Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Introduction

Overview

Redundancy is the duplication of critical components or functions of a system with the intention of increasing reliability of the system, usually in the form of a backup or fail-safe.

For our Management Servers, there are two components: primary and alternate. They both run similar software, but the output from the alternate remains inactive during normal operation. The primary monitors itself and periodically sends an activity message to the alternate as long as everything is OK. All outputs from the primary stop, including the activity message, when the primary detects a fault. The alternate activates its output and takes over from the primary after a brief delay when the activity message ceases. Errors in voting logic can cause both outputs to be active or inactive at the same time, or cause outputs to flutter on and off.

A more reliable form of voting logic involves an odd number of three devices or more. This is ustilised in our MongoDB Database Replication. All perform identical functions and the outputs are compared by the voting logic. The voting logic establishes a majority when there is a disagreement, and the majority will act to deactivate the output from other device(s) that disagree. A single fault will not interrupt normal operation. 

On this page:

Redundancy

  • Management Servers: each Management Server is duplicated, and so has a back-up Management Server. Between the primary Management Sever and the alternate Management Server, a heartbeart pings back and forth every two seconds. If a heartbeat does not return within 10 seconds, the receiving Management Server marks the other as 'down'. If the primary Management Server goes down, the back-up Management Server swiftly takes control of the primary's Track Engines and Radar, ensuring no break or failure in the system.
  • Track Engines: Track Engines back-up one another. Under Topology, you can configure which Track Engines back up which. In this example, the Track Engines back-up one another cyclically, which is probably the most logical back up configuration. If one Track Engine fails, the designated back-up Track Engine takes control of the failed Track Engine's Radar to ensure no break or failure in the system. However, a Track Engine is only able to support double its allocated number of Radar: it cannot back-up two 'downed' Track Engine. 
  • Topology Manager:

Schematic

Related information

  • No labels

Safety is everything.