Remote disk mirroring provides a mechanism for instantaneous data recovery, according to advocates. A simplistic configuration entails the use of two storage platforms connected by a wide area network link and placed at some geographical distance from each other. In operation, should disk platform A in the production environment become compromised, then applications and end-users "fail over" to a backup disk platform B at a remote location, which contains a current copy of the data in platform A. Information processing continues unabated. Part of the high cost of mirroring is that it typically entails more than simply the deployment of two identical arrays. Within each array, or at least inside the primary array, most vendors recommend the use of "mirror-splitting," [4] which, depending on how the strategy is implemented, can increase the price for an array by several times the price of the nonmirrored configuration. Mirror- splits are created by synchronizing the data on one set of disk drives inside the array with another set inside the same array (that is, creating a synchronous or symmetrical mirror pair), then periodically removing the mirrored set from service (i.e., "breaking it off") and substituting a second synchronized mirror set in its place (see Figure 9-10). Figure 9-10. Mirror-splits and replication.
It is important not to oversimplify this process, which requires a bit of magic to do properly. At the block-device level, data mirroring involves synchronously copying changes made at one storage volume (source) to another volume (target). From the host or application perspective, no write is considered complete until the changes have been applied to all of the mirrors as well as the original. Mirrors may be created within a single storage device or, if the application's architecture allows, between physically separate devices. When a mirror target device is broken away or 'split" from the original, the target device becomes a static, point-in-time (PIT) copy of the source. This is where things get tricky. Depending on the steps taken to quiesce the application or file system at the moment before the mirror is split, the PIT copy will have a state of "coherency" relative to the application, the file system, or the block device level. So, integration of the mirror-splitting process with the application is key to determining the level of data consistency found in the resulting PIT copy. States of coherency range from " transactionally consistent," meaning that the resulting copy represents a PIT copy of all user transactions completed up to the moment of the split, to "crash consistent," meaning that the copy looks pretty much like what would exist if someone had simply pulled the plug on the application server. With crash consistent PIT copies, some undetermined number of user transactions may be incomplete or lost. Performed properly, this process provides a safeguard against certain types of internal array failures and delivers instant access to the last version of the data saved at the time of the split. This process is usually replicated to some degree on each external mirror array. The intention of implementing multiple mirror-splits is to speed the recovery effort and minimize the amount of real-time data lost in the event of an outage . A disk-based data protection strategy, using mirror-splits and replication, provides considerable improvement over tapes in terms of recovery speed. Such solutions may be intriguing from a risk reduction standpoint, but the costs are enormous because an extra full set of disks is needed for each mirror-split, and additional disks may be required for local and remote replication, as well. In this strategy, for every terabyte of storage that is used to support a host application, nine or more terabytes of additional disk capacity are required to support mirror-splits ( assuming a replication interval of every six hours) and split replication on other arrays. In addition to these high costs, mirror-split and replication solutions also have the following major limitations:
New approaches and products, such as Time Addressable Storage (TAS) from Revivio, are helping to reduce the need for multiple mirror-splits and to optimize mirroring hardware requirements (see the discussion of TAS later in this chapter). However, mirroring in general has some additional potential drawbacks that should be considered.
It should be added that mirroring, like other data copying schemes, does not protect against all threats to data integrity. Erred data, whether created by a software glitch, user input error, virus program, or other source of data corruption, is replicated across mirrors with the same speed and alacrity as good data. In this regard, disk- and tape-based backup are both vulnerable, though one could argue that the selective restoral of tape insulates against some threats that mirroring does not. Of course, as many successful recoveries enabled by mirroring solutions demonstrate , the disk-to-disk data protection strategy can be a powerful one. Properly applied and carefully implemented, such a strategy offers the capability for short "time-to-data"recovery of mission critical data access. |