On 06/22/10 1:58 AM, Dimitri Fontaine wrote:
> John R Pierce<pierce@hogranch.com> writes:
>
>> failure modes can
>> include things like failing fans (which will be detected, resulting in a
>> server shutdown if too many fail), power supply failure (redundant PSUs, but
>> I've seen the power combining circuitry fail). Any of these sorts of
>> failures will result in a failover without corrupting the data.
>>
>> and of course, intentional planned failovers to do OS maintenance... you
>> patch the standby system, fail over to it and verify its good, then patch
>> the other system.
>>
> Ah, I see the use case much better now, thank you. And I begin too see
> how expensive reaching such a goal is, too. Going from "I can lose this
> many transactions" to "No data lost, ever" is at that price, though.
>
yeah. generally when money is involved in the transactions, you gotta
stick to the 'no committed data lost ever'. there's plenty of other use
cases for that too.
