headers
Scott Campbell | 16 Nov 2011 04:25
Picon

How Robust is eDirectory?

Just how robust is the 8.8.x incarnation of eDir?

We are creating a formal DR plan and as part of that we are replicating VMware Guests to a server in another
city.  These replicated guests will be cold and bought up only to test or if we have a major disaster.

To minimise the impact on the email part of the services, we will have a couple of servers running on the
remote host which will have a r/w replica of the root of our tree.  In the event of a disaster the DR sites r/w
replica will be newer than the replicated guests which we would want to power up.  Infact any of the servers
that we want to bring up will have inconsistent views of the state of the tree.

So, is eDirectory smart enough to identify the server that has the most current state of the replica and then
have those replicated servers request the updates from the DR sites r/w replica?  Or would I need to promote
the DR sites r/w replica to master of root and then remove the directory services from each of my replicated servers?

Our tree has fairly minimal actively initiated changes - maybe add a couple of users a year, a dozen file
right changes.

I see that there is a section in the Novell documentation entitled "Disaster Recovery Plan using DSBK" but
that doesn't really seem to even touch on the potential issue - I gather I am just being a little too
paranoid? :-)

Cheers,
Scott
Permalink | Reply |
headers
joe.doupnik | 16 Nov 2011 10:56
Picon
Picon
Favicon

Re: How Robust is eDirectory?

	Your concern is not paranoid at all, just the opposite.
	I don't have good answers to your questions, but I do have an 
observation or two. They amount to this case: master replica holder 
suffered a problem and stopped communicating with other servers in the 
ring. Time passes while I travel, and eventually I discovered the 
situation. I rebooted the master and life resumed with no complaints.
	Were I in your shoes I would thoroughly test the delayed power up 
situation in the lab. I would not ignore DSBK completely, but I would 
get the backups, move them to the down servers on a regular basis and 
restore them when a server is started (finesse with lan connectivity, 
ifdown eth0 style, would be required to avoid exposing the old replica).
	The deep down problem, as I see it, is an old replica has pending 
updates which upon a server restart it tries to complete and they 
conflict with current conditions. To stop that I would remove a replica 
holder from the ring, shutdown the server, and later re-add it when 
ready. This should eliminate the pending transaction problem.
	Joe D.

On 16/11/2011 03:25, Scott Campbell wrote:
> Just how robust is the 8.8.x incarnation of eDir?
>
> We are creating a formal DR plan and as part of that we are replicating VMware Guests to a server in another
city.  These replicated guests will be cold and bought up only to test or if we have a major disaster.
>
> To minimise the impact on the email part of the services, we will have a couple of servers running on the
remote host which will have a r/w replica of the root of our tree.  In the event of a disaster the DR sites r/w
replica will be newer than the replicated guests which we would want to power up.  Infact any of the servers
that we want to bring up will have inconsistent views of the state of the tree.
>
> So, is eDirectory smart enough to identify the server that has the most current state of the replica and
(Continue reading)

Permalink | Reply |
headers
Scott Campbell | 16 Nov 2011 20:06
Picon

Re: How Robust is eDirectory?

Thanks for the comments Joe.

Definitely appreciate the testing aspect which will happen, though the concern around that is 'what I
don't see going wrong under the covers'.

Our DR servers will regularly be updated with a snapshot, so at worst they will be 7 days old, though if
bandwidth permits we want 1 day.  The DR guests will be kept powered off except for testing purposes which
will occur in an isolated environment.

If we activate our DR server guests then this constitutes a catastrophic event at our main site, as such the
original servers will be isolated - if they survive then when we get access to the site they would be wiped
and our DR server guests would be moved back on to the production hosts.

So my primary concern is

ServerA snapshot occurs at 01:00 and gets copied ta ServerA_DR - at this point ServerA_DR is an 'exact copy
of ServerA production'
ServerB snapshot occurs at 01:10 and gets copied as ServerB_DR - at this point ServerB_DR is an 'exact copy
of ServerB production'

We now have a difference of 10 minutes worth of eDir activity between ServerA_DR and ServerB_DR. 

Catastrophy hits at 01:30, ServerA and ServerB for all intents and purposes are destroyed.

I manually start ServerA_DR then I manually start ServerB_DR.  At this point ServerB_DR has eDir activity
to 01:10, but ServerA_DR has eDir activity up to 01:00.  

- Will ServerA_DR be smart enough to recognise that ServerB_DR has a more recent updates and sync those
updates from ServerB_DR?
(Continue reading)

Permalink | Reply |
headers
Bill Brush | 17 Nov 2011 03:05
Picon

Re: How Robust is eDirectory?

While the plural of anecdote is not data I will give you the benefit
of my anecdote(s).

On one occasion I was working on my edir tree (3 replicas, 1
partition) and for some reason the server holding the master replica
pooched up.  I had done a snapshot before that operation (SAN based
snapshot) so I rolled that server back by about an hour.  No harm
done.

On another occasion I rolled a test server on the lab network back
several weeks and eDir didn't complain.

Based on my experience a 10 minute, or even 10 hour, differential
isn't going to cause the directory any issues.

Bill

On Wed, Nov 16, 2011 at 1:06 PM, Scott Campbell
<Scott.Campbell <at> indfish.co.nz> wrote:
> Thanks for the comments Joe.
>
> Definitely appreciate the testing aspect which will happen, though the concern around that is 'what I
don't see going wrong under the covers'.
Permalink | Reply |
headers
Scott Campbell | 21 Nov 2011 00:10
Picon

Re: How Robust is eDirectory?

Hi Bill,

thank you for your comments. :)

Cheers,
Scott

>>> On 17/11/2011 at 15:05, Bill Brush <bbrush <at> gmail.com> wrote:

While the plural of anecdote is not data I will give you the benefit
of my anecdote(s).

On one occasion I was working on my edir tree (3 replicas, 1
partition) and for some reason the server holding the master replica
pooched up.  I had done a snapshot before that operation (SAN based
snapshot) so I rolled that server back by about an hour.  No harm
done.

On another occasion I rolled a test server on the lab network back
several weeks and eDir didn't complain.

Based on my experience a 10 minute, or even 10 hour, differential
isn't going to cause the directory any issues.

Bill

On Wed, Nov 16, 2011 at 1:06 PM, Scott Campbell
<Scott.Campbell <at> indfish.co.nz> wrote:
> Thanks for the comments Joe.
>
(Continue reading)

Permalink | Reply |

Gmane