IBM manual Building power loss, Power fluctuation protection, Power control of the DS8000

4.7.1 Building power loss

The DS8000 uses an area of server memory as non-volatile storage (NVS). This area of memory is used to hold data that has not been written to the disk subsystem. If building power were to fail, where both primary power supplies (PPSs) in the base frame were to report a loss of AC input power, then the DS8000 must take action to protect that data.

4.7.2 Power fluctuation protection

The DS8000 base frame contains battery backup units that are intended to protect modified data in the event of a complete power loss. If a power fluctuation occurs that causes a momentary interruption to power (often called a brownout) then the DS8000 will tolerate this for approximately 30ms. If the power line disturbance feature is not present on the DS8000, then after that time, the DDMs will stop spinning and the servers will begin copying the contents of NVS to the internal SCSI disks in the processor complexes. For many customers who use UPS (uninterruptible power supply) technology, this is not an issue. UPS-regulated power is in general very reliable, so additional redundancy in the attached devices is often completely unnecessary.

If building power is not considered reliable then the addition of the extended power line disturbance feature should be considered. This feature adds two separate pieces of hardware to the DS8000:

1.For each primary power supply in each frame of the DS8000, a booster module is added that converts 208V battery power into 12V and 5V. This is to supply the DDMs with power directly from the batteries. The PPSs do not normally receive power from the BBUs.

2.Batteries will be added to expansion racks that did not already have them. Base racks and expansion racks with I/O enclosures get batteries by default. Expansion racks that do not have I/O enclosures normally do not get batteries.

With the addition of this hardware, the DS8000 will be able to run for up to 50 seconds on battery power, before the servers begin to copy NVS to SCSI disk and then shutdown. This would allow for a 50 second interruption to building power with no outage to the DS8000.

4.7.3 Power control of the DS8000

Unlike the ESS 800, the DS8000 does not possess a white power switch to turn the DS8000 storage unit off and on. All power sequencing is done via the Service Processor Control Network (SPCN) and RPCs. If the user wishes to power the DS8000 off, they must do so using the management tools provided by the Storage Hardware Management Console (S-HMC). If the S-HMC is not functional, then it will not be possible to control the power sequencing of the DS8000 until the S-HMC function is restored. This is one of the benefits that is gained by purchasing a redundant S-HMC.

4.7.4 Emergency power off (EPO)

Each DS8000 frame has an emergency power off switch. This button is intended purely to remove power from the DS8000 in the following extreme cases:

￿The DS8000 has developed a fault which is placing the environment at risk, such as a fire.

￿The DS8000 is placing human life at risk, such as the electrocution of a service representative.

Apart from these two contingencies (which are highly unlikely), the EPO switch should never be used. The reason for this is that the DS8000 NVS storage area is not directly protected by batteries. If building power is lost, the DS8000 can use its internal batteries to destage the

80DS8000 Series: Concepts and Architecture