M-Vault uses an underlying high-end database transaction subsystem, which provides assurance that hardware, operating system or application failures will not corrupt a directory server database. This transaction support also enables on-line backup procedures for disaster recovery. M-Vault provides fail-over clustering and off site disaster recovery using either a SAN approach or one or more independent failover servers.

M-Vault provides a number of capabilities to provide high reliability in mission critical environments.

Transactional Database

M-Vault utilises a high-performance transactional database. This provides a high level of assurance that hardware, operating system or application software failures will not corrupt a directory server database. It also enables the establishment of an on-line back-up regime for a directory service that will support both simple-recovery and disaster-recovery scenarios.

Database Hot Backup

M-Vault includes tools for backup of the databases while the server is running, so the directory service can provide uninterrupted service.

Database Recovery

The underlying on-disk database is transactional. This means that in the event of a system-crash or hardware failure then the database is recoverable once the machine and disk database have been brought up again.

Replication for High Read Availability

Data can be replicated using X.500 DISP (Directory Information Shadowing Protocol) and/or multi-master replication. This enables the various servers in a distributed directory to hold local copies of data held elsewhere. This ensures that data is available if one server in the network goes down, and is key to achieving very high availability for read and search operations.

Key features include:

  • Total and incremental updates.
  • Primary and secondary shadowing.
  • Supplier and consumer initiated shadowing.
  • Authentication of supplier and consumer.
  • Scheduled and on-change updates.
  • Flexible replication configuration.

Multi-Master for High Write Availability

When a set of M-Vault servers are deployed in a multi-master configuration they are fully (mesh) interconnected. Directory writes may be applied to any server in the multi-master configuration, as there is no single master. A key benefit of multi-master is that write operations can continue in the event of single server failure without operator intervention. M-Vault multi-master capabilities are described further in the [ACID Multi-Master Replication in M-Vault Directory] whitepaper.

Single Master: Failover Clustering and Disaster Recovery

M-Vault can be deployed in a single master architecture, which is a good approach for many directory deployments and can make exclusive use of X.500 DISP replication. High availability for search and read can be provided by directory replication.

M-Vault supports fail-over clustering which provides high reliability for the master server by enabling use of two servers with a shared RAID disk. This gives resilience for both disk and server failure. Isode recommends the use of dual-ported disks for best master performance.

Clustering can be deployed over a SAN to give Off Site Hot Standby (Disaster Recovery). This requires a fast network link, so is usually constrained to relatively short distances.

In order to provide for flexible disaster recovery, M-Vault enables the configuration of one or more mirror servers, which are exact clones of the master server. In normal operation, these servers operates as standard shadow servers, providing high read availability.

In the event of master failure, one of the mirror servers will be promoted to act as the master. This gives a flexible disaster recovery approach, which can work over long distance. Further information is given in the white paper [M-Vault Failover and Disaster Recovery].

LDAP Transactions

Some directory applications need to make multiple changes to the directory as a single transaction, to ensure consistency of information held in multiple directory entries. M-Vault enables this using RFC 5805 "Lightweight Directory Access Protocol (LDAP) Transactions". This allows a series of (related) LDAP operations to be applied as a single transaction. This is of particular benefit to management applications that modify related directory properties.