Continuity™ provides the industry’s ONLY storage & backup security solution, to help you protect your most valuable data.
Information Technology systems exist in a highly complex, fluid and dynamic framework. High Availability systems are particularly vulnerable to misconfigurations and drifts that are caused by the daily maintenance done on the entire cluster infrastructure. In this post, we will examine the Top 10 cluster availability risks that exist in datacenters worldwide. We will examine what causes these problems, what impact they have on the IT infrastructure, and then explore possible solutions.
Here are the top 10 cluster availability risks.
If you experience this problem, it is because the SAN volume that was added to the active cluster node was mistakenly not configured on the passive node of that cluster. The problem that you typically see is an inaccessible SAN volume to the passive cluster node. Fortunately, this problem is easily resolved by mapping the SAN volume to the passive cluster node.
If you experience this issue, it is likely the result of coordination problems among different teams, perhaps even human error. It is difficult to maintain path redundancy across multiple layers such as switch networks, ports and arrays. The problem that you will likely see is a single point of failure on the I/O path from the server to a storage array. This can result in an outage and increased downtime. The problem can be resolved by configuring multiple I/O paths which make use of different SAN switches, array ports and FC adapters.
This problem can be the result of virtual machines moving from one host to another. They may even end up running on the same host, leading to single points of failure. This can potentially shut down critical business services, as you certainly don’t want to have all your proverbial eggs in one basket. The resolution to this problem is simple enough: use multiple hosts with your virtual machines.
This can be the result of alterations to the mount point directory of an existing file system on an active node. If changes were not performed on the passive node, an erroneous cluster configuration will arise. What you will then see is a mount point directory that does not exist on all the cluster nodes. To rectify this problem, simply create the missing directory on the passive cluster node.
This problem can arise when the end-to-end data path is not visible to the database team. Single point of failures can be avoided by creating multiple instances of transaction log files and control files. If you store all these files on an unprotected disk, you run the risk of a single point of failure. To resolve this issue, it’s best to migrate control files and transaction log files to different file systems, for storage on separate disks and file systems.
This problem arises when an HBA on a server is incorrectly configured with access permissions to storage volumes of other business services or servers. One of the scenarios leading to this risk is when an HBA – FC adapter – is removed from a server that is no longer used, and installed in another production server; the new server can now access the storage volumes of the retired server, resulting in downtime and data corruption. The resolution of this issue requires reconfiguration of storage masking and zoning.
When DNS configuration creates a single point of failure, it can result in downtime. This occurs when the DNS server list contains a single server, or alternatively when the DNS server list contains multiple servers with only one of them being valid. For example, if the Name Server is unavailable, then name resolution will fail. These issues can be rectified by correctly updating the directory service settings with DNS server IP configuration.
When the Storage Device Group definitions are not updated after a new volume is added to the active node this problem arises. The problem you will see is that the Device Group will not have the SAN volumes used by the active node. You run the risk of data corruption on the SAN volumes, when clusters fail. Since the SAN volumes are not in the Device Group, replication will not stop for the missing volumes when a fail-over command will be triggered, thus rendering the data inconsistent and unusable to the remote cluster node. To resolve this issue, the storage device group configuration must be refreshed and any missing storage volumes must be included.
Hidden misconfigurations may occur since there is limited visibility into I/O multipathing. This problem arises when the passive node of the high availability cluster is configured with 2 x I/O paths without load balancing and the active cluster node is configured with 4 x I/O paths which are load balanced for shared SAN volumes. This degrades performance and can result in service disruption after a failover. To fix this problem, extra I/O paths must be created on the passive node and the I/O policy should be set to load balancing.
Updates are common to hardware products and software products. If an error occurs and changes are not recorded, a misalignment of cluster nodes occurs with installed packages, products, defined users, kernel parameters, DNS settings, configuration files, users and user groups. To fix this, installations or upgrades of hardware and software should be undertaken to remedy gaps between cluster nodes, or parameters and configuration files should be revised to include the correct values.
Get in touch to see how you can detect, prioritize, and fix all security risks in your storage & backup systems.