Resilient data storage in the presence of replication faults and rolling disasters
First Claim
1. A method for data protection, comprising:
- sending data items for storage in a primary storage device and in a secondary storage device, while temporarily caching the data items in a disaster-proof storage unit;
while storage of the data items in the secondary storage device is functional, operating in a first operational mode in which each cached data item is subsequently deleted from the disaster-proof storage unit; and
in response to receiving an indication of a fault related to the storage of the data items in the secondary storage device, sending an instruction to switch to a second operational mode in which deletion of the cached data items from the disaster-proof storage unit is inhibited.
3 Assignments
0 Petitions
Accused Products
Abstract
A method for data protection includes, in a first operational mode, sending data items for storage in a primary storage device and in a secondary storage device, while temporarily caching the data items in a disaster-proof storage unit and subsequently deleting the data items from the disaster-proof storage unit, wherein each data item is deleted from the disaster-proof storage unit upon successful storage of the data item in the secondary storage device.
An indication of a fault related to storage of the data in the secondary storage device is received. Responsively to the indication, operation is switched to a second operational mode in which the data items are sent for storage at least in the primary storage device and are cached and retained in the disaster-proof storage unit irrespective of the successful storage of the data items in the secondary storage device.
81 Citations
28 Claims
-
1. A method for data protection, comprising:
-
sending data items for storage in a primary storage device and in a secondary storage device, while temporarily caching the data items in a disaster-proof storage unit; while storage of the data items in the secondary storage device is functional, operating in a first operational mode in which each cached data item is subsequently deleted from the disaster-proof storage unit; and in response to receiving an indication of a fault related to the storage of the data items in the secondary storage device, sending an instruction to switch to a second operational mode in which deletion of the cached data items from the disaster-proof storage unit is inhibited. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method for data protection, comprising:
-
in a first operational mode, sending data items for storage in a primary storage device and in a secondary storage device, while temporarily caching the data items in a disaster-proof storage unit and subsequently deleting the data items from the disaster-proof storage unit, wherein each data item is deleted from the disaster-proof storage unit upon successful storage of the data item in the secondary storage device; receiving an indication of a fault related to storage of the data in the secondary storage device; responsively to the indication, switching to operating in a second operational mode in which the data items are sent for storage at least in the primary storage device and are cached and retained in the disaster-proof storage unit irrespective of the successful storage of the data items in the secondary storage device; and after switching to operating in the second operational mode, receiving a notification related to memory unavailability in the disaster-proof storage device, and switching back to the first operational mode responsively to the notification.
-
-
14. A method for data protection, comprising:
-
in a first operational mode, sending data items for storage in a primary storage device and in a secondary storage device, while temporarily caching the data items in a disaster-proof storage unit and subsequently deleting the data items from the disaster-proof storage unit, wherein each data item is deleted from the disaster-proof storage unit upon successful storage of the data item in the secondary storage device; receiving an indication of a fault related to storage of the data in the secondary storage device; responsively to the indication, switching to operating in a second operational mode in which the data items are sent for storage at least in the primary storage device and are cached and retained in the disaster-proof storage unit irrespective of the successful storage of the data items in the secondary storage device; and continuing to operate in the first operational mode irrespective of the indication responsively to determining that the fault is associated with an identifiable software failure.
-
-
15. A data protection apparatus, comprising:
-
an interface, which is configured to receive data items from one or more data sources; and a processor, which is configured to send the data items for storage in a primary storage device and in a secondary storage device while temporarily caching the data items in a disaster-proof storage unit, and which is configured to operate, while storage of the data items in the secondary storage device is functional, in a first operational mode in which each cached data item is subsequently deleted from the disaster-proof storage unit, and, in response to receiving an indication of a fault related to the storage of the data items in the secondary storage device, to send an instruction to switch to a second operational mode in which deletion of the cached data items from the disaster-proof storage unit is inhibited. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A data protection apparatus, comprising:
-
an interface, which is configured to receive data items from one or more data sources; and a processor, which is configured to operate in a first operational mode by sending the data items for storage in a primary storage device and in a secondary storage device, while temporarily caching the data items in a disaster-proof storage unit and subsequently deleting the data items from the disaster-proof storage unit, wherein each data item is deleted from the disaster-proof storage unit upon successful storage of the data item in the secondary storage device, and which is configured, responsively to receiving an indication of a fault related to storage of the data in the secondary storage device, to switch to operating in a second operational mode, in which the data items are sent for storage at least in the primary storage device and are cached and retained in the disaster-proof storage unit, by instructing the disaster-proof storage unit to retain the data items irrespective of the successful storage of the data items in the secondary storage device, wherein the processor is configured, after switching to operating in the second operational mode, to receive a notification related to memory unavailability in the disaster-proof storage device, and to switch back to the first operational mode responsively to the notification.
-
-
28. A data protection apparatus, comprising:
-
an interface, which is configured to receive data items from one or more data sources; and a processor, which is configured to operate in a first operational mode by sending the data items for storage in a primary storage device and in a secondary storage device, while temporarily caching the data items in a disaster-proof storage unit and subsequently deleting the data items from the disaster-proof storage unit, wherein each data item is deleted from the disaster-proof storage unit upon successful storage of the data item in the secondary storage device, and which is configured, responsively to receiving an indication of a fault related to storage of the data in the secondary storage device, to switch to operating in a second operational mode, in which the data items are sent for storage at least in the primary storage device and are cached and retained in the disaster-proof storage unit, by instructing the disaster-proof storage unit to retain the data items irrespective of the successful storage of the data items in the secondary storage device, wherein the processor is configured to continue to operate in the first operational mode irrespective of the indication responsively to determining that the fault is associated with an identifiable software failure.
-
Specification