6.11 How does High Availability (HA) Work?

Oracle VM has high availability (HA) functionality built in. Even though there is only one Oracle VM Manager in the environment, it distributes vital information over the servers it manages, so that in case of failure the Oracle VM Manager and its infrastructure database can be rebuilt. For virtual machine HA, Oracle VM Servers can be clustered so that if one server fails, the virtual machines can be automatically migrated to another server as all virtual machine data is on shared storage and not directly on the Oracle VM Server. In case of predictable failures or scheduled maintenance, virtual machines can be moved to other members of the server pool using live migration.

In addition, Oracle VM supports HA networking and storage, but these are configurations the system administrator must implement outside Oracle VM Manager (RAID, multipathing, etc.).

You can set up HA to help ensure the uninterrupted availability of a virtual machine. If HA is configured and a Oracle VM Server is restarted or shut down, the virtual machines running on it are either restarted on, or migrated to, another Oracle VM Server.

HA also takes precedence over HugePages rules. For example, you have a server pool with two servers running in it. You enable HugePages on the virtual machines running on server A. You do not enable HugePages on the virtual machines running on server B. You also enable HA for all virtual machines on both servers. If either server A or server B stops running, then the virtual machines are migrated to the server that is still running. This migration occurs despite the rule that prevents virtual machines with different HugePage settings running on the same server.

If you have set the inbound migration lock feature on an Oracle VM Server, then the Oracle VM Manager does not create or migrate new virtual machines on that server, but virtual machines already running on the server may be migrated to other Oracle VM Servers in a server pool.

Note

If you have HA configured for a server, the inbound migration lock feature does not protect a server from inbound migration when failover occurs.

See Section 7.12, “How Can I Protect Virtual Machines?” for more information on using the inbound migration lock feature.

The following are the prerequisites to implement HA:

  • The server pool must contain multiple Oracle VM Servers. HA cannot be implemented with a stand-alone Oracle VM Server.

  • The server pool must be clustered.

  • All Oracle VM Servers must be Oracle VM Server Release 3.0 or above.

  • Each instance of Oracle VM Server must be at the same release version for live migration to succeed. Virtual machines cannot live migrate to an instance of Oracle VM Server if that instance is at an earlier release version than the Oracle VM Server where that virtual machine is running. This condition can prevent HA from functioning successfully.

To use HA, you must first enable HA on the server pool, then on all virtual machines, as shown in Figure 6.3, “Enabling HA”. If you enable HA on the server pool and then for virtual machines, when an Oracle VM Server is shut down or fails, the virtual machines are migrated or restarted on another available Oracle VM Server. HA must be enabled for both the server pool and for virtual machines.

Figure 6.3 Enabling HA

This figure shows how HA (High Availability) is enabled on the server pool and then on all virtual machines.

To automatically configure the server pool cluster and enable HA in a server pool, the server pool must be created with clustering enabled. See Create Server Pool in the Oracle VM Manager User's Guide for more information on creating a server pool.

To enable HA on a virtual machine, high availability must be enabled when you create or edit a virtual machine. See Create Virtual Machine and Edit Virtual Machine in the Oracle VM Manager User's Guide for more information on creating and editing a virtual machine.

The following conditions apply to HA environments:

  • If HA is enabled and you want to restart, shut down, or delete an Oracle VM Server, you must first migrate the running HA-enabled virtual machines to another available Oracle VM Server. For information on migrating virtual machines, see Migrate or Move Virtual Machines in the Oracle VM Manager User's Guide.

  • If there are no Oracle VM Servers available, HA-enabled virtual machines are shut down (powered off) and are restarted when an Oracle VM Server becomes available.

  • If an Oracle VM Server fails, all running virtual machines are restarted automatically on another available Oracle VM Server. Note that this occurs after the cluster timeout has occurred for the Oracle VM Server within the cluster. See Section 6.9, “How do Server Pool Clusters Work?” for more information.

  • If an Oracle VM Server fails and no other Oracle VM Servers are available, all running virtual machines are restarted when an Oracle VM Server becomes available.

  • If you shut down an HA-enabled virtual machine from within the guest operating system, then the virtual machine automatically restarts. To shut down an HA-enabled virtual machine, you must stop the virtual machine from Oracle VM Manager. See Stop Virtual Machines in the Oracle VM Manager User's Guide.

Figure 6.4, “HA in effect for an Oracle VM Server failure” shows an Oracle VM Server failing and the virtual machines restarting on other Oracle VM Servers in the server pool.

Figure 6.4 HA in effect for an Oracle VM Server failure


firefox server

You should test your HA configuration to ensure it is properly configured in the event of a real failure.

Figure 6.5, “HA in effect for an Oracle VM Server restart or shut down” shows an Oracle VM Server restarting or shutting down and the virtual machines migrating to other Oracle VM Servers in the server pool. In this example, the virtual machines are running and so live migration can be performed and the virtual machines continue to run, uninterrupted. Live migration is not a feature of HA, but can be used in conjunction with, or independently of, HA. For more information on live migration, see Migrate or Move Virtual Machines in the Oracle VM Manager User's Guide.

Figure 6.5 HA in effect for an Oracle VM Server restart or shut down


If you do not have HA enabled, before you shut down an Oracle VM Server, you should migrate all virtual machines to another Oracle VM Server (either using standard virtual machine migration or live migration), or have them automatically migrated by placing the server into maintenance mode.