There are some disaster situations from which an organisation cannot recover using only local redundancy systems. For some, keeping off-site backups is sufficient insurance against such a situation and those organisations have two simple options:
- Have a spare system available for use at a disaster recovery site.
- Operate a distributed deployment with independent systems on more than one site.
However, for those companies that view any data or message loss as unacceptable the 'off-site hot standby' approach described below provides an off-site system that will take over from the primary system without any service interuption in the event of a total failure at the primary site.
Isode's Off Site Hot Standby Architecture
The approach to providing off site hot standby is closely related to that used to provide fail-over clustering. In a fail-over clustering system, operations move to a standby system in the event of the primary system failing. Off site hot standby is provided by having the standby system on a disaster recovery site.
As well as a separate processor, an independent copy of all appropriate files is kept at the remote site. This is achieved by a process known as disk mirroring or RAID 1 (Redundant Array of Independent Disks 1). This setup is often referred to as a SAN (Storage Area Network).
RAID 1 is used to keep data consistent between the off site and primary copies. Additionally, it is likely that some form of hardware based RAID will be used at one or both sites to deal with the risk of disk failure.
There are two basic approaches that can be used to provide the RAID 1 disk mirroring between the primary and disaster recovery sites:
- Software. Isode recommends iSCSI, which is supported by a number of products. It is also available as a part of most Unix operating systems, and so can be implemented using standard hardware. iSCSI allows the RAID 1 mirroring to occur over an IP network using standard network cards. It is a good solution for low and medium volume deployments.
- Hardware. There are a number of hardware solutions that can be used to provide RAID 1, such as Fibrechannel. This is appropriate for a high volume deployment.
These two architectures are illustrated below.
These architectures show how the data is mirrored. As with fail-over clustering, a heartbeat mechanism is used by the disaster recovery system to detect failure of the primary system. If this happens, the disaster recovery system will take over operation.
Off site hot standby for Isode's products for R16.0 is available on:
- Windows Server 2008 and 2008 R2, Standard or Enterprise Editions (32 and 64bit), 2012 Standard Edition (64bit) using Windows Clustering Services.
- Red Hat Linux Enterprise Linux 6 (32 and 64bit) and CentOS equivalents using Red Hat High Availability Add-On components.
For other platforms and Isode releases, and in particular for Solaris on Ultrasparc and Intel, contact Isode support.
Off Site Hot Standby Support
Off Site Hot Standby is a security feature common to the following Isode server products:
- M-Store X.400
M-Link uses its own clustering protocol, and the type of clustering here is not recommended for M-Link.