Error detection/correction and fault detection/recovery – Data processing system error or fault handling – Reliability and availability
Reexamination Certificate
1998-11-20
2001-09-25
Iqbal, Nadeem (Department: 2785)
Error detection/correction and fault detection/recovery
Data processing system error or fault handling
Reliability and availability
C711S114000
Reexamination Certificate
active
06295609
ABSTRACT:
TECHNICAL FIELD
The invention relates to the protection of a mass memory data storage system. The storage system can be of any type. The system can be, among other things, a multidisk system comprising units. These units can be mass storage units. The mass storage units used as examples in the text below are magnetic disk storage units. The invention is particularly suited to systems equipped with a data storage redundancy mechanism. These systems are advantageous in that they provide a high availability of the data. High availability is generally defined as being the time, measured in minutes, in hours or in days per year, during which access to all of the data stored in the disk storage units is unavailable.
The subjects of the invention are a protection process and device as well as a data storage system equipped with such a device.
PRIOR ART
A multidisk system is generally contained in a cabinet. One type of cabinet is described, for example, in the patent EP-A-0621600 corresponding to U.S. Pat. No. 5,506,750. It specifically comprises drawers in which magnetic disk storage units are housed. Each unit comprises magnetic disks that are connected to one another. Thus, when one of the disks is offline, the others continue to function.
The system is equipped with a redundant data storage mechanism. For this reason, at least one of the drawers can be designated to receive a redundancy control unit. This redundancy control unit can be a controller of the RAID type (Redundant Array of Inexpensive Disks) or an adapter that allows optimal availability of the data stored on the magnetic disks. RAID type controllers are classified according to standardized numbers representing different modes of redundancy. For example, the RAID-1 type of redundancy uses mirrored disks. According to this mechanism, the data are stored on a first disk of one unit and redundantly on a second disk of another unit. The second disk is physically distinct from the first, and represents the mirror of the first. Thus, when a disk is no longer accessible, the data can be read- and/or write-accessed from its mirrored disk. The mirrored disks are located in separate units in order to provide high availability. According to the RAID-5 type of redundancy, the data are divided into segments of several blocks of predetermined length, which are called usable data blocks. A predetermined number of segments is associated with a redundant segment, which is composed of parity blocks and is located in another disk associated with another drawer. This mechanism also uses a plurality physical disks, each located in a different drawer. The data can be read- and/or write-accessed even if a disk unit is not available.
A redundancy mechanism requires that the disk units be independent of one another in terms of the writing and reading of data. The data stored on a disk must remain available at all times. Likewise, the writing of data onto a disk must be possible. The existing data paths between controllers and units must be independent. Each unit is connected to the controllers by means of a separate cable. This cable specifically comprises a data bus which represents the data path, the disk control lines, etc.
However, the one and only dependency existing between the disk units and the controller(s) or adapter(s) is the power supply. In other words, each disk unit, controller or adapter is connected to the same power distribution point.
The problem arises when an electrical fault, such as a short circuit, occurs in the system. This short circuit can have various sources. For example, a malfunction of a disk or a controller, or an error on the part of an operator, can unintentionally create a short circuit while operating the system. Thus, a short circuit can be produced in a unit, and can cause an excessively intense fault current. This current is propagated, and as it travels, it can destroy all of the electrical or electronic hardware (components, cables, etc.) located on the same electrical line. This is known as fault propagation. All the lines converge toward a main electric power source. Consequently, the power source, which is protected, cuts off and the system is no longer supplied with power. It becomes totally unavailable. The reading or writing of data, on the disks of the unit that initially failed as well as in the units that contain the redundancy disks, is impossible. Therefore, the consequences of this fault current are serious in terms of the availability of the data.
A solution of the prior art, described in the patent mentioned above, consists of using fuses. This solution consists of placing a fuse at the input of each unit and protecting each unit against a fault current. In this way, the line connecting the associated unit to the short circuit is cut. Therefore, the fault does not propagate.
This solution is limited to protecting the unit itself without concern for the location of the power distribution point. This solution does not take into account the location of the fault, and does not protect the electrical hardware located upstream from the fuse. The solution of the prior art does not anticipate the possibility of an electrical fault between the fuse and the power distribution point.
Furthermore, the irreversibility of the functioning of a fuse in response to a short circuit also poses another problem. Fuses are known for being integral with the circuit. If a short circuit occurs, and if, for example, the fuse is installed on an interconnect card, as described in the above-mentioned patent, the repair involves replacing not only the fuse but also in some cases the interconnect card and the associated connectors. In this case, a repair costs a lot of money.
Another problem is that the fault current can have several sources. The fuses will be tripped as long as the sources of this current are not all under control.
Moreover, fuses are calibrated for a certain intensity. It is known that fuses are tripped beyond this level of intensity. Another drawback is that they induce a non-negligible voltage drop in the system.
Added to these drawbacks is the fact that a restart of the system is necessary. This is comprised, first of all, of locating the unit associated with the short circuit, and of replacing the unit by removing it from its drawer. This system restart results in a down time for the system and is therefore costly in terms of time.
For the sake of simplicity, the term “controller unit” will be used to designate a controller. In addition, the term “unit” may be used to designate a disk unit or a controller (or adapter).
SUMMARY OF THE INVENTION
A first object of the invention is to provide an optimal availability of the system by protecting the system against an electrical fault, no matter what the location or position of the electrical fault within the system.
A second intended object is a rapid detection of an excessively intense fault current.
A third intended object is to allow a quick restart of the system, and hence an optimal availability of this system.
A fourth intended object is the considerable reduction of maintenance costs.
A fifth intended object is the ease of use of the protection device.
To this end, the subject of the invention is a process for protecting a multidisk storage system equipped with a redundancy mechanism, said system comprising at least two disk units, at least one redundancy control unit, and an electric power distribution point, each unit being connected to the distribution point by means of an electrical line, characterized in that it is comprised of protecting the electrical line associated with a unit in proximity to the power distribution point.
This results in a device for protecting a multidisk storage system equipped with a redundancy mechanism, said system comprising at least two disk units, at least one redundancy control unit, and an electric power distribution point connected to an electric power source, each unit being connected to the distribution point by means of an electrical line, characterized in that each electrical line comprises, in proximit
Cargemel Laurent
Carteau Daniel
Gilbert Michaud
Bull S.A.
Iqbal Nadeem
Kondracki Edward J.
Miles & Stockbridge P.C.
LandOfFree
Protection against electrical faults in a mass memory data... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Protection against electrical faults in a mass memory data..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Protection against electrical faults in a mass memory data... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2439080