Keeping your applications “always-on” for users is no easy task, and can be particularly tricky for branch or remote locations where you probably have little or no IT staff to support your efforts. Forrester Research senior analyst Stephanie Balaouras has been studying this trend and has pulled together the top 5 best practices for supporting application availability at remote and branch locations. She presented these during a webinar last month and we've also summarized them below.
TIP #1 – Don't Overlook Remote Location Availability
While this may seem like an obvious point, it’s actually very common for IT departments to overlook their branch and remote locations when it comes to application availability. You can’t neglect these offices for both high availability (HA) and disaster recovery (DR) plans—you need a holistic approach to protect all of your business applications, no matter where they are located. This also means that you need to factor in these systems when planning your IT budget as well.
According to recent Forrester Research data, IT systems at remote and branch office locations account for more than 20% of your total infrastructure. They are critical to your business process and operations. Today, a lot of these locations don’t have HA or DR, and in some cases, they don’t even have basic back-up. Make sure that these offices and locations aren’t forgotten as part of your HA and DR plans.
TIP #2 – Classify Systems by Criticallity
When developing your strategy for operational HA and DR, best practices include performing a business impact analysis. This doesn’t have to be a lengthy process—you just need to map the dependent systems for each business process, and then create a rough estimate the cost of downtime for each. Once you have that information, you can determine availability rates as well as recovery objectives. As part of that process you should also identify the most probable types of downtime. When you put that all together, you can classify systems by criticality, such as mission critical, business critical, business supporting, etc., and you can then determine the availability rates needed for each of those systems.
TIP #3 – Develop Tiers of Service for Availability
Once you understand your range of recovery objectives, it helps to have an IT availability and service continuity catalog. This catalog defines a range of service tiers. Forrester typically sees four levels: mission critical, business critical, business important and business supporting. Each of these tiers has associated recovery objectives, technology pre-requisites and the costs to deliver that service. This catalog helps to simplify your strategy, by allowing you to assign appropriate tier classifications to new systems quickly and easily.
Another benefit of using this method is that it also helps you to limit the number of point products you are using for HA and DR. The more point products you are using, the more you complicate the sequencing and complexity of preventing a failure or recovering from a failure. Keep it simple. Every time you deploy a new application or system, assign a tier from your catalog, put the appropriate protection in place, and then communicate that to the business.
TIP #4 – Measure Availability from the End-User Perspective
Well-written objectives measure both planned and unplanned downtime and also take into account the timing of downtime. For example, you don’t take your systems down for planned maintenance during peak sales periods or at 1pm on a weekday when your traffic is at its highest level. You select times when users will be least affected. Availability isn’t about the individual IT system, infrastructure or component. Technology uptime is important to track but is not a true measure of availability. True availability has to be measured from the end user perspective. If the application or service is not available for use, even if the individual components are functioning, then that means the service is down. When making decisions about HA and DR strategies, you have to look at availability from a people perspective, not a technology perspective.
TIP #5 – Make Availability Part of Every IT Decision
Availability is no longer an optional practice. It’s essential. It’s something you owe to your employees, your customers, your partners and your investors. Application resiliency has to be part of the planning process right from the start—HA and DR should not be an after-thought. Even in remote and branch locations, these applications are critical to the success of the business, so availability of the systems should be included during the planning phases of the project, rather than an add-on after the project is completed.
Last Thursday’s webinar “Application Availability for Remote & Branch Locations” with Forrester analyst Stephanie Balaouras was packed with useful tips and best practices for protecting remote and branch offices from application service disruption. Stephanie has conducted extensive research in this area and shared her Top 5 Best Practices during the webinar. A recording of the webinar is now available in case you missed the live event.
The summary of the webinar Q&A with Stephanie and Michael Bilancieri, Sr. Director of Products for Marathon, is below.
Q: I like the idea of integrating HA and DR plans. How often should those plans be updated? A: Stephanie Balaouras, Forrester:The ideal scenario is to update your high availability and disaster recovery plans continuously as part of your change management and configuration management. That’s the ideal scenario. They should be integrated into day-to-day operations and your plans should be updated as a part of that. If that’s not feasible, then at least quarterly updates should be made to the plans. One of the hardest parts of DR is that if you don’t keep the plans updated and you’re not testing regularly you’ll have major configuration drift between your sites. When you have a failure or disaster and have to invoke your DR plan is not the time you want to find out just how far your configurations have drifted and that you can’t recover. One solution for this is the combination of virtualization and replication, which can reduce complexity because in most cases you’re actually replicating the configuration changes as they happen.
Q: On your disaster recovery continuum slide (slide #14), can I think of that as a disaster recovery maturity model?
A: Stephanie Balaouras, Forrester: Not really. When I evaluate a company for disaster recovery maturity, I look at two dimensions – process and technology.
On the process side, I look at things such as: Have you run a business impact analysis? What about a risk assessment? Are preventative measures in place? Do you have documented plans, and are they up to date? How often do you test them?
On the technology side, I look at things like the RTO and RPO that you have defined: Are they matched up with the appropriate technology solution? If RTO is less than 2 hours and RPO is zero then I would expect that you are replicating data and doing rapid system restart with virtualization. If I find that you are using tape in that situation, then that’s a problem. I think when it comes to maturity you have to look at process and technology together. Not only should you match up with the right technology, but you might actually leverage more than one technology depending on your needs.
Q: Traditionally, HA & DR at remote locations has not been a priority. Do you see that attitude changing with clients that you talk to?
A: Stephanie Balaouras, Forrester: I do see things changing. I run an annual survey with the Disaster Recovery Journal. One of the questions we ask is: How critical is it to upgrade disaster recovery at your sites? The answer is always either “high” to “extremely critical”. It doesn’t always get addressed the way we want it to, but the recognition is there.
I see three main drivers for this trend. First, availability and disaster recovery are now considered a fiduciary responsibility. It’s no longer an optional practice. It’s essential. It’s something you owe to your employees, your customers, your partners and your investors. Second is the cost of downtime. Companies are much savvier at calculating this cost and aware of the problems they can avoid by not having downtime. When you understand those costs, you can make the right technology investment choices. The final driver I see is the changing business environment. A lot of companies are operating globally on a near 24x7 basis. Like an online retailer for example. We’re operating close to 24x7 and there is no tolerance for downtime anymore. All three of these – fiduciary responsibility, cost of downtime and a 24x7 business environment are moving the needle quite a bit.
Q: In my environment, our IT staff says they have no way to measure if an application is up or not. They can tell us if a server is up, or if a database is up, but not the application. What solutions have you seen that can tackle that issue?
A:Stephanie Balaouras, Forrester: There’s a couple of ways to address that. There are third party application monitoring tools from the large system vendors. They are great for basic monitoring and telling you if your application is up or down, but they don’t tell you about degradation of performance. The other option is that different HA solutions will be able to detect whether the applications is up or down.
Michael Bilancieri, Sr. Director of Products for Marathon, answered your questions about everRun software.
Q: Does everRun have any kind of alerting capabilities for system problems?
A: Yes, everRun has alerts. You can send notifications back to any location. It will tell you that something has failed – it’s not a downed system because everRun kept it going through redundancy, but it alerts you that it needs attention.
Q: Does everRun require that the two servers to be identical?
A: The servers don’t have to be exactly the same; however, the CPUs should be identical as a best practice. For what we call our Level 2 protection (for component level protection of the network and disk), you can use different RAM and spindle speeds on storage. Level 3 protected workloads require the servers to be alike. You can view a complete list of supported processors on our website.
Q: How much of CPU and IO payload will we have by running the everRun software?
A: It varies depending on the applications and systems and where the load may be. The general range is from 5-10%. We have specific application performance documentation for Exchange 2007 and XenApp that you can download from our website.
Q: I understand from your presentation that everRun doesn’t require a SAN, but does it work with SAN?
A: everRun can support a SAN in multiple ways. everRun can support a SAN where you have a single copy of the data. And both servers will connect to the single copy of the data. everRun also supports a SAN where one of the servers is connected to that SAN and the other server has its own storage and we can mirror between that. A lot of our customers are using that option to provide data protection and fault tolerance at the data level. We can use different types of storage on either side.
A great benefit of everRun is that is has an agnostic approach to storage. Pretty much any type of storage will work. iSCSI, fiber, direct attached, etc.
Q: Does Marathon have a strategy for SAP environments?
A: Applications are transparent to everRun. We protect many types of SQL, Oracle and SAP applications. There are some best practices around that and we can offer you assistance with those. everRun is invisible to the application, so there are no configuration and design issues. You design your application the way you need to for your business and then everRun protects it without needing changes.
Q: What versions of Windows Server does everRun support?
A: everRun supports Windows Server 2003 SP2 Standard and Enterprise Editions, 32-bit and 64-bit, as well as Windows Server 2008 Standard and Enterprise Editions, 64-bit.
Q: The requirement for redundant systems is obvious, one local and one remote, but I am concerned with the return of the repaired server back to the primary server role. Has that issue been also automated in your application?
A: Replacing one of the servers in an everRun configuration is quite simple as well. It is required that the everRun software be installed and the server be physically connected to the remaining everRun system. Once connected and configured to see each other as a pair, there is a ‘re-pairing’ process that is initiated via command which starts the process of creating the redundant OS environment on the new system and mirroring all of the storage to the new system. Once the mirroring is complete, the system is once again fully protected.
We had a fantastic presentation last week from IT expert and author Niel Nickolaisen. Niel shared his proven methods for reducing downtime and improving the alignment of IT resources to better support business goals. If you weren’t able to attend the live event, you can watch the recorded version here.
If you prefer a white paper format, Niel’s strategies and best practices have also been summarized in a brand-new 8-page white paper, “Reduce Downtime by 70% - Without Spending a Dime” which you can download here.
The Q&A session from the live webinar with Niel Nickolaisen and Michael Bilancieri of Marathon has been summarized below:
Q: Can you give some tips on how I can educate my branch offices about my business continuity plan? Niel Nickolaisen, CIO: At Headwaters, Inc., we have 120 remote sites. We approached this from an SLA perspective. We translated how the SLAs affected the operations at our branch locations. Then we communicated it and got them to buy into the SLAs and the things we were doing and suggested that they followed our lead.
Q: How often should you update your disaster recovery plans? Niel Nickolaisen, CIO: In our case at Headwaters, Inc., we have Sarbanes-Oxley regulatory requirements. We do an annual formal risk assessment both for our business and for IT. When we’re done with that assessment we update our disaster recovery plans, which are based on the risks. Our disaster plan is designed to mitigate or recover from the risks that we’ve identified.
Q: How does everRun work?
At a high-level, everRun takes your entire Windows environment and protects it as a whole. Most protect from within the OS but we protect from underneath the OS. We clone to a second system for redundancy in a synchronous fashion. A good way to understand how everRun works is to watch our product demos videos and flash demos available on our website.
Q: How does everRun fit into a virtual environment?
everRun allows the ability to create multiple workloads on a single server. Our technology is based on virtualization technology – we’re virtualizing two instances to appear as one. You can create multiple workloads and put them on the same server and protect them. It’s based on Citrix XenServer.
Q: Will this work in conjunction with SAN offhost backups using Vertias Netbackup and FlashSnap option?
We are agnostic to the storage. If you’re using back-up right from the SAN, that’s fine. You can also use a mirrored option, where we can mirror the entire system in a synchronous fashion. That allows you to have SAN on one side and NAS on the other, or direct-attached, or both. It’s your choice, which gives you greater flexibility. You can separate the servers as well between buildings. The other option is a single copy of storage, not mirrored and both systems can connect to that storage, but the SAN device will then have to protect the data.
Q: How can Marathon contribute to companies considering a move to SAP?
everRun can provide availability and fault tolerant protection to that SAP environment. If you’re considering a move to SAP, I would assume you have had some discussions about how to protect that—the SLA, the data, availability and disaster recovery. everRun can protect and provide disaster tolerance disaster recovery, and high availability for that application, as well as data protection. We don’t cause any changes to the application.
Q: Should Marathon be brought in as a consultant before SAP is contracted?
Sometimes it’s a good idea to have a joint discussion with vendors. A lot of times when you look at availability and redundancy or data replication, it’s doing things to the applications and data and can cause interaction issues. Sometimes the application has to be configured in a certain way, so you want to know up front how your high availability solution could affect the data and application. We can certainly do a call with any other software vendors to have that conversation up front.
Q: What version of Windows does everRun support?
everRun supports Windows Server 2003 32-bit and 64-bit and Windows Server 2008 64-bit.
Q: What kind of performance impact does the synchronous lock-step have on the system?
That varies by application, users, data, I/O, and other factors. In general, it can range from 10-20% on your application – we’ve seen less than that and more than that, depending on the system.
Q: Do you recommend WAN optimization to be used?
Our requirements are around bandwidth between the two systems if you want to separate the systems. WAN optimization tools don’t always help. It’s really a latency requirement to maintain good performance.
As companies become 24x7 “always on” operating environments, they are becoming more and more sensitive to application and system downtime. We recently conducted two surveys to take a look at this trend, specifically for Windows Server applications and environments.
Given the 24x7 nature of business today, we weren’t surprised to find that about half of the IT professionals who responded to the survey reported that 50% or more of their Windows Server applications now require “always on” availability. Whether it’s for email and collaboration tools, manufacturing systems, customer operations, financial transactions, or healthcare records, businesses today are becoming more and more dependent on their Windows-based applications.
More than 20% of survey participants reported that 76 -100% of their Windows Server applications require “always on” availability. An additional 28% of respondents stated that 51 - 75% of their Windows Server applications require “always on” availability or continuous uptime.
The surveys also found that that the number of Windows Server applications that require high availability has increased significantly in the past two years. 76% of the respondents reported that downtime to Microsoft SQL Server and Exchange Server caused the most disruption and were the most important applications that required high availability protection. The surveys also revealed that approximately 60% of participants have either already upgraded to Windows Server 2008 or plan to within the next year.
Thanks again to all who participated in these surveys. For more information and results, see our press release.
In recent months, Marathon has put together a series of toolkits with materials on reducing downtime and data loss, including toolkits for Citrix XenApp and Microsoft Exchange 2007.
Our latest toolkit is now available, this time for Microsoft SQL Server. Protecting SQL Server from downtime has become even more critical in recent years, as businesses run more of their critical systems, including electronic commerce, online banking, just-in-time manufacturing and streaming media (just to name a few) on SQL.
This toolkit includes materials on SQL Server high availability in both physical and virtual environments.
White paper:5 Secrets to SQL Server Availability This paper reviews five proven secrets to affordable SQL high availability that will help IT managers implement a SQL Server environment with little or no downtime - and zero data loss.
• Potential pitfalls to avoid when virtualizing SQL Server
• How to increase reliability and availability of a virtualized SQL Server environment
• A SQL Server virtualization case study (Sullivan Group)
On-Demand Webinar: SQL Availability: Protecting your Database and Applications featuring Microsoft SQL Server MVP Stephen Wynkoop, helps IT administrators understand SQL back-up and restore options. Wynkoop also presents his Concentric Rings of Recovery plan, which covers the four levels of preparedness for local, alternate, off-site and remote locations.
Also, be sure to check out some addtional SQL Server resources, including SQL user groups, SQL Server job boards, SQL MVP blogs and Twitter feeds, and other SQL-related info.
Congratulations to Richard Potter of Boeing, the winner of a $50 American Express gift card for participating in our September survey on Windows application high availability. To participate in future Marathon surveys, sign up for Marathon's monthly newsletter: http://www.marathontechnologies.com/news.html (see the right-hand column for sign-up.)
Thanks again to those who joined us for last week’s webinar, "Windows Server 2008 High Availability: Technology Comparison." The on-demand recording of last week's webinar is now available to watch at your convenience (here).
We had a lot of good questions from our attendees during the Q&A portion of the webinar, which are summarized below.
Q: How do you determine when to use an HA solution vs. a DR solution?
When it comes to availability vs. recovery, the most important question to ask is what are your recovery time objectives (RTO)? What is the amount of time your application can afford to be down? If the applications have strict requirements, then you want an availability solution. Disaster recovery is data replication often times with a failover capability, not availability. For critical applications, this may not be sufficient.
Q: If I have an HA solution in place, do I still need a solution for backup?
Availability and backup are two different things. That question comes up a lot, along with the need for disaster recovery. Backup will never likely go away completely. You still need to backup your data to ensure recovery in the future should that be necessary.
Q: Is everRun available for Linux applications?
Yes. We can provide basic failover capabilities for Linux applications today.
Q: How does everRun differ from replication solutions? everRun 2G is used for availability, both locally and for short-distance geographic separation as well. We have a replication and recovery solution as well that can be used for disaster recovery for long distances. You should determine what your objectives are: do I have to keep my applications up and running or do I just need to recover it if something fails? What’s the recovery time objective for each application? It’s up to your individual applications and what level of protection you need for each. Often times availability is a priority as downtime is not desirable, with DR also a requirement on top of that to ensure recovery in the event of a major outage.
Q: Can everRun be used for planned downtime (i.e. to keep one host running for end-users while the application on the other host is being upgraded)?
Yes, everRun can be used to help facilitate certain system updates to reduce interruptions and mitigate risk.
Q: Can it work between two virtual machines and on x64 based systems?
Yes, we support XenServer and 64-bit hardware and Windows Server environments.
Q: Does Marathon offer backup solutions for everRun users?
We have methods to backup your systems and we’re working improving on our current offerings to make them quicker, easier and more granular.
Q: Can everRun work with dissimilar hardware? Can everRun work with more than two servers?
From a server standpoint, you just need similar processors; storage does not need to be similar. You can have SAN on one side and NAS on the other or any other combination. On the second question, yes, everRun will work with more than two servers. You can build a pool of servers and protect within that pool.
Q: Does everRun have backward compatibility with older OS?
Yes. It will work with Windows Server 2003, and also Windows Server 2008.
Q: Can everRun run on the Foundation Server Edition of Windows 2008? It does not. everRun supports the full implementation of Windows Server 2008. everRun runs underneath Windows, it does not install into Windows.
Q: How does everRun handle data stored on NAS? Storage is transparent to everRun. We look at storage as just a LUN.
Q: What is difference between everRun HA and everRun 2G in Windos Server 2003? The differences are the ability to create multiple workloads. HA can protect one workload. everRun 2G can protect multiple workloads. There is also a new and improved graphical interface with better reporting and management capabilities.
Q: Does everRun work with XenServer 5.5? Yes, everRun works with XenServer 5.5.
Q: Are there any changes in WS 2008 & WS 2008 R2 in the way that HA improves? Yes. You can find an overview of those changes directly from David Hanna of Microsoft in our recent webinar and white paper “The Top 10 Reasons to Upgrade to Windows Server 2008.” You can also read the Q&A with Microsoft from that webinar here.
Q: Is everRun 2G available for Microsoft Hyper-v? We will provide support for Hyper-v in a future release.
Q: With applications using various DNS names, how does this solution integrate with DNS changes? (failover to remote office for true DR-different IP/network) everRun availability solutions pairs systems within the same subnet of vLAN, eliminating the need to make any DNS changes.
Q: Question is tied to what permissions are needed to do a recovery. For recovery in active Directory most items need to replicate around that there was a change and we do not want to hand out Admin control over the domain(separation of access) everRun is designed to not require any changes to Active Directory during or after a failure or recovery.
When it comes to high availability, taking a “one-size fits all” approach is highly inefficient. I recently spoke with Carryl Roy, editor of Virtual Strategy Magazine to discuss the different levels of availability, why these are important and how to select the right level of protection for each application. We also talked about how to set recovery time objectives and how tiered or selectable availability can optimize protection with less resources and at lower costs. I discuss these topics in the video below, which is featured on the Virtual Strategy website.
How many times do you check your email each hour? Recent studies have shown that the average worker checks email once every 15 minutes, with some users checking email as often as 40 times per hour. In addition, growing use of iPhones, BlackBerrys and similar email-enabled mobile devices means that employees have become attached to their email at all times, with some checking their device as soon as each email arrives. Now that email has evolved into a must-have business communications tool, employees have come to expect access to their email 24x7, with very little tolerance for downtime.
Meeting the “always on” expectations of employees creates challenges for the IT administrator. Service-level agreements (SLAs) are increasingly stringent and demanding as users require non-stop access to email and other collaborative features of Microsoft Exchange. Availability of Exchange is paramount, as well as protecting the integrity of your Exchange data. In order to maintain Exchange availability, every component of the Exchange infrastructure needs to be considered. You can protect your mailbox server to the highest degree, but if your DNS server fails, the Exchange server may not be accessible.
To help your company protect its Exchange environment, Marathon has developed a series of steps for achieving optimal Exchange availability. The tips are designed to help identify what availability levels should be designated in order to achieve Exchange SLA commitments with fewer resources and lower costs.
Define Availability Objectives
Creating availability objectives is an important first step in formulating Exchange protection strategies. This is typically done by establishing Recovery Time Objectives (RTO), the time it takes for an application to be running again, and Recovery Point Objective (RPO), the point in time to which the IT professional can recover data in case of a failure, for your Exchange environment.
RTO and RPO baselines establish the SLAs you commit to for the overall company, business units, or specific internal groups. You may even have different Exchange SLAs for different users within your company. For example, you may have an executive group that requires 24x7 email access, while the rest of the company can withstand Exchange downtime of up to one hour. In addition, consideration should be given to what level of protection is needed for the other components of your Exchange infrastructure, such as Active Directory and DNS servers.
Understanding the Levels of Availability
There are multiple levels of availability to consider for different applications and their support infrastructures, starting with basic failover and recovery, moving up to high availability, and all the way to continuous availability for extremely transaction-sensitive applications.
1. The Recovery level is for those applications for which recovery time (RTO) of a day or more is often acceptable. Some downtime is acceptable, and even significant downtime won’t have a detrimental effect on the business. Assurances that recovery will happen is not a requirement.
2. The High Availability level is the home of the majority of applications that run the business, such as email, CRM, financial systems, and databases. These are systems with high downtime costs, and therefore short RTO requirements. These applications require assurances that they will not be down for extended periods should failures occur.
3. The highest level of availability is Continuous Availability in which even brief moments of downtime or a single lost transaction can be extremely detrimental and/or costly to the client or business.
As you establish availability objectives for different groups of Exchange users, you need to consider the protection requirements for your entire Exchange infrastructure, beyond just the mailbox server. You will need to protect all of the components of the Exchange environment, in addition to the different workloads deployed on the mailbox server. Also, don’t forget that the way your company uses Exchange today might change in the future. You may use Exchange today for general correspondence, but within the next year you may plan to use email to process orders. This adds to the need to have multiple levels of availability to assign to the components of the Exchange infrastructure and Exchange user groups. Additionally you’ll need flexibility to change those levels as your business changes.
Assigning Levels of Availability to Exchange Environments
A meaningful exercise to undertake is to apply various levels of protection to your Exchange infrastructure based on your SLA commitments. First look at the users and their requirements for Exchange access. Do you have a single SLA in place for all users, or do you have multiple user groups with different SLAs? If you have a single SLA in place company-wide, you can deploy those users in workloads based on email usage and assign them a single level of protection. However if you have different SLAs for different business groups, you can divide those into multiple workgroups on the mailbox server based on their SLA requirements.
For example, if you have an executive group that needs a 24x7 uptime, then you should consolidate those executives in a dedicated Exchange workload and assign a level of protection that will provide continuous availability. Sales people can often fall into this category as well, requiring non-stop access to email and Exchange collaboration features. Other employees may have less stringent SLAs in place and would require a lower level of protection.
It is also important to keep the components of Exchange, including the DHCP server, DNS server and Active Directory server, up and running. If one or more of these components goes down, requiring the IT administrator to manually intervene could cause excessive downtime for Exchange and exceed your SLAs. Automatic recovery from failures enables you to keep the Exchange environment operating to meet your SLA commitments. Assigning a level of protection to the supporting systems, including the DNS, DHCP, and Active Directory servers, equivalent to that necessary to meet your Exchange SLAs is as important as protecting the actual Exchange servers. Any single point of failure could bring down a well protected Exchange server.
For remote employees and “road warriors”, your company may also have a BlackBerry Enterprise Server (BES) and/or Client Access Server (CAS) implementation, to serve as a secondary or backup method for remote email access. The BES and CAS implementations should be protected to the level you require based on your remote email access strategy and user SLAs.
Establishing RTO and RPO for SLA commitments, determining the right level of availability protection to meet these commitments, and protecting all components necessary to support an Exchange environment will help create n robust and reliable messaging system.
We had a lot of good questions from our attendees during the Q&A portion of the webinar, which are summarized below.
How does everRun synchronize and how often?
everRun synchronizes as the data is written to the virtual machine. It’s not done on a time stamp. It is synchronously written to both physical hosts. We do a bit check to make sure both sides are written prior to responding back to the application, stating that it has been written, so that the data is always in a constant state and there is no data loss.
If I already have XenServer installed, can I install everRun on top of it, or do I need to reinstall XenServer?
everRun can be installed into existing XenServer environment. We do have resource pool requirements, so as long as you in a resource pool or can join yourself to a resource pool with a second server, or multiple servers for multiple host pools, we can be installed into an existing XenServer environment.
How does it support local storage? If the server that is hosting the storage goes down, what happens?
We mirror the virtual machine across two servers, so there are two copies of your virtual machine. Where we sit in dom0 (Xen domain zero), we have filter drivers sensing that type of situation. When using Level 2 protection with everRun, if you lose local storage, we leverage the copy of the info on the second server for zero downtime. If you were to lose the entire server, it would failover to the other side and start in Windows services. In Level 3, the same procedure applies to local storage. If you were to lose the entire server with Level 3, everRun allows it to simply continue functioning because we are running active-active.
Have you used this with a building automation system, such as Andover Controls Continuum which runs on a SQL Server?
We have a very large building automation practice here at Marathon and have worked with all flavors of SQL server. We have been working for years with building automation and security companies such as Johnson Controls, Tyco, Andover Controls, Siemens and many others. As long as the building system runs in Windows Server 2003 or 2008, we can provide availability for it with no custom scripts or custom coding.
Can everRun be used with homegrown or custom applications?
Yes. everRun is completely transparent to the application and can support any and all Windows applications without any modifications, customizations, or scripting.
Can everRun protect a workload that is physical on one side and virtual on the other?
We do not support P2V today, but we have an ongoing research project on this topic. You can contact your sales rep for more info.
What is the maximum number of workloads that can be run using everRun?
The best way to answer this is to look at your virtualization planning assessment, including power capacity planning and hardware capacity planning. If you can support 10 virtual machines on a server, then you can support 10 virtual machines protected by everRun on that server with no problem. We also require a similar machine as the secondary server running on the same resource pool. It really comes down to how much your hardware capacity can handle.
How to take care of software corruption?
Because we are a synchronously written high availability solution, if there is software corruption on one side, we are going to replicate it to the other side. We sit at an asynchronous block-level filter driver location, so we have no ties to the software. So if it corrupts, it will corrupt on both sides.
Are you currently developing for Exchange 2010?
Yes, everRun will support Exchange 2010.
Does everRun support Small Business Server?
Yes we do. We’ve tested and qualified it for 32-bit and 64-bit versions of Windows Server 2003 Small Business Server Edition.
Does everRun replicate all server data including application data like a SQL database?
Yes. We replicate synchronously at a block level. We sit inside dom0. We then send the info block level to the other side. We do a block check and then we check our bit map to make sure the blocks are synchronously written on ongoing basis.
Can everRun be installed on top of XenServer 5.5 ?
Yes. We will support 5.5 in our next release scheduled for September.
Can we achieve DR?
Marathon offers a couple of options for disaster recovery (DR). Our SplitSite product can be used for metropolitan/campus DR, up to 150 miles apart, depending on your network conditions. We also offer everRun DR, for DR sites that are more than 150 miles apart.
Is the disk mirroring full copy or delta?
Upon initial protection we do a full copy. After you have a failure, such as an iSCSI card failure, we will do a delta copy back over to what’s missing. If you lose the entire RAID set, then we will need to do a full copy again.
Is the price of implementation based on the server capacity?
You need to purchase a license for each server in the pool. In terms of virtual machines (VMs), the license covers as many VMs as you can support in a box.
Douglas Brown of www.dabcc.com recently interviewed Michael Bilancieri, Senior Director of Products and Tom Reed, Senior Systems Engineer. Michael, Tom, and Doug discuss the Marathon everRun high availability solution, what's new, how it works, how it adds value to Citrix XenServer and Microsoft Hyper-V, and much more.
Our July 30th webinar “Top 10 Reasons to Upgrade to Windows Server 2008 Now” was very well attended, and as expected, generated a lot of good questions. So many questions, in fact, that we weren’t able to answer them all during the live Q&A portion of the webinar.
For your convenience, we’ve captured all of the questions below. Answers have been provided by our speakers, David Hanna, Infrastructure Architect at Microsoft, and Michael Bilancieri, Senior Director of Products at Marathon. The questions are grouped by topic, starting with Windows Server related questions and then Marathon everRun related questions following after.
How seamless is the migration from Windows Server 2003 to 2008?
It really depends on the workload. Active Directory upgrade is similar to the 2000 to 2003 upgrade, and should not be disruptive. Cluster migrations require a rebuild of the cluster. For IIS, many applications can be migrated easily. It’s best to look on Microsoft.com for migration info that is specific to your workload. Simply introducing a Windows Server 2008 server into a 2003 environment should be seamless.
Going from Windows Server 2003 to 2008, do you recommend upgrading or re-installing the operating system?
Microsoft supports an upgrade of the OS only – no applications. Most customers however, choose to reinstall with Windows Server.
Any difficulties adding a Windows 2008 Server into a 2003 domain? Anything to watch out for?
Adding Windows Server 2008 Member servers to the domain should not be an issue. There are no special things to watch out for, until you start adding Domain controllers. Note that if you add a 2008 member server, and do not extend the schema, some things will be unavailable, like the enhanced DFS capabilities in 2008.
Can I do in-place upgrade AD server 2003R2 to Server 2008 without any problem? Also, can I do that same thing with Exchange 2007 server on SRV2003R2?
Microsoft only supports the upgrade of the Operating System from 2003 to 2008. We do not support the upgrade of Windows Server 2003 with applications, so the Exchange 2007 upgrade would not be supported.
Is it possible to use the same imaging deployment method for Windows 2008 physical and virtual machines (in VMware) for consistent builds?
It is possible to use traditional imaging methods for physical and virtual, however in the virtual environment, most customers tend to use template Virtual Hard disks to deploy systems, as it is faster and more flexible than imaging.
What is the difference between GPO and NAP?
Group policy is a part of Active Directory that allows for management of users and computers. NAP, or network access protection provides endpoint health checking for network clients. This integrates with network components to restrict or allow network access. Client NAP configurations can be controlled by GPO, and some GPO settings can be enforced by NAP.
Does NAP work for VPN connections as well?
Yes. It is integrated with Microsoft VPN as well as some partner solutions.
Does XP pro and 2008 Server talk well together? What’s a better path, upgrade your clients to Win7 then servers to 2008? Or vice versa?
XP will work in a 2008 domain environment, but it won’t be able to take advantage of all of the features of 2008. Vista is designed to complement 2008, and Windows 7 works best with 2008 R2 (or 2008). I would recommend deploying Windows Server 2008 for workloads that will gain the most benefit – this will allow you take advantage of it immediately. Then follow with Windows 7 when you are ready.
Do terminal servers have central management to manage users and applications?
There are a number of tools to centrally manage the environment. R2 adds a connection broker component that will publish apps from multiple servers. However, apps still need to be published on each server, and permissions need to be set that way as well. Citrix provides some great centralized mgmt tools that enhance the native tools.
Will 2008 support XP clients?
Yes. 2008 will support XP for many things including Terminal Services, with RDP 6.1 client, NAP, with XP Sp3, Group policy preferences and many other features. Windows Vista and Windows 7 however, are able to take advantage of more features.
I have two Windows 2008 servers that are going to be setup as a cluster for Exchange 2007. Is there a document for setting up the “heartbeat” connection between the two servers?
There are many documents on technet that will help. When you build the cluster, the validation wizard will check the configuration of the heartbeat network to make sure its configured appropriately. Typically, a 2 node cluster will use a cross-over cable, although a non-routed VLAN on a switch also works. Some docs:
Regarding the NAP, once a client is quarantined, is there a policy or rule that the admin must create to get the client healthy? Meaning, is it automatic or does the client sit there until someone checks the quarantined clients and fixes the issues?
NAP can be configured to auto-remediate certain things – turning firewall on, turning on autoupdate, etc. For AV, or patches, users can be directed to a web page with simple instructions or links to update the client.
Has load balancing improved with 2008 and TS?
It has been made simpler. Many customers found NLB to be complicated for what was needed on Terminal Services. TS on 2008 uses DNS round robin for initial connection with the TS Farm, then load balancing across nodes is handled by using RDP session load balancing.
How many machines can run on a single user MS Windows Server 2008, because we want to move to VMware soon.
Microsoft supports up to 192 VMs on Windows Server 2008, and 384 on Windows Server 2008 R2. Typically numbers will not be anywhere near this, as other system resources will bottleneck. Details can be found here: http://www.microsoft.com/windowsserver2008/en/us/hyperv-faq.aspx#HyperVWindowsServer2008Specific
Is MS Windows Server 2008 VMware built-in?
Microsoft’s virtualization solution, Hyper-V, is built in to Windows Server 2008 and R2.
How would Hyper-V handle the VMware over committing resources, for example, is ESX server only have 8GB RAM but it can assign 16GB RAM to the VMs because it holds the memory and only releases it when it is required. The main reason for Exchange on a ESX box is not a good idea.
Hyper-V does not support over-commit of memory resources. To assign 8gb of RAM to a VM, you must have 8gb available. This improves performance and security.
What happens when a file which has been transferred/shared to a branch using Branch Cache is opened in the main office? Will the branch be informed about this and vice versa?
When clients use branch cache, each file is referenced by a hash. When a client tries to retrieve a file from the central office, it checks the hash of the file, then compares it to what is in the local cache. If the file has changed, then the hash would have changed, and the client would retrieve the updated version. The branch is not informed if the central copy is opened, only if it is changed, through the hash mechanism.
What is the maximum supported DFS server in 2008? In 2003 I think it is less than 70GB and that was not enough for me.
The File Replication Service in Windows Server 2003 had trouble with replication when data sizes got too big. Windows Server 2008 uses DFS-R (Distributed File System Replication) for replication – this uses an algorithm call Remote Differential Compression, which compresses files, and replicates only changes. This makes replication more efficient, an able to support large volumes of data. The limits that existed in 2003 for data size are either removed, or raised greatly.
What is the standard vs. reduced footprint for Windows 2008?
Processor requirements for Server Core and full Windows Server 2008 are the same. Minimum memory recommendations of 512mb are also the same. While the system requirements on Microsoft.com don’t list separate requirements for Server Core, it typically requires less disk space than a full installation. Additionally, Server Core has fewer roles to install (only 9), fewer services running, and has no GUI.
Are there any plans to integrate snapshot technology within Hyper-V?
Hyper-V already supports snapshots at two levels. First, it supports snapshots of the Virtual Machine itself, through use of memory copies and differential disks. The other snapshot capability is a snapshot backup, performed by the host Hyper-V system, using Volume Shadowcopy Services to back up the running VMs.
Can everRun protect a workload that is physical on one side and virtual on the other? everRun does not install INTO a Windows system, so it isn’t able to protect a ‘physical’ system in this sense. Many of our customers choose to keep some of their applications isolated to a physical server with no other applications or VMs on that host while protecting them with everRun. This is done by creating a single Windows environment within the everRun environment. Although the capability is there to create multiple, a single is the desired approach.
How does everRun handle data stored on NAS?
everRun can use any product data that resides on any type of storage. everRun sees the storage repository as a disk volume and can mirror between any two.
How many licenses for the operating system do I need for this solution? Do I need two licenses for the application (i.e. Exchange) as well?
Typically two licenses of Windows are required, however the Enterprise edition provides benefits when running in virtual environments. Please check with Microsoft on this and with your application vendors as all vendors have different licensing terms for redundant/high availability systems.
How well does everRun work with dissimilar hardware (i.e. at the DR site using older servers)?
There are some requirements for similar server components. If two supported servers are utilized and one happens to have a slower processor, the application may run at the slower speed, depending on the level of protection chosen within everRun.
Does everRun replicate all server data including application data like SQL databases?
Yes. The entire operating environment and all disks, including the OS, application, and application data are mirrored.
Is everRun effective for small companies? For example, an Exchange environment for less than 200 users?
Absolutely. Many of our customers are smaller to mid-sized businesses who require an availability solution that is simple, effective, and doesn’t require SAN storage or dedicated IT staff to manage.
Does everRun support MS Small Business Server?
Yes. Our everRun solution will work with any version of Windows Server, 64-bit or 32-bit. We work for small scale solutions all the way up to enterprises.
Will everRun support Exchange 2010 DAG location geographically?
We are still researching Exchange 2010 capabilities and how they can best be supported by everRun. At this time we are not yet clear on how DAG will or can be supported.
How are system upgrades handled in the everRun environment?
A single upgrade is performed on the single exposed Windows environment. Both of the redundant systems will be updated automatically by everRun. everRun also offers mechanisms to reduce the risk and associated downtime of system upgrades.
How does the actual SQL server app run in the everRun environment?
Exactly the same as it does in a non-everRun environment. everRun sits below the Windows environment therefore there are no application changes required.
The everRun software sounds great, but it requires two physical servers. Any hope of moving forward to do the same work within a VMware or Hyper-V environment?
Today everRun supports virtualized environments running on Citrix XenServer. We announced a joint development agreement with Microsoft back in early 2009 to provide everRun Fault Tolerance within a future version of Windows/Hyper-V.
How is everRun migrated with Windows 2008 hypervisor?
everRun will support a future Windows/Hyper-V release as part of the joint development effort between Microsoft and Marathon.
What system resources are used by everRun?
A small (varies a bit by the application that is running) bit of CPU and memory overhead is consumed by everRun.
If you’ve been thinking about upgrading to Windows Server 2008, be sure to attend our July 30th webinar featuring guest speaker David Hanna, Information Architect at Microsoft. David will review the new Web tools, virtualization technologies, security enhancements, and management utilities available in Windows Server 2008. You’ll also have a chance to ask David any specific questions you have about Windows Server 2008 during the live Q&A portion of the webcast.
In preparation for the webinar, we asked David to answer a few of the common questions that we have been hearing from our customers in recent months.
Q: One of the biggest concerns we hear from our customers and partners is that in this current economy, IT departments are being asked to do a lot more with less people. How can Windows Server 2008 help with this issue?
Across all of my customers, everyone is talking about cutting costs, and getting more out of their current investments. When we start digging into the features of Windows Server 2008, customers are finding tremendous opportunity to optimize their environments. A few of the major areas of cost savings I’m seeing are:
Reduced deployment time and costs with Windows Deployment Services
Reduced management cost and effort with PowerShell and Server Manager
Hardware and Workload Consolidation with Hyper-V
Licensing consolidation with Enterprise and Datacenter models for virtual environments.
Q: What about the challenge of managing remote and branch office locations?
Branch offices have consistently been a challenge to manage, primarily due to lack of on-site staff. Windows Server 2008 brings some major new components to the picture that will greatly ease branch office management. These features include the Read-Only Domain controller, which makes the remote DC secure, and replaceable, Distributed File System, Windows Remote Management, Server Core (lower surface attack area), and improved Terminal Services for application delivery.
Q: A lot of our customers work in “always-on” industries like manufacturing, healthcare and broadcast media, where server downtime can be very disruptive to their business. How does Windows Server 2008 support these demanding environments?
Windows Server has always addressed high availability with Clustering Services. Windows Server 2008 has brought some huge enhancements to the Cluster Service that will reduce the complexity of clustering, while increasing availability. Failover Clustering in Server 2008 has a new validation wizard that will validate hardware and software configurations, resulting in easier, more reliable cluster deployments. The reliance on a quorum drive has also been removed, so there is no longer a single point of failure in the cluster. Also, Failover Clustering has been enhanced to support multi-site clusters to support organizations that need site-to-site failover. And, as always, when organizations need to take availability to the next level, Microsoft continues to work with partners like Marathon to extend the native capabilities of Windows Server.
During the webinar, Michael Bilancieri, Sr. Director of Products for Marathon, will discuss how to extend the high availability features of Windows Server 2008 to fault tolerant protection with Marathon’s everRun software and how organizations can now confidently migrate mission critical applications from Unix or proprietary platforms to realize big cost savings.
Registrations for this webinar are limited and we are expecting a large turnout, so be sure to save your spot by registering today.
Stephanie Balaouras, Principal Analyst at Forrester Research, has an interesting blog post this week on ZDnet about the increasing interest in high availability from her clients. In her article “How Do We Measure High Availability?” she makes several key points:
As companies become 24X7 “always on” operating environments, they are becoming more and more sensitive to application and system downtime.
HA is no longer an all or nothing discussion about proprietary fault-tolerant systems or high-end clustering solutions. Today there are lower-cost alternatives that provide the required level of availability at a cost justified by the risk and cost of downtime.
Developing and agreeing upon SLAs is the toughest part of HA planning, but these KPIs are good starting point toward metrics that matter to the business.
Earlier this year, we spoke with Stephanie about the topic of virtualization and high availability. You can read that Q&A here. For additional info on this topic, you can also download Forrester's recent white paper "X86 Server Virtualization For High Availability And Disaster Recovery."
Bhumik Patel of Citrix has posted Part II of the Citrix and Marathon demo at SAP on his blog. Part I of Bhumik’s blog series looked at specific details on Citrix Delivery Center and the Disaster Recovery demonstration for SAP NetWeaver.
Part II covers different high availability solutions also demonstrated at SAP. In addition to this blog series, a Reference Architecture document provides all the technical details about Citrix and Marathon solutions implemented for SAP. When looking for an HA solution, various factors such as application criticality and business impact must be considered before choosing a particular solution for an application. A more detailed report on determining availability requirements can be found here.
The following video from Citrix features the Marathon everRun VM Level 3 High Availability solution demonstrated at SAP Co-Innovation Labs in Palo Alto.
Analyst firm The 451 Group has just released some very interesting findings about virtualization and availability in a recent report by Chief Analyst John Abbott. Some of the key take-aways include:
• Virtual infrastructure can form the basis of fully automated availability processes. Availability becomes a default property of the virtual machine.
• ‘Dial up’ levels of availability can be implemented, depending on the requirements of specific applications or departments.
• If a system restore is required after a disaster, it’s usually much easier and much quicker to restore a virtual machine than a physical machine.
• Virtualization infrastructure is already a core component in datacenter automation, unified computing (the bringing together of servers, storage and networking) and cloud computing. Availability services based on top of a virtualization layer will slot right into any of these longer-term initiatives that customers may be working toward.
• Industrial-strength storage networks, currently a best-practice requirement for virtual availability, will lose ground to alternatives, which are maturing.
• The worlds of high availability and disaster recovery are coming together as virtualization is added to the mix.
• Tools more friendly to end users are likely to emerge, reducing the load on enterprise IT support staff, but requiring sophisticated underlay technology.
We had an incredible amount of great questions during the Q & A session of our April 16th webinar with myself, and John Humphreys of Citrix Systems, and Doug Strain of HP. I’ve posted the questions and responses here on our blog for everyone’s benefit. This webinar was recorded in case you weren’t able to attend, click here to view the webcast!
Q: Is everRun VM ready to work with free of charge XenServer?
A: The new version of everRun VM software (available mid-May) works with the new free enterprise-ready version of Citrix XenServer as well as Citrix Essentials.
Q: Is a SAN required to implement these fault tolerant solutions?
A: No, SAN is not required, but is certainly supported.
Q: How much does the license for everRun cost? Where do I go for everRun Pricing?
A: For more information on pricing, please contact the Marathon Sales Department at 888-682-1142 or info@marathontechnologies.com , or contact your Marathon reseller.
Q: How does everRun synchronize, and how often?
A: everRun VM performs an initial mirror of the entire VM upon protecting it and continuously mirrors it in a synchronous manner to ensure that the two paired systems are always identical.
Q: What are the overheads CPU, memory, and bandwidth for running everRun?
A: Overhead varies depending on the hardware, storage, applications and load. We will have performance data available shortly that shows the variance between a standalone VM and one that is protected with everRun.
Q: To summarize Marathon Technologies’ solution, is it replication of VMs between two VM Hosts? How much resource does this take away from VMs / VM Host?
A: everRun is not a replication technology, but rather a fault tolerant solution that offers the ability to synchronously mirror the entire VM between two physical XenServer hosts. Should one host suffer a component or even system failure, everRun VM allows the application to continue running without interruption. Here is a flash demo that explains how everRun VM works. Overhead varies depending on hardware, resources, and application load. We are currently benchmarking performance characteristics and should have them available within the next few weeks.
Q: Does the restart disconnect users connected?
A: For most hardware failures, there is no restart. everRun VM simply redirect I/O (storage and network) to the secondary host. If level 2 protection is utilized and a host is powered off, there is a brief interruption while the VM is restarted on the secondary host. With level 3 protection, there is no interruption even when a host is powered off.
Q: How many servers can you have in a pool?
A: everRun VM is qualified for up to 4 XenServer hosts in a single pool.
Q: Does everRun provide offsite datacenters which host VMs? Or do they offer software, or both?
A: everRun is a software solution that mirrors the entire VM to a secondary XenServer host either locally or at a remote location. We do not offer hosting services.
Q: Does Citrix FT/HA need shared storage?
A: There are three levels of protection available within everRun VM; levels 1, 2, & 3. Level 1, XenServer HA, is included as part of Essentials for XenServer and does require shared storage. everRun adds level 2 and level 3 fault tolerant capabilities and allows the option of using shared storage or independent storage between which everRun will synchronously mirror the entire virtual machine and all its data.
Q: Any migration tools off VMware?
A: There are a number of migration tools that can perform virtual-to-virtual (V2V) migrations from VMware to Citrix XenServer where they can then be protected by everRun VM. Please contact Citrix or Marathon for further details.
Q: Does Geographic Fault Tolerance require the two servers to be on the same subnet or can they be across routed networks?
A: Yes, the servers within an everRun configuration must be in the same subnet or on a common vLAN.
Q: What is the support for Windows Server 2008 timeframe?
A: The new version of everRun VM (available mid-May) will support Windows Server 2008.
Q: Does Marathon’s product protect SMP VM’s, or just single processor VM’s?
A: everRun can support multi-processor VM’s.
Q: With everRun, is it possible to sync VM’s across a WAN without SAN block replication? ie: local storage to local storage?
A: Yes, everRun will mirror the entire VM, including OS, application, and data, between two XenServer hosts with separate storage. These two systems are kept synchronized continuously.
Q: We have a custom application we currently run on a MS active/passive cluster. One of the useful things is we can update the code on the passive node, flip to it and if there is any issue, easily flip back to the original node. Is there a way to do this with everRun? ie: “pause” the sync and flip which is active VM?
A: For upgrades, everRun allows one side of the pair to be taken offline for applying and testing upgrades before applying them to the live running system.
Q: Is everRun part of Essentials, or is this a different product add-on? Does it require Essentials or just the hypervisor if it’s an add-on?
A: everRun is a separate product from Marathon Technologies and is not included in the Essentials offerings. everRun does support the Essentials offerings as well as the free edition of XenServer. everRun is simply installed on top of XenServer.
Q: Can you confirm that Marathon HA is an existing part of Citrix Essentials?
A: everRun VM is not bundled with Citrix Essentials for XenServer, however it can easily be installed on an Essentials deployment. Citrix Essentials for XenServer does include level 1 or auto-restart HA (XenServer HA) which was jointly developed by Marathon and Citrix.
Q: I have a question about switching virtual IP or domain name to the remote standby site in case any disaster happens to the primary site. Is this handled automatically without human interference? How is DNS cache updated in the domain name servers across the world?
A: everRun VM is a synchronous solution and as such has fairly stringent requirements for network latency. everRun VM is not a DR solution that can protect systems across thousands of miles, but rather a disaster tolerant solution that allows regional or metropolitan separation. The XenServer hosts being used by everRun must be in the same subnet or common vLAN, so there is no need to make DNS or Active Directory updates when the primary host/location fails and the VM is started on the secondary XenServer host. All error detection and error handling are completely automated with no human intervention required. For long-distance replication and failover, Marathon does offer an asynchronous DR solution.
Q: Regarding the Marathon HA tool; if your HA tool handles auto failover across sites by replicating the VM files at storage level, how do you manage the network differences (for example, how will tool know which IP address etc to assign to the mirrored/recovered VM) ?
A: everRun VM requires that the servers in the everRun pool be in the same subnet or common vLAN. This allows use of the secondary server and its components without any need to change any networking records or clients to point them to the secondary system. The VM/application environment are identical regardless of which XenServer host they may be running on. The IP address, hostname, and even MAC address are always the same, making any I/O redirection or VM failover completely transparent.
Q: If I have 24 VM’s that are hosted 3 XenServers won’t providing everRun as a fault tolerant solution require me to double up on XenServer hosts to accommodate mirroring VM’s across numerous hosts?
A: The number of VM’s possible is dependent on numerous factors, including hardware and application loads. everRun VM does create a mirrored VM on a secondary host. If there are enough resources available within your three hosts, you shouldn’t need additional hosts.
Q: Does Marathon have plans to support Linux based VM’s?
A: Yes, we do plan to support Linux VM’s but do not have a delivery date scheduled at this time.
Q: Does the everRun product (or another Marathon product) allow Linux virtual machines to run fault tolerant (zero downtime with a physical host failure)?
A: everRun VM does not currently support Linux VM’s, however the level 1 XenServer HA capability available within Essentials for XenServer can protect Linux VM’s.
Q: Fault tolerant VM replication is great, but does XenServer + everRun have a restore point like solution for guest OS corruption\malfunction?
A: everRun VM is licensed per XenServer host for level 2 protection, with level-3 protection being licensed per each VM you wish to protect with complete system-level fault tolerance.
Q: How does everRun differ from Double-Take?
A: everRun VM is a fault tolerant availability solution, while Double-Take is a replication and failover solution designed for long-distant DR. For DR needs, Marathon offers everRun DR, which provides similar capabilities to that of Double-Take.
Q: Referring to the two DL380 servers in your slide… What physical hardware is used to allow the two servers to communicate with each other?
A: The XenServer hosts within an everRun VM configuration are connected either with a direct-attached crossover using GigE interfaces when the pool consists of two XenServer hosts. If there are more than two hosts in the pool, these networks will need to be configured through network switches. We refer to these connections as Availability Links, or A-links.
Q: Is there a Sullivan Group case study or whitepaper?
A: You can view The Sullivan Group case study here. You can also read the other case study we talked about in the webinar, how Argo Capital uses everRun VM to protect Exchange, BlackBerry Enterprise Server and Citrix XenApp, here.
Q: In the pictured scenario of 2 Proliant DL380’s, does the everRun use local storage on each server, or does it use shared storage?
A: everRun has the options of using either shared storage or local independent storage.
When planning your VM workloads, you should be aware of what level of availability each server will need. By splitting the amount of users across multiple VM’s you can provide a level of availability to each set of users based upon your SLA with each business unit in your company. Looking back to the availability pyramid you can choose which level of availability for each mailbox server is needed. For example if you have an executive group that needs to be up with a 24/7 uptime and only limited downtime then level 3 should be your selection on a separate mailbox server. If all of your business units require the same level of availability and have the same SLA in place then you will split your mailbox servers according to usage. Using the chart from section one we can split the users based upon the type of user. For example if you have 1,000 heavy users we would assign 2 vCPU’s to the virtual machine. Always follow Microsoft best practices when deploying the amount of users per core or vCPU.
If we look at Figure 1 we can see that that we have 4 active VM’s spread across two servers with 2 vCPU’s assigned to each. Looking at the example chart above and using figure one we can see that this design example would support 4,000 “Heavy users”. We achieve this by allowing our storage groups on each mailbox VM to support 1,000 “Heavy” users.
Let’s take a look at a basic design with 3 separate types of users spread across 4 servers. We have an executive mailbox store, a mid-management store, and a general user store. In looking over what each teams HA requirement is we have come to the following, the executive team needs 24/7 up time with no downtime except for a maintenance window once a month. The mid-management team can handle some downtime, but only a few minutes each week. The general users have no HA requirement they can be down for an hour a week if needed. So how do we decided what level of availability we would like to use, it’s easy we simply look at the application availability pyramid and we put the appropriate mailbox store at each level:
By using this simple plan you can simplify you’re HA strategy for Exchange. By distributing the mailbox stores across multiple servers on the same hardware you can save rack space as well as provide individual levels of availability based upon different business unit needs.
We had a lot of great questions during the Q & A session of our February webinar with Stephanie Balaouras of Forrester Research. We’ve posted the questions and responses here on our blog for everyone’s benefit.
Questions from the webinar:
Q: In the architecture two "mirrored" VMs are shown which are connected. Does that mean that you have to install 2 application VM servers or do you have to install just one and Marathon makes the second?
A: You only need to create one application VM. After this is created, you can use everRun to protect that application. As part of the protection process, everRun creates a “cloned” instance of the application on the second host. The instance is completely identical to the original, with the same identity, MAC address, resources, etc. It is this redundancy created by everRun that protects the applications.
Q: In the Marathon license there is HA and FT. In which are the levels 1-2-3 available?
A: Levels 1, 2, and 3 are available in a single solution called everRun VM and any level of protection can be enabled on a VM. everRun VM level 3 protection will be available in Q2.
Q: The licensing question you just answered seems different from what you used previously. You previously only had to license the VMs OS in a fully protected system. Please explain.
A: Microsoft licensing requires a valid Windows license for each side of the protected VM. Using Enterprise Edition can reduce the number of licenses required. Please refer to Microsoft licensing terms for specific details for your environment.
Q: How does the software communicate between disparate storage NAS to DAS, SATA to Fibre Channel?
A: everRun does not limit you to needing matching storage requirements on multiple hosts. Communication between hosts is done through Availability Links (A-Links), which are private networks between each host. everRun handles the mirroring at the host level, passing I/O through XenServer to write to the disks. The type of disk or connection is not relevant.
Q: How does this compare to VMWare's SRM & VDM products?
A: VMware SRM provides a mechanism to restart a VM on an alternate host, however it relies on other storage mirroring solutions (often within the storage system) to perform the mirroring. SRM does not move data or provide a comprehensive HA or FT solution.
Q: Is the product host based or a fabric based solution?
A: everRun VM is a host based solution, with a minimum of 2 hosts required.
Q: Do you need to keep a warm copy of the applications at the DR site?
A: During the protection process, everRun takes the chosen VM and clones it to the designate secondary host. This creates a complete and identical instance on the secondary host. everRun maintains these two synchronously so that they are always identical. everRun’s unique architecture exposes these two mirrored instances as a single entity; there is no need to install, manage, or update both sides, only the one single instance of the OS/application. Should the entire ‘primary’ host fail, the ‘secondary’ host will immediately start the cloned version. It comes up with the same IP address, hostname, and MAC address of the primary so that there are no client-side, DNS, Active Directory, or other infrastructure changes required.
Q: Is the DATA synchronous like SRDF or near synchronous?
A: everRun performs synchronous mirroring of the entire Windows environment, including the OS, application, and data.
Q: How does this compare to products like RecoverPoint/Replistore, InMage, Neverfail, Falconstor etc?
A: These products are disaster recovery products intended for long-distant asynchronous data replication and failover. everRun availability solutions provide true availability in a comprehensive and automated manner. Marathon also offers DR solutions for long-distant protection. Disaster recovery and availability are mutually exclusive in most cases and should generally be considered separately. They are complimentary more than competing solutions.
Q: What is the software support plan? What are the recurring costs for your product year to year?
A: We offer a Premier support plan or a Basic support plan. The only recurring cost year to year is the cost of support.
Q: What are the operating system requirements, how many copies of the OS do you need?
A: Each Windows environment is mirrored to a secondary host, requiring a second Windows license. Using Enterprise Edition of Windows allows for fewer licensed copies. Please refer to your Windows licensing terms for specific requirements.
Q: Regarding the 10ms sync time, what happens if that time increases to say 20ms due to network traffic?
A: If the latency increases beyond our requirement the paired systems may assume that one system is down and redundancy may be lost. In a properly configured environment the application should remain running while the secondary system is no longer maintained in a redundant fashion. Once the latency returns to within spec, the systems will re-sync automatically and return to a fully redundant state. Typically the application is not impacted.
Q: What are the bandwidth requirements?
A: Best practices state 155MB link between the two hosts. For local systems a simple crossover cable between the two systems is sufficient. When separating the systems the 155MB requirement becomes more relevant. This number can vary depending on the applications being protected and the amount of data being managed.
On February 24th, we’re going to be doing a webinar featuring Stephanie Balaouras, Principal Analyst at Forrester Research and co-author of the report, X86 Server Virtualization for High Availability and Disaster Recovery. Stephanie was good enough to sit down with us to answer a couple of questions we had before the webinar.
Q: Stephanie, can you give us the 10,000 ft. explanation of why server virtualization is a good alternative for high availability and disaster recovery?
A: In a nutshell, server virtualization facilitates a rapid — or even automatic — restart of applications after an IT failure, and when used in conjunction with data replication between data centers, it can restart applications at a recovery site following a primary site failure. In particular, x86 server virtualization can improve the availability of business-critical systems that are important to the business but not critical enough to warrant the investment in expensive and complex resiliency technologies like fault-tolerant hardware or clustering.
Q: You had mentioned that Forrester is seeing increased customer interest in active-active strategies for high availability. Is that just in Fortune 500 companies or is the interest broader than that?
A: Active-active isn’t just for the largest of companies. Companies of all sizes are under increasing pressure to improve their recovery capabilities but at the same time, they are under pressure to reduce costs and achieve greater operational efficiencies. Companies need an alternate site so they can failover critical business operations in the event of a primary site failure. Given the necessary investment, an alternate data center simply can't remain idle waiting for some disaster to occur. Companies must determine ways to maximize this investment to improve business operations, accelerate growth, or elevate availability.
Q: What’s changed that is driving the greater interest in active active for HA?
A: There are a couple of reasons why there is a growing interest in active-active strategies. First, as I mentioned, most companies are under increasing pressure to improve recovery objectives. In fact, most companies that I speak with have recovery time and recovery point objectives measured in hours, not days. To achieve this type of recovery, today you need to have dedicated infrastructure (servers, storage etc.) at the alternate site.
In the past, many companies might have turned to a DR services provider for their needs. For cost reasons, they subscribe to shared infrastructure services. Because the infrastructure is shared, recovery is limited to recovery of system configurations and data from tape, which means that best case scenario for recovery is 24 hours to 48 hours. As result, many companies are brining DR “back in-house” and making the business case with better recovery objectives and the ability to use the investment in the alternate site for multiple purposes.
