Following are the guidelines that must be followed to configure a Serviceguard cluster across network subnets:

All the nodes in the cluster must belong to the same domain.

The latency period in the heartbeat network that is configured across subnets must be less than 200 milliseconds.

A minimum of two heartbeat subnets must be configured for all cluster nodes.

Each heartbeat subnet on a node must be routed using a different physical route to the other heartbeat subnet on the other node.

Redundant physical networks need to be cabled separately between sites to maintain high availability.

Each subnet that is used by a package must be configured with a standby interface in the local bridged network.

For more information on configuring cross-subnet clusters, see the Managing Serviceguard manual available at http://www.hp.com/go/hpux-serviceguard-docs —> HP Serviceguard.

Following are the disaster tolerant architecture requirements:

In the disaster tolerant cluster architecture, it is expected that each data center is self-contained such that the loss of one data center does not cause the entire cluster to fail. It is important that all single points of failure (SPOF) be eliminated so that surviving systems continue to run in the event that one or more systems fail.

It is also expected that the networks between the data centers are redundant and routed in such a way that the loss of any one data center does not cause the network between surviving data centers to fail.

Exclusive volume group activation must be used for all Volume Groups (VG) associated with packages that use the disk arrays in a Metrocluster with non-SADTA environment. The design of the Metrocluster script assumes that only one system in the cluster will have a VG activated at any time.

Metrocluster also defines a Site Aware Disaster Tolerant Architecture (SADTA) for complex workloads such as Oracle RAC database, including Oracle Database 10gR2 RAC and Oracle Database 11gR1 RAC, and SAP that use CFS, CVM, or SLVM. This solution uses an additional software feature called the Site Controller Package to provide disaster tolerance for workload databases. For more information on SADTA, see “Overview of Site Aware Disaster Tolerant Architecture” (page 337).

Single Data Center

A single data center architecture is supported, but it is not a true disaster tolerant architecture. If the entire data center fails, there will be no automated failover. This architecture is only valid for protecting data through data replication, and for protecting against multiple node failures.

Two Data Centers and Third Location with Arbitrator(s)

This is the recommended and supported disaster tolerant architecture for use with Metropolitan cluster. This architecture consists of two main data centers with an equal number of nodes and a third location with one or more arbitrator nodes or a quorum server node. Figure 1.

24 Designing a Metrocluster