HP OpenView Storage Mirroring User Guide (360226-002, May 2004)
11 - 1
11 !
!!
! Failover
Failover
Failover is a component of Storage Mirroring that allows a target to stand in for a failed source machine. The failover target
assumes the network identity of the failed source. When the target assumes the identity of the source, user and application
requests destined for the source machine or its IP address(es) are routed to the target.
When partnered with Storage Mirroring’s data replication capabilities, failover routes user and application requests with
minimal disruption and little or no data loss. In some cases, failover may be used without data replication to ensure high
availability on a machine that only provides processing services, such as a web server.
The Failover Process
Storage Mirroring failover monitors the status of machines by tracking network requests and responses exchanged between
a monitored source machine and the failover target. The time between requests and the number of allowable responses that
can be missed combine to create a timeout period. When the source machine fails to respond before the timeout period has
expired, Storage Mirroring determines that the source has failed. At this time, you will be prompted to initiate failover or it
may occur automatically, if configured. In the event of failover, the target assumes or adds the identity of the failed source
including machine name, IP address, and subnet mask.
Failover also sends updates to routers and other machines to update the IP to MAC address mapping. Network packets and
applications destined for the failed IP address are routed to the target machine.
Depending on the type of client workstations, the timeout settings, and the applications in use, the clients may notice only a
slight pause while the failover process occurs. If the failover timeout is set to a duration such as several minutes, clients may
see an Abort or Retry message at their machine if they try to communicate with the source before the timeout has expired
and the failover process has completed. For most 32-bit clients and network aware applications, reconnection is automatic.
In the case of older client software, the workstation may need to be rebooted to reestablish a connection to the target, which
is now acting as the source.
By incorporating user-defined failover scripts into the process, network administrators can automate many network and
application events on the target machine, such as starting applications or system services, adding or removing IP addresses, or
sending network messages to administrators.
Each Storage Mirroring target tracks which source machines it has failed over for. In the event that one of these machines
comes back online on its own before the failback process has been completed, failover will not allow the source to mirror or
replicate so that data integrity on the target is not compromised.
The Failback Process
The source machine problem(s) must be corrected while disconnected from the network to avoid a name or IP address
conflict. After the problem(s) are corrected, the network administrator manually initiates failback. The source machine should
not be reattached to the network until failback has completed. For Windows, this means that Storage Mirroring has
completely removed the source’s identity from the target.
Depending on the type of machine and data that Storage Mirroring is protecting, failback may need to be scheduled for an
inactive period. If failover is being used in conjunction with Storage Mirroring replication or if a drive on the source was
replaced, the data on the source may not be the most current information. It may be necessary to restore the most recent
data from the target machine to the proper location on the source before initiating the failback process and bringing the source
back online. (With Storage Mirroring, the restore can be accomplished by mirroring the changed data back to the source
machine. See
Restoration on page 12-1 for more information.)
Users may notice an interruption at their workstations during failback. This delay will occur between the completion of the
failback process and the time needed to bring the source machine back online.
Like failover, network administrators can incorporate user-defined failback scripts into the process to automate many
network and application events on the target machine, such as starting applications or system services, adding or removing IP
addresses, or sending network messages to administrators.
NOTE: Failover is not supported across a NAT firewall.