Designing Disaster Recovery Clusters using Metroclusters and Continentalclusters, Reprinted October 2011 (5900-1881)
functionality the operations can be shifted to the third site and continue unaffected by the
disaster.
• Allows for additional staff at the remote data center outside the disaster area. A wide-area
disaster affects people located within the disaster area, both professionally and personally.
By moving operations out of the main data centers to a remotely located recovery data center,
operational responsibilities shift to people not directly affected by the disaster.
3DC DR Solution Configuration
A Three Data Center configuration uses a disaster tolerant architecture made up of two sites which
are located locally in a Metrocluster and a third site located remotely. These form separate
Serviceguard clusters, which are configured in a Continentalclusters configuration. This solution is
designed to only work with the HP StorageWorks P9000 Disk Array family or HP StorageWorks
XP Disk Array series.
The first site (Site 1) contains one or more HP-UX servers that are connected to one P9000 or XP
Disk Array located in the primary site. The second site (Site 2) contains an equal number of HP-UX
servers connected to a second P9000 or XP Disk Array. Continuous Access Synchronous or
Continuous Access Journal data replication must be established to replicate data between Site1
and Site2. The distance between Site1 and Site2 is limited by:
• Serviceguard heartbeat latency requirements or
• Continuous Access Synchronous or Continuous Access Journal distance requirements, whichever
is configured between Site1 and Site2
When Site 1 and Site 2 form a Metrocluster a third location is required where Quorum server
needs to be kept. In a Continentalclusters environment, the Metrocluster would be the source disk
site for packages configured in a 3DC DR solution.
The third site, which is normally located at a long distance from the Metrocluster sites, contains
one or more HP-UX servers connected to a third P9000 or XP Disk Array. These HP-UX servers form
a separate Serviceguard cluster and require a quorum server or cluster lock disk. In a
Continentalclusters environment, Site 3 is the recovery cluster for packages configured in a 3DC
DR solution. It is recommended to maintain a consistent copy of the volume at the Site 3, using HP
StorageWorks Business Copy XP or P9000 (BC-XP). This is particularly useful in case of a rolling
disaster, which is a disaster that occurs before the cluster is able to recover from a non-disastrous
failure.
An example is a data replication link that fails, then, as it is being restored and data is being
resynchronized, a disaster causes the primary data center to fail resulting in an incomplete
resynchronization and inconsistent data at the remote data center. In case of a rolling disaster,
Metrocluster with Continuous Access for P9000 and XP and P9000/XP Continuous Access software
are able to detect the data is inconsistent and do not allow the application package to start. A
good copy of the data must be restored before restarting the application.
The following are additional disaster tolerant architecture requirements for a 3DC DR solution:
• In the disaster tolerant cluster architecture, it is expected that each Metrocluster data center is
self-contained such that the loss of one data center does not cause the entire cluster to fail. It
is important that all single points of failure (SPOF) be eliminated so that surviving systems
continue to run in the event that one or more systems fail.
• It is also expected that the IP network and SAN equipment between and within the data centers
are redundant and routed in such a way that the loss of any one component does not cause
the IP network or SAN to fail.
Figure 75 (page 425) shows a typical configuration of Three Data Center Disaster recovery
architecture when all there links are configured.
424 Designing a Three Data Center Disaster Recovery Solution