Data Repositories and Infrastructure Services

All but the smallest businesses rely on computers to store and retrieve the data that flows through their organizations. For rapid retrieval, this data usually resides on high-performance magnetic storage, rather than tape. Normally, mirroring or RAID 5 protects the data to prevent a disk failure leading to data loss. However, a server outage renders the data unavailable until the server is fixed. As a result, other information-processing tiers within a corporation cannot function until the data is available again. A Sun Cluster solution provides an insurance policy by limiting the maximum service outage of vital data to the time it takes to recover and restart the service.

Within most organizations, corporate data is held, accessed, and used in a variety of ways, including flat files and relational database management systems (RDBMSs). Often, email and name services play a crucial role too. The sections that follow describe these services and the benefits they realize from being hosted on a cluster.

File Services

File servers proliferate in many organizations, hosting a wide variety of data types ranging from text documents and web pages to multimedia data, such as audio and video files. Client workstations and PCs commonly share these files, using the Network File System (NFS) or Common Internet File System (CIFS) protocol. A file server may support many hundreds of users, so an outage can prevent large numbers of staff from working. For example, when an NFS server centralizes web farm data or stores archived log files from a database, a failure can impact several other critical servers too. For details, see the impacted user minutes (IUM) example in “Cost Estimation”.

NFS

The NFS is commonly deployed as a way of centralizing the provision of home and data directories, thereby simplifying corporate backup and space management tasks. Similarly, many large web farm installations use NFS servers as a central repository for web pages, common gateway interface (CGI) scripts, and servlets, rather than replicating updates to multiple web servers. The majority of corporations that use NFS this way can use the Sun Cluster 3.0 software to ensure the availability of these resources.

NFS is a stateless protocol, which means that it is capable of surviving a server failure without losing data or requiring users to restart their applications. Deploying an NFS service on a cluster reduces the possibility that a server outage results in a prolonged period of downtime, while continuing to make any failure transparent to the users.

SAMBA

SAMBA provides a UNIX SMB/CIFS file and print service that enables Microsoft Windows interoperability, without additional software on the client machine. Features include—Microsoft Windows NT 4.0 primary domain controller (PDC) and backup domain controller (BDC) capability and Microsoft Windows NT file system (NTFS) and printing support for Microsoft Windows clients. (For details on the features SAMBA supports, see http://www.samba.org). SAMBA data services can be written with the Sun Cluster 3.0 APIs described in “Agent Application Program Interfaces”, which, when deployed on a Sun Cluster, create highly available PC file and print services.

Most Microsoft Windows NT services are connection oriented and not stateless like NFS. However, if a network problem occurs, the underlying Microsoft Windows operating system services try to reestablish a connection and state, so most Microsoft Windows applications using file access services from SAMBA are unaffected by a switchover. Other Microsoft Windows NT services, such as graphical user interface (GUI) management tools, server administration tools, and printing, notice the failure and must be restarted.

Database Services

Most business applications, including enterprise resource planning (ERP) solutions from the SAP AG and Siebel Systems, Inc. customer relationship management (CRM) products, rely on an RDBMS to store data. These applications are often implemented on clustered hardware because of the key role the applications play in day-to-day business functions. Without access to the database, middle-tier applications and dependent processes within the organization stall or fail. This high degree of interdependency makes a strong case for putting a critical database on a clustered system.

Businesses use a variety of applications that rely on databases to hold data. Broadly speaking, these applications are in two categories—online transaction processing (OLTP) and decision support systems (DSS). The role that clustering plays in supporting these application types depends not only on the financial and customer satisfaction penalties of an outage, but also on the way in which database technology combines the computer hardware resources of two or more servers into a single, more powerful entity. The suitability of an application, such as Oracle 8i Parallel Server (Oracle 8i OPS) or Oracle 9i Real Application Cluster (Oracle 9i RAC), to parallel database technology determines whether Sun Cluster 3.0 can offer the desired combination of increased availability and enhanced scalability.

Sun Cluster 3.0 data services provide failover support for IBM DB2, Informix, ORACLE®, and Sybase products. In addition, these data services enable parallel database support for IBM DB 2 7.2 Extended Enterprise Edition (EEE) and Oracle 8i OPS and Oracle 9i RAC.

Sun Cluster 3.0 supports both simple failover of the Oracle server, through the HA-Oracle data service, and the parallel capabilities of Oracle 8i OPS and Oracle 9i RAC.

HA-Oracle

The start, stop, and monitoring scripts in the Sun HA-Oracle data service make an individual, standard Oracle server instance highly available. A Sun Cluster system can host multiple HA-Oracle instances distributed across the entire cluster, even when the same node hosts several instances. However, unlike Oracle 8i OPS or Oracle 9i RAC, each instance uses only the resources available to it on the node that is executing the instance. The paragraphs that follow outline the benefits and disadvantages that govern the business decision to use one or the other of these products.

When an HA-Oracle cluster is deployed, data files are laid out on the file system or on raw devices, in exactly the same manner as they are on a standalone server. The addition of the Sun HA-Oracle agent makes the database highly available. This approach has the advantage of requiring minimal additional database administrator training, since all the tuning and other day-to-day tasks are identical. After a failure, the database recovers its consistency, using its log files in the normal way. The time taken to recover depends entirely on the volume and type of transactions being processed at the time of the failure.

Oracle 8i OPS and Oracle 9i RAC

The Oracle 8i OPS and Oracle 9i RAC parallel packages are designed to run in a clustered environment. Unlike HA-Oracle, these packages require the data be placed on raw devices, under the control of the Cluster Volume Manager (a licensable component of VxVM) if the devices are not hardware RAID devices, rather than on the file system. This scheme enables concurrently physical I/O to a single device from multiple nodes. The UNIX distributed lock manager (UDLM) protects data from corruption. See “Locks and Lock Management” and “Lock Mastering”. In contrast to an HA-Oracle system, instances for that specific database are already running on a second cluster node, ready to accept user connections and transactions. As a result, users can reconnect to the database service almost immediately after a failure, enabling the Oracle 8i OPS and Oracle 9i RAC implementations to offer and meet higher service levels. The consequent trade-off comes in increased license and staff training costs; the latter is due to the increased product complexity.

Deploying a parallel database does not guarantee that an application automatically scales or performs well. In particular, applications in which tables and indexes suffer high contention rates for specific data blocks may result in lower than expected, or even negative, scalability. Lower scalability occurs because the data blocks may move back and forth across the cluster interconnect to fulfill cache coherency requirements. Even though faster interconnects are being developed, there is no substitute for rearchitecting the application to be more cluster friendly. Programmers writing a distributed computing application should first optimize its internode communication before demanding a faster interconnect.

Both Oracle 8i OPS and Oracle 9i RAC can run in one of two modes— active/passive or active/active mode.

When you deploy the active/passive mode, user connections are made to one node only, thus eliminating the overhead of lock contention, because all of the locks are owned by one node. If the node that is hosting the users fails, all connections are lost and must be reestablished. In addition, only the resources on the active node are being fully used.

In contrast, active/active deployment distributes users across every node, thereby fully utilizing the available hardware resources. A node failure affects only the users connected to that node, requiring them to re-establish their connections. The failure of a node in a two-node cluster, for example, results in only half the users losing their connection and consequently only half the number of transactions require recovery.

Regardless of whether you use an HA or parallel Oracle implementation, the failure of the database disconnects the users from the system. Typically, users get an ORA-3113 or similar error message. The loss of connection is not easy to mask and requires the use of transaction monitors like suitably written Enterprise JavaBeans™ (EJB™), Tuxedo from BEA systems, or CICS from IBM, that can plug into an application server. See “Application Servers”. The decision to invest in the additional integration work needed to mask these interruptions depends on the benefits it brings versus the higher development and maintenance costs.

Messaging Services

Scalable mail services are particularly important for Internet service providers (ISPs), application service providers (ASPs), and large corporations that want to consolidate their email. The message storage area is usually implemented as a set of index files, enabling it to sustain higher throughput than that achievable through standard sendmail(1M) implementations.

Sun Cluster 3.0 supports iPlanet™ Messaging Server 5.1 through the SUNW.ims resource type [iMS51]; messages are stored on the cluster file system. The SUNW.ims agent can start, stop, and monitor the message transfer agent (MTA) that is central to the process of sending and receiving messages. MTA, in turn, depends on a highly available Lightweight Directory Access Protocol (LDAP) service. See “LDAP”.

Name Services

Name services provide central repositories for a range of system and user data. Traditionally, services like domain name service (DNS) and network information service (NIS) were used for storage and retrieval of Internet Protocol (IP) address to host name mappings. Also, NIS enabled a number of other mappings to be stored—usernames to passwords, services to port number, and so forth. More recently, LDAP has extended this role to include storage of application configuration and user profile data. As a result, many enterprise applications are highly dependent on its services.

DNS

DNS is an important service for any organization with a large network infrastructure and any corporation connected to the Internet. Through DNS, client systems can resolve the host names of other servers, both on the intranet and on the Internet. Similarly, web servers can use reverse name lookup to track the usage of their web site, though this impacts the performance of high-throughput web servers.

The DNS implementation for a particular zone uses primary, secondary, and possibly cache-only servers. The primary server is the authoritative source for all queries to its zone, and it is where your system administrator makes all necessary updates to the files that in.named(1M) loads. Secondary servers can provide additional resilience and throughput when the primary is overloaded or unavailable; however, secondary servers are not the central point of control for the zone. All of the updates to the secondary server come from the primary. Therefore, making the primary server highly available is still substantially beneficial.

Cache-only DNS servers are used to reduce the amount of DNS traffic over slow networks or wide area networks (WAN.) The DNS caching algorithm is simple and based on a serial number and expiration time for the DNS data. When the timeout expires and a new request arrives, the caching server reloads the data from the primary or secondary server. The serial number is used to indicate that the data has been changed by the primary. This simple cache synchronization method works well for the Internet because the primary does not know or care how many cache-only servers exist.

The Sun DNS data service is a failover rather than a scalable service. The DNS data files are stored in the global file system, rather than on the root disk. This method allows the in.named(1M) process to read them in, regardless of which node is hosting the service. Because the system creates and destroys the connections for each lookup performed, requests fail if they are being processed when a DNS outage occurs.

LDAP

The LDAP protocol is gaining popularity as the standard way to store user profile and application configuration data. Products like the iPlanet™ Portal Server and iPlanet Messaging Server, for example, use it extensively to hold user preferences.

Sun Cluster 3.0 supports the Netscape Directory Server (NDS) through its SUNW.nsldap agent. For accessibility from every node, all LDAP data must reside in the global file service. As with DNS connections, requests fail if they are being processed when an LDAP outage occurs.

NIS and NIS+

Currently, Sun Cluster 3.0 does not support NIS or NIS+ as data services. However, both data services can provide resilience through configuration of appropriate slave servers.