mirror of https://github.com/schoebel/mars
arch-guide: split backup from replication and rework
This commit is contained in:
parent
b2092e3d51
commit
1f67d8833d
|
@ -1233,7 +1233,183 @@ reach
|
||||||
\end_layout
|
\end_layout
|
||||||
|
|
||||||
\begin_layout Section
|
\begin_layout Section
|
||||||
Replication vs Backup
|
What is Backup
|
||||||
|
\begin_inset CommandInset label
|
||||||
|
LatexCommand label
|
||||||
|
name "sec:What-is-Backup"
|
||||||
|
|
||||||
|
\end_inset
|
||||||
|
|
||||||
|
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Standard
|
||||||
|
A Backup is a
|
||||||
|
\series bold
|
||||||
|
copy of your data
|
||||||
|
\series default
|
||||||
|
at a
|
||||||
|
\series bold
|
||||||
|
different location
|
||||||
|
\series default
|
||||||
|
.
|
||||||
|
There are two distinct operations associated with backup:
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Enumerate
|
||||||
|
|
||||||
|
\series bold
|
||||||
|
Creation
|
||||||
|
\series default
|
||||||
|
of backup.
|
||||||
|
This creates a
|
||||||
|
\series bold
|
||||||
|
copy
|
||||||
|
\series default
|
||||||
|
, or a new version of a copy.
|
||||||
|
It involves some network traffic over various distances, e.g in simplest
|
||||||
|
case over a USB cable, or from the application datacenter to a backup datacente
|
||||||
|
r.
|
||||||
|
Typically, this is done at
|
||||||
|
\series bold
|
||||||
|
regular time intervals
|
||||||
|
\series default
|
||||||
|
, e.g.
|
||||||
|
daily.
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Enumerate
|
||||||
|
|
||||||
|
\series bold
|
||||||
|
Restore
|
||||||
|
\series default
|
||||||
|
from backup.
|
||||||
|
This does the
|
||||||
|
\emph on
|
||||||
|
opposite
|
||||||
|
\emph default
|
||||||
|
of backup creation.
|
||||||
|
It also involves network traffic, but in
|
||||||
|
\series bold
|
||||||
|
reverse direction
|
||||||
|
\series default
|
||||||
|
.
|
||||||
|
The
|
||||||
|
\series bold
|
||||||
|
roles
|
||||||
|
\series default
|
||||||
|
of application datacenter and backup datacenter
|
||||||
|
\series bold
|
||||||
|
do not change
|
||||||
|
\series default
|
||||||
|
.
|
||||||
|
Restore is typically
|
||||||
|
\series bold
|
||||||
|
triggered manually
|
||||||
|
\series default
|
||||||
|
, and only after some incident which led to
|
||||||
|
\series bold
|
||||||
|
data loss
|
||||||
|
\series default
|
||||||
|
.
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Standard
|
||||||
|
\noindent
|
||||||
|
\begin_inset Graphics
|
||||||
|
filename images/MatieresCorrosives.png
|
||||||
|
lyxscale 50
|
||||||
|
scale 17
|
||||||
|
|
||||||
|
\end_inset
|
||||||
|
|
||||||
|
It would be a
|
||||||
|
\emph on
|
||||||
|
bad idea
|
||||||
|
\emph default
|
||||||
|
to restore a backup although there is no data loss.
|
||||||
|
This would likely overwrite your newest application data with an elder
|
||||||
|
version, likely leading to
|
||||||
|
\emph on
|
||||||
|
data loss
|
||||||
|
\emph default
|
||||||
|
.
|
||||||
|
Therefore, restore is
|
||||||
|
\series bold
|
||||||
|
potentially dangerous operation
|
||||||
|
\series default
|
||||||
|
!
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Standard
|
||||||
|
\begin_inset Flex Custom Color Box 3
|
||||||
|
status open
|
||||||
|
|
||||||
|
\begin_layout Plain Layout
|
||||||
|
\begin_inset Argument 1
|
||||||
|
status open
|
||||||
|
|
||||||
|
\begin_layout Plain Layout
|
||||||
|
|
||||||
|
\series bold
|
||||||
|
Summary: structural properties of backup
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\end_inset
|
||||||
|
|
||||||
|
Backup is
|
||||||
|
\series bold
|
||||||
|
asymmetrical
|
||||||
|
\series default
|
||||||
|
.
|
||||||
|
It involves two non-exchangable roles / locations, application location
|
||||||
|
vs backup location.
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Plain Layout
|
||||||
|
\noindent
|
||||||
|
\begin_inset Graphics
|
||||||
|
filename images/MatieresCorrosives.png
|
||||||
|
lyxscale 50
|
||||||
|
scale 17
|
||||||
|
|
||||||
|
\end_inset
|
||||||
|
|
||||||
|
Confusion of these roles, or triggering an unnecessary restore is a
|
||||||
|
\series bold
|
||||||
|
risk
|
||||||
|
\series default
|
||||||
|
for
|
||||||
|
\series bold
|
||||||
|
data integrity
|
||||||
|
\series default
|
||||||
|
.
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Plain Layout
|
||||||
|
\noindent
|
||||||
|
\begin_inset Graphics
|
||||||
|
filename images/lightbulb_brightlit_benj_.png
|
||||||
|
lyxscale 12
|
||||||
|
scale 7
|
||||||
|
|
||||||
|
\end_inset
|
||||||
|
|
||||||
|
Conversely, having no reasonable backup at all is an even higher risk.
|
||||||
|
Backup is a
|
||||||
|
\series bold
|
||||||
|
best practice
|
||||||
|
\series default
|
||||||
|
.
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\end_inset
|
||||||
|
|
||||||
|
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Section
|
||||||
|
What is Replication
|
||||||
\begin_inset CommandInset label
|
\begin_inset CommandInset label
|
||||||
LatexCommand label
|
LatexCommand label
|
||||||
name "sec:Replication-vs-Backup"
|
name "sec:Replication-vs-Backup"
|
||||||
|
@ -1278,7 +1454,9 @@ https://en.wikipedia.org/wiki/Replication_(computing)
|
||||||
\end_layout
|
\end_layout
|
||||||
|
|
||||||
\begin_layout Standard
|
\begin_layout Standard
|
||||||
For a rough comparison of
|
For this guide, we want a clearer discrimination, for better orientation
|
||||||
|
in the solution jungle.
|
||||||
|
As a rough comparison of
|
||||||
\emph on
|
\emph on
|
||||||
typical
|
typical
|
||||||
\emph default
|
\emph default
|
||||||
|
@ -1293,7 +1471,7 @@ typical
|
||||||
\noindent
|
\noindent
|
||||||
\align center
|
\align center
|
||||||
\begin_inset Tabular
|
\begin_inset Tabular
|
||||||
<lyxtabular version="3" rows="6" columns="3">
|
<lyxtabular version="3" rows="7" columns="3">
|
||||||
<features tabularvalignment="middle">
|
<features tabularvalignment="middle">
|
||||||
<column alignment="left" valignment="top">
|
<column alignment="left" valignment="top">
|
||||||
<column alignment="center" valignment="top">
|
<column alignment="center" valignment="top">
|
||||||
|
@ -1331,6 +1509,35 @@ Replication
|
||||||
<cell alignment="left" valignment="top" topline="true" leftline="true" usebox="none">
|
<cell alignment="left" valignment="top" topline="true" leftline="true" usebox="none">
|
||||||
\begin_inset Text
|
\begin_inset Text
|
||||||
|
|
||||||
|
\begin_layout Plain Layout
|
||||||
|
Timely pattern
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\end_inset
|
||||||
|
</cell>
|
||||||
|
<cell alignment="center" valignment="top" topline="true" leftline="true" usebox="none">
|
||||||
|
\begin_inset Text
|
||||||
|
|
||||||
|
\begin_layout Plain Layout
|
||||||
|
intervals
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\end_inset
|
||||||
|
</cell>
|
||||||
|
<cell alignment="center" valignment="top" topline="true" leftline="true" rightline="true" usebox="none">
|
||||||
|
\begin_inset Text
|
||||||
|
|
||||||
|
\begin_layout Plain Layout
|
||||||
|
continuously
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\end_inset
|
||||||
|
</cell>
|
||||||
|
</row>
|
||||||
|
<row>
|
||||||
|
<cell alignment="left" valignment="top" topline="true" leftline="true" usebox="none">
|
||||||
|
\begin_inset Text
|
||||||
|
|
||||||
\begin_layout Plain Layout
|
\begin_layout Plain Layout
|
||||||
Fast handover (planned)
|
Fast handover (planned)
|
||||||
\end_layout
|
\end_layout
|
||||||
|
@ -1428,7 +1635,7 @@ Protect for logical data corruption
|
||||||
\begin_inset Text
|
\begin_inset Text
|
||||||
|
|
||||||
\begin_layout Plain Layout
|
\begin_layout Plain Layout
|
||||||
yes (partly)
|
yes
|
||||||
\end_layout
|
\end_layout
|
||||||
|
|
||||||
\end_inset
|
\end_inset
|
||||||
|
@ -1448,7 +1655,11 @@ typically no
|
||||||
\begin_inset Text
|
\begin_inset Text
|
||||||
|
|
||||||
\begin_layout Plain Layout
|
\begin_layout Plain Layout
|
||||||
Disaster Recovery Time (MTTR)
|
Disaster Recovery Time (
|
||||||
|
\series bold
|
||||||
|
MTTR
|
||||||
|
\series default
|
||||||
|
)
|
||||||
\end_layout
|
\end_layout
|
||||||
|
|
||||||
\end_inset
|
\end_inset
|
||||||
|
@ -1457,7 +1668,9 @@ Disaster Recovery Time (MTTR)
|
||||||
\begin_inset Text
|
\begin_inset Text
|
||||||
|
|
||||||
\begin_layout Plain Layout
|
\begin_layout Plain Layout
|
||||||
typically (very) slow
|
typically
|
||||||
|
\series bold
|
||||||
|
very slow
|
||||||
\end_layout
|
\end_layout
|
||||||
|
|
||||||
\end_inset
|
\end_inset
|
||||||
|
@ -1466,6 +1679,8 @@ typically (very) slow
|
||||||
\begin_inset Text
|
\begin_inset Text
|
||||||
|
|
||||||
\begin_layout Plain Layout
|
\begin_layout Plain Layout
|
||||||
|
|
||||||
|
\series bold
|
||||||
fast
|
fast
|
||||||
\end_layout
|
\end_layout
|
||||||
|
|
||||||
|
@ -1481,12 +1696,109 @@ fast
|
||||||
|
|
||||||
\begin_layout Standard
|
\begin_layout Standard
|
||||||
\noindent
|
\noindent
|
||||||
|
There are some solutions implementing a
|
||||||
|
\emph on
|
||||||
|
mixture
|
||||||
|
\emph default
|
||||||
|
, by different combinations of some of these typical properties.
|
||||||
|
Here we focus on fundamental principles.
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Standard
|
||||||
|
Although
|
||||||
|
\series bold
|
||||||
|
replication
|
||||||
|
\series default
|
||||||
|
as defined here
|
||||||
|
\series bold
|
||||||
|
has much better properties
|
||||||
|
\series default
|
||||||
|
from a risk viewpoint on enterprise-critical data, there remains a gap
|
||||||
|
in favour of backup: backup is typically implemented as a
|
||||||
|
\emph on
|
||||||
|
logical copy
|
||||||
|
\emph default
|
||||||
|
, which lowers risks from certain types of
|
||||||
|
\series bold
|
||||||
|
data corruption
|
||||||
|
\series default
|
||||||
|
, such as filesystem corruption, for which only risky repair workarounds
|
||||||
|
like
|
||||||
|
\family typewriter
|
||||||
|
fsck
|
||||||
|
\family default
|
||||||
|
are the last resort when you don't have a backup
|
||||||
|
\emph on
|
||||||
|
in addition
|
||||||
|
\emph default
|
||||||
|
|
||||||
|
\begin_inset Foot
|
||||||
|
status open
|
||||||
|
|
||||||
|
\begin_layout Plain Layout
|
||||||
|
An integrated solution for continuous replication via logical copies would
|
||||||
|
be difficult.
|
||||||
|
There is a
|
||||||
|
\emph on
|
||||||
|
concept mismatch
|
||||||
|
\emph default
|
||||||
|
between logical copies and strict consistency requirements posed by fast
|
||||||
|
handover, while at the same time compensation of logical data corruption
|
||||||
|
would require the
|
||||||
|
\emph on
|
||||||
|
opposite
|
||||||
|
\emph default
|
||||||
|
of strict consistency.
|
||||||
|
Notice that logical copies are residing at higher layers, e.g.
|
||||||
|
filesystems or database records, while pure replication is easier done
|
||||||
|
at block layer.
|
||||||
|
See also section
|
||||||
|
\begin_inset CommandInset ref
|
||||||
|
LatexCommand nameref
|
||||||
|
reference "sec:Performance-Arguments-from"
|
||||||
|
plural "false"
|
||||||
|
caps "false"
|
||||||
|
noprefix "false"
|
||||||
|
|
||||||
|
\end_inset
|
||||||
|
|
||||||
|
.
|
||||||
|
Notice that snapshots at block layer cannot
|
||||||
|
\emph on
|
||||||
|
reliably
|
||||||
|
\emph default
|
||||||
|
protect against long-lasting
|
||||||
|
\series bold
|
||||||
|
silent corruptions
|
||||||
|
\series default
|
||||||
|
.
|
||||||
|
Even higher-layer ZFS snapshots treated in section
|
||||||
|
\begin_inset CommandInset ref
|
||||||
|
LatexCommand nameref
|
||||||
|
reference "subsec:Example:-ZFS-Replication"
|
||||||
|
plural "false"
|
||||||
|
caps "false"
|
||||||
|
noprefix "false"
|
||||||
|
|
||||||
|
\end_inset
|
||||||
|
|
||||||
|
cannot provide the same protection level as a classical per-inode multi-generat
|
||||||
|
ion backup onto a different filesystem type, thus lowering systematical
|
||||||
|
risks from software bugs in filesystem code.
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\end_inset
|
||||||
|
|
||||||
|
to replication.
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Standard
|
||||||
Because of these typical differences, enterprise-critical data typically
|
Because of these typical differences, enterprise-critical data typically
|
||||||
deserves
|
deserves
|
||||||
\emph on
|
\emph on
|
||||||
both
|
both
|
||||||
\emph default
|
\emph default
|
||||||
solution classes.
|
solution classes at the same time.
|
||||||
\end_layout
|
\end_layout
|
||||||
|
|
||||||
\begin_layout Standard
|
\begin_layout Standard
|
||||||
|
@ -1494,9 +1806,126 @@ both
|
||||||
status open
|
status open
|
||||||
|
|
||||||
\begin_layout Plain Layout
|
\begin_layout Plain Layout
|
||||||
Confusion of solution classes and/or their corresponding problem classes
|
\noindent
|
||||||
/ properties can be harmful to enterprises and to carreers of responsible
|
\begin_inset Argument 1
|
||||||
persons.
|
status open
|
||||||
|
|
||||||
|
\begin_layout Plain Layout
|
||||||
|
|
||||||
|
\series bold
|
||||||
|
Important requirements for replication
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\end_inset
|
||||||
|
|
||||||
|
|
||||||
|
\begin_inset Graphics
|
||||||
|
filename images/lightbulb_brightlit_benj_.png
|
||||||
|
lyxscale 12
|
||||||
|
scale 7
|
||||||
|
|
||||||
|
\end_inset
|
||||||
|
|
||||||
|
A good replication solution is
|
||||||
|
\series bold
|
||||||
|
symmetrical
|
||||||
|
\series default
|
||||||
|
.
|
||||||
|
There a two (or more) copies at different locations.
|
||||||
|
They are either active at the same time (which works reliably only rack-to-rack
|
||||||
|
over crossover cables, see section
|
||||||
|
\begin_inset CommandInset ref
|
||||||
|
LatexCommand nameref
|
||||||
|
reference "sec:Explanation-via-CAP"
|
||||||
|
plural "false"
|
||||||
|
caps "false"
|
||||||
|
noprefix "false"
|
||||||
|
|
||||||
|
\end_inset
|
||||||
|
|
||||||
|
), and/or they need to
|
||||||
|
\series bold
|
||||||
|
switch their roles quickly
|
||||||
|
\series default
|
||||||
|
.
|
||||||
|
Switching should have two different triggers:
|
||||||
|
\series bold
|
||||||
|
planned handover
|
||||||
|
\series default
|
||||||
|
, vs
|
||||||
|
\series bold
|
||||||
|
unplanned failover
|
||||||
|
\series default
|
||||||
|
in case of an incident.
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Plain Layout
|
||||||
|
\noindent
|
||||||
|
\begin_inset Graphics
|
||||||
|
filename images/lightbulb_brightlit_benj_.png
|
||||||
|
lyxscale 12
|
||||||
|
scale 7
|
||||||
|
|
||||||
|
\end_inset
|
||||||
|
|
||||||
|
Symmetry is an important precondition for
|
||||||
|
\series bold
|
||||||
|
fast reaction
|
||||||
|
\series default
|
||||||
|
onto incidents.
|
||||||
|
For
|
||||||
|
\series bold
|
||||||
|
enterprise-critical data
|
||||||
|
\series default
|
||||||
|
, this is important for drastically
|
||||||
|
\series bold
|
||||||
|
lowering
|
||||||
|
\series default
|
||||||
|
the expectance value of
|
||||||
|
\series bold
|
||||||
|
losses by incidents
|
||||||
|
\series default
|
||||||
|
.
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Plain Layout
|
||||||
|
\begin_inset Graphics
|
||||||
|
filename images/MatieresCorrosives.png
|
||||||
|
lyxscale 50
|
||||||
|
scale 17
|
||||||
|
|
||||||
|
\end_inset
|
||||||
|
|
||||||
|
Confusion of solution classes replication vs backup and/or their corresponding
|
||||||
|
problem classes / properties can be harmful to enterprises and to carreers
|
||||||
|
of responsible persons.
|
||||||
|
\end_layout
|
||||||
|
|
||||||
|
\begin_layout Plain Layout
|
||||||
|
\noindent
|
||||||
|
\begin_inset Graphics
|
||||||
|
filename images/lightbulb_brightlit_benj_.png
|
||||||
|
lyxscale 12
|
||||||
|
scale 7
|
||||||
|
|
||||||
|
\end_inset
|
||||||
|
|
||||||
|
Hint: the
|
||||||
|
\emph on
|
||||||
|
granularity
|
||||||
|
\emph default
|
||||||
|
of replication handover / failover is important for maximum flexibility.
|
||||||
|
See section
|
||||||
|
\begin_inset CommandInset ref
|
||||||
|
LatexCommand nameref
|
||||||
|
reference "subsec:Flexibility-of-Failover"
|
||||||
|
plural "false"
|
||||||
|
caps "false"
|
||||||
|
noprefix "false"
|
||||||
|
|
||||||
|
\end_inset
|
||||||
|
|
||||||
|
.
|
||||||
\end_layout
|
\end_layout
|
||||||
|
|
||||||
\end_inset
|
\end_inset
|
||||||
|
|
Loading…
Reference in New Issue