Browse Prior Art Database

Maintaining Data Integrity across Redundant I/O Device Take-Overs

IP.com Disclosure Number: IPCOM000104984D
Original Publication Date: 1993-Jun-01
Included in the Prior Art Database: 2005-Mar-19
Document File: 2 page(s) / 121K

Publishing Venue

IBM

Related People

Cook, TE: AUTHOR [+4]

Abstract

Disclosed is a technique to maintain I/O device connectivity integrity protection while allowing for take-overs to redundant I/O devices. A take-over is defined as a switch to a redundant I/O device by hardware to tolerate component failures. The solution allows a take-over to occur without mistakenly interpreting it as a configuration error. The technique disclosed here is applicable to I/O devices, backed up by redundant stand-bys, which have the ability to uniquely identify themselves.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 48% of the total text.

Maintaining Data Integrity across Redundant I/O Device Take-Overs

      Disclosed is a technique to maintain I/O device connectivity
integrity protection while allowing for take-overs to redundant I/O
devices.  A take-over is defined as a switch to a redundant I/O
device by hardware to tolerate component failures.  The solution
allows a take-over to occur without mistakenly interpreting it as a
configuration error.  The technique disclosed here is applicable to
I/O devices, backed up by redundant stand-bys, which have the ability
to uniquely identify themselves.

      MVS/ESA* provides protection for data integrity exposures
caused by mis-configurations.  These mis-configurations can originate
either through mis-definitions in the I/O Configuration Program
(IOCP) or from physical mis-cabling.  When MVS/ESA places a device in
what has been termed a protected state, it is protected from such
data integrity exposures.  In order to do any work a device must be
in this protected state.  Any change to key portions of the
self-identifying information which the device supplies when that
device is in a protected state will be interpreted as an error.
MVS/ESA will reduce device performance and/or availability to correct
such errors[*].

      Not allowing changes to this self-identifying information while
the I/O device is in a protected state also precludes non-distruptive
standby hardware switches (take-overs).  When an I/O device fails, it
is possible for the control unit itself to detect such failures and
compensate by switching operations to a redundant I/O device
transparent to the application or the I/O operation.  MVS/ESA still
performs operations against the same subchannel after such switches
(unlike Dynamic Device Reconfiguration (DDR)).  After such switches,
MVS/ESA can later detect that it is communicating with a different
physical I/O device.  It may have received no notification of this
switch and interprets the change as an error.  The I/O device will be
removed from service due to the possibility of a data integrity
exposure.

      The technique disclosed allows the redundant hardware switches
to be performed while a device is in a protected state without
construing such changes for a mis-configuration.  The technique will
not depend on the synchronization of signals from the I/O device
regarding re-cabling events and device switch events.

      The synchronization problem between re-cabling signals and
device switch signals is non-trivial.  These two signals are
inherently asynchronous.  Simultaneous hardware-switches and harmless
re-cablings (unplug and re-plug cable to same port) can be invalidly
interpreted as errors.  Simple relaxations of the configuration
checking rules to address this can lead to overlooking a true
mis-cabling error (and hence create a data integrity exposure.)  The
solution detailed here avoids such problems.

      MVS/ESA maintains a software representation of the...