On Fri, 7 Sep 2012, Edward Ned Harvey (lopser) wrote:
I believe these products exist, but I'm having difficulty finding them.
You want to provide HA virtualization... Meaning some VM should appear
to always be up, even if half of the underlying hardware were to die.
At first blush, it would seem impossible ... Even the fastest network
can't possibly keep up with the internal CPU state and memory of the
guest VM. But I would swear, some years ago, I saw or heard something
intelligent ... The host OS is able to quickly snapshot and diff the
guest machine state, so it does this at critical moments, like, when the
guest OS is sending outbound network packets. So you don't actually
need to keep the complete guest machine state in sync between two
machines; you only need to quickly send diffs at critical moments.
Then at any given moment, more than one host hardware can be hosting the
identical internal system state for some guest VM.
From vmware, the product they call "High Availability" just restarts the
server on other hardware. (As far as I can tell from their tech docs.)
Plus, Vmware doesn't do storage... So you'll have to get your own HA
storage separately.
From virtualbox, you have live migration, but no HA. (As far as I can
tell.)
If you have a complex service, with apache, database, files, etc... The
challenge is, what's the best way to make it HA? You can do some
database replication, and use a load balancer, and either NFS or iscsi
with mirroring, to make the filesystem HA. But that's a lot of stuff to
possibly go wrong.
The best I can find so far is to simply mirror the underlying storage of
the guest OS, so in a failure, you can quickly easily boot the guest on
another host. This is probably ok for a lot of purposes, a brief
downtime in the event of failure. But I like to aim high whenever
possible...
Thanks for any comments/suggestions.
vmware claims this capability, given the problems of transferring full
state of systems from one machine to another, I don't beleive that it is
actually going to work all the time. There is always going to be a window
where one part has processed and replied to a packet and the change in
state has not been propgated to the second machine. This gets even worse
if you start talking about geographically separated systems.
This sort of HA isn't going to help you if the first machine writes junk
to the drive or memory as it goes down.
I would also be very nervous about vendor lock-in (and possibly even
version incompatibilities) for something that's trying to work at this
sort of level.
This sort of thing can work if the virtual system that's being migrated
doesn't have too many dependancies on the outside world, or it small
interruptions of connections are acceptable.
I much prefer to build 'normal' clusters of machines (that just happen to
be virtual) and keep from having both primary and backup on the same
physical host.
It's more work to setup, but there's less "magic" involved that can cause
subtle breakage on you.
David Lang
_______________________________________________
Tech mailing list
Tech@lists.lopsa.org
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
_______________________________________________
Tech mailing list
Tech@lists.lopsa.org
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
