Availability Guide for Application Design
Data Protection and Recovery
Availability Guide for Application Design—525637-004
4-6
Database Recovery
server processes to manipulate the database or place a request on a transaction-
protected queue, the system assigns the same transaction identifier to each server
process. For multithreaded requesters and servers, each thread that initiates or
participates in a transaction will have its own unique transaction identifier.
For transactions that successfully finish, the end point involves committing all updated
records to disk. At this point, the changes to the disk are permanent and cannot be
undone, unless a file recovery operation is performed. (Refer to File Recovery on
page 4-9 for information about file-recovery operations.)
It is up to the application programmer to indicate where the beginning and the end of
the transaction must occur and to maintain the association between each thread of a
multithreaded requester or server and its current transaction.
When the application requests an end to the transaction, TMF starts a two-phase
commit operation involving the process that requested the commit and all other
processes participating in the transaction; that is, all processes that have done work on
audited files with the current transaction identifier. Phase 1 asks all participants to
prepare to commit their part of the transaction. When all participants are ready, phase
2 commits the transaction.
Database Recovery
Database recovery is the collection of features in TMF that enables you to return your
database to a known, consistent state after any kind of problem that threatens its
integrity. Specifically, you can recover to a consistent state after any of the following:
•
An operator or data-entry clerk intentionally or unintentionally causes the
transaction to abort.
•
Program logic determines that the transaction cannot finish and aborts the
transaction.
•
A single-component failure interrupts a transaction, causing it to be aborted; for
example, a processor failure.
•
System failure occurs because:
°
An extended power failure or human error causes a total system failure.
°
Multiple system components (processors or buses) fail and cause the entire
system to become unavailable.
•
Both disks of a mirrored pair fail while transactions are changing data on the disks.
The TMF features that provide this protection are described in the remainder of this
subsection. They include:
•
An audit trail of before-image and after-image data
•
Transaction backout
•
Volume recovery
•
Online dumps and audit dumps