Good day!
My config: 2 nodes running WS2008 R2 SP1 and SW HA 4Tb (ver. 6.0.4768).
I did a little test on HA device: disabled heartbeat channels first and sync channels second - both nodes told they are synchronized and partner is not. Then did some writes to each node (using its target), then brought network back. Autosync happened and after a period of time I got corrupted file system on both nodes.
I think actually no sync was done, cause I seen different set of files on nodes when switching between targets.
Questions are:
1. If both nodes stated they are synchronized, how the sync source could be chosen (and was there a synchronization actually)?
2. Why did autosync took place in such a situation - thats obviuos if both nodes think they are synced and partner is not it is 99% probability of data corruption. IMHO immediate cease of all operations on both nodes is the best choise in this scenario. At least as an option that I could set for device.
3. How do I disable autosync for device (can't find an option nor when creating device neither for created one). I would prefere to do sync manually - inconvinient, but prevents data loss.
Some real-world situations when this is critical:
1. Updating NIC drivers causes momentary loss of connectivity (maybe not all the NICs, but intel cards are for sure). If, by accident, starwind service not stopped before update - just forgot to, inexpirienced administrator, etc - situation I described above is reproduced. Though a small period of time, that can be enough to damage critical data.
2. I have second node installed in our partner's server room - this is by design: second storage node must be in a separate room (corporate policy). That room is governed by other organization and I can't garanty no one will disconnect my server (e.g. during network maintance). That's a really small, but real chance.
Best regards!
The Latest Gartner® Magic Quadrant™Hyperconverged Infrastructure Software
