Fri Jan 20 13:47:01 PST 2006
- Previous message: [Slony1-general] "Blueprints for High Availability"
- Next message: [Slony1-general] "Blueprints for High Availability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Fri, Jan 20, 2006 at 04:21:15PM -0500, Christopher Browne wrote: > Maximizing availability, which is what HA is forcibly and unambiguously > about, may not be exactly the same thing as providing guarantees that > committed transactions can never be lost. Right. And even banks are forced to make some compromises here. For instance, nobody can do 2PC or any synchronous transaction replication across WANs. So a perfect, up to the millisecond version of the bank can't be online somewhere else. In a system I'm familiar with, the transaction log is 2PCd somewhere else at transaction time, but not live data. If the remote site had to come into use, you'd have a few minutes of recovery time while you replayed and caught up. And remember, this is assuming total destruction of the primary system -- all the disks and everything. If it matters slightly less what order exactly transactions happen in, then you're ok. So the mitigation trick here is to hold transactions above a certain dollar value under certain very unlikely circumstances. Banks have all sorts of provisions for this kind of thing; it's also why they hire scores of risk-mitigation people. But would I use Slony as the _only_ wheel in my HA machine? Not on a bet. A -- Andrew Sullivan | ajs at crankycanuck.ca The whole tendency of modern prose is away from concreteness. --George Orwell
- Previous message: [Slony1-general] "Blueprints for High Availability"
- Next message: [Slony1-general] "Blueprints for High Availability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Slony1-general mailing list