skip book previous and next navigation links
go up to top of book: HP Volume Shadowing for OpenVMS HP Volume Shadowing for OpenVMS
go to beginning of chapter: Creating and Managing Shadow Sets Using DCL Commands Creating and Managing Shadow Sets Using DCL Commands
go to previous page: Mounting a Shadow Set on Other Nodes in the Cluster Mounting a Shadow Set on Other Nodes in the Cluster
go to next page: Managing Copy and Merge Operations (Alpha Only)Managing Copy and Merge Operations (Alpha Only)
end of book navigation links

Specifying Disaster-Tolerant Management Attributes (Alpha Only)  



Starting with OpenVMS Alpha Version 7.3, qualifiers to the DCL command SET DEVICE are provided for specifying management attributes for shadow set members located at different sites. By using these qualifiers, system managers can override the default volume shadowing actions that can occur when the systems at one site of a disaster-tolerant OpenVMS Cluster configuration fail. These qualifiers, described in SET DEVICE Command Qualifiers for Multiple-Site Shadow Set Members, are designed primarily for use in a configuration that uses Fibre Channel for a site-to-site storage interconnect. They can be used in other configurations as well. The SET DEVICE command requires the OPER privilege. Note that the SET SHADOW command, described in SET SHADOW Command Qualifiers for Multiple-Site Shadow Set Members, also offers these qualifiers.

Similarly, the DCL command DISMOUNT has been enhanced by the addition of the qualifier /FORCE_REMOVAL ddcu:. This qualifier has been added for the same purpose -- to give system managers greater control of shadow set members located at different sites. For more information about this qualifier, see Removing Members from Shadow Sets.

Table 3   SET DEVICE Command Qualifiers for Multiple-Site Shadow Set Members
Qualifier Function
/ABORT_VIRTUAL_
UNIT DSAnnnn:

Use this qualifier when you know that the unit cannot be recovered. When you use this qualifier, the shadow set must be in mount verification. The shadow set aborts mount verification immediately on the node from which the command is issued. If the shadow set is not in mount verification, this command returns the error %SYSTEM-E-UNSUPPORTED, unsupported operation or function.

After this command completes, the shadow set must still be dismounted. Use the following command to dismount the shadow set:
$ DISMOUNT/ABORT  DSAnnnn

/COPY_SOURCE (ddcu:, DSAnnnn: )
Specifies whether one (ddcu:) or both (DSAnnnn:) source members of a shadow set are used as the source for read data during full copy operations, when a third member is added to the shadow set. This affects only copy operations that do not use DCD operations.

Some storage controllers, such as the HSG80, have a read-ahead cache, which significantly improves single-disk read performance. Copy operations normally alternate reads between the two source members, which effectively nullifies the benefits of the read-ahead cache. This qualifier lets you force all reads from a single source member for a copy operation.

If the shadow set (DSAnnnn:) is specified, then all reads for full copy operations will be performed from the disk that is the current "master" member, regardless of physical location of the disk.

If a shadow set member (ddcu:) is specified, that member will be used as the source of all copy operations. This allows you to choose a local source member, rather than a remote master member.
/FORCE_REMOVAL ddcu:
Expels the specified shadow set member from the shadow set.

If connectivity to a device has been lost and the shadow set is in mount verification, this qualifier causes the member to be expelled from the shadow set immediately.

If the shadow set is not currently in mount verification, no immediate action is taken. If connectivity to a device has been lost but the shadow set is not in mount verification, this qualifier lets you flag the member to be expelled from the shadow set, as soon as it does enter mount verification. .

The specified device must be a member of a shadow set that is mounted on the node where the command is issued
/MEMBER_TIMEOUT= n ddcu:
Specifies the timeout value to be used for shadow set member.

The value supplied by this qualifier overrides the SYSGEN parameter SHADOW_MBR_TMO for this specific device. Each member of a shadow set can be assigned a different MEMBER_TIMEOUT value.

The valid range for n is 1 to 16,777,215 seconds.

The device specified must be a member of a shadow set that is mounted on the node where the command is issued.

After you have applied this qualifier to a member, the setting remains in effect as long as the member is part of the shadow set. If the member is removed from the shadow set and later returned, this qualifier must be specified again.
/MVTIMEOUT=n DSAnnnn:
Specifies the mount verification timeout value to be used for this shadow set, specified by its virtual unit name (DSAnnnn).

The value supplied by this qualifier overrides the SYSGEN parameter MVTIMEOUT for this specific shadow set.

The valid range for n is 1 to 16,777,215 seconds. The specified shadow set must be mounted on the node where the command is issued.

After you have applied this qualifier, the setting remains in effect as long as the shadow set is mounted. If the shadow set is dismounted and later remounted, this qualifier must be specified again
/READ_COST=n ddcu:
Enables you to modify the default cost assigned to each shadow set member. By modifying the assignments, you can bias the reads in favor of one member of a two-member shadow set, or, in the case of three-member shadow sets, in favor of one or two members of the set over the remaining members. The specified device must be a shadow set member that is mounted on the node where the command is issued.

The valid range for the specified cost is 1 to 65,535 units.

The value supplied by the /READ_COST qualifier overrides the default assignment. The shadowing driver adds the value of the current queue depth of the shadow set member to the READ_COST value and then reads from the member with the lowest value.

The shadowing driver assigns default READ_COST values to shadow set members when each member is initially mounted. The default value depends on the device type and its configuration relative to the system mounting it. The following list of device types is ordered by the default READ_COST assignments, from the lowest cost to the highest cost:
  • DECram device


  • Directly connected device in the same physical location


  • Directly connected device in a remote location


  • DECram served device


  • Default value for other served devices


The value supplied by the /READ_COST qualifier overrides the default assignment. The shadowing driver adds the value of the current queue depth of the shadow set member to the READ_COST value and then reads from the member with the lowest value.

Different systems in the cluster can assign different costs to each shadow set member.

If the /SITE command qualifier has been specified, the shadowing driver takes site values into account when it assigns default READ_COST values. In order for the shadowing software to determine whether a device is in the category of "directly connected device in a remote location," the /SITE command qualifier must have been applied to both the shadow set and the shadow set member.

Reads requested for a shadow set from a system at site 1 are performed from a shadow set member that is also at site 1. Reads requested for the same shadow set from site 2 can read from the member located at site 2.

After you have applied this qualifier to a member, the setting remains in effect as long as the member is part of the shadow set. If the member is removed from the shadow set and later returned, this qualifier must be specified again.
/READ_COST=n DSAnnnn
The valid range for n is any number. The value supplied has no inherent meaning. The purpose of this qualifier is to switch the read cost setting for all shadow set members back to the default read cost settings established automatically by the shadowing software. The specified shadow set (DSAnnnn) must be mounted on the node where the command is issued.
/SITE = (n, logical-name) (ddcu:, DSAnnnn: )
Indicates to the shadowing driver the site location of the specified shadow set (DSAnnnn:) or shadow set member (ddcu:).

The SHADOW_SITE_ID system parameter defines the default site location of the shadow set. You can override the default location of the shadow set with the /SITE qualifier.

To simplify the use of this qualifier, you can define logical names for the site locations in the SYLOGICALS.COM command procedure prior to using /SITE. (This qualifier is also available with the SET SHADOW command, although SET SHADOW does not support the use of logical names.)

The valid range for the site location, represented by n, is 1 through 255.

After you apply this qualifier, the setting remains in effect until you change it either with this command or with the SET SHADOW/SITE command. If the member is removed from the shadow set and later returned, this qualifier must be specified again.

The following example first shows how to define the site locations and then shows how to use the /SITE qualifier:

$ DEFINE/SYSTEM/EXEC ZKO 1
$ DEFINE/SYSTEM/EXEC LKG 2
$ !
$ ! At the ZKO site ...
$ MOUNT/SYSTEM DSA0:/SHAD=($1$DGA0:,$1$DGA1:)  TEST
$ SET DEVICE/SITE=ZKO  DSA0:
$ !  
$ At the LKG site... 
$ MOUNT/SYSTEM DSA0:/SHAD=($1$DGA0:,$1$DGA1:)  TEST
$ SET DEVICE/SITE=LKG  DSA0:
$ !
$ ! At both sites, the following would be used:
$ SET SHADOW/SITE=ZKO  $1$DGA0:
$ SET SHADOW/SITE=LKG  $1$DGA1:


In this example, $1$DGA0: is the physically local device and will be the preferred device for reads.

In a Fibre Channel configuration, shadow set members at different sites are directly attached to the system. The distinction of local and remote for multiple-site Fibre Channel configurations does not exist for the Volume Shadowing and cluster software.

How to Use the Multiple-Site SET DEVICE and DISMOUNT Command Qualifiers  

Multiple-Site OpenVMS Cluster System With FC and LAN Interconnects depicts a typical multiple-site cluster using Fibre Channel. The figure illustrates the steps required to recover one site manually when the site-to-site storage interconnect fails. These steps must be taken for multiple-site OpenVMS Cluster systems that are running:

 

Figure 1  Multiple-Site OpenVMS Cluster System With FC and LAN Interconnects  
Multiple-Site OpenVMS Cluster System with Fibre Channel and LAN Interconnects

To prevent the shadowing driver from automatically recovering shadow sets from connection-related failures, you must perform the following three configuration tasks prior to any failure:

  1. Every device that is a member of a multiple-site shadow set must have its MEMBER_TIMEOUT setting raised to a high value, using the following command:
    $ SET DEVICE /MEMBER_TIMEOUT=x  ddcu:  
    This command will override the SHADOW_MBR_TMO value, which would normally be used for a shadow set member. A value for x of 259200 would be a 72-hour wait time.
  2. Every shadow set that spans multiple sites must have its mount verification timeout setting raised to a very high value, higher than the MEMBER_TIMEOUT settings for each member of the shadow set.

    Use the following command to increase the mount verification timeout setting for the shadow set:
    $ SET DEVICE /MVTIMEOUT=y  DSAnnnn  
    The y value of this command should always be greater than the x value of the SET DEVICE/MEMBER_TIMEOUT= x ddcu: command.

    The SET DEVICE /MVTIMEOUT = y command will override the MVTIMEOUT value, which would normally be used for the shadow set. A value for y of 262800 would be a 73-hour wait.
  3. Every shadow set and every shadow set member must have a site qualifier. As already noted, a site qualifier will ensure that the read cost is correctly set. The other critical factor is three-member shadow sets. When they are being used, the site qualifier will ensure that the master member of the shadow set will be properly maintained.

Multiple-Site OpenVMS Cluster System With FC and LAN Interconnects shows a shadow set DSA42, whose members are devices $1$DGA1000 and $1$DGA2000. Systems at Site A or Site B have direct access to all devices at both sites via Fibre Channel connections. XYZZY is a theoretical point between the two sites. If the Fibre Channel connection were to break at this point, each site could access different "local" members of DSA42 without error.

For the purpose of this example, Site A will be the sole site chosen to retain access to the shadow set.

The following steps must be taken to recover the shadow set at Site A.

  1. On Site A, issue the following command:
    $ DISMOUNT /FORCE_REMOVAL=$1$DGA2000: 
    Once the command has completed, the shadow set will be available for use only at site A.
  2. On Site B, issue the following command:
    $ SET DEVICE /ABORT_VIRTUAL_UNIT DSA42:
    Once the command has completed, the shadow set status will be MntVerifyTimeout.
  3. Next, issue the following command to free up the shadow set:
    $ DISMOUNT/ABORT DSA42:
    These steps must be taken for all affected multiple-site shadow sets.

go to previous page: Mounting a Shadow Set on Other Nodes in the Cluster Mounting a Shadow Set on Other Nodes in the Cluster
go to next page: Managing Copy and Merge Operations (Alpha Only)Managing Copy and Merge Operations (Alpha Only)