Justin Langford Principal Consultant

The business continuity problem Cold/ Warm/ Hot Standby Solutions Failover Clustering Database Mirroring Combining Availability Technologies

Fundamentals No failover, potential data loss

Backup and Restore Third party solutions: storage snapshots, VDI Detach/ Attach

Distributed Data Manual failover, possible data loss

Log Shipping Peer-to-peer replication Database Mirroring (High Performance mode) Data Mirroring (third party hardware/ software mirroring

High Availability Automatic failover, no data loss

Database Mirroring (High Availability mode) Failover clustering Multi-site (Geo) clusters

Operator

Majority of downtime attributed to System Admins Application Software can improve fault tolerance System Software can help at all levels

Application Software System Software Hardware

Commodity hardware now very reliable

Evaluating business continuity solutions

Automatic or Manual Detection Automatic or Manual Failover Failover time Number of failures survived Data Currency / Loss Data Consistency Granularity: Instance, Database, Table, Page, Row Cost - hardware, network, additional management Complexity Recovery Point Interval/ Recovery Time Interval
we need zero downtime, zero data loss

Transparency to clients

The business continuity problem Cold/ Warm/ Hot Standby Solutions Failover Clustering Database Mirroring Combining Availability Technologies

Backup / Restore

Backup/ Restore & Detach/ Attach

Manual detection and failover Potential for data loss Clients must be redirected Slowest failover most downtime Backup / Restore Log backups allow point in time restore
Detach / Copy / Attach

Detach / Copy / Attach Copies entire files No rolling forward logs

Replication

Replication and Log Shipping

Manual detection and failover Replication since SQL Server 6.0
Primarily used where availability is required in conjunction with scale out of read activity Failover requires custom solution Could define subset of source database Latency between source and copy can be seconds

Log Shipping Log Shipping

Basic idea: Backup, Copy, Restore Log will always be supported Database scope Database accessible but read-only Users must exit for next log to be applied

Peer-to-Peer Transactional Replication

Peer-to-Peer Transactional Replication

SQL Server 2005 introduced bi-directional transactional replication

Enables scale-out and improved availability Warm / hot standby
Possibility of data loss on failure

SQL Server 2008 improvements

Conflict detection
Each row has a hidden column listing originating peer node ID for change Distribution Agent on each node detects conflicts by comparing hidden column

New Topology Wizard makes setup/ changes easier

Failover Cluster

Failover clustering and Database Mirroring

Both solutions provide

Automatic detection Automatic, fast failover Manual failover Transparent client redirection Zero work loss Site redundancy

Database Mirroring

The business continuity problem Cold/ Warm/ Hot Standby Solutions Failover Clustering Database Mirroring Combining Availability Technologies

Failover Cluster

* Inst1
SRV2 SRV1 Hot Standby Automatic detection and failover Multiple nodes provide availability Failover transparent to client Windows Server 2008 EE supports 16 node clusters Windows 2008 clusters must pass validation tests (no HCL) Supports many scenarios: Multiple Active Instances, N+1, N+I

Multiple Active Instances

N+1: N Active, 1 Inactive Instances

N+I: N Active, I Inactive Instances

* Inst1 Inst3 * Inst2 *

* Inst1 Inst2 *

Failover Cluster

* Inst1

Node Majority Each node has a vote Cluster functions with majority of votes
Node and Disk Majority Each node plus the disk witness can vote Cluster functions with majority of votes Node and File Share Majority Each node plus the file share witness can vote Cluster functions with majority of votes

Majority means more than half

No Majority: Disk Only Cluster functions if one node is available with quorum disk presented Nodes in communication with quorum disk are cluster members

Failover Cluster

* Inst1

Choosing a Quorum Model

Description of Cluster Odd number of nodes Even number of nodes (single site) Even nodes, multi-site cluster Quorum Recommendation Node Majority Node and Disk Majority Node and File Share Majority

Failover Cluster

* Inst1

Zero work loss, minimal impact on throughput Instance Failover entire instance works as a unit Single copy of databases Available since SQL Server 7.0 No standby reporting, testing etc. Single cluster can support multiple instances Can provide site fault-tolerance

Failover Cluster

New setup for SQL Server 2008

No remote execution on cluster nodes Run SQL Server setup to Install/ uninstall / upgrade nodes Option 1: Integrated installation with Add Node Configure single-node cluster instance Run SQL Server Setup with Add Node functionality to add each node Option2: Advanced/Enterprise installation Run Setup with Prepare Failover Cluster on each node Run Setup on node owning shared disks to Complete Failover Cluster

Site redundancy
SQL Server requires single-subnet Stretch VLAN between sites

Requires synchronous storage replication Performance dependent on network RTT

Configure Heartbeat timeout Increase to extend clusters over further distances Decrease to increase failure sensitivity for faster failover

Two Quorum configurations suitable for multi-site failover clusters

Node and File Share Majority

Site C
\\SERV1\CLUS1
File Share Witness

Site A

Site B

SAN

SAN

STORAGE REPLICATION

Node Majority

Site A

Site B

SAN

SAN

STORAGE REPLICATION

The business continuity problem Cold/ Warm/ Hot Standby Solutions Failover Clustering Database Mirroring Combining Availability Technologies

Database Mirroring

Hot Standby Provides a fault-tolerant database Database Failover

Very fast failover
<5 secs (most cases)

Zero data loss

No special server, storage or network requirements Automatic or manual failover

Automatic re-sync after failover

Automatic, transparent client redirect

Application

Witness Mirror

Commit

Mirror always redoing log to remain current

Principal

2
SQL Server

SQL Server

2
Log

>2
Data

3
Log

>3
Data

Trade off: Performance vs. Safety High Availability - synchronous mirroring with a witness
Automatic detection/failover No data loss

High Protection - synchronous mirroring without a witness

Manual failover No data loss, downtime possible

High Performance - asynchronous mirroring

Manual failover Data loss possible

Available in SQL Server 2008 Enterprise Edition Automatic Page Repair

Auto-resolve some errors that prevent reading a page Retrieve fresh copy from partner Unreadable page is replaced by the copy

Repairs are asynchronous

Query on principal accessing corrupt page will fail If mirror accesses corrupt page - mirroring session is suspended

Not all errors can be repaired

823, 824 errors - Windows returns a CRC error when reading page 829 errors restore pending

Pages that cannot be repaired include:

file header page database boot page allocation bitmap pages (GAM, SGAM, PFS)

New DMV sys.dm_db_mirroring_auto_page_repair Repair logged to SQL Server Error log

... Error: 824, Severity: 24, State: 2. ... SQL Server detected a logical consistency-based I/O error: incorrect checksum ... ... Database mirroring is attempting to repair physical page (4:4256) in database MyDB" by requesting a copy from the partner. ... Database mirroring successfully repaired physical page (4:4256) in database MyDB" by obtaining a copy from the partner.

Log compression
DBM performance affected by network performance Useful low-bandwidth scenarios

Outgoing log stream - principal to mirror compressed

Requires CPU to compress/ decompress Can be disabled

High-bandwidth network performance

Heavy duty, fully-logged maintenance operations when mirroring is involved (e.g. index rebuild)

Log Compression Transactions/ second

Greatest improvement for low bandwidth networks

CPU Usage with Log Compression

CPU usage sometimes x2 Compression overhead Increased transaction throughput

The business continuity problem Cold/ Warm/ Hot Standby Solutions Failover Clustering Database Mirroring Combining Availability Technologies

Replication

Maximize availability for

Scale out
Offload primary data platform

Heavy reporting Mobile/disconnected users Autonomous business units that share data

Failover Solutions

Maximize availability of critical systems

Designed for failover
Fast, automatic

Zero data loss Transactionally current Masks planned and unplanned downtime

Failover Solution + Replication Fault-Tolerant Publisher and Distributor

Distributor Subscribers

Publisher

Principal Server can be a Failover Cluster

Failover to mirror will occur before failover within the cluster
Principal will assume role of Mirror

Mirror can be a Failover Cluster as well

Failover Cluster Failover Cluster

Principal

Mirror

Attribute Automatic failover Perceived downtime Potential data loss

Failover Cluster Yes 30 secs + recovery Single copy of data

Log Shipping No n/a Yes, most recent transaction log

Database Mirroring Yes, in High Safety < 5 secs Yes, in some configurations

Masking storage failure

Special hardware Scope

No
Must pass validation System and user databases

Yes
No User databases

Yes
No User databases