TECHNICAL WHITE PAPER
Application and Host Failover with ActiveDR
Data Consistency
Data consistency and the type of data consistency provided by ActiveDR are important concepts that impact host failover
processes.
ActiveDR replication provides crash-consistent or point-in-time consistency for promoted target pod volumes. An internal
checkpoint mechanism captures the state of a possibly changing pod at an instant of time in which no updates are in “mid-
flight.” This point reflects all writes to the pod prior to the checkpoint in their entirety. No part of any update that occurred
after a checkpoint is reflected in the image of data replicated to the demoted target pod volumes.
Crash consistency of a pod does not imply consistency at the application level. In the case of a database, for example, the
database management system may be updating a database block while a user-managed backup is reading it. If a crash
occurs at such an instant, a copy of the block may be internally inconsistent—its header may indicate that contents have
been updated, but the updates are not present in the block content. Database blocks in this state are said to be fractured.
While crash-consistent pods may not always be consistent from the application or database point of view, they can be
recovered to a consistent state because databases and many other applications carefully order writes to persistent
storage. For example, they may record their intention to update in a log file or via a journaled file system before writing
other data. As long as target pods preserve the order of writes (updates), the application or database can recover to a
consistent state using the target pods and the crash-consistent volumes they contain.
Application and Host Failover
ActiveDR replication is asynchronous and provides crash-consistent copies of volumes, protection groups, and snapshot
history in a target pod on a second FlashArray system. Because the replication is not synchronous, the target pod contains
time-lagged data (as determined by the RPO) and its volumes have different volume serial numbers than the corresponding
source volumes.
ActiveDR does not automatically or transparently failover to the target FlashArray upon loss or unavailability of the source.
The ActiveDR failover process for applications and hosts must be triggered by an administrator. While ActiveDR failover is
not automatic, you can automate it with an API-based script or a purpose-built, third-party DR automation tool.
Because of the nature of asynchronous replication, storage administrators typically make a conscious decision to perform a
failover in the event of a disaster. It’s important to consider all aspects of the failover process, including the degree of
automation used to start up the DR site, the process for redirecting users to the DR site, any side effects associated with
the loss of data on failover (as determined by the RPO), the expected length of the outage, and more. In some cases, the
storage administrator may decide to wait for the outage to be resolved rather than engaging a full failover. In any case,
ActiveDR provides the most seamless and simple failover process for the storage administrator.