Integration of PRIMECLUSTER and Mission- Critical IA Server PRIMEQUEST



Similar documents
Disaster Recovery Feature of Symfoware DBMS

Remote Copy Technology of ETERNUS6000 and ETERNUS3000 Disk Arrays

Symfoware Server Reliable and Scalable Data Management

Synology High Availability (SHA)

Integrated Application and Data Protection. NEC ExpressCluster White Paper

Synology High Availability (SHA)

Datasheet. FUJITSU Storage ETERNUS SF Storage Cruiser V16.0 ETERNUS SF AdvancedCopy Manager V16.0 ETERNUS SF Express V16.0

Using Multipathing Technology to Achieve a High Availability Solution

HRG Assessment: Stratus everrun Enterprise

Executive Summary WHAT IS DRIVING THE PUSH FOR HIGH AVAILABILITY?

Synology High Availability (SHA): An Introduction Synology Inc.

StreamStorage: High-throughput and Scalable Storage Technology for Streaming Data

Provisioning Technology for Automation

Fault Tolerant Servers: The Choice for Continuous Availability on Microsoft Windows Server Platform

Pervasive PSQL Meets Critical Business Requirements

NEC Corporation of America Intro to High Availability / Fault Tolerant Solutions

Whitepaper Continuous Availability Suite: Neverfail Solution Architecture

IBM Virtualization Engine TS7700 GRID Solutions for Business Continuity

IBM System Storage DS5020 Express

Volume Replication INSTALATION GUIDE. Open-E Data Storage Server (DSS )

High Availability Cluster for RC18015xs+

On-Demand Virtual System Service

Informix Dynamic Server May Availability Solutions with Informix Dynamic Server 11

Blade Servers & Virtualization

The functionality and advantages of a high-availability file server system

Contents. SnapComms Data Protection Recommendations

Caché High Availability Guide

Cisco Active Network Abstraction Gateway High Availability Solution

How To Build A Clustered Storage Area Network (Csan) From Power All Networks

Backup and Redundancy

Application Continuity with BMC Control-M Workload Automation: Disaster Recovery and High Availability Primer

Achieving High Availability & Rapid Disaster Recovery in a Microsoft Exchange IP SAN April 2006

Neverfail for Windows Applications June 2010

Hosting Solutions Made Simple. Managed Services - Overview and Pricing

Protecting SQL Server in Physical And Virtual Environments

Network Solution for Achieving Large-Scale, High-Availability VoIP Services

OVERVIEW. CEP Cluster Server is Ideal For: First-time users who want to make applications highly available

Getting Started with Endurance FTvirtual Server

Executive Brief Infor Cloverleaf High Availability. Downtime is not an option

IT Service Management

Fault Tolerant Servers: The Choice for Continuous Availability

Astaro Deployment Guide High Availability Options Clustering and Hot Standby

Vess A2000 Series HA Surveillance with Milestone XProtect VMS Version 1.0

Top 10 Reasons why MySQL Experts Switch to SchoonerSQL - Solving the common problems users face with MySQL

Data Replication INSTALATION GUIDE. Open-E Data Storage Server (DSS ) Integrated Data Replication reduces business downtime.

EXPRESSCLUSTER X 3.3 for Windows

High Availability Solutions for the MariaDB and MySQL Database

RED HAT ENTERPRISE VIRTUALIZATION FOR SERVERS: COMPETITIVE FEATURES

Avid. inews. Redundancy and Failover in Avid News Management Solutions

HA / DR Jargon Buster High Availability / Disaster Recovery

Microsoft SQL Server on Stratus ftserver Systems

Creating A Highly Available Database Solution

Affordable Remote Data Replication

COMPARISON OF VMware VSHPERE HA/FT vs stratus

High Availability and MetroCluster Configuration Guide For 7-Mode

OPTIMIZING SERVER VIRTUALIZATION

Data Protection with IBM TotalStorage NAS and NSI Double- Take Data Replication Software

Intel AMT Provides Out-of-Band Remote Manageability for Digital Security Surveillance

Veritas Cluster Server by Symantec

System Infrastructure Non-Functional Requirements Related Item List

Developing a dynamic, real-time IT infrastructure with Red Hat integrated virtualization

SAP HANA Operation Expert Summit BUILD - High Availability & Disaster Recovery

A SWOT ANALYSIS ON CISCO HIGH AVAILABILITY VIRTUALIZATION CLUSTERS DISASTER RECOVERY PLAN

Everything You Need to Know About Network Failover

Business Continuity: Choosing the Right Technology Solution

MaximumOnTM. Bringing High Availability to a New Level. Introducing the Comm100 Live Chat Patent Pending MaximumOn TM Technology

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

Veritas Storage Foundation High Availability for Windows by Symantec

Distribution One Server Requirements

COMPARING STORAGE AREA NETWORKS AND NETWORK ATTACHED STORAGE

VERITAS Volume Management Technologies for Windows

short introduction to linux high availability description of problem and solution possibilities linux tools

DeltaV Virtualization High Availability and Disaster Recovery

High Availability Essentials

Infortrend ESVA Family Enterprise Scalable Virtualized Architecture

Server Virtualization in Manufacturing

SAN Conceptual and Design Basics

High Availability Guide for Distributed Systems

Module 7: System Component Failure Contingencies

SanDisk ION Accelerator High Availability

Disaster Recovery for Oracle Database

Implementing Storage Concentrator FailOver Clusters

Transcription:

Integration of and Mission- Critical IA Server V Masaru Sakai (Manuscript received May 20, 2005) Information Technology (IT) systems for today s ubiquitous computing age must be able to flexibly accommodate large-scale changes in workload as well as 24/7 continuous operation. is a mission-critical IA server developed with the key concepts of open, mission-critical, and global. is a foundation software designed to maximize continuous operation time by increasing system availability via a redundant server, storage, and network configuration. We have combined with our advanced middleware, servers, and storage to further strengthen our competitiveness in this field. The fusion of, PRIMECLUS- TER, and our vast experience in high-reliability technology for UNIX servers has enabled Fujitsu to provide the highest reliability and maximum continuous operation time in open cluster systems. This paper describes how maximum availability is achieved through the integration of and. 1. Introduction The use of mission-critical systems has typically been limited to financial accounting systems on mainframes. However, with the arrival of the ubiquitous computing age, mission-critical systems have become more popular and there are increasing needs for them to operate 24 hours a day, 7 days a week. Fujitsu has a lot of expertise in mission-critical systems, and PRIMECLUS- TER 1) is designed specifically for such systems. It was developed as a high-availability product to be combined with middleware, UNIX servers, and storage devices. Cluster systems providing redundancy through the use of several servers to keep downtime to the bare minimum are effective for increasing availability, but in such systems it is necessary to rapidly and accurately check the server status and also rapidly switch between servers. The combination of Fujitsu s mission-critical IA servers and software is proof of our technologies in this area and realizes the maximum degree of continuous operation in open systems. This paper describes how maximum availability is achieved through the integration of and PRIMECLUS- TER. 2. Issues with continuous operation The most important requirement for continuous 24/7 operation is uninterrupted service, and in the rare cases when service is interrupted, service must be reestablished very quickly. To provide against unplanned system stops due to hardware failures and other failures, cluster systems need redundant configurations so that failover between servers and services can be done rapidly and securely (Figure 1). The main requirements for cluster systems are as follows: 1) Rapid detection of faults 2) Dependable failover (prevention of double 328 FUJITSU Sci. Tech. J., 41,3,p.328-333(October 2005)

M. Sakai: Integration of and Mission-Critical IA Server Operating - Rapid detection - Dependable shutdown Halted Figure 1 Main requirements for rapid failover. Operating - Takeover by standby server - Activation instruction activation) 3) A high-reliability failover mechanism Having systems suspended for as little time as possible during failover greatly increases the availability. One way to detect and report hangups is to make these tasks event-driven. However, it is difficult to implement them solely in software, and there is therefore a need for collaboration among software, hardware, and firmware to resolve this issue. For instance, in the detection of server hangups, it is common to use a heartbeat that periodically communicates with software. However, a very short heartbeat interval can lead to an undesirably high system load, so heartbeat intervals are usually several 10s of seconds. As a result, it takes several 10s of seconds to detect an panic, by which time the server has already halted. solves the conventional heartbeat-monitoring problems of conventional IA servers by providing special hardware for detecting and reporting an panic. 3. Integration of and To raise the completeness level of cluster systems, efforts were made from the design stage to solve problems connected with continuous operation in. As a result, PRIME- CLUSTER achieves high availability and reliability by establishing a close collaboration among hardware, firmware, and the Linux kernel. 3.1 High-speed failover achieved through redundant server management board () has a function by which system boards (SBs) and independent server management units called management boards (s) monitor the status and report it to the cluster software. It also has a function by which the cluster software issues a forced panic request to a faulty server (Figure 2). The use of these functions and the integration of and enables rapid, secure failover between servers. Normally, the cluster software of ordinary open systems uses heartbeats for monitoring. If there is no response to a heartbeat, failover is initiated because this indicates that the has hung up. However, failover is usually not initiated until several 10s of seconds because that is the usual interval between heartbeats. In contrast, it takes the only about a second to report an panic. The combined use of s and heartbeats enables individual faults to be pinpointed, which improves accuracy in fault determination and increases reliability (Figure 3) as follows. 1) If the determines that the is operating but the heartbeat is not getting through, this may indicate that a fault has occurred in the heartbeat communication route or one or more communication processes are proceeding too slowly. 2) If an communication error occurs, the status of the heartbeat communication route is checked. If it is operating normally, a fault may have occurred in the. To increase the reliability of, the and its interface with cluster software are completely redundant. 3.2 I/O fencing incorporated for rapid failover In a server failover, all access to shared resources must be completed and further access FUJITSU Sci. Tech. J., 41,3,(October 2005) 329

M. Sakai: Integration of and Mission-Critical IA Server System board Monitor status System board (Redundant) become unavailable. This would be very serious and could stop operation of the entire system. From this viewpoint, as shown in the configuration in Figure 4, s s and CPU CPU communications channels are completely redundant, as are its internode communications Memory Memory channels. Moreover, communications are conduct- I/O unit Disk I/O unit Disk ed between the kernel and process layers, with the process layer using the redundant communication channels of the kernel layer. Figure 2 Configuration of s and system boards. Monitoring Heartbeat monitoring communications Figure 3 How uses. Monitoring must be blocked before activating the standby server. If the shared disks, IP failover, and other resources are still running, then both servers might try to access the resources, which could lead to the very serious problem of data damage. For this reason, the, drivers, and firmware implement an I/O fencing function that shuts off the I/O immediately at panic and other system-down events. When an reports a failure to the cluster software of the standby server, the standby server can be rapidly activated because the I/O fencing secures the I/O. 3.3 Reason for redundant configuration If a cluster failover mechanism is unreliable, failover between units may fail and service may 4. Overview of is a high-reliability core software that maximizes operation time in a redundant configuration of enhanced-availability servers, storage devices, and networks. 4.1 Redundancy in servers Monitoring is conducted between the servers of a cluster using heartbeats and a LAN. If there is no response to a heartbeat, failover to the standby server is initiated and the standby server takes over the jobs that were running. This method in conjunction with hardware monitoring achieves rapid failover and high-reliability (Figure 5). enables heartbeats and the hardware server monitoring mechanism to be used together to monitor the server status. This combination ensures high availability by reducing the time needed to detect server faults. It also ensures high reliability in terms of secure and dependable server failover. Next, we describe the main features of in detail. 1) Synchronous and asynchronous monitoring By combining monitoring using several channels with the monitoring mechanism incorporated in the hardware, enables rapid, high-accuracy detection of server failures and secure and dependable failover to another server. Synchronous monitoring Synchronous monitoring reliably detects server downs and hangups using fixed-cycle 330 FUJITSU Sci. Tech. J., 41,3,(October 2005)

M. Sakai: Integration of and Mission-Critical IA Server IP address switching LAN Process layer Kernel layer Process layer Kernel layer Server Application/ DBMS [Operating] Server switching Server Application/ DBMS [Standing by] Monitoring by heartbeat and server monitoring mechanisms Figure 4 Redundant configuration of and. Switching of shared I/O heartbeats transmitted over a dedicated LAN (intercluster LAN) and the redundant routes of the kernel space and user space. Asynchronous monitoring In asynchronous monitoring, when s in detect a server panic, PRIME- CLUSTER is immediately notified using a dedicated channel. 2) Disconnection of faulty servers If there is no response to the heartbeat, the hardware server monitoring mechanism forces the faulty server to shut down. This ensures secure and dependable server failover. 3) Hot standby The operations for taking over data and the activation of service applications on the standby server when a failure occurs in the operating server are not the same as those in a conventional standby system. With, these operations are supported by a hot standby function that makes preparations to resume service on the standby server in advance of a failure. Fujitsu s Symfoware Server database management software and Interstage core application software are designed for use with hot standby. To prepare for a failure, Symfoware and Interstage are activated in the standby server, shared disk devices are opened, and applications are activated to create a standby situation in which processing can be resumed without delay. This substantially reduces the time needed to restart Figure 5 Outline of. service. 4) Patrol diagnosis (standby patrol) In ordinary failover of cluster systems, the server, network, storage devices, and applications of the operating unit of the cluster are monitored, but they are not monitored in standby units. Therefore, service might become completely unavailable if a failure occurs on a standby unit after failover. To guard against this worst-case scenario, has a standby patrol function by which the server, network, storage devices, and applications are also monitored on the standby units to prevent failure when service is transferred to them. If a fault is detected on a standby unit, the affected unit is disconnected and an alarm is sounded on the console to alert the system administrator. 4.2 Redundancy of storage and system disks GDS provides software volume manager features that enable high-availability logical volumes to be created on each physical volume. 1) Mirroring of system volumes If a failure occurs on a system volume disk, the system might be unavailable for a long time because it will be necessary to change the faulty FUJITSU Sci. Tech. J., 41,3,(October 2005) 331

M. Sakai: Integration of and Mission-Critical IA Server disk and perform recovery processing. However, if system volumes are mirrored and the faulty disk can be disconnected, operations can be taken over by a normally functioning disk. also has a hot spare function that automatically mirrors a faulty disk to a spare disk that contains no data and then replaces the faulty disk with the spare so system operation can continue. 2) Mirroring among RAID devices RAID devices are widely used to increase the availability of storage; however, for mission-critical systems, a higher degree of data availability than normal is required. A higher level of continuity in data access is achieved by configuring RAID devices with an even greater degree of redundancy and mirroring among them. 4.3 Redundancy of networks GLS provides several IP addresses to high-level software as a single virtual IP address. 1) NIC switching (various machine/multivendor environments) With Network Interface Card (NIC) switching, switching of transmission routes is controlled through the exclusive use of duplicated NICs connected to the same network. Because no restrictions are placed on opposite-party devices, it is possible to communicate with multiple servers and vendor network equipment. 2) Rapid failover During normal operation, bandwidth is expanded through the use of parallel transmission routes. Also, by immediately detecting faults using monitoring profiles and rapidly disconnecting faulty transmission routes, service can be continued without applications having to be concerned about faulty or disconnected networks. 4.4 High availability achieved by minimizing scheduled downtime To maximize the operating time of information systems, it is of course necessary to minimize unplanned system downtime (from the occurrence of faults to resumption of service). Moreover, planned downtime, such as that for maintenance and system upgrades, must also be minimized. With conventional IT systems, down time could be scheduled for system maintenance, but this is unacceptable for today s IT systems that must operate 24/7. The following functions of systems enable planned downtime to be reduced to the bare minimum. 1) Hot system replacement The redundancy in the networks and storage devices of this system enables faulty units to be autonomously disconnected from service so they can be changed and redundancy can be reestablished without affecting the service. 2) Rolling update With this feature, the servers of a cluster system can be stopped one at a time so their hardware and software can be maintained while their jobs are taken over by other servers. This enables the downtime needed for such maintenance to be minimized. 3) Hot system expansion When business is rapidly expanding, and there are shortfalls in processing power and/or file system capacity, processing power can be increased by adding servers or the file system can be expanded online. By using the hot-system expansion functions of and ETER- NUS 2) CPUs, the memory and disk capacity can also be increased. 5. Issues for the future By continuing to target mission-critical systems and high-reliability operation, Fujitsu will apply and to the TRIOLE IT infrastructure 3) in addition to cluster systems. With TRIOLE, Fujitsu has been developing resource visualization (centralized appraisal of configuration, fault locations, performance, etc.) and autonomous control (automatic reallocation of server resources, etc. as required) functions for complex systems. In the future, these 332 FUJITSU Sci. Tech. J., 41,3,(October 2005)

M. Sakai: Integration of and Mission-Critical IA Server functions will be applied as key technologies for the fault detection and job takeover functions that have been implemented using cluster technology. 6. Conclusion The integration of and has enabled high availability and reliability in cluster systems consisting of missioncritical open servers. In our present ubiquitous computing age, there are increasing needs for high availability, optimization, and convenience in the operation of IT systems. Fujitsu will continue to improve the reliability of and in view of its vital importance to our business. We will also center the future development of and PRIME- QUEST on the TRIOLE infrastructure in order to fulfill the expectations of our customers and maintain their confidence in Fujitsu. References 1) homepage. http://www.fujitsu.com/global/services/ computing/server/unix/optionalsw/ PRMPWR_pcl.html 2) Disk Storage Systems (ETERNUS) homepage. http://www.fujitsu.com/global/services/ computing/storage/system/ 3) TRIOLE homepage. http://www.fujitsu.com/global/services/ solutions/triole/ Masaru Sakai received the B.E. degree in Mathematical Informatics from Tokyo University of Agriculture and Technology, Tokyo, Japan in 1981. He joined Fujitsu Ltd., Kawasaki, Japan in 1981, where he developed s for small computers. Since 1994, he has been developing cluster software for open systems. E-mail: sakai@soft.fujitsu.com FUJITSU Sci. Tech. J., 41,3,(October 2005) 333

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information