KR101444783B1 - System managing method for improving system availability - Google Patents

Abstract

The present specification relates to a method for managing a system to improve system availability, which can improve the availability of the system by applying a failover function to the system. According to an embodiment disclosed in the present specification, a method for managing a system to improve system availability is a method for operating a system consisting of an M number of computers connected to each other through a network. The method comprises the steps of: (1) replacing an N number of computers among the M number of computers with a secondary computer; (2) stopping the operation of the N number of computers; (3) rebooting the computers of which the operation is stopped; (4) replacing the rebooted computers with the secondary computer and operating the rebooted computers; and operating the system to alternate an (M+N) number of computers by repeating steps (1) to (4).

Description

[0001] SYSTEM MANAGEMENT METHOD FOR IMPROVING SYSTEM AVAILABILITY [0002]

The present specification relates to a system operation method for improving system availability.

In general, the present enterprise environment is causing a huge loss even with only one minute of information system down, and all the resources of the enterprise are required to be connected to the digital network to provide services 24 hours a day, 365 days a year. Improving system availability in this age of information networks has become a fundamental foundation that must be established for successful management.

It is true that the weapon systems that are shifting the concept of network-centric operation are implicitly demanding 100% availability. However, the availability of 100% is an ideal goal that can not be achieved in reality, and it is important that not only the information system of the enterprise but also the weapon system should be considered in terms of investment availability (cost effectiveness) Level of availability. Availability is determined by the trade-off of various factors such as cost and complexity. A typical high availability network system is disclosed in Korean Patent Application No. 10-2008-7010167.

It is an object of the present invention to provide a method of operating a system for improving system availability, which can improve the availability of a system by applying a failover function to the system.

A method for operating a system for improving system availability according to an exemplary embodiment of the present invention is a method for operating a system composed of M computers connected to each other through a network, the method comprising the steps of: (1) ; (2) stopping operation of the N computers; (3) rebooting the computer whose operation has been interrupted; (4) replacing the rebooted computer with the auxiliary computer and operating the same; And repeating the steps (1) to (4) to circulate the system to M + N computers, wherein M and N represent natural numbers, and the natural number of M is larger than the natural number of N Lt; / RTI >

As one example related to the present specification, the M computers can perform a failover function through the network.

As one example related to the present specification, the N computers can perform fail-over in a predetermined cycle.

The system operation method for improving the system availability according to the embodiment of the present invention can improve the availability of the system by applying a failover function to the system and can provide a simple and effective method of activating the failover The availability of the system can be further improved.

Figure 1 is a diagram illustrating system availability measurements.
FIG. 2 is a diagram showing various causes that can cause a system down. FIG.
3 is a system configuration diagram showing a state in which no failover has occurred.
4 is a diagram showing a state in which a failover occurs between the computers B and B '.
5 is a diagram showing a state in which B 'is being operated instead of the computer B after the failover is completed.
6 is a diagram showing a state in which B 'is being operated instead of the computer B after the failover is completed.

Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings, wherein like reference numerals are used to designate identical or similar elements, and redundant description thereof will be omitted. The suffix "module" and " part "for the components used in the following description are given or mixed in consideration of ease of specification, and do not have their own meaning or role. In the following description of the embodiments of the present invention, a detailed description of related arts will be omitted when it is determined that the gist of the embodiments disclosed herein may be blurred. In addition, it should be noted that the attached drawings are only for easy understanding of the embodiments disclosed in the present specification, and should not be construed as limiting the technical idea disclosed in the present specification by the attached drawings.

1 is a flow diagram illustrating a method for operating a system (e.g., multiple servers or multiple computers) for improving availability of a system (e.g., multiple servers or multiple computers) in accordance with an embodiment of the present invention.

1, a method for operating a system (e.g., a plurality of servers or a plurality of computers) for improving availability of a system (e.g., a plurality of servers or a plurality of computers) according to an embodiment of the present invention (S10) replacing N computers (or servers) among M computers (or servers) for the operation of a system (e.g., a plurality of servers or a plurality of computers) with a subsidiary computer; (2) stopping operation of the N computers (S20); (3) rebooting the computer whose operation has been interrupted (S30); (4) replacing the rebooted computer with the auxiliary computer and operating (S40); And repeating the steps (1) to (4) to circulate the system to M + N computers. Here, M and N represent natural numbers, and the natural number of M means a value larger than the natural number of N. [ The M computers (or servers) configured as the system (for example, a plurality of servers or a plurality of computers) are connected to each other through a network and perform a failover function.

The availability (A) of the system is expressed as Equation (1).

Here, MTBF means Mean Time Between Failures, and MTTR means Mean Time To Recover. As can be seen from Equation (1), if the MTTR becomes 0, the availability (A) of the system becomes 100%. As the MTBF increases, the influence of the MTTR on the availability (A) of the system becomes smaller.

Figure 2 is a diagram illustrating system availability measurements.

As can be seen in FIG. 2, if the MTBF of a particular system is 100,000 hours and the MTTR is 1 hour, the availability (A) of this system is 99.999% according to the above formula. If the MTTR of this system is reduced to 6 minutes, which is 10% of 1 hour, the availability (A) of this system will be 99.9999%. However, in order to achieve availability as low as 6 minutes, it is necessary to use components that can operate continuously for over 100,000 hours over 11 years. In general, however, the system consists of several parts rather than a single part, which means that in order to achieve 99.9999% availability, the entire component must fail for a total of 11.4 years for 6 minutes. Based on current technology, this is a very unrealistic and unattainable story.

FIG. 3 is a diagram showing various causes that can cause a system down (IEEE Computer Magazine, April 1995). The planned downtime is the most important part of the graph. The scheduled down is when a system administrator deliberately interrupts the system to upgrade critical parts of the server or critical software, or sometimes erases the log files or reboots the system to clean up temporary directories and memory.

Another cause of system crash is people. People turn down the system for two closely related reasons. The first is a mistake made by people negligence or neglect, and the second is caused by not fully understanding how to operate the system. Only 10% of the causes of the system crash are caused by hardware. In fact, system failures due to hardware failures, such as power failures, CPU and memory problems, and internal cooling system failures in addition to disk problems, network failures, remain at 10%.

Another source of system down is software problems. The system down by the software is 40%. Software bugs are the hardest part of addressing system stability. By replacing the hardware with a more stable part and taking a method to reduce the scheduled down, the problem associated therewith is reduced, but the proportion of down due to the software is further increased. In addition, as software becomes increasingly complex, more problems can arise from software problems.

It is difficult to reduce the system down according to the cause of the system down. It is difficult to completely eliminate the software bug which is the biggest cause of system down. Instead of completely eliminating bugs in the software, it is more practical to apply software that performs the failover that configures the computer system as a cluster, and when the software is stopped running, It can be a plan to reduce the system down. Software that automatically performs the failover can make the user feel as if the computer itself is lifted entirely and replaced with another when the computer goes down, allowing the user to continue performing the task as before.

In order to increase availability, it is possible to cope with most system downtime except for system down due to human, surrounding environment and system failure due to physical failure. In order to construct a failover system from this point of view, a plurality of servers, a plurality of networks, a mirrored non-shared disk, and a duplicate arrangement of the same application programs may be required as described below.

end. server

   The software that provides the service requires two servers: a main server and a standby server to which the service is to be transferred. Failover is the process of moving an important application that has stopped working on a primary server to a secondary server. These servers run on the same operating system, have identical patches installed, run the same, and are set to the same environment as possible.

I. Network connection

   Two different types of network connections are required to configure failover, which can consist of three kinds of networks. A pair of hot bit networks let the servers connect and monitor with other servers and notify each other as soon as something needs to happen. The second network connection required is a normal or service network. This network delivers data to users and clients. The third type of network connection is the administrator network, which ensures system administrators have a network path between each server even after a failover occurs.

All. disk

   There are two types of failover: first, internal non-shared disks, which are software that allows each system to initiate and maintain a failover process for system operation if it is not the currently running server. I have other files. Non-shared disks can not be shared, and only work on one server. All contents of the non-shared disk must be mirrored. The requirement for a non-shared disk is that the files for the first and the alternate system's managers must be exactly the same and must be done automatically for recovery. The second type of disk is a shared disk, which contains important data. The data on this disk is important so that both the first system and the alternate system can access this disk, and only one system at a time needs to access the shared disk. If both systems try to access the shared disk at the same time, there may be a problem with the data recorded on the shared disk.

There are two ways to create the shared disk. The first method is a dual host where two physically connected hosts share the same disk. Access to both systems is controlled by external software, This is a method to control access only to the host. Another way to create a shared disk is to have a "shared nothing" way of copying data to the network between each server (a hot-bit network or another parallel network). This method requires a network and a host that allow data to be written to the other side.

la. Application Application

An important element of cluster design is that applications must work on both clustered servers, alternating at one server at a time. If you install the application on a non-shared disk that contains boot and system information, you must make two copies and make two application configuration changes. Otherwise, the failover system will not be able to guarantee the application. On the other hand, if you install on a shared disk, you only need to copy the application configuration file once, and if you want to change the application configuration, you only need to change one part. If you only need to copy the application once, you can not safely upgrade or remove the application. If you make two copies, you can upgrade your system (computer or server) A first and use the system (computer or server) B as a failover system in case you ever need to. If there is no problem in System A, then upgrade System B and if there is a problem in System A, recover System A and reinstall it in System B. You can choose to use it according to your situation. If you have frequent upgrades, it may be advantageous to install the application on a non-shared disk.

The present invention allows a failover to be performed in a proper (pre-set) period without causing an asynchronous failover by an event for activating the failover when a system satisfying the failover system requirement level is configured ≪ / RTI > In the case of a system having an appropriate level of reliability, as shown in Fig. 3, no failure occurs for a considerable time from the initial operation.

FIG. 5 is a diagram illustrating a state in which a failover occurs between the computers B and B ', FIG. 6 is a diagram illustrating a state in which failover is completed and B' Fig.

It is a general phenomenon that a failure occurs due to a memory leak or performance deterioration due to a high temperature as the use time becomes longer. In such a case, the easiest fault solution is actually a reboot. However, according to the present invention, fail-over is performed as shown in FIGS. 4 and 5 before a down-state due to a failure occurs in the sub-systems constituting the main system. After the fail-over is completed, It is a main content of the present invention to operate the system in such a manner that the system is prepared. If a large number of devices are connected and operated, the failover period becomes longer, so that a plurality of failover devices can be operated to shorten the cycle to an appropriate level.

As described above, a method for operating a system (for example, a plurality of servers or a plurality of computers) for improving a system according to an embodiment of the present invention (for example, a plurality of servers or a plurality of computers) 1) replacing N computers (or servers) out of M computers (or servers) for operation of a system (e.g., multiple servers or multiple computers) with a secondary computer; and (2) (4) restarting the computer by replacing the rebooted computer with the auxiliary computer; and (4) stopping the operation of the computer when the computer is restarted. By repeating the steps and circulating the system to M + N computers, the availability of the system can be improved simply and effectively. That is, the system operation method for improving system availability according to the embodiment of the present invention can improve the availability of the system by applying a failover function to the system, And the availability of the system can be further improved through an effective method.

One of the M computers or a control system (not shown) replaces N of the M computers with a subsidiary computer through an application program for controlling each computer, Stop the operation, reboot the computer in which the operation is interrupted, and replace the rebooted computer with the auxiliary computer.

It will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims. Therefore, the embodiments disclosed in the present invention are intended to illustrate rather than limit the scope of the present invention, and the scope of the technical idea of the present invention is not limited by these embodiments. The scope of protection of the present invention should be construed according to the following claims, and all technical ideas falling within the scope of the same shall be construed as falling within the scope of the present invention.

Claims (3)

1. A method for operating a system comprising M computers interconnected via a network,
(1) N computers out of M computers performing a failover function through the network, so that the mean time to failure of the system is increased and the average recovery time of the system is reduced, Wherein the N computers perform the failover function in a predetermined cycle before the N computers come down due to a failure;
(2) rebooting the computer after stopping the operation of the N computers before the down due to the failure comes;
(3) replacing the rebooted computer with the auxiliary computer and running it;
Wherein M and N are natural numbers, and the natural number of M is larger than the natural number of N by repeating the steps (1) to (3) Value of the system in order to improve system usability. delete delete

Images