fP and data integrity...how to maintain on non-quiescent systems?

Keith' Weatherhead keithw at ddltd.com
Sat Feb 17 19:45:58 PST 2007 

Fairlight wrote:

***WARNING***  This is long and not for the "faint of heart"... -kfw

> Okay, scenario:
> 
> Company X is a 24/7 business running fP.
Probably not an uncommon thing for any reasonably sized FP shop, 
anymore...

> Let's assume about 80 tables or so.  Figure about 10 indexes on average.
> 
> Data goes back, say, 9 years or so, no archiving has been done, which fact
> exacerbates a problem that creeps up even if the data was kept lean.
Archiving, storage is cheap so why archive (yes I meant that 
tongue-in-cheek), but few sites "properly" archive, even those that 
attempt to, sometimes get it wrong...

> Now, let's assume they want backups.  Tape, rsync to another system,
> whatever.
> 
> "table_A" is about 30 tables in sequential directory-traversal order from
> "table_Q", and comes first in traversal order.
> 
> "table_A" is the detail file for the header information in "table_Q".
> 
> Let's nevermind that, in theory (actually, probably in practise), you could
> get indices and a key that are mismatched while backing up just "table_A".
> Let's just assume that's pretty rare, although I feel it's a bad
> assumption.
If you can't dry the system activity up, you most certainly will end 
up with indexes out of sync with data files on the archive medium. 
Worse is your database as a whole can be out-of-sync (you mention 
that below), however a re-index can fix the indexes but nothing can 
truly fix data table updates that were not captured along with other 
files...

> Let's look at the time it takes (figure about 20-30min) to rsync or
> tape-backup all the data between tables A and Q.  In that time, both tables
> may have been updated, but the detail for things that got backed up in the
> headers will be missing in your backup.
> 
> This leaves you with a non-viable backup.
YEP, and until one tries to restore and actually use, they may not 
comprehend the disaster awaiting them...

> Okay, some of you folks have been doing fP for 25 years now.  How do you
> handle this kind of situation?  Generally speaking, backups should be run
> when a system is quiescent.  I know with absolutely certainty that there
> are businesses out there using it that are 24/7 and never have sufficient
> inactivity to avoid this kind of issue.
There are ways, but they involve some foresight in design...

> I'm very interested in how anyone avoids this on an rsync.  For that
> matter, rsync aside, how do you avoid it even with Edge, tar, cpio, or
> anything else?  I'm coming up blank right now, so I ask--how does one
> avoid this kind of problem?  This kind of thing would make even the best
> bit-level verified tape/disk/whatever backup almost useless in many, many
> circumstances.  I can just see a freight system with a tracking number and
> scant partial data in the header record, but all of the supplemental data
> gone missing.  NOT a good scenario.
> 
> Interested in hearing feedback on how to avoid/defeat this problem.
> 
> mark->

Mark, this goes back to a short period of time back when you were 
putting out a thought about sync'ing multiple systems and doing 
transactional processing.  It is VERY hard to avoid transactional 
processing and having data recovery/rollback capability to be able 
to protect this scenario.  Here is how I did a project and it would 
not necessarily be easy to retrofit as most mature systems not 
designed this way would be tough to convert.

You basically design your system to be run in two states.  This 
actually can help eliminate some of the archiving -OR- make the 
archiving easier once the process is in place.

The first state is the historical state from the prior checkpoint.
These are the base "historical" files that have everything posted 
prior to the previous checkpoint.

All of your "new" transactions, (read as updates post the last 
checkpoint) are in another file (or couple of files, at most).
Your historical base is READ-ONLY for all practical purposes !!

When you access data in the historical base, you look in the 
"updates" area and make the required alterations to the "historical" 
data to reflect the current state when presenting data to the user.

The update stage is the second state and to really make the system 
robust you would have the ability to have two "update" stages, call 
them Update Set-A and Update Set-B.  With out one Update Set you 
cannot be truly 24/7 !!

Where does this get you if you have setup your application this way?

Lets say you are running on your historical files with Update Set-A 
and you want to do your backups. You set a switch in the application 
to say that "NEW" updates are going to Update Set-B.  YES, that 
means that when you reference any historical data, you then look in 
Set-A updates for amendments and then in Set-B updates before you 
present it to the user.

For system backups, you Backup the historical data and the Set-A 
updates BUT NOT THE SET-B (current running) UPDATES.  This leaves 
the historical files and the set of updates that are to be applied 
to them ALL IN SYNC, TOGETHER, ON THE SAME BACKUP SET.

Once the backup set is complete, you POST and REMOVE all the data in 
the Update Set-A file(s) into the historical files.  That way if a 
user gets data from the Historical File and then goes to the 
previous cycle update file, there will not be an entry there (as it 
has been merged into the historical base), then checks the current 
Update Set (B at this point in time) making any required amendments 
and then presents the data to the user.

Even if your system "burps" during this "merge" process, the system 
can simply be brought back up and the "merge" restarted, any number 
of times, until the "merge" is complete and a completely new 
historical base has been created.

If a recovery of the files were needed, restoring the historical 
base and the Update Set would get you back to the same exact point 
in time from your backup set.

Now the next checkpoint/backup time would switch you back to Update 
Set-A, which would be excluded on the next backup and when the 
backup is complete the Update Set-B files would then be merged into 
your historical base.

NOW, if you have managed to stay with me, you have a system capable 
of running...  24hrs a day, 365/366 days/year, perfect in-sync 
backups... all you have to do is have hardware and operating 
software that can give you those types of actual uptime statistics.

Archiving is then simply removing what you no longer want in the 
historical file set.  Maybe you have a second level set of 
historical data that contains data over "n" years old and only gets 
backed up once a week or after you archive to these files, you make 
2 or 3 sets of media and throw them in a safe as you are only going 
to change those files once a year???

A lot of work, YES... but it is about as bullet proof as you can 
build an online system.  If you had a requirement to have a "hot" 
spare system, then you could simply insert the step of sending the 
cycled update file(s) either before or after the backup operation is 
complete BUT prior to doing the merge.

Actually you could send the Update Set to the hot spare and run the 
merge, while the backups are running on the production system. 
RSyncing these update files between multiple systems would only 
require freezing things for seconds to a few minutes at the most 
because the "merge" process time DOES NOT have to ever be figured 
into the backup or recovery time... it is a parallel process that 
can occur while the system is in operation at ANY TIME !!

I had asked for some things starting back in v4.5+ to make a library 
of functions to make this complete process available to any 
developer and have never been able to get the functionality added to FP.

Unfortunately, if you truly want to have this kind of functionality 
you can take the above template, but there is a ton or work left up 
to you... I wish the supporting functions were available... could 
you imagine what FP would be like if this was built into the actual 
FP engine rather than having to be programmed by each developer?


Regards,
Keith
-- 
- - - - - - - - - - - - - - - - - - - - - - - - - - - -
Keith F. Weatherhead                   keithw at ddltd.com

Discus Data, LTD                  Voice: (815) 237-8467
3465 S Carbon Hill Rd               Fax: (815) 237-8641
Braceville, IL  60407       Nat'l_Pager: (815) 768-8098
- - - - - - - - - - - - - - - - - - - - - - - - - - - -

More information about the Filepro-list mailing list