Resilient data storage in the presence of replication faults and rolling disasters

US 8,015,436 B2
Filed: 05/11/2009
Issued: 09/06/2011
Est. Priority Date: 05/19/2008
Status: Active Grant

First Claim

Patent Images

1. A method for data protection, comprising:

sending data items for storage in a primary storage device and in a secondary storage device, while temporarily caching the data items in a disaster-proof storage unit;

while storage of the data items in the secondary storage device is functional, operating in a first operational mode in which each cached data item is subsequently deleted from the disaster-proof storage unit; and

in response to receiving an indication of a fault related to the storage of the data items in the secondary storage device, sending an instruction to switch to a second operational mode in which deletion of the cached data items from the disaster-proof storage unit is inhibited.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for data protection includes, in a first operational mode, sending data items for storage in a primary storage device and in a secondary storage device, while temporarily caching the data items in a disaster-proof storage unit and subsequently deleting the data items from the disaster-proof storage unit, wherein each data item is deleted from the disaster-proof storage unit upon successful storage of the data item in the secondary storage device.

An indication of a fault related to storage of the data in the secondary storage device is received. Responsively to the indication, operation is switched to a second operational mode in which the data items are sent for storage at least in the primary storage device and are cached and retained in the disaster-proof storage unit irrespective of the successful storage of the data items in the secondary storage device.

81 Citations

View as Search Results

28 Claims

1. A method for data protection, comprising:
- sending data items for storage in a primary storage device and in a secondary storage device, while temporarily caching the data items in a disaster-proof storage unit;
  
  while storage of the data items in the secondary storage device is functional, operating in a first operational mode in which each cached data item is subsequently deleted from the disaster-proof storage unit; and
  
  in response to receiving an indication of a fault related to the storage of the data items in the secondary storage device, sending an instruction to switch to a second operational mode in which deletion of the cached data items from the disaster-proof storage unit is inhibited.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method according to claim 1, wherein the disaster-proof storage unit is collocated with the primary storage device, and comprising, when the fault is related to a disaster event that damages the primary storage device, reconstructing the data items based on the data items that are stored in the secondary storage device and on the data items that are cached in the disaster-proof storage unit.
  - 3. The method according to claim 1, wherein the data items comprise Input/Output (I/O) transactions that are received from one or more applications, and wherein the method comprises, while operating in the second operational mode, continuing to receive the I/O transactions from the applications while the fault is present.
  - 4. The method according to claim 1, and comprising operating in the second operational mode for a predefined time duration following the indication, and switching back to the first operational mode after the predefined time duration.
  - 5. The method according to claim 1, and comprising, after switching to operating in the second operational mode, receiving a notification related to memory unavailability in the disaster-proof storage device, and performing an action responsively to the notification.
  - 6. The method according to claim 5, wherein performing the action comprises prompting a user responsively to the notification.
  - 7. The method according to claim 5, wherein performing the action comprises selecting the action from a group of actions comprising:
    - refusing to accept subsequent data items following the notification; and
      
      storing the subsequent data items only in the primary storage device.
  - 8. The method according to claim 7, wherein selecting the action comprises choosing the action responsively to a predefined configuration parameter.
  - 9. The method according to claim 1, and comprising, following correction of the fault, sending the data items cached in the disaster-proof storage device for storage in the secondary storage device.
  - 10. The method according to claim 1, and comprising, while operating in the second operational mode, allowing acceptance of subsequent data items for a predefined time period following the indication, responsively to determining that the fault is associated with an unidentifiable software failure.
  - 11. The method according to claim 1, and comprising refusing to accept subsequent data items for a predefined time period responsively to detecting a failure in caching the data items in a disaster-proof storage unit.
  - 12. The method according to claim 11, wherein the data items are accepted from one or more software applications, and wherein refusing to accept the subsequent data items comprises:
    - initially refusing to accept the subsequent data items for a first time period that does not disrupt the software applications; and
      
      responsively to an assessed cause of the failure, continuing to refuse to accept the subsequent data items for a second time period that is longer than the first time period.

13. A method for data protection, comprising:
- in a first operational mode, sending data items for storage in a primary storage device and in a secondary storage device, while temporarily caching the data items in a disaster-proof storage unit and subsequently deleting the data items from the disaster-proof storage unit, wherein each data item is deleted from the disaster-proof storage unit upon successful storage of the data item in the secondary storage device;
  
  receiving an indication of a fault related to storage of the data in the secondary storage device;
  
  responsively to the indication, switching to operating in a second operational mode in which the data items are sent for storage at least in the primary storage device and are cached and retained in the disaster-proof storage unit irrespective of the successful storage of the data items in the secondary storage device; and
  
  after switching to operating in the second operational mode, receiving a notification related to memory unavailability in the disaster-proof storage device, and switching back to the first operational mode responsively to the notification.

14. A method for data protection, comprising:
- in a first operational mode, sending data items for storage in a primary storage device and in a secondary storage device, while temporarily caching the data items in a disaster-proof storage unit and subsequently deleting the data items from the disaster-proof storage unit, wherein each data item is deleted from the disaster-proof storage unit upon successful storage of the data item in the secondary storage device;
  
  receiving an indication of a fault related to storage of the data in the secondary storage device;
  
  responsively to the indication, switching to operating in a second operational mode in which the data items are sent for storage at least in the primary storage device and are cached and retained in the disaster-proof storage unit irrespective of the successful storage of the data items in the secondary storage device; and
  
  continuing to operate in the first operational mode irrespective of the indication responsively to determining that the fault is associated with an identifiable software failure.

15. A data protection apparatus, comprising:
- an interface, which is configured to receive data items from one or more data sources; and
  
  a processor, which is configured to send the data items for storage in a primary storage device and in a secondary storage device while temporarily caching the data items in a disaster-proof storage unit, and which is configured to operate, while storage of the data items in the secondary storage device is functional, in a first operational mode in which each cached data item is subsequently deleted from the disaster-proof storage unit, and, in response to receiving an indication of a fault related to the storage of the data items in the secondary storage device, to send an instruction to switch to a second operational mode in which deletion of the cached data items from the disaster-proof storage unit is inhibited.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 16. The apparatus according to claim 15, wherein the disaster-proof storage unit is collocated with the primary storage device, and wherein, when the fault is related to a disaster event that damages the primary storage device, the processor is configured to reconstruct the data items based on the data items that are stored in the secondary storage device and on the data items that are cached in the disaster-proof storage unit.
  - 17. The apparatus according to claim 15, wherein the data items comprise Input/Output (I/O) transactions, wherein the interface is configured to receive the I/O transactions from one or more applications, and wherein the processor is configured to continue to receive the I/O transactions from the applications when operating in the second operational mode, while the fault is present.
  - 18. The apparatus according to claim 15, wherein the processor is configured to operate in the second operational mode for a predefined time duration following the indication, and to switch back to the first operational mode after the predefined time duration.
  - 19. The apparatus according to claim 15, wherein the processor is configured, after switching to operating in the second operational mode, to receive a notification related to memory unavailability in the disaster-proof storage device, and to perform an action responsively to the notification.
  - 20. The apparatus according to claim 19, wherein the processor is configured to prompt a user responsively to the notification.
  - 21. The apparatus according to claim 19, wherein the processor is configured to select the action from a group of actions comprising:
    - refusing to accept subsequent data items following the notification; and
      
      storing the subsequent data items only in the primary storage device.
  - 22. The apparatus according to claim 21, wherein the processor is configured to select the action responsively to a predefined configuration parameter.
  - 23. The apparatus according to claim 15, wherein the processor is configured to send the data items retained in the disaster-proof storage device for storage in the secondary storage device following correction of the fault.
  - 24. The apparatus according to claim 15, wherein the processor is configured to allow acceptance of subsequent data items for a predefined time period following the indication, responsively to determining that the fault is associated with an unidentifiable software failure.
  - 25. The apparatus according to claim 15, wherein the processor is configured to refuse to accept subsequent data items for a predefined time period responsively to detecting a failure in caching the data items in the disaster-proof storage unit.
  - 26. The apparatus according to claim 25, wherein the data sources comprise one or more software applications, and wherein the processor is configured to initially refuse to accept the subsequent data items for a first time period that does not disrupt the software applications, and, responsively to an assessed cause of the failure, to continue to refuse to accept the subsequent data items for a second time period that is longer than the first time period.

27. A data protection apparatus, comprising:
- an interface, which is configured to receive data items from one or more data sources; and
  
  a processor, which is configured to operate in a first operational mode by sending the data items for storage in a primary storage device and in a secondary storage device, while temporarily caching the data items in a disaster-proof storage unit and subsequently deleting the data items from the disaster-proof storage unit, wherein each data item is deleted from the disaster-proof storage unit upon successful storage of the data item in the secondary storage device, and which is configured, responsively to receiving an indication of a fault related to storage of the data in the secondary storage device, to switch to operating in a second operational mode, in which the data items are sent for storage at least in the primary storage device and are cached and retained in the disaster-proof storage unit, by instructing the disaster-proof storage unit to retain the data items irrespective of the successful storage of the data items in the secondary storage device,wherein the processor is configured, after switching to operating in the second operational mode, to receive a notification related to memory unavailability in the disaster-proof storage device, and to switch back to the first operational mode responsively to the notification.

28. A data protection apparatus, comprising:
- an interface, which is configured to receive data items from one or more data sources; and
  
  a processor, which is configured to operate in a first operational mode by sending the data items for storage in a primary storage device and in a secondary storage device, while temporarily caching the data items in a disaster-proof storage unit and subsequently deleting the data items from the disaster-proof storage unit, wherein each data item is deleted from the disaster-proof storage unit upon successful storage of the data item in the secondary storage device, and which is configured, responsively to receiving an indication of a fault related to storage of the data in the secondary storage device, to switch to operating in a second operational mode, in which the data items are sent for storage at least in the primary storage device and are cached and retained in the disaster-proof storage unit, by instructing the disaster-proof storage unit to retain the data items irrespective of the successful storage of the data items in the secondary storage device,wherein the processor is configured to continue to operate in the first operational mode irrespective of the indication responsively to determining that the fault is associated with an identifiable software failure.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Axxana (Israel) Ltd.
Original Assignee
Axxana (Israel) Ltd.
Inventors
Winokur, Alex
Primary Examiner(s)
DUNCAN, MARC M

Application Number

US12/463,438
Publication Number

US 20090287967A1
Time in Patent Office

848 Days
Field of Search

714/5, 714/6, 714/42
US Class Current

714/6.12
CPC Class Codes

G06F 11/1443   Transmit or communication e...

G06F 11/2074   Asynchronous techniques

G06F 11/2082   Data synchronisation

G06F 12/0866   for peripheral storage syst...

Resilient data storage in the presence of replication faults and rolling disasters

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

81 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Resilient data storage in the presence of replication faults and rolling disasters

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

81 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links