ES2341413B1 - PROCEDURE AND SYSTEM OF CREATION OF SECURITY COPIES. - Google Patents

Abstract

Procedure and system for creating copies of security.

Procedure for creating copies of security, to restore the information stored in a set of computer equipment (4, 5, 6, 7) in the state in which they were before a contingency occurs that includes: creating periodically virtual images of each computer equipment (4, 5, 6, 7); periodically compare each virtual image of each team computer (4, 5, 6, 7) with the preceding virtual image of said computer equipment (4, 5, 6, 7), selecting the information corresponding to the changes produced; send periodically only the corresponding information changes occurred, or, in the case of make it the first virtual image, the complete image of each team computer (4, 5, 6, 7), to a second backup medium (3); restore, in case of a contingency, the images most recent stored virtual computers alternatives (6 '', 6 '' '', 6 '' '' ''; 7 '', 7 '' '', 7 '' '' '').

Description

       \ global \ parskip0.920000 \ baselineskip
    

Procedure and system for creating copies of security.

Object of the invention

The main object of the present invention is a procedure and system for creating backup copies that, in the event of a contingency, it is able to restore the information stored in a set of physical machines in the state in which were before the contingency occurred, including the interface and the status of the applications that were open in each physical machine

Background of the invention

Procedures are already known in the art. for the storage of physical machine data for the purpose of avoid loss of information in case of contingencies, such as power outages, natural disasters, etc. Such procedures are based on making periodic copies of the data stored on the hard drives of the desired physical machines protect and, after a contingency, restore the data back into Other alternative machines. The copy of the data can be done either through storage media that must be connected directly to computers, such as CD's, DVD's or hard drives portable, or through some kind of communications network, like Ethernet or Internet.

A common drawback is that, due to the size of data files to be sent and capacity limited data transmission of communications networks, the periodicity of the creation of copies is very low, which means that after a contingency data would be recovered from a very moment previous.

Another drawback is that the procedures of creation of backup copies according to the prior art they only make copies of data, which means that, before a contingency, if necessary to retrieve information from a physical machine on a second machine, this should be one of the same characteristics of the first and, in addition, there would be previously You install the operating system and all applications.

Description of the invention

When a contingency occurs, the method and system of the present invention restore the information stored in a set of physical machines of the client in a very short time, thus achieving a continuity of Total business The method and system of the invention not only periodically make backup copies of stored data in the client's physical machines, but also creates Periodically complete virtual images that are stored both locally, at the customer's premises, such as in a location remote, which may be located in another city. This allows it to be can restore the information of physical machines in the state where they were when the last copy was made, including the aspect of the interface and the applications that at that time were They were open.

Another advantageous feature of the present invention is that it is not necessary for the machine where the information stored be the same physical machine it was on originally, since the method and system of the invention It includes a virtual machine server that allows you to restore the information stored in any physical machine or type machine "thin client".

In this document, the expression "restore information stored on a physical machine" refers to the action of, when the information has been lost of a physical machine due to a contingency, re-enter the information lost in an alternative machine, which can be any physical machine or machine of type "thin client". The "information" includes data and applications, and restoration is "total" or "partial" depending on whether they recover, respectively, both data and applications or only data.

On the other hand, a "contingency" is any exceptional situation that causes loss of information in one or more of the client's physical machines. For example, sudden losses of electrical fluid would be contingencies, fires, earthquakes, etc.

Finally, the "customer" will be the company or company that owns the set of physical machines to which you want to support continuity in your business, while "users" are the people who work on each machine physical. "Physical machines" can be servers or User terminals (PC, laptop, etc.).

One aspect of the present invention relates to a backup creation procedure, to restore the information stored in a set of physical machines in the state in which they were before a contingency occurred, where the The procedure includes the following operations:

1) Create periodically, using a medium local backup connected to each physical machine using a LAN connection medium, virtual images of each physical machine in said local backup medium.

The local backup media comprises a virtual machine server capable of supporting a series of virtual teams that each have a specific task. From this way, before the loss of the physical machines due to a contingency information can be retrieved on machines "thin client" alternatives, or on other machines Alternative physicists A controller layer provides the infrastructure that supports virtual machines, and in which virtual communications switches are created that allow virtual machines communicate with each other and abroad. The controller layer is a unix operating system on which it They run the virtual machines. In addition, this system is the responsible for establishing communications, both with the environment of client as with a remote backup medium arranged in a remote location and connected through a connection medium WAN

The local backup media is available at the customer's premises connected to their physical machines to through a LAN connection medium. In particular embodiments of the present invention, the LAN connection means can be a LAN network connection such as Ethernet or Wi-Fi. For your installation, an IP address must be assigned to the local medium of backup.

Thus, the local backup media generates periodically virtual images of the physical machines of the client. Virtual images are created according to a procedure physical-to-virtual (P2V). I mean, I know create an image of the file system of the physical machine of the client (hard disk) with all its applications and becomes a virtual hard disk that contains both the data and the applications that the client has in each physical machine. Of this mode, the exact state in which a machine is located is stored physics at the time of creating the virtual image, with its specific desktop configuration and with applications or open programs in the state they are in. The process of virtual image creation is not detected by the user of a particular physical machine, which can continue its work with normal.

The local backup media will remain stored at least one day virtual images complete.

2) Compare periodically, through the medium local backup, the virtual image of each machine physics with the preceding virtual image of said physical machine, selecting the information corresponding to the changes produced.

In this operation, the local backup media compares, for each physical machine, the last virtual image created with the previous virtual image, and selects for later sending only the information that has been modified. This operation is carried out by means of different optimization algorithms (Rsync, X-press-TCP, WANFS), using each of them according to the data to be replicated. This is done with the objective of minimizing the size of the information that will be sent through a WAN connection medium to a remote backup medium, thus providing the invention with greater speed, and therefore a higher frequency of creation and subsequent storage of virtual images of physical machines
cas.

Obviously, the first time the virtual image of a physical machine there is no virtual image precedent, and therefore the information that has been modified It includes the complete virtual image of that physical machine.

3) Send periodically, through a medium WAN connection, only the corresponding information changes produced, or, in the case that it is the first virtual image, the Full virtual image of each physical machine, to a remote medium of backup.

Normally, the local copy medium of security, which is connected to the user's physical machines to through the LAN connection medium, it is physically located in the user facilities, that is, in the same building. This means that, in the event of a major contingency, such as a fire, could be rendered useless and the information stored in he. For this reason, the process of the present invention includes sending the information obtained from the operation above via a WAN connection means, preferably at through a Virtual Private Network (VPN) supported by the Internet, to a remote backup media arranged in one location remote, that is, in another building or even in another city.

The remote backup medium comprises preferably one or more virtual machine servers to support the information you receive from the local copy medium of security. In addition, the remote backup medium comprises Mass storage media (SAN) connected through a second LAN connection medium, which can Be an Ethernet or Wi-Fi network.

Often, the transmission speed of the WAN connection means constitutes the bottleneck that determines the maximum frequency of creating virtual security images to which the present procedure can work. For this reason you try to minimize the size of the information sent, either by sending only the information that has been modified between creating a virtual image and the next one, or either using data indexing systems at source and destination, in which each data is assigned a pointer in origin the first time it is transferred, and when it is transferred a second time, only the pointer is transmitted by means of the WAN connection, which in the Destination is transformed to the original data.

       \ newpage
    

       \ global \ parskip1.000000 \ baselineskip
    

In addition, in another preferred embodiment of the invention, the information sent to the remote medium is encrypted backup, so that security is improved before possible attacks on the WAN connection medium. More preferably, it Use the IPsec protocol. The information remains encrypted until you need to have access to it when a contingency.

Preferably, the frequency with which create the virtual images of each physical machine, compare each one with the preceding one, and the corresponding information is sent to Changes for storage is between once every 12 hours and once every 24 hours.

4) Restore, if a contingency, the most recent virtual images stored alternative machines

Thus, once the three operations are completed previous you have the information of the physical machines stored in the remote backup medium, information that it is updated periodically as it arrives through the WAN connection medium the information corresponding to the changes in each of them, so that if a contingency occurs at the customer's premises, all the information until the time of the last update.

a) In case the contingency is partial, that is, that it has only destroyed the physical machines of the client, leaving the local backup medium intact, of according to a preferred embodiment of the invention, the images newer virtual machines are restored to new alternative machines from the local backup media, using the media from LAN connection, if it is still intact, or other means of LAN connection alternative. Alternative machines can be any machine physical or machine "thin client".

b) In case the contingency is total, it is that has destroyed both the physical machines and the environment local backup, according to one embodiment preferred of the invention, the most recent virtual images are restore on alternative machines from the remote copy medium of security using a connection means, which can be a means of WAN or LAN connection. Alternative machines can be any physical machine or "thin client" machine.

In addition, in preferred embodiments of the invention, there is a network unit connected to the connection means LAN where users can leave data files from special interest, and of which backup copies will be created with a higher frequency Thus, in previous embodiments of the invention the procedure for creating backup copies It also includes the operations of:

periodically copy to the local copy medium security data files of special interest to the client;

periodically compare, through the local media Backup, each data file of special interest for the client stored with the corresponding data file above, selecting the information corresponding to the changes produced;

send periodically, through a means of WAN connection, only the corresponding information changes produced, or, in the case of the first copy, the files of data of special interest for the complete client, to a medium remote backup; Y

restore, in case of a contingency, data files of special interest to the most recent customer in alternative machines.

The frequency of copy operations, comparison and sending of data of special interest to the customer It is between once every 30 minutes and once every 90 minutes.

According to a second aspect of the invention, a backup creation system is described to restore the information of a set of physical machines in the state they were in before a contingency occurred, which understands:

a local backup media, connected by means of LAN connection to physical machines, which creates periodically virtual images of each physical machine, comparing the most recent virtual image of each physical machine with the image virtual precedent to obtain the information corresponding to the changes produced;

a remote backup media, connected via a WAN connection medium to the local copy medium of security, which receives information regarding changes produced in the virtual images of the physical machines that Send the local backup media.

In preferred embodiments of the invention, the LAN connection medium is a network connection, for example Ethernet or Wi-Fi, and the WAN connection medium is a Private Network Virtual supported by Internet.

Description of the drawings

To complement the description that is being performing and in order to help a better understanding of the characteristics of the invention, according to an example preferred practical implementation of it, is accompanied as integral part of that description, a set of drawings where with an illustrative and non-limiting nature, what has been represented next:

Figure 1. Shows the one particular embodiment of the system to carry out the procedure herein invention.

Figures 2, 3 and 4. They show the situation in which user facilities remain when a total contingency, and how it is solved using the system and method of the invention

Figures 5 and 6. Show the situation in which user facilities remain when a partial contingency, and how it is resolved using the system and method of the invention

Preferred Embodiment of the Invention

A preferred embodiment of the present invention depicted in the figures is described below. Thus, Figure 1 shows the system (1) for performing the process of the invention, where a set of physical machines (4, 5, 6, 7) is formed by two servers (4, 5) and two user terminals ( 6, 7), which are connected to each other and to the local backup medium (2) by a LAN connection means (8), which in this example is an Ethernet network. In turn, a WAN connection medium (9), which in this example is a Virtual Private Network supported by the Internet, allows communication between the local backup media (2) and the remote backup media
(3).

In this example, the local media copy of security (2) consists of a physical server, a controller of virtual machines, network infrastructure, protocols interconnection and virtual machines. Outlined below each of these parts:

- Physical server

It occupies a physical rack unit. It's about a server based on x86 architecture, in this example a couple of Intel dual-core processors with 512 Kb L2 cache per core; 2 Mb L3 cache per processor.

It has a RAM of 4 Gb to 8 Gb (according to the customer needs). Regarding the ability to storage, two 500 Gb SATA drives are used. At the network level It has 4 10/100/1000 network cards.

- Virtual machine controller

It is the layer that supports the servers virtual, under a Linux operating system. About this system operating runs a virtualization software in which they run the virtual machines that do the different tasks.

- Network infrastructure

Initially a network card is used to access the LAN connection medium (8) of the client. The local environment of backup (2) need internet connection to establish the VPN tunnel with the remote backup medium (3). He This system is designed so that a single remote means of backup (3) support a set of local media from backup (2), each of which is installed in a company and in a different location.

- Interconnection protocols

IPSec VPN connections are used against tunnel servers, as well as SSH and CIFS connections with SSL.

Optimization systems are also used bandwidth through Xpress-TCP, WAFS and RSync, which apply both to the client connection means (8) and to those of the system of the invention (9, 10), so that they are only sent through the means of connection WAN (9) data that are different. Datastreams are also cached, and in that case only tags are sent to access them.

Once the data is received on the remote medium backup (3) the MD5 system is used as an algorithm of cryptographic reduction and the hashes that result are compared with The hash of origin. Thus, the system (1) of the invention will be ensures that the data in the local copy of security (2) are exactly the same as those in the middle Remote backup (3).

- Virtual machines

The local backup medium (2) has several virtual machines that specialize in various chores.

Virtual machine 1 is in charge of offering the data repository that reaches the client as a network unit shared to store data files of special interest, and synchronizes through the applications specified in the previous protocols section (Xpress-TCP, WAFS, RSync)

Virtual machine 2 handles the P2V process at the client's premises. For this process they are used various tools on the market (VMware vConverter, Ultimate-P2V, etc.). This machine transfers the differences between virtualized machines between the last image and the image preceding the remote backup medium (3).

Virtual machine 3 offers layers of presentation to optimize the use of RDP connections between clients and the server in case of contingency access.

Virtual machine 4 monitors the services of all the virtual machines of the system and the connections with the remote backup medium (3). This machine performs resource utilization reports, both machine and network, and sends a report to a centralized management system that It has the remote backup medium (3) to monitor the status of alerts in each of the local media for copying security (2).

In this example, the remote copy medium of security (3) consists of a pool of VMware servers that provide support for information received from the only local medium of backup (2) used as an example. The different servers (of which only one is represented in the figure) of Remote backup media (3) are connected by means of a second LAN connection means (10), which is in this example a Ethernet network

To execute the process of the invention, it is only necessary that the local backup medium (2) has an own IP and know the IPs and administrative passwords of the physical machines (4, 5, 6, 7) that you want to support continuity.

With this data, the local media copy of security (2) first create a virtual image of the server (4) through a P2V process. Being the first image virtual, there is no preceding virtual image with which compare, and therefore all the information is stored in the first backup medium (2). This process is repeated sequentially for each of the machines physical (4, 5, 6, 7), so that at the end of that operation you They have the four complete virtual images. Then it encrypted according to the IPsec protocol and sent through the means of WAN connection (9) to the remote backup medium (3), performing an MD5 check of each of the files to Verify that they are identical in origin and destination. In addition to being sent to the remote backup medium (3), each virtual image is left stored in the local backup medium (2).

When it is the turn of the server again (4), the local backup medium (2) creates the following virtual image and compare it with the previous one, selecting only Files that have been modified. The process is repeated for rest of the virtual machines (server 5 and user terminals 6, 7). Then, the differences are sent through the medium WAN connection (9) to the remote backup medium (3). This process is repeated periodically, so that (as virtual images of the physical machines (4, 5, 6, 7) stored in the remote medium Backup (3) are constantly updated.

If a total contingency occurs, as is depicted in Fig. 2, such as a fire in the building where the client's facilities are, there are unused physical machines (4, 5, 6, 7) and the local copy medium safety (2). In this case it is possible to restore from the middle Remote backup (3) machine information physical (4, 5, 6, 7) in the state it was in when the most recent virtual image directly. In the example shown in Fig. 3, the information of the terminals of the user (6, 7) in a new pair of alternative machines (6 ', 7'), which in this case are "thin clients" that connected through the second LAN connection medium (10).

It is also possible to restore information from physical machines (4, 5, 6, 7) anywhere with which the remote backup medium (3) can establish a connection Alternative WAN (9 '), usually a supported Virtual Private Network by Internet. A case is shown in Fig. 4 in which Restores user terminal information (6, 7) in a pair of alternative machines (6``, 7 ''), specifically two laptops that are in the home of one of the users, using, for example, Terminal Server or RDP.

On the other hand, there is a contingency partial, as shown in Fig. 5, the information is restored of physical machines (4, 5, 6, 7) directly from the middle local backup (2). Specifically, in the example shown in Fig. 6 the information of the user terminals (6, 7) on a couple of alternative machines (6 '' ', 7' ''), specifically two laptops.

The system and method of the invention allow the client to restore the information in a matter of minutes, so you don't resent The operation of the company. In addition, the fact of storing complete virtual images, comprising both data and applications, allows each individual user to visualize the new alternative machine in the state it was at the time it the virtual image was created, including the applications that in that Moments were open and the appearance of your desk.

Claims (15)

1. Procedure for creating backup copies, to restore the information stored in a set of physical machines (4, 5, 6, 7) in the state they were before a contingency occurred, characterized in that it comprises the following operations: create periodically, using a local medium backup (2) connected to each physical machine (4, 5, 6, 7) via a LAN connection medium (8), virtual images of each physical machine (4, 5, 6, 7); periodically compare, through the local media backup (2), the virtual image of each physical machine (4, 5, 6, 7) with the preceding virtual image of said machine physics (4, 5, 6, 7), selecting the information corresponding to the changes produced; send periodically, through a second WAN connection medium (9), only the corresponding information changes produced, or, in the case that it is the first image virtual, the complete image of each physical machine (4, 5, 6, 7), to a remote backup medium (3); Y restore, in case of a contingency, the most recent virtual images on machines alternatives (6 ', 6' ', 6' ''; 7, 7 '', 7 '' '). 2. Procedure for creating backup copies according to claim 1, characterized in that the operation of creating virtual images of each physical machine (4, 5, 6, 7) is performed using vConverter, from VMware, or Ultimate-P2V. 3. Procedure for creating backup copies according to claim 1, characterized in that the operations of comparing and sending only the difference between the virtual images of each physical machine (4, 5, 6, 7) are performed using at least one of the methods in the following list: Rsync, X-press-TCP and WANFS. 4. Procedure for creating backup copies according to claim 1, characterized in that it further comprises the operation of encrypting the virtual images of the physical machines (4, 5, 6, 7) prior to being sent to the remote copy copy medium. security (3). 5. Procedure for creating backup copies according to claim 4, characterized in that the encryption is performed in accordance with the IPsec protocol. 6. Procedure for creating backup copies according to claim 1, characterized in that when a partial contingency occurs the operation of restoring the most recent virtual image on alternative machines (6 ', 6'',6'''; 7 ', 7'',7''') is performed from the local backup medium (2). 7. Procedure for creating backup copies according to claim 1, characterized in that the operation of restoring the most recent virtual image on alternative machines (6 ', 6'',6'''; 7 ', 7'', 7 ''') is performed from the remote backup medium (3). 8. Procedure for creating backup copies according to any of claims 6 or 7, characterized in that the alternative machines (6 ', 6'',6'''; 7 ', 7'',7''') they are physical machines or "thin clients". 9. Procedure for creating backup copies according to claim 1, characterized in that the frequency of the creation, comparison and sending operations of the virtual images of the physical machines (4, 5, 6, 7) is between once every 12 hours and once every 24 hours. 10. Procedure for creating backup copies according to claim 1, characterized in that it further comprises the operations of: periodically copy to the local copy medium security (2) data files of special interest to the client; periodically compare, through the local media backup (2), each data file of special interest for the client stored with the corresponding data file above, selecting the information corresponding to the changes produced; send periodically, through a means of WAN connection (9), only the corresponding information changes produced, or, in the case of the first copy, the files of data of special interest to the client complete to a medium remote backup (3); Y restore, in case of a contingency, data files of special interest to the newest customer in alternative machines (6 ', 6' ', 6' ''; 7 ', 7``, 7 '' '). 11. Procedure for creating backup copies according to claim 10, characterized in that the frequency of copying, comparing and sending data of special interest to the customer is between once every 30 minutes and once every 90 minutes . 12. System for creating backup copies (1) to restore the information stored in a set of physical machines (4, 5, 6, 7) in the state they were before a contingency occurred, characterized in that it comprises: a local backup medium (2), connected by means of LAN connection (8) to the machines physical (4, 5, 6, 7), which periodically creates virtual images of said physical machines (4, 5, 6, 7), comparing each of them with the successive to obtain the information corresponding to the changes produced; a remote backup medium (3), connected via a WAN connection medium (9) to the local medium of backup (2), which receives the information related to the changes produced in the virtual images of physical machines (4, 5, 6, 7) sent by the local backup media (2). 13. System for creating backup copies (1) according to claim 12, characterized in that the LAN connection means (8) is an Ethernet or Wi-Fi connection. 14. System for creating backup copies (1) according to claim 12, characterized in that the WAN connection means (9) is a Virtual Private Network supported by the Internet. 15. System for creating backup copies (1) according to claim 12, characterized in that the remote backup medium (3) comprises a pool of VMware servers connected by means of a second LAN connection means (10) .