HP OpenView Storage Mirroring User Guide (360226-002, May 2004)
11 - 9
Failover Options
In order for failover to stand in for a failed machine, you must configure the monitoring and failover options. These options
are the same regardless of the configuration method (Management Console, Failover Control Center, or Text Client) that
you use.
! Source Machine—The machine that is monitored for failure.
! IP Addresses—The machine that is monitored for failure may have one or more IP addresses. When multiple IP
addresses are available, you have the option of monitoring some or all of the addresses as well as failing over for some
or all of the addresses.
! Target Machine—The machine that will be assuming the identity of the source machine in the event that the source
machine fails.
! Target NIC—The network card on the target machine that will receive the traffic from the failed source machine.
! Monitor Interval and Missed Packets—The monitor interval specifies how often the monitor request is sent to the
source machine. The missed packets specifies how many monitor replies can be missed before assuming the source
machine has failed. To achieve shorter delays before failover, use lower monitor interval and missed packets values. This
may be necessary for IP addresses on machines, such as a web server or order processing database, which must remain
available and responsive at all times. Lower values should be used where redundant interfaces and high-speed, reliable
network links are available to prevent the false detection of failure. If the hardware does not support reliable
communications, lower values can lead to premature failover. To achieve longer delays before failover, choose higher
monitor interval and missed packet values. This may be necessary for IP addresses on slower networks or on a server
that is not transaction critical. For example, failover would not be necessary in the case of a server restart.
! Failover Trigger—When multiple IP addresses on a source machine are being monitored, failover can begin after one
monitored address fails or it can be delayed until all of the monitored addresses fail. Consider that if there are multiple
redundant paths to a server, losing one probably means an isolated network problem and you should wait for all IP
addresses to fail. You should also consider that if each IP address is on a different subnet, you should trigger failover after
one fails.
! Target Identity after Failover—You have the option of adding the source’s identity to the target machine or replacing
the target identity with that of the source.
! Failover Execution—When multiple IP addresses on a source machine are available (whether they are all monitored or
not), failover can occur for just the monitored IP addresses or for all of the machine’s IP addresses. You can also specify
if the server name and any source shares will be failed over. The same considerations specified in Failover Trigger
should be kept in mind when configuring failover execution. The execution is dependent on the machine configuration
when multiple NICs are in use.
! Share Mapping—You have the option of failing over shares so that they are available on the target machine after failover.
If share mapping is not used, users will not be able to access shared data.
! Manual Intervention—Manual intervention allows you to control when failover occurs. When a failure occurs, a prompt
appears in the Failover Control Center and waits for you to manually initiate the failover process. You can disable manual
intervention if you want failover to occur automatically.
! Scripts—The failover and failback scripts for the target are stored on the target machine, but are unique for each source
machine. The failback script for the source is stored on the source machine. Scripts may contain any valid Windows
command, executable, or batch file. To see samples of failover and failback scripts, see Application Failover o n p ag e B - 1 .
! Active Directory Account—If you are using Active Directory, you will need to use the Failover Control Center to
identify a user and the associated password that has update privileges within Active Directory. This allows SPNs to be
created and deleted during failover.
NOTE: Only standard file system shares are created on the target during failover. If you are using MSCS cluster shares
created through the MSCS Cluster Administrator, those shares will need to be manually created on the target
machine.
If you are configuring failover so that drive shares are created on the target during failover but your source and
target machines do not have the same drive letters, you must use the
All-to-One selection on the Servers tab
of the Connection Manager or the map base command in the Text Clients when establishing your connection.
Otherwise, the shares will not be created on the target during failover.
If a share is created on Windows NT 4 or Windows 2000 with the default full access permissions (without an
ACL) and then failed over, the permissions given to the target will be dependent on the target’s operating
system. On a Windows 2003 target, the default permission will only be read only permission.
If you are failing over multiple source machines and they contain shares with identical names, the shares from
the second failed source will replace the shares from the first failed source. For example, if two servers both
have a share called \\users, and one machine fails, \\users from that first failed server will be available on the
target after failover. If the second server fails, the \\users share will failover and replace the \\users share
currently on the target (from the first failed machine). Use unique share names across all servers to avoid this
situation.
NOTE: Failover scripts will run but will not display on the screen if the Storage Mirroring service is not set to interact
with the desktop. Enable this option through the Services applet.