Nested Recovery Scope Management For Stateless Recovery Agents
First Claim
1. A nested recovery scope management system for use in a computer system having a dynamic multiple address space server environment, the system comprising:
- a supervisory program for directing recovery of protected resources, the supervisory program including a first subcomponent for initializing a recovery log, and a second subcomponent for storing failure scope tokens and recovery agent references in a recovery log, a third subcomponent for examining a recovery log for agents registered therewith and any current failure scope, and a fourth component for selectively notifying a recovery agent to carry out a recovery procedure;
a recovery log used by the supervisory program for storing information about recovery agents registered within a recovery scope;
at least a first recoverable component having therein a first subcomponent for generating work identifiers containing a failure scope token or associated with such a token that represents recoverable operations that may need to be performed at a later time, and a second subcomponent for registering a recovery agent with the supervisory program; and
at least a first stateless recovery agent identified in response to the initialization of a first recoverable component, the first agent being operable to assist in performing recovery operations in connection with the first recoverable component when instructed to do so by the supervisory program, the first recovery agent also being operable to utilize work identifiers from the recovery log in order to perform recovery operations in connection with at least the first associated component.
1 Assignment
0 Petitions
Accused Products
Abstract
Nested recovery scope management systems and methods for a multiple process computer system having a dynamic multiple address space server are disclosed. Stateless recovery agents are employed, under the control of a supervisory program called Recovery Director, during initialization or restart of servers to restore recoverable data in response to identified failures or other abnormal termination. The Director controls the recovery of protected resources in a systematic manner. The Director is initialized when a first address space of a first server is started. Then, as each instance of a recoverable component is initialized, the component registers with the Director by providing a reference to a stateless recovery agent that can later perform recovery functions for it if needed. As part of the registration, a token representing the current failure scope of the registration is generated and provided to the recoverable component by the Director. Work identifiers representing recoverable operations can be generated from or associated with this token by the recoverable component and may be put in hardened storage. Upon initialization of a new server region, and also upon a failure or abnormal termination, the Director groups multiple instances of the same recoverable component together, formulates an iterative recovery plan, and determines the scope of recovery by examining its hardened data for failure scopes involving a recoverable component that may need to perform some recovery operation. As such recoverable components are identified, the Director references the associated recovery agent, provides it with appropriate token as to the recovery scope. The recovery agent is then allowed to carry out those recoveries, including any recovery scopes nested within.
-
Citations
7 Claims
-
1. A nested recovery scope management system for use in a computer system having a dynamic multiple address space server environment, the system comprising:
-
a supervisory program for directing recovery of protected resources, the supervisory program including a first subcomponent for initializing a recovery log, and a second subcomponent for storing failure scope tokens and recovery agent references in a recovery log, a third subcomponent for examining a recovery log for agents registered therewith and any current failure scope, and a fourth component for selectively notifying a recovery agent to carry out a recovery procedure;
a recovery log used by the supervisory program for storing information about recovery agents registered within a recovery scope;
at least a first recoverable component having therein a first subcomponent for generating work identifiers containing a failure scope token or associated with such a token that represents recoverable operations that may need to be performed at a later time, and a second subcomponent for registering a recovery agent with the supervisory program; and
at least a first stateless recovery agent identified in response to the initialization of a first recoverable component, the first agent being operable to assist in performing recovery operations in connection with the first recoverable component when instructed to do so by the supervisory program, the first recovery agent also being operable to utilize work identifiers from the recovery log in order to perform recovery operations in connection with at least the first associated component. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
Specification