Automatic failover configuration with redundant abservers

US 7,734,596 B2
Filed: 11/24/2006
Issued: 06/08/2010
Est. Priority Date: 11/30/2005
Status: Active Grant

First Claim

Patent Images

1. An automatic failover configuration comprising:

participants that are implemented in a processor and a memory device accessible to the processor, the participants includinga primary database system that processes transactions and produces redo data therefor,a standby database system that receives the redo data via a redo communications link, andan active observer that exchanges first control messages with the primary database system and the standby database system;

one or more redundant observers;

one or more non-redo communications links that are not redo communications links and that link the active observer and the redundant observers to the primary database system and the standby database system,the active observer and the redundant observers operating on non-database system entities which are coupled to the non-redo communication link and having hardware and/or operating system platforms that are different from the hardware and/or operating system platforms used in the primary and standby database systems; and

an active observer monitor that detects absence of the active observer by monitoring the primary database system and the standby database system via the non-redo communications links for receipt of control messages from the active observer and replaces the absent active observer with an observer of the redundant observers.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques used in an automatic failover configuration having a primary database system, a standby database system, and an observer for preventing divergence among the primary and standby database systems while increasing the availability of the primary database system. In the automatic failover configuration, the primary database system remains available even in the absence of both the standby and the observer as long as the standby and the observer become absent sequentially. The failover configuration further permits automatic failover only when the observer is present and the standby and the primary are synchronized and inhibits state changes during failover. The database systems and the observer have copies of failover configuration state and the techniques include techniques for propagating the most recent version of the state among the databases and the observer and techniques for using carefully-ordered writes to ensure that state changes are propagated in a fashion which prevents divergence.

16 Citations

View as Search Results

18 Claims

1. An automatic failover configuration comprising:
- participants that are implemented in a processor and a memory device accessible to the processor, the participants includinga primary database system that processes transactions and produces redo data therefor,a standby database system that receives the redo data via a redo communications link, andan active observer that exchanges first control messages with the primary database system and the standby database system;
  
  one or more redundant observers;
  
  one or more non-redo communications links that are not redo communications links and that link the active observer and the redundant observers to the primary database system and the standby database system,the active observer and the redundant observers operating on non-database system entities which are coupled to the non-redo communication link and having hardware and/or operating system platforms that are different from the hardware and/or operating system platforms used in the primary and standby database systems; and
  
  an active observer monitor that detects absence of the active observer by monitoring the primary database system and the standby database system via the non-redo communications links for receipt of control messages from the active observer and replaces the absent active observer with an observer of the redundant observers.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The automatic failover configuration set forth in claim 1 wherein:
    - when the absent active observer returns after having been replaced, the returned active observer becomes an observer of the redundant observers.
  - 3. The automatic failover configuration set forth in claim 1 wherein:
    - there is a plurality of the active observer monitors;
      
      each of the redundant observers includes an active observer monitor of the plurality; and
      
      at least one of the redundant observers uses its included active observer monitor to monitor the active observer.
  - 4. The automatic failover configuration set forth in claim 1 wherein:
    - the active observer and each of the redundant observers runs on independent hardware, the hardware being further independent of the primary and standby database systems.
  - 5. The automatic failover configuration set forth in claim 4 wherein:
    - the non-redo communications links that connect the active observer and each of the redundant observers to the primary and standby database systems are independent.
  - 6. The automatic failover configuration set forth in claim 1 wherein:
    - the primary database system and the standby database system operate in database servers; and
      
      the active observer and the redundant observers are clients of the database servers.
  - 7. The automatic failover configuration set forth in claim 1 wherein:
    - when the active observer monitor in a redundant observer of the redundant observers detects absence of the active observer, the active observer monitor issues a first command to the primary database system which stops the active observer and a second command to the primary database system which starts the redundant observer as the active observer unless another redundant observer has already started as the active observer.
  - 8. The automatic failover configuration set forth in claim 7 wherein:
    - the active observer is identified by a unique active observer identifier;
      
      the second command causes the primary database system to issue a new unique active observer identifier to a single one of the redundant observers; and
      
      the active observer ceases being an active observer when the active observer cannot receive a new active observer identifier from the primary database system or receives a control message with a different active observer identifier.
  - 9. Data storage apparatus characterized in that:
    - the data storage apparatus contains code which, when executed in the primary database system, the standby database system, and/or the active observer, implements the automatic failover configuration set forth in claim 1.

10. An observer for use in an automatic failover configuration having a primary database system and a standby database system, the observer being one of a plurality of observers in the automatic failover configuration and being implemented in a processor having a storage device accessible to the processor and the observer having communication links to the primary database system and the standby database system, exchanging control messages with the primary and/or the standby, and providing a quorum to the primary or the standby for a transition from a configuration state of the automatic failover configuration to another configuration state thereof,the observer comprising:
- an active observer indicator that indicates whether the observer is exchanging control messages with the primary and/or the standby;
  
  an automatic failover configuration state handler that responds to the control messages when the observer is active by providing the quorum where necessary; and
  
  an active observer monitor which, when the observer is not active, monitors whether the active observer has become absent from the automatic failover configuration and when the active observer has become absent, acts to make another of the plurality of observers the active observer,the observer being linked by one or more non-redo communications links that are not redo communications links to the other observer, the primary database system, and the standby database system,the observer and the other observer operating on non-database system entities which are coupled to the non-redo communication link and having hardware and/or operating system platforms that are different from the hardware and/or operating system platforms used in the primary and standby database systems, andthe active observer monitor detecting absence of the active observer by monitoring the primary database system and the standby database system via the non-redo communications links for receipt of control messages from the active observer.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The observer set forth in claim 10 wherein:
    - the active observer monitor acts to make the other observer the active observer by issuing a first command to the primary database system which stops the active observer and a second command to the primary database system which starts the other observer as the active observer unless a further observer of the plurality has already started as the active observer.
  - 12. The observer set forth in claim 11 wherein:
    - the active observer indicator is a unique value which the active observer obtains from the primary database system upon becoming the active observer;
      
      the second command causes the primary database system to return a new active observer indicator unless the further observer has already started as the active observer; and
      
      the active observer ceases being an active observer when the automatic failover configuration state handler cannot receive a new active observer identifier from the primary database system or receives a control message with a different active observer identifier.
  - 13. The active observer set forth in claim 10 wherein:
    - control of the active observer automatically shifts from the automatic failover configuration state handler to the active observer monitor when the observer ceases being the active observer and from the active observer monitor to the automatic failover configuration state handler when the observer becomes the active observer.
  - 14. Data storage apparatus characterized in that:
    - the data storage apparatus contains code which, when executed in a processor, implements the observer set forth in claim 10.

15. A method practiced in an observer belonging to an automatic failover configuration having a primary database system and a standby database system and one or more observers, the observers being implemented in a processor having a storage device accessible to the processor, the observers having communication links to the primary database system and the standby database system, and an active observer of the observers exchanging control messages with the primary and/or the standby and providing a quorum to the primary or the standby for a transition from a configuration state of the automatic failover configuration to another configuration state thereof,the method comprising the steps of:
- when the observer is the active observer,ceasing to be the active observer in response to a control message indicating that the observer is no longer the active observer;
  
  when the observer is not the active observer,monitoring whether the active observer has become absent from the automatic failover configuration; and
  
  when the active observer has become absent, acting to make another of the observers the active observer,the observer being linked by one or more non-redo communications links that are not redo communications links to the other observer, the primary database system, and the standby database system,the observers operating on non-database system entities which are coupled to the non-redo communication link and having hardware and/or operating system platforms that are different from the hardware and/or operating system platforms used in the primary and standby database systems; and
  
  the active observer monitor detecting absence of the active observer by monitoring the primary database system and the standby database system via the non-redo communications links for receipt of control messages from the active observer.
- View Dependent Claims (16, 17, 18)
- - 16. The method set forth in claim 15 wherein the step of acting to make another observer the active observer comprises the steps of:
    - issuing a first command to the primary database system which acts to stop the active observer; and
      
      issuing a second command to the primary database system which makes the issuing observer the active observer if the other observer has not yet been made the active observer.
  - 17. The method set forth in claim 16 whereinthe active observer is identified by a unique active observer identifier;
    - andin the step of issuing the first command, if the primary database system responds to the first command by issuing a new unique active observer identifier to the issuing observer, the issuing observer has been made the active observer; and
      
      in the step of ceasing to be the active observer, the control message indicates that the unique active observer identifier has changed.
  - 18. Data storage apparatus characterized in that:
    - the data storage apparatus contains code which, when executed by the observer, implements the method set forth in claim 15.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle International Corporation (Oracle Corporation)
Original Assignee
Oracle International Corporation (Oracle Corporation)
Inventors
Voss, Douglas Andrew, Garin, Benedicto Elmo Jr., Vivian, Stephen John, Guzman, Raymond
Primary Examiner(s)
Ali; Mohammad
Assistant Examiner(s)
BUI, THUY T

Application Number

US11/604,064
Publication Number

US 20080126846A1
Time in Patent Office

1,292 Days
Field of Search

707/10, 707100-102, 707/104.1, 707/200, 707/204, 707/104, 707/202, 707/609, 707/636, 707/674, 714 3- 4, 714/6, 714/13, 714/1, 714/2
US Class Current

707/674
CPC Class Codes

G06F 11/1482   by means of middleware or O...

G06F 11/2023   Failover techniques

G06F 11/2025   using centralised failover ...

G06F 11/2028   eliminating a faulty proces...

G06F 11/2041   with more than one idle spa...

G06F 11/2074   Asynchronous techniques

G06F 11/2076   Synchronous techniques

G06F 11/2082   Data synchronisation

G06F 11/2097   maintaining the standby con...

Automatic failover configuration with redundant abservers

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

16 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Automatic failover configuration with redundant abservers

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links