Availability Guide for Application Design
Availability Through Process-Pairs and Monitors
Availability Guide for Application Design—525637-004
7-18
Passive Backup Is Easier to Design
not written specifically for the HP passive-backup model will easily convert to run as a
process pair.
In the active-backup model, many applications containing hidden state information can
be modified to run as a process pair so long as the hidden state information is not
critical to the execution of the process.
Passive Backup Is Easier to Design
Active backup requires various design decisions to be made that are predefined for
passive backup. Active backup requires explicit programming of various operations
that are implemented for passive backup in the Guardian application programmer
interface. The additional design and implementation that must be coded for active
backup involves:
•
Establishing control-state information
•
Establishing data-state information
•
Implementing a communications protocol between the primary process and the
backup process
•
Sending file-state information to the backup
•
Receiving and processing information in the backup process
Process Pairs and Nowait I/O
Nowait I/O is typically used in applications where read operations remain posted on
devices for extended periods of time. For example, a read operation might be posted
several minutes or even hours on an automated teller (ATM); in other types of
applications, such a read could be posted for days or even weeks.
If these read operations were done using waited I/O, the primary process would need
to wait until the read returned before it could check its $RECEIVE for system
messages. In an application designed this way, it could take weeks until the primary
receives notification of the failure of its backup, thereby leaving the application
vulnerable for extended periods of time.
Nowait I/O, however, adds complexity to an application, especially if the application is
a process pair. Using nowait I/O, the process can issue a nowait read on $RECEIVE
and a nowait read on the terminal. The first read to finish gets serviced immediately.
In a more general situation, it is possible that many nowait operations could be
outstanding at the point of takeover. All such operations must be restarted in the
backup process as part of its takeover logic. One solution is to keep a data structure
describing each I/O operation, copy it to the backup process each time it is modified,
then restart the outstanding nowait operations in the backup process using the
information in the data structure.