Best Practices for Primary and Backup PRA Environments

Here are best practices for using failover in the backup environment and planned and unplanned maintenance environments.

 

Deviation from these best practices may result in data loss.

Failover Backup Settings

In an ideal environment, you should select one B Series Appliance as the normal primary and another B Series Appliance as the normal backup. The normal primary will almost always be primary unless there is a maintenance event, and once the event is over, the original primary will be restored to the role of primary. This practice allows you to select the proper backup options (bottom section of the Management > Failover page in the /login interface) for each site and presents the greatest likelihood that no data is lost. The options are presented in the table below.

Backup options are per-site (not synchronized) settings and are only in use when the site's role is backup. Since you have established each site as normally primary or normally backup, it may be helpful to think of these settings in a categorical framework of normal and maintenance modes, where the Backup Site Settings are in effect during normal operations and the Primary Site Settings are in effect during maintenance. In short, turn off Enable Backup Operations on the normal primary site. Do this because enabling that option will generate administrative emails and could cause a data-sync to start. This, of course, is not helpful while maintenance is being performed and could cause data loss.

Setting

Primary
Site Setting

Backup
Site Setting
Reason

Enable Backup
Operations

Off

On

Controls probing and data-syncs as well as auto-failover, both of which will be problematic if the normal primary is down.

Auto Data-Sync Interval

not applicable

user's choice

Data syncs should generally be at least once a day, but the more frequent the better. The bigger the gap, the more potential for losing data not captured with synchronization.

Bandwidth Limiting

user's choice

user's choice

Does not matter what this is set to, as long as data-syncs can occur fast enough not to overlap the next time it is supposed to sync. Remember that the backup site's setting will be the one used when they differ.

Enable Automatic Failover

Off

On for Shared IP

User's choice for DNS and NAT Swing

Presents the possibility for data loss if a data-sync does not occur before the role change. Obviously, with hardware failure, sometimes this cannot be avoided.

Primary Site Instance Timeout

not applicable

user's choice

Depends on user's choice for automatic failover.