Skip Headers

Oracle® Fail Safe Concepts and Administration Guide
Release 3.3.1 for Windows
Part No. A96684-01
Go To Table Of Contents
Contents
Go To Index
Index

Previous Next

4
Management for High Availability

The unique advantage offered by Oracle Fail Safe is its ability to help you easily configure resources in a Windows cluster environment. This chapter discusses the following topics:

Topic Reference
What Does It Mean to Configure Failover?   Section 4.1  
How Does Oracle Fail Safe Use the Wizard Input?   Section 4.2  
Managing Cluster Security   Section 4.3  
Discovering Standalone Resources   Section 4.4  
Renaming Resources   Section 4.5  
Using Oracle Fail Safe in a Multiple Oracle Homes Environment   Section 4.6  
Configurations Using Multiple Virtual Addresses   Section 4.7  
Adding a Node to an Existing Cluster   Section 4.8  

For the step-by-step procedures to configure standalone resources into groups, and for information on managing those resources once they are in groups, refer to Chapters 7 through 14 in this manual and to the Oracle Fail Safe Tutorial and online help.

4.1 What Does It Mean to Configure Failover?

Because of the numerous hardware and software components involved, configuring failover in a cluster can be a complex process. However, using Oracle Fail Safe Manager wizards, you can easily configure failover automatically and with minimal work by a network manager. Oracle Fail Safe Manager helps you to configure resources into groups so that when one node in a cluster fails, another cluster node immediately takes over the resources in the failed node's groups.

The wizards minimize the risk of introducing configuration problems during implementation. They also reduce the level of expertise required to configure resources for high availability. Most policies that you set with the wizards can be modified later with Oracle Fail Safe Manager.

The following list summarizes the basic tasks that you perform to implement failover for resources. Except for the first task, you perform all of these tasks using Oracle Fail Safe Manager:

  1. Ensure that you have properly installed the products you plan to configure with Oracle Fail Safe. (This is described in the Oracle Fail Safe Installation Guide.)

  2. Invoke Oracle Fail Safe Manager.

  3. Verify the cluster.

  4. Create a group.

  5. Add one or more virtual addresses to the group.

  6. If you are adding a standalone Oracle database server, use the Verify Standalone Database tool to verify the database.

  7. Add resources to the group.

  8. Verify the group.

  9. Update any Oracle Net files (such as the tnsnames.ora file) on client systems.

The list summarizes only the basic tasks. Depending on the type of resource you are configuring, there might be additional steps or considerations.

Refer to the tutorial and online help in Oracle Fail Safe Manager for step-by-step guidance on using the Oracle Fail Safe Manager wizards.

4.2 How Does Oracle Fail Safe Use the Wizard Input?

Once the wizard collects all needed information, Oracle Fail Safe Manager interacts with Oracle Services for MSCS (which in turn interacts with MSCS) to facilitate a high-availability environment.

Based on the information that you provide with the wizards, Oracle Fail Safe derives any additional information it requires to configure the environment.

Most resources are configured by Oracle Fail Safe using a similar series of steps. The following list describes the specific steps Oracle Fail Safe performs to configure a highly available Oracle database:

  1. Configures access to the database using a virtual address:

    1. Configures Oracle Net to use the virtual address or addresses associated with the database on all nodes listed in the possible owner nodes list for the database. (On a two-node cluster, this is both cluster nodes. On clusters that consist of more than two nodes, you are asked to specify the possible owner nodes for a resource as a step in the Add Resource to Group Wizard.)

    2. Duplicates the network configuration information on all nodes in the possible owner nodes list.

  2. Configures the database to:

    1. Verify that all data files used by the database resource are on cluster disks and are not currently used by applications in other groups. If the cluster disks are in another group, but not used by applications in that group, Oracle Fail Safe moves the disks into the same group with the database resource.

    2. Create the failback policy for the database resources based on choices you made in the wizard.

    3. Populate the group with these resources:

      • Each disk resource used by the cluster group

      • Oracle database server

      • Oracle Net listener

  3. Does the following on each of the possible owner nodes for the group to which the database has been added, one at a time:

    1. Creates an Oracle instance with the same name on the node.

    2. Verifies that the node can bring the database online and offline by failing it over to the node to ensure that the failover policy works.

  4. After failover has been tested on all nodes in the possible owner nodes list, shuts down the Oracle database and brings it back online on the preferred owner node. If the preferred owner node list is empty, then the group remains on the last node to which it was failed over as part of the configuration process.

By performing these steps, Oracle Fail Safe ensures that the resource is correctly configured and capable of failing over and failing back to all possible owner nodes of the group to which it has been added.

Figure 4-1 shows a two-node active/active cluster configuration in which each node hosts a group with an application server and a group with a database server.

Figure 4-1 Virtual Servers and Addressing in an Oracle Fail Safe Environment

Description of virtualserver.gif follows
Description of the illustration virtualserver.gif

The virtual servers (A, B, C, and D) and their network addresses are known by all clients and cluster nodes. The listener.ora file on each cluster node and the tnsnames.ora file on each client workstation contain the network name and address information for each virtual server.

For failover to work properly, the host name (virtual address), database instance, SID entry, and protocol information in each tnsnames.ora and listener.ora file must match on each server node that is a possible owner of the resources in the group and the client system.

For example, during normal operations, Virtual Server B is active on Node A. Node B is the failover node for Virtual Server B. The cluster disks are connected to both nodes so that resources can run on either node in the cluster, but service for the resources in each group is provided by only one cluster node at a time.

If a system failure occurs on Node A, Groups 1 and 2 become active on Node B using the same virtual address and port number as they had on Node A. Node B takes over the workloads from Node A transparently to clients, which continue to access Group 1 using Virtual Server A and Group 2 using Virtual Server B. Clients continue to access the resources in a group using the same virtual server name and address, without regard for which physical node is serving the group.

4.3 Managing Cluster Security

To accomplish administrative tasks associated with Oracle Fail Safe, you need the appropriate privileges to manage Oracle resources and applications and to perform operations through Oracle Fail Safe Manager.

Table 4-1 provides a quick reference for the privileges required for the services you use in an Oracle Fail Safe environment. For more information, refer to the sections listed in the last column.

Table 4-1 Permissions and Privileges

Service Required Privileges Reference
Oracle Services for MSCS Domain user account that has Administrator privileges on all cluster nodes Section 4.3.1  
Oracle Fail Safe Manager Domain user account that has Administrator privileges on all cluster nodes Section 4.3.2  
Oracle database Database administrator account with SYSDBA privileges Section 7.5  
Oracle Forms Load Balancer Server, Oracle Forms Server, and Oracle Reports Server Do not require privileges (Oracle Reports Server requires a Windows domain user account that has access to printers.) Section 8.4, Section 9.4 and Section 10.3.3.6
Oracle Applications concurrent manager Windows Administrator account Section 12.4  
Oracle HTTP Server None Not Applicable
Oracle MTS Service The account that the Oracle MTS Service uses to log on to the system must be the system account or a domain user account.

The account that the Oracle MTS Service uses to connect to the database must have the following database roles, privileges, and rights:

  • CONNECT, RESOURCE, and SELECT_CATALOG_ROLE database roles

  • FORCE ANY TRANSACTION, CREATE PUBLIC SYNONYM, and DROP PUBLIC SYNONYM database privileges

  • SELECT, INSERT, UPDATE, and DELETE rights on the Oracle MTS Service table in the Oracle database

Section 13.4  
Generic services By default, a generic service runs under the local system account. If you specify that the generic service should run under a user account, it must have the "Log on as a service" privilege. Section 14.4  

4.3.1 Oracle Services for MSCS

To ensure that only users who have the correct privileges can manage resources in a cluster, Oracle Fail Safe implements a security component.

Oracle Services for MSCS runs as a Windows service that must run under a domain user account (not the system account) that has Administrator privileges on all cluster nodes. You specified this user account for Oracle Services for MSCS when you installed Oracle Fail Safe. (See the Oracle Fail Safe Installation Guide for more information about this part of the installation.)

Oracle Fail Safe also has its own security component. Therefore, if you make changes to the Windows user account (user name, password, or domain) used by Oracle Services for MSCS, you must also update the security settings for both the Windows service and Oracle Fail Safe. Oracle Fail Safe provides a Security Setup tool to update this security information.

4.3.1.1 Account Updates Using the Oracle Fail Safe Security Setup Tool

Oracle Fail Safe provides a Security Setup tool that you can use to update the information for the account under which Oracle Services for MSCS runs. The Oracle Services for MSCS Security Setup tool is installed when you install Oracle Services for MSCS.

On a cluster node, access the Oracle Services for MSCS Security Setup tool from the Windows taskbar, as follows:

Start -> Programs -> <Oracle_Home> -> Oracle Services for MSCS Security Setup


Note:

Be sure that you use the Oracle Services for MSCS Security Setup tool to update the security information on all cluster nodes, and that you use the same account on all cluster nodes.

Figure 4-2 shows the setup for user account Administrator in the domain NEDCDOMAIN.

Figure 4-2 Windows User Account Settings for the Oracle Services for MSCS

Description of security.gif follows
Description of the illustration security.gif

4.3.2 Oracle Fail Safe Manager

The account you use to log in to Oracle Fail Safe Manager must be a domain user account (not a local account) that has Administrator privileges on all cluster nodes.

4.4 Discovering Standalone Resources

Oracle Services for MSCS automatically discovers (locates) and displays standalone resources in the Oracle Fail Safe Manager tree view. Figure 4-3 shows an example of discovery occurring in Oracle Fail Safe Manager. Chapters 7 through 14 contain information on how Oracle Fail Safe discovers each type of component that you can configure for high availability with Oracle Fail Safe.

Figure 4-3 Discovery of Standalone Resources

Description of standalone_discovery.gif follows
Description of the illustration standalone_discovery.gif

4.5 Renaming Resources

Once a resource is added to a group, you should not change the resource name. If the resource name must be changed, then use Oracle Fail Safe Manager to remove the resource from the group. Then, add it back to the group using the new name.

4.6 Using Oracle Fail Safe in a Multiple Oracle Homes Environment

Oracle Fail Safe supports the multiple Oracle homes feature (multiple Oracle homes became available beginning with Oracle8 release 8.0.4). The following list describes the requirements for using Oracle Fail Safe in a multiple Oracle homes environment:

4.7 Configurations Using Multiple Virtual Addresses

Before any resources (other than generic services) can be added to a group using Oracle Fail Safe Manager, one or more virtual addresses must be added to the group. Client applications connect to the resources in a group using one of the virtual addresses in the group.

You can add up to 32 virtual addresses to a group (prior to adding resources) by invoking the Add Resource to Group Wizard. (In Oracle Fail Safe Manager, on the Resources menu, select Add to Group.)

Note the following restrictions:

When you add a virtual address to the group, the group is accessible by clients at the same network address, regardless of which cluster node is hosting the cluster.

Multiple virtual addresses in a group provide flexible configuration options. For example, you might have users access a database over the public network while you perform a database backup operation over the private network. Or you might allocate different virtual addresses on different network segments to control security, with administrators accessing the database on one segment, while users access the database on another segment.

When you add more than one virtual address to a group, Oracle Fail Safe Manager asks you to specify which address clients can use to access the resources in that group. If you add more than one resource to a group (for example, a database and an Oracle Reports Server), you might dedicate one virtual address for users to access the database directly and another for users to access the Oracle Reports Server. Alternatively, if there are many database users, you might have some users access the database using one virtual address and the others use the other virtual address, to balance the network traffic.

See the online help in Oracle Fail Safe Manager for information about adding a virtual address to a group.

4.8 Adding a Node to an Existing Cluster

Instructions for installing the software to add a new node to an existing cluster are described in the Oracle Fail Safe Installation Guide. Once that task is completed, there is one final step. You need to run the Verify Group command on each group on the cluster for which the new node will be a possible owner.

Assume you add a new node to the cluster and install Oracle Fail Safe on that node along with the DLLs for the resources you intend to run on that node. The new node becomes a possible owner for these resources. If these resources have not yet been configured to run on the new node, when the group or groups containing them fail over to that node, these resources cannot be restarted on that new node.

However, if you run the Verify Group command, Oracle Fail Safe checks that the resources in the verified groups are configured to run on each node that is a possible owner for the group. If it finds a possible owner node where the resources in the group are not configured to run, then Oracle Fail Safe configures them for you.

Therefore, Oracle Corporation strongly recommends you run the Verify Group command for each group for which the new node is listed as a possible owner. Section 6.1.2 describes the Verify Group command. You can also verify groups using the FSCMD command, as described in Chapter 5.


Previous Next
Oracle Logo
Copyright © 1996, 2002 Oracle Corporation

All rights reserved
Go To Table Of Contents
Contents
Go To Index
Index