Tape failover across a cluster
First Claim
1. A method comprising:
- establishing a primary path and a secondary path from a host to a backup system, wherein a first security appliance, comprising a processor, is logically interconnected on the primary path between the host and the backup system and a second security appliance is logically interconnected on the secondary path between the host and the backup system;
intercepting, by the first security appliance, data sent on the primary path between the host and the backup system, wherein the first security appliance utilizes an encryption key to perform at least one of encrypting the data and decrypting the data sent on the primary path; and
broadcasting, by the first security appliance, the encryption key to the second security appliance over a communication channel between the first security appliance and the second security appliance in response to generating the encryption key.
1 Assignment
0 Petitions
Accused Products
Abstract
A security appliance that encrypts and decrypts information is installed in each of redundant multi-paths between a host system and a back up tape storage system. The host system is arranged to detect failures in a primary path to the tape system being used. When the failure is detected, the host system enables transfers to the same tape system through an alternative path. Encryption keys and host/tape designators (identifiers) are broadcast among the security appliances in the alternative data paths. When the host system switches from the primary path to the secondary path, even though the secondary security appliance did not generate the encryption keys, the secondary path security appliance will have such keys and will properly encrypt and transfer data from the host to the tape system. The secondary will also properly retrieve encrypted data from the tape system, decrypt it and deliver it to the host. All of these operations will be transparent (invisible) to a running application in the host.
-
Citations
20 Claims
-
1. A method comprising:
-
establishing a primary path and a secondary path from a host to a backup system, wherein a first security appliance, comprising a processor, is logically interconnected on the primary path between the host and the backup system and a second security appliance is logically interconnected on the secondary path between the host and the backup system; intercepting, by the first security appliance, data sent on the primary path between the host and the backup system, wherein the first security appliance utilizes an encryption key to perform at least one of encrypting the data and decrypting the data sent on the primary path; and broadcasting, by the first security appliance, the encryption key to the second security appliance over a communication channel between the first security appliance and the second security appliance in response to generating the encryption key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system comprising:
-
at least two security appliances each comprising a processor and a memory, with a first security appliance logically interconnected on a primary path and a second security appliance logically interconnected on a secondary path between a host and a backup system, wherein the first and second security appliances use an encryption key to perform at least one of encrypting data and decrypting data on the primary path and the secondary path; a communication channel between the first and second security appliances; and wherein when the backup system is initialized, the encryption key is generated in the first security appliance logically interconnected on the primary path, and the generated encryption key is broadcast to the second security appliance via the communication channel. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A non-transitory computer readable medium containing executable program instructions executable by a processor, comprising:
-
program instructions that establish a primary path and a secondary path from a host to a backup system, wherein a first security appliance is logically interconnected on the primary path between the host and the backup system and a second security appliance is logically interconnected on the secondary path between the host and the backup system; program instructions that intercept data sent on the primary path between the host and the backup system, wherein the first security appliance utilizes an encryption key to perform at least one of encrypting the data and decrypting the data sent on the primary path; and program instructions that broadcast the encryption key from the first security appliance to the second security appliance over a communication channel between the first security appliance and the second security appliance in response to generating the encryption key. - View Dependent Claims (20)
-
Specification