StorNext User’s Guide 320
Appendix A

AHA Failover

StorNext is designed to be a resilient data management solution. StorNext
supports operation in degraded mode and provides functionality to
guarantee data protection in the event of a storage device failure or total
site outage. For certain environments though, additional protection is
required to deliver a higher level of availability. To meet these demands,
StorNext includes MetaData Controller (MDC) failover.
MDC failover allows a secondary MDC to take over StorNext operations
in the event a primary MDC fails. Failover is supported for all StorNext
management operations including client IO requests (File System) and
data mover operations (Storage Manager). MDCs in a failover pair
typically run in an active / passive configuration, but both MDCs can be
configured to run active File System processes. In the event one MDC
fails, the other continues to perform its current operations, as well as
those of the failed MDC.
Like all failover solutions, StorNext must provide functionality to prevent
a damaged or inaccessible MDC from incorrectly processing IO requests
that should be handled by the active MDC (often referred to as a “split
brain” scenario). To handle this, StorNext utilizes a special failover
methodology call STONITH - shoot the other node in the head. STONITH
Note: Active / Active Storage Manager processes are not currently
supported in MDC failover.