Tape failover across a cluster

US 7,853,019 B1
Filed: 11/30/2006
Issued: 12/14/2010
Est. Priority Date: 11/30/2006
Status: Active Grant

First Claim

Patent Images

1. A failover security system for a host system with at least two paths to a back up tape storage system, wherein the host system is arranged to enable a single primary path among the paths and detect a failover in the primary path and, in response, send data to the tape system via an alternative path, the security system comprising:

at least two security appliances each comprising a processor and a memory, with one arranged in the primary path and one in the alternative path between the host and the tape system, wherein the security appliance in the primary path intercepts data transfers between the host and the tape system, and wherein the security appliance encrypts data from the host and stores that encrypted data onto the tape system, and correspondingly, decrypts encrypted data from the tape system and delivers unencrypted data to the host;

a communication channel among or between the at least two security appliances; and

wherein when a tape is initialized by the host, an encryption key is generated in the security appliance in the primary path, and that encryption key is broadcast to the other security appliances via the communication channel.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security appliance that encrypts and decrypts information is installed in each of redundant multi-paths between a host system and a back up tape storage system. The host system is arranged to detect failures in a primary path to the tape system being used. When the failure is detected, the host system enables transfers to the same tape system through an alternative path. Encryption keys and host/tape designators (identifiers) are broadcast among the security appliances in the alternative data paths. When the host system switches from the primary path to the secondary path, even though the secondary security appliance did not generate the encryption keys, the secondary path security appliance will have such keys and will properly encrypt and transfer data from the host to the tape system. The secondary will also properly retrieve encrypted data from the tape system, decrypt it and deliver it to the host. All of these operations will be transparent (invisible) to a running application in the host.

48 Citations

View as Search Results

23 Claims

1. A failover security system for a host system with at least two paths to a back up tape storage system, wherein the host system is arranged to enable a single primary path among the paths and detect a failover in the primary path and, in response, send data to the tape system via an alternative path, the security system comprising:
- at least two security appliances each comprising a processor and a memory, with one arranged in the primary path and one in the alternative path between the host and the tape system, wherein the security appliance in the primary path intercepts data transfers between the host and the tape system, and wherein the security appliance encrypts data from the host and stores that encrypted data onto the tape system, and correspondingly, decrypts encrypted data from the tape system and delivers unencrypted data to the host;
  
  a communication channel among or between the at least two security appliances; and
  
  wherein when a tape is initialized by the host, an encryption key is generated in the security appliance in the primary path, and that encryption key is broadcast to the other security appliances via the communication channel.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The failover security system of claim 1 further comprising routinely broadcasting the encryption key to the other security appliances.
  - 3. The failover security system of claim 1 further comprising:
    - additional security appliances connected to the communications channel, and arranged between other hosts and other tape systems;
      
      storage in each of the two and additional security appliances, wherein the storage contains logic designators of each of the hosts and the tape systems; and
      
      wherein when the tape in the tape system is initialized, the primary security appliance broadcasts the encryption information and the designators of the host and tape system associated with the primary path.
  - 4. The failover security system of claim 3 wherein the logical designators include a World Wide Number and a Logical Unit Number.
  - 5. The failover security system of claim 1 wherein the security appliance generates the encryption key.
  - 6. The failover security system of claim 1 further comprising a source of encryption keys, wherein when the tape is initialized, the primary security appliance retrieves encryption keys from that source.
  - 7. The failover security system of claim 1 wherein the primary security appliance stores encryption information onto the tape when the tape is initialized.
  - 8. The failover security system of claim 1 further comprising a first host bus adapter on the host system and a second host bus adapter on the security appliance communicating with each other via the primary path, and, if enabled, third and fourth host bus adapters on the host system and the security appliance communicating with each other via the alternative path, wherein the security appliances are transparent to the host.
  - 9. The failover security system of claim 8 further comprising corresponding host bus adapters on the tape system and on the security appliances communicating with each other in the primary and in the alternative paths, wherein the security appliances are transparent to the tape system.
  - 10. The failover system of claim 1 wherein the communication channel comprises an Ethernet channel.
  - 11. The failover system of claim 1 wherein the host system determines that an error has occurred along the primary path, wherein the host system disables the security appliance in the primary path and enables the security appliance in the secondary path.
  - 12. The failover system of claim 1 wherein the at least two security appliances comprises a security appliance in the primary path and at least five security appliances in at least five corresponding secondary paths from the host and the tape system.

13. A method for disabling a primary communication path and enabling a secondary communication path between a host and a tape system, each path having an in-line security appliance interconnected as a cluster, wherein each in-line security appliance comprises a processor and a memory, the method comprising:
- intercepting data transfers along the primary communication path between the host and the tape system, wherein the in-line security appliance, comprising the processor and the memory, encrypts data from the host and stores that encrypted data onto the tape system, and correspondingly, decrypts encrypted data from the tape system and delivers unencrypted data to the host;
  
  initializing a tape in the tape system;
  
  generating an encryption key in the security appliance in the primary communication path, andbroadcasting the encryption key to the other security appliances over a communication channel between the in-line security appliance and the other security appliances in response to initializing the tape in the tape system and generating the encryption key.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 14. The method of claim 13 wherein broadcasting the encryption key to the other security appliances further comprises routinely broadcasting the encryption key to the other security appliances.
  - 15. The method of claim 13 further comprising:
    - labeling the host and the tape systems with logical designators, and broadcasting the logical designators to the other security appliances.
  - 16. The method of claim 15 wherein the logical designators include a WWN and a LUN.
  - 17. The method of claim 13 further comprising generating the encryption key when the tape is initialized.
  - 18. The method of claim 13 wherein the security appliance generates the encryption key.
  - 19. The method of claim 13 further comprising:
    - generating the encryption key at a storage encryption server; and
      
      retrieving the encryption key from the storage encryption server by the security appliance.
  - 20. The method of claim 13 further comprising:
    - communicating from a first host bus adapter on the host system to a second host bus adapter on the security appliance via the primary communication path; and
      
      if enabled, communicating from a third host bus adapter on the host system and a fourth host bus adapter on the security appliance via the secondary path, wherein the communicating appears transparent to the host system.
  - 21. The failover security system of claim 20 further comprising corresponding host bus adapters on the tape system and on the security appliances communicating with each other in the primary communication path and the secondary communication path, wherein the security appliances appear transparent to the tape system.
  - 22. The method of claim 13 further comprising:
    - detecting an error in the data transfer along the primary communication path,in response to the detecting, disabling the security appliance in the primary path, andenabling the security appliance in the secondary communication path to encrypt and decrypt data between the host and the tape system.

23. A non-transitory computer readable medium containing executable program instructions executable by a processor, comprising:
- program instructions that intercept data transfers along a primary path between a host and a tape system, wherein an in-line security appliance, comprising a processor and a memory, encrypts data from the host and stores that encrypted data onto the tape system, and correspondingly, decrypts encrypted data from the tape system and delivers unencrypted data to the host;
  
  program instructions that initialize a tape in the tape system;
  
  program instructions that generate an encryption key in the security appliance in the primary path; and
  
  program instructions that broadcast the encryption key to other security appliances in a cluster over a communication channel between the in-line security appliance and the other security appliances in response to initializing the tape in the tape system and generating the encryption key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NetApp, Inc.
Original Assignee
NetApp, Inc.
Inventors
Narver, Andrew, Chaudhary, Anant
Primary Examiner(s)
Moorthy; Aravind K

Application Number

US11/606,508
Time in Patent Office

1,475 Days
Field of Search

380/278, 713/153, 713/165, 713/189, 726/26, 711/4, 711/100, 711/162, 711/163, 707/609, 707/641, 707/670, 707/687, 707/821
US Class Current

380/278
CPC Class Codes

G06F 11/1456   Hardware arrangements for b...

G06F 11/1464   for networked environments

G06F 11/1469   Backup restoration techniques

G06F 11/2005   using redundant communicati...

G06F 11/201   between storage system comp...

G06F 21/85   interconnection devices, e....

G06F 2221/2105   Dual mode as a secondary as...

G06F 2221/2147   Locking files

G09C 1/00   Apparatus or methods whereb...

G11B 20/1883   Methods for assignment of a...

G11B 2220/90   Tape-like record carriers

H04L 2209/12   Details relating to cryptog...

H04L 63/061   for key exchange, e.g. in p...

H04L 69/14   Multichannel or multilink p...

H04L 69/40   for recovering from a failu...

H04L 9/0827   involving distinctive inter...

H04L 9/0894   Escrow, recovery or storing...

Tape failover across a cluster

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

48 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Tape failover across a cluster

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

48 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links