On Sat, 24 Jul 1999 12:05:36 +0200, Ralf Baechle <ralf@uni-koblenz.de>
said:
>> No. Then you'd have a single machine handle the filesystem
>> and I don't want no single point of failure.
> You're searching for the silver bullet which doesn't exist. I know of
> some Omirr like ha-system in a German bank. A pair of machines for
> reasons of availability even distributed over a city each had mirrored
> disks, running OpenVMS.
VMS host-based shadowing is _nice_. :)
> The data corruption caused by a not correctly plugged in SCSI cable
> resulted in both mirror sets being corrupted and the corrupted data
> also being mirrored over to the other system.
Sure --- garbage in, garbage out. You still aren't proof against an
application failure or against writing the wrong data. That doesn't
mean that having a redundant storage subsystem is useless: it just means
that such redundancy is only part of the problem.
btw, Tandem would have caught that scsi error: the existence of such
fault tolerant systems shows that it _is_ possible to guard against
random machine failures. You are still in trouble if the application is
buggy, of course.
--Stephen
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/