached to a server and/or workstation attached to a network. Hereinafter, the terms "restore" and "restoration" refer to data restored between primary and secondary storage media both as part of a backup appliance of the present invention.
The term "computer" hereinafter refers to the machine which performs backup, verification and restoration processes of embodiments of the present invention, not a server computer or workstation computer unless otherwise indicated. The term "parameter" as used herein referring to data is a redundancy check or other value derived from the data in order to determine integrity of 1he data.
The terms "mount" (as a verb) and "operatively attach" are used herein interchangeably. The terms "unmount" and "operatively detach" are used herein interchangeably.
SUMMARY OF THE INVENTION
According to the present invention there is provided a computerized method for verification and restoration of computerized data stored within a backup appliance attached to a computer network. The backup appliance includes a computer attached to a computer network and a primary storage medium storing the computerized data connected to the computer. A secondary storage medium is partitioned into storage bins. Each of storage bin is either operatively attached to Ihe computer, i.e. mounted or operatively detached from the computer, Le. unmounted. After a copy of the computerized data is stored in one or more storage bins, the storage bins are operatively attached solely for reading operations. A stored value is maintained of a parameter, e.g. Checksum of the copy. The stored value is periodically compared to a corresponding value of the parameter of the computerized data Upon detecting a discrepancy between the stored value and the corresponding value, when the discrepancy originates from the computerized data, the computerized data is restored from the copy and when the discrepancy originates from the copy either: (i) the copy is restored from the computerized data or (ϋ) another copy of 1he computerized data is restored in another storage bin. Preferably, the storage bin is operatively attached for writing operations solely for updating the copy. The step of operatively attaching for writing operations is logged or documented for auditing purposes. The backing up is preferably performed by operatively attaching the storage bin for writing operations. The computerized data is backed up by writing an updated copy of the computerized data to the storage bin; and upon completing the back up, the storage bin is operatively attached solely for reading operations. All writing operations on the secondary storage medium and all reading operations from the secondary storage medium are preferably logged with a time stamp. When a storage bin fails while storing the copy of the data, another copy of the data is preferably restored in another storage bin.
The secondary storage medium is preferably secured and direct access prevented using any of an operating system, a file system manager and a volume manager, all running on the computer. The securing is preferably performed by accessing the secondary storage medium solely through a single input/output interface using a software driver, e.g a dedicated block level kernel driver which controls every read and write operation to the secondary storage medium. The securing is also preferably performed by placing a private signature on the secondary storage medium, thereby hiding content of the secondary storage medium from an operating system, a file system manager and a volume manager. The stored value and the corresponding value of the parameter includes a respective checksum of all files of the copy and the computerized data.
According to the present invention there is provided the backup appliance including the computer, primary storage and the secondary storage partitioned into the storage bins, which perform the methods disclosed herein.
According to the present invention, there is provided a backup appliance for verification and restoration of computerized data including a computer attached to a computer network, a primary storage medium which stores the computerized data and a secondary storage medium. The secondary storage medium is partitioned into storage bins. The storage bins are each, either operatively attached (mounted) to the computer or operatively detached (unmounted) from the computer. A processor of the computer upon storing a copy of the computerized data in one of the storage bins, operatively attaches or mounts the storage bin solely for reading operations and maintains a stored value of a parameter (e.g checksum) of the copy. The processor periodically compares the stored value to a corresponding value of the checksum of the computerized data Upon detecting a discrepancy between the stored value and the corresponding value: when the discrepancy originates from the computerized data, the computerized data is restored from the copy and when the discrepancy originates from the copy, either: (i) the copy is restored from the computerized data or (ii) another copy of the computerized data is restored in another storage bin. The stored value and the corresponding value of the parameter preferably includes a respective checksum or other redundancy check of all files of the copy and the computerized data. The backup appliance preferably includes a mechanism which operatively attaches (mounts) the storage bin for writing operations solely for updating the copy, a logging mechanism which documents each instance of operatively attaching (mounting) the storage bin for writing operations and a security mechanism which secures the secondary storage medium and thereby prevents access to the secondary storage mechanism using any of the operating system, the file system manager and the volume manager, all running on the computer. The security mechanism preferably includes a software driver which controls every read and write operation through a single input/output interface to the secondary storage medium. The security mechanism preferably places a private signature on the secondary storage medium, thereby hiding content of the secondary storage medium from an operating system, a file system manager and a volume manager all running on the computer. According to the present invention there is provided a program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform a method for verification and restoration of computerized data stored in a primary storage medium, the primary storage medium operatively connected to a computer, the method as disclosed herein.
BRIEF DESCRIPTION OF THE DRAWINGS
The invention is herein described, by way of example only, with reference to the accompanying drawings, wherein:
FIG. 1 is a simplified system drawing illustrating a network environment, according to an embodiment of the present invention; FIG. 2 is a simplified system drawing according to an embodiment of the present invention;
FIG. 3 is a simplified drawing of computer architecture abstraction layers in accordance with embodiments of the present invention; FIG. 4 is a simplified flow diagram of a backup process, according to an embodiment of the present invention;
FIG. 5 is a simplified flow diagram of a verification and restore process, according to an embodiment of the present invention;
FIG. 6 is a simplified flow diagram of a logging process, according to an embodiment of the present invention;
FIG. 7 is a simplified flow diagram of a repair/duplication process, according to an embodiment of the present invention; and
FIG. 8 is a simplified flow diagram of a cleanup process, according to an embodiment of the present invention.
DESCRIPTION OF THE PREFERRED EMBODIMENTS
The present invention is of a system and method for providing backup and storage of computerized data The present invention provides a long term backup and storage of computerized data with simple and rapid data recovery, while insuring data integrity and availability for predefined periods of up to several years while complying with requirements of regulatory agencies for data integrity, data privacy and accountability. Specifically, embodiment of the present invention use storage repositories that include a set of two storage media, e.g. disks: a primary disk and a secondary disk. The primary disk is typically managed conventionally such as by file system. The secondary disk stores copies of the primary disk data in innovative storage bins or small disk partitions, which store data components in a static and sealed form and are opened and written into in accordance with regulations The storage bins do not interact with the operating system in a conventional fashion using a volume manager and/or file system manager. Storage bins are accessible only when required, using an innovative software driver which interacts on a physical level with the hardware interface, e.g. SCSI, of the storage medium. The primary and secondary disks in a pair might be located on different storage devices. The devices might be physically located at separate rooms and connected to different power supplies to allow for further redundancy.
Embodiments of the present invention perform a process of auto-verification and self-healing for data stored in primary disk and in the secondary disk in the storage bins. Problems and/or corruption are typically detected in backup snapshots stored on disks using a parameter of the data such as a redundancy check, e.g. checksum typically using all the copies of files stored in a storage bin in the secondary disk and the similar files stored in the primary disk. If the checksum indicates corruption or tampering with one or more files in the storage bin, the files of the storage bin may be restored from the parallel files in the primary disk. Similarly, if the one or more files in the primary disk is corrupted the files may be restored from the copies in the storage bin. The auto-verification and self healing process is preferably performed regularly in 1he background when the computer system is otherwise relatively inactive.
Some embodiments of the present invention perform disk and data life management (DDLM) which monitors physical condition or "health" of a disk, life span or even impending disk failure and performs automatic data relocation based on the physical condition of the disk and/or overrides preset expiration periods. Some embodiments of the present invention detect file system corruption and prevent continuation of storage activities until the problem is identified and solved.
Embodiments of the present invention preferably include a reporting mechanism to indicate that data is valid in the repository, for regulatory purpose and for the peace of mind of the owner. Each repository disk storage has an expiration date and data is moved from one physical disk to another when expiration approaches or when there is an indication that the storage might fail soon.
It should be noted that while the discussion herein is directed to a backup and storage medium, connected directly to a local area or enterprise network as a stand alone backup and storage system, the principles of the present invention may be adapted for use in, and provide benefit for a backup and storage system connected to a storage area network or a wide area network. Further the storage mechanism may be of any such mechanisms known in the art.
The principles and operation of a system and method of for providing backup and storage of computerized data, according to the present invention, may be better understood with reference to the drawings and the accompanying description.
Before explaining embodiments of the invention in detail, it is to be understood that the invention is not limited in its application to the details of design and the arrangement of the components set forth in the following description or illustrated in the drawings. The invention is capable of other embodiments or of being practiced or carried out in various ways. Also, it is to be understood that the phraseology and terminology employed herein is for the purpose of description and should not be regarded as limiting.
The embodiments of the present invention may comprise a general-purpose or special-purpose computer system including various computer hardware components, which are discussed in greater detail below. Embodiments within the scope of the present invention also include computer-readable media for carrying or having computer-executable instructions, computer-readable instructions, or data structures stored thereon. Such computer-readable media may be any available media, which is accessible by a general-purpose or special-purpose computer system. By way of example, and not limitation, such computer-readable media include physical storage media such as RAM, ROM, EPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other media which can be used to carry or store desired program code means in the form of computer- executable instructions, computer-readable instructions, or data structures and which may be accessed by a general-purpose or special-purpose computer system.
In this description and in the following claims, a "network" is defined as any architecture where two or more computer systems may exchange data. Exchanged data may be in the form of electrical signals that are meaningful to the two or more computer systems. When data is transferred or provided over a network or another communications connection (either hardwired, wireless, or a combination of hardwired or wireless) to a computer system or computer device, the connection is properly viewed as a computer-readable medium. Thus, any such connection is properly termed a computer-readable medium. Combinations of the above should also be included within the scope of computer-readable media. Computer-executable instructions comprise, for example, instructions and data which cause a general- purpose computer system or special-purpose computer system to perform a certain function or group of functions.
In this description and in tfie following claims, the term "computer" or "computer system" is defined as one or more software modules, one or more hardware modules, or combinations thereof, which work together to perform operations on electronic data. For example, the definition of computer system includes the hardware components of a personal computer, as well as software modules, such as the operating system of the personal computer. The physical layout of the modules is not important. A computer system may include one or more computers coupled via a computer network. Likewise, a computer system may include a single physical device (such as a mobile phone or Personal Digital Assistant "PDA") where internal modules (such as a memory and processor) work together to perform operations on electronic data.
Those skilled in the art will appreciate that the invention may be practiced in network computing environments with many types of computer system configurations, including mobile telephones, PDA's, pagers, hand-held devices, laptop computers, personal computers, multi-processor systems, micropro'cessor-based or programmable consumer electronics, network PCs, minicomputers, mainframe computers, and the like. The invention may also be practiced in distributed computing environments where local and remote computer systems, which are linked (either by hardwired links, wireless links, or by a combination of hardwired or wireless links) through a communication network, both perform tasks. In a distributed computing environment, program modules may be located in both local and remote memory storage devices.
Implementation of the method and system of the present invention involves performing or completing selected tasks or steps manually, automatically, or a combination thereof. Moreover, according to actual instrumentation and equipment of preferred embodiments of the method and system of Hie present invention, several selected steps could be implemented by hardware or by software on any operating system of any firmware or a combination thereof. For example, as hardware, selected steps of the invention could be implemented as a chip or a circuit. As software, selected steps of the invention could be implemented as a plurality of software instructions being executed by a computer using any suitable operating system. In any case, selected steps of the method and system of the invention could be described as being performed by a data processor, such as a computing platform for executing multiple instructions.
Referring now to the drawings, Figure 1 illustrates a network environment 10, according to an embodiment of the present invention. Network environment 10 includes a network 100, e.g. LAN, a workstation computer 106, a server 108, and a backup and storage system 101 which performs backup of production data stored on production storage 114 attached to server 108, according to embodiments of the present invention. Backup and storage system 101 or repository storage 101 is attached to network 100 through network interface 104, and includes a primary storage medium 110 and a secondary storage medium 112, e.g. magnetic storage disks. Server 108 which is appropriate for embodiments of the present invention is HP ProLiant DL380 G4 Server. Repository storage implementing primary storage medium 110 and secondary storage medium 112 is for example, EMC CLARiiON CX500 (EMC Corporation, Hopkinton, MA, USA) which provides up to 64Tbyte of storage.
Reference is now made to Figure 2 which illustrates a simplified schematic backup and storage system 101. Backup and storage system 101 includes a processor 5 201, a storage mechanism including a memory bus 207 to store information in random access memory 209 and network interface 104 operatively connected to processor 201 with a peripheral bus 203. Backup and storage system 101 further includes a data input mechanism 205, e.g. disk drive from a program storage device 213, e.g. optical disk. Data input mechanism 205 is operatively connected to processor 201 with a 0 peripheral bus 203. Interfaces 215, e.g. SCSI connect primary storage medium 110 and secondary storage medium 112 to processor 201 through peripheral bus 203. Secondary storage medium 112 is shown schematically as partitioned into storage bins 217. Storage bins may be implemented as individual disks which are managed together within secondary storage medium 112 or as different partitions within a 5 single large disk.
Reference is now made to Figure 3 which is a simplified drawing of abstraction layers 30 in system 101. The lowest abstraction layer is a physical layer 309 including physical operations, e.g. reading and writing on primary storage medium 110 and secondary storage medium 112. Physical layer 309 operations are 0 controlled by an interface layer 307, e.g. SCSI . Above interface layer 307, are Kernel layers, volume manager 305 which manages volumes and a file system manager 303 which manages files on primary storage medium 110. An application layer 301 is accessible to user applications. According to embodiments of the present invention, access to secondary storage medium 112 is limited to layer 307 and access to 5 secondary storage medium 112 from layers 301, 303 and 305 is permitted only mediated by a driver, e.g. SCSI, operating within interface layer 307. The WORM manager for secondary storage medium 112 is preferably implemented in layer 307 by the SCSI driver. The SCSI driver is used to control and monitor all read/write operations to secondary storage medium 112. Another level of protection to the repository data is achieved by protection of secondary storage medium 112 by placing a signature on secondary storage medium 112 that allows recognition as storage by embodiments of the present invention.
Reference is now made to Figure 4, a simplified flow diagram of a backup procedure 40, according to an embodiment of the present invention. Backup is typically of one or more data files stored on primary storage medium 110. Backup is often performed when a snapshot is initiated, and files stored in primary storage medium are copied into storage bins of secondary storage medium 112. When a backup procedure is initiated (step 401) one or more storage bins 217 are allocated (step 403) on secondary storage medium 112. If active storage bins 217 in use are full, a new storage bin is optionally created and allocated. Storage bins 217 are mounted (step 405) for read and write operations. Backup is performed (step 407) for instance of storage 114 attached directly to server computer 108 and the data files are copied into primary repository 110 and corresponding files in allocated storage bins 217 on secondary storage medium 112. When all the designated files are backed up and verified, backup procedure ends (step 409) and the one or more storage bins 217 are unmounted (step 411) in order to prevent any further read or write operations.
Reference is now made to Figure 5, illustrating a flow diagram of a verification and restore process 50, according to an exemplary embodiment of the present invention. During the long period of time in which backup copies of data are kept on secondary storage medium 112, there are several procedures that handle the data. Preferably, the backup copies of data are maintained in unmounted storage bins 217, and are accessed and mounted for read operations only if needed. Storage bins 217 are partitioned (step 502) and allocated in secondary storage medium 112, storage bins 217 are mounted (step 405) for read/write operations and a copy of data files from primary storage medium 110 is stored in storage bins 217. Periodically, over the long period of time,e.g. years, and preferably as a background task, storage bins 217 are mounted (step 508) only for read operations. A redundancy check, e.g. checksum, or other parameter which indicates integrity is calculated both for the original data stored on primary storage medium 110 and for the copy stored in storage bins 217. If checksums are the same, storage bins are unmounted (not shown) and then after a period of time storage bins 217 are mounted only for read operations (step 508) and checksums are compared (step 510) again. However, if checksums are different (decision box 512) then a determination occurs regarding which checksum has changed (decision box 514) indicating whether the data stored on primary storage medium 110 or the copy on secondary storage medium 112 is corrupted or tampered with. If the copy on secondary storage medium 112 has an altered checksum then storage bin 217 is mounted (step 405) for read/write operations, and the copy is restored (step 520) from the data stored in primary storage medium 110. If the data stored on primary storage medium 110 has an altered checksum (decision block 514) then the data is restored (step 518) from the copy on secondary storage medium 112. Between steps of verification and restore process 50, storage bins when not in use for reading and writing are preferably unmounted (not shown). Reference is now made to Figure 6 which illustrates a logging process 60, according to embodiments of the present invention. Logging process 60 preferably fulfills the regulatory requirements of WARM (write-once-read-many) When storage bin 217 is mounted for read only operations (step 508), a log is opened preferably 5 with a time stamp and preferably all read operations are logged (step 607). When storage bin 217 is opened for read/write operations (step 405), a log is opened for both read and write operations. Write operations are logged (step 605) and read operations are logged (step 607). After the read or or write operations are completed the log(s) is/are closed (step 609), optionally with time stamps and storage bin 217 is
10 unmounted (step 609).
Logging (steps 605, 607) and/or documenting for auditing purposes of mounting of storage bins 217 for write operations are typically performed by writing into one or more storage bins 217L accessible only by the dedicated Kernel driver which performs the reading and writing operations. Alternatively, logging (steps 605,
15 607) or other documenting for auditing purposes may be performed by writing onto other WORM media such as an optical disk 213 in a read/write optical disk drive 205 with no erasing capability.
Reference is now made to Figure 7, illustrating a storage bin repair process 70, according to embodiments of the present invention. When a failure is detected or
20 suspected (step 701) in storage bin 217, repair process 70 is initiated. A new storage bin 217 is allocated (step 703) Newly allocated storage bin 217 is mounted (step 405) for read/write operations. Data is copied (step 707) from primary storage medium 110 into new storage bin 217. New storage bin is unmounted (step 709) or mounted for read/only as required. 5 A cleanup operation, according to embodiments of the present invention is illustrated in Figure 8. A storage bin 217 is mounted for read/write operations and the data within storage bin and optionally the partition of storage bin 217 is deleted (step 803).
While the invention has been described with respect to a limited number of 0 embodiments, it will be appreciated that many variations, modifications and other applications of the invention may be made.

Claims

WHATIS CLAIMED IS:
1. A computerized method for verification and restoration of computerized data stored within a backup appliance including a computer attached to a computer network, said backup appliance including a primary storage medium operatively connected to the computer, the primary storage medium storing the computerized data, the method comprising the steps of:
(a) partitioning a secondary storage medium into a plurality of storage bins, wherein each of said storage bins is selectably either operatively attached to said computer or operatively detached from said computer;
(b) upon storing a copy of said computerized data in at least one of said storage bins, operatively attaching said at least one storage bin solely for reading operations and maintaining a stored value of at least one parameter of said copy;
(c) periodically comparing said stored value to a corresponding value of said at least one parameter of the computerized data to; and
(d) upon detecting a discrepancy between said stored value and said corresponding value: wherein said discrepancy originates from said computerized data restoring the computerized data from said copy and wherein said discrepancy originates from said copy, selectably either: (i) restoring said copy from the computerized data or (ii) restoring another copy of the computerized data in another at least one of said storage bins.
2. The method, according to claim 1, further comprising the step of :
(e) operatively attaching said at least one storage bin for writing operations solely for updating said copy.
3. The method, according to claim 2, further comprising the step of:
(f) documenting for purpose of auditing every instance of said (e) operatively attaching.
4. The method, according to claim 1, further comprising the steps of, prior to said storing :
(e) operatively attaching said at least one storage bin for writing operations;
(f) backing up said computerized data by writing an updated copy of said computerized data to said at least one storage bin; and (g) upon completing said backing up, operatively attaching said at least one storage bin solely for reading operations.
5. The method, according to claim 1, further comprising the step of:
(h) logging with a time stamp of all writing operations on said secondary storage medium.
6. The method, according to claim 1 , further comprising the step of:
(h) logging with a time stamp of all reading operations from said secondary storage medium.
7. The method, according to claim 1, wherein said (ii) restoring another copy is performed when a failure is detected while writing into said at least one storage bin.
8. The method, according to claim 1, further comprising the step of:
(e) securing said secondary storage medium, thereby preventing access to said secondary storage mechanism using any of: an operating system, a file system manager and a volume manager, all running on the computer.
9. The method, according to claim 8, further comprising the step of:
(f) performing said securing by accessing said secondary storage medium solely through a single input/output interface using a software driver which controls every read and write operation to said secondary storage medium.
10. The method, according to claim 8, further comprising the step of:
(f) performing said securing by placing a private signature on said secondary storage medium, thereby hiding content of said secondary storage medium from an operating system, a file system manager and a volume manager.
11. The method, according to claim 1, wherein said stored value and said corresponding value of said at least one parameter includes a respective checksum of all files of said copy and said computerized data.
12. The backup appliance including the computer, primary storage and the secondary storage partitioned into the storage bins, which perform the method steps according to claim 1.
13. A backup appliance including a computer attached to a computer network, said backup appliance including a primary storage medium operatively connected to the computer, the primary storage medium storing the computerized data, the backup appliance comprising:
(a) a secondary storage medium partitioned into a plurality of storage bins, wherein each of said storage bins is selectably either operatively attached to said computer or operatively detached from said computer; and
(b) a processor of the computer which upon storing a copy of said computerized data in at least one of said storage bins, operatively attaches said at least one storage bin solely for reading operations and maintains a stored value of at least one parameter of said copy, wherein said processor periodically compares said stored value to a corresponding value of said at least one parameter of the computerized data and upon detecting a discrepancy between said stored value and said corresponding value: wherein said discrepancy originates from said computerized data restoring the computerized data from said copy and wherein said discrepancy originates from said copy, selectably either: (i) restoring said copy from the computerized data or (ii) restoring another copy of the computerized data in another at least one of said storage bins.
14. The backup appliance of claim 13, wherein said stored value and said corresponding value of said at least one parameter includes a respective checksum of all files of said copy and said computerized data.
15. The backup appliance of claim 13, further comprising:
(c) a mechanism which operatively attaches said at least one storage bin for writing operations solely for updating said copy.
16. The backup appliance of claim 13, further comprising:
(c) a logging mechanism which documents each instance of operatively attaching said at least one storage bin for writing operations.
17. The backup appliance of claim 13, further comprising:
(c) a security mechanism which secures said secondary storage medium and . thereby prevents access to said secondary storage mechanism using any of: an operating system, a file system manager and a volume manager, all running on the computer.
18. The backup appliance of claim 17, wherein said security mechanism includes a software driver which controls every read and write operation through a single input/output interface to said secondary storage medium.
19. The backup appliance of claim 17, wherein said security mechanism places a private signature on said secondary storage medium, thereby hiding content of said secondary storage medium from an operating system, a file system manager and a volume manager all running on the computer.
20. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the computer of claim 1 to perform the method steps of claim 1, for verification and restoration of computerized data
EP07706042A 2006-02-06 2007-01-25 Long term backup on disk Withdrawn EP1982261A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US76518906P 2006-02-06 2006-02-06
PCT/IL2007/000099 WO2007091237A2 (en) 2006-02-06 2007-01-25 Long term backup on disk

Publications (1)

Publication Number Publication Date
EP1982261A2 true EP1982261A2 (en) 2008-10-22

Family

ID=38345530

Family Applications (1)

Application Number Title Priority Date Filing Date
EP07706042A Withdrawn EP1982261A2 (en) 2006-02-06 2007-01-25 Long term backup on disk

Country Status (4)

Country Link
EP (1) EP1982261A2 (en)
JP (1) JP2009526286A (en)
CN (1) CN101501653B (en)
WO (1) WO2007091237A2 (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5118499B2 (en) * 2008-01-30 2013-01-16 日立コンピュータ機器株式会社 Data comparison device
CN102246176B (en) * 2008-12-12 2015-11-25 霍夫曼-拉罗奇有限公司 For the method and system of the data of administrative analysis equipment
US8224780B2 (en) * 2010-06-15 2012-07-17 Microsoft Corporation Checkpoints for a file system
EP2738677B1 (en) 2011-08-23 2015-03-18 Huawei Technologies Co., Ltd. Method and device for detecting data reliability
CN106375397A (en) * 2016-08-30 2017-02-01 孟玲 Consumption information back-up management system applied to big data
CN110703985B (en) * 2016-10-25 2021-05-18 华为技术有限公司 A data synchronization method and out-of-band management device
CN109362236A (en) * 2018-08-31 2019-02-19 深圳大学 Data security storage method, device, device and storage medium based on dual cloud
CN111179977A (en) * 2018-11-09 2020-05-19 中天科技光纤有限公司 Data storage medium and preparation method and application method thereof

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6785695B1 (en) * 2000-10-19 2004-08-31 International Business Machines Corporation System and method for operational assistance during system restoration
US6757695B1 (en) * 2001-08-09 2004-06-29 Network Appliance, Inc. System and method for mounting and unmounting storage volumes in a network storage environment
WO2004025470A1 (en) * 2002-09-10 2004-03-25 Exagrid Systems, Inc. Primary and remote data backup with nodal failover
AU2003279847A1 (en) * 2002-10-07 2004-05-04 Commvault Systems, Inc. System and method for managing stored data
US7278080B2 (en) * 2003-03-20 2007-10-02 Arm Limited Error detection and recovery within processing stages of an integrated circuit
JP2004355304A (en) * 2003-05-29 2004-12-16 Hitachi Ltd Information terminal update system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO2007091237A3 *

Also Published As

Publication number Publication date
WO2007091237A3 (en) 2009-04-16
WO2007091237A2 (en) 2007-08-16
JP2009526286A (en) 2009-07-16
CN101501653A (en) 2009-08-05
CN101501653B (en) 2012-04-04

Similar Documents

Publication Publication Date Title
US7917708B2 (en) Assuring genuineness of data stored on a storage device
US6366988B1 (en) Systems and methods for electronic data storage management
Baker et al. A fresh look at the reliability of long-term digital storage
US8311985B2 (en) Remote backup and restore system and method
US8037347B2 (en) Method and system for backing up and restoring online system information
CN101501653B (en) long-term backup of disk
JP5685169B2 (en) Policy-based management for independent node redundant arrays
US6950836B2 (en) Method, system, and program for a transparent file restore
US7765460B2 (en) Out-of-band change detection
US7523149B1 (en) System and method for continuous protection of working set data using a local independent staging device
US7216207B1 (en) System and method for fast, secure removal of objects from disk storage
US7401197B2 (en) Disk array system and method for security
Reiner et al. Information lifecycle management: the EMC perspective
US20060218439A1 (en) Threat event-driven backup
US7441153B1 (en) Method and system for secure and reliable event logging
CN104869361B (en) A kind of Video Monitoring Terminal equipment in video monitoring system
ȚÎȚU et al. Quality and digitalization of the data backup process management in organizations having as object of activity the protection of intellectual property
Lenard et al. The Intersection of Compliance, Databases, and IT Operations
Beech The evolving role of disk and tape in the data center
CN114594916B (en) Enterprise file storage management method and device, electronic equipment and storage medium
Kabay et al. Data Backups and Archives
Bacik Tape Backup Considerations
JP2006195992A (en) File usage storage method and computer-readable storage medium
Nelson Introduction to backup and recovery
Vahldiek et al. Protecting Data Integrity with Storage Leases

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

AK Designated contracting states

Kind code of ref document: A2

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC NL PL PT RO SE SI SK TR

AX Request for extension of the european patent

Extension state: AL BA HR MK RS

R17D Deferred search report published (corrected)

Effective date: 20090416

RIC1 Information provided on ipc code assigned before grant

Ipc: G06F 12/00 20060101AFI20090427BHEP

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: INTERNATIONAL BUSINESS MACHINES CORPORATION

17P Request for examination filed

Effective date: 20091001

RBV Designated contracting states (corrected)

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC NL PL PT RO SE SI SK TR

RIN1 Information on inventor provided before grant (corrected)

Inventor name: WOLF, OREN

Inventor name: MANNY-MEITAV, IRIT

Inventor name: ALBO, DROR

Inventor name: RAICHSTEIN, ERAN

Inventor name: COHEN, AVIRAM

Inventor name: COHEN, ALON

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN WITHDRAWN

18W Application withdrawn

Effective date: 20120116