SQL Server 2012High Availability and DRNorthern Virginia SQL Users Group23-January-2012

About Me @jdanton on Twitter Joedantoni.wordpress.com Videos and Blogs at SSWUG.org Vice President of the Philadelphia SQL

Server UG

Agenda Licensing Changes SQL Server 2008 to 2012—What’s

Changed in HA and DR Geo-Clustering All about Availability Groups

Learning Objectives SQL Server HA and DR What involved in SQL Clustering How it works What’s new in 2012 HA/DR

This presentation is geared towards DBAs—so feel free to stop at any time with questions

High Availability and DR Options in SQL 2008 SQL Server Clustering SQL Server Mirroring Peer to Peer Replication SQL Server Log Shipping*

Licensing (What’s changed) The Availability Group features will require

the Enterprise Edition of SQL Server The licensing model for SQL Enterprise

Edition has changed. Consult your friendly Microsoft sales representative for more details

Mirroring is listed as being deprecated from Standard Edition. Will still be there in 2012

SQL Server 2012 Extended Events are used much more

heavily Slipstream Install no longer required—

SQL will check for updates from your Windows Update source Can use internet Windows Update or

internal source

Windows Core Support No GUI version of Windows Allows for fewer patches Uses PowerShell and MMCs for support

Windows Core

HA and DR Options in SQL Server 2012 Backup and Recovery Mirroring Availability Groups (2012) Log Shipping Replication SAN Replication* Virtualization*

What’s new in SQL Server 2012 HA/DR Multi-subnet clustering is supported Flexible Failover The BIG one—Always On Availability

Groups

Clustering

Clustering--2008 SQL Clustering required 1 subnet to be

used across the whole cluster Cluster failover is controlled by

isAlive/looksAlive processes, which check the SQL service and run @@servername

Clustering 2012 Full support for geo-distributed clusters Flexible failover model TempDB on Non-shared Disk Resource

Makes PCI-based Solid State Drive an option

No check for this as of CTP3—instance won’t start if TempDB drive location not available

What is Stretch Clustering

Also known as Geo-Clustering

Geo Cluster

Geo-Distributed Clustering Requires SAN replication ($$$$) Two of everything Requires really fast network connection Requires some trickery at the

network/DNS level for connectivity New Term: Witness Disk

Can be physical (SAN) disk, or cluster file share

Multi-Subnet Cluster

Takeaway 2012 This feature was available in 2008, just

much more complicated to implement from a network perspective

Won’t be used by 95% of organizations

Why Do Clusters Failover?

• Initiated by failures in hardware or software

• Checked by isAlive/LooksAlive processes (in 2008R2 and below)

Flexible Failover Replaces looksAlive/isAlive functionality

in SQL Clusters (and is used for Availability Groups)

Now runs sp_server_diagnostics Two new parameters

HealthCheckTimeout (Default 60 sec/Minimum 15 sec)

Failover Condition Level

Flexible Failover Policies for Clusters

Level Condition Description

0No automatic failover or restart

• Indicates that no failover or restart will be triggered automatically on any failure conditions.

1Failover or restart on server down

• SQL Server service is down.

2Failover or restart on server unresponsive

• SQL Server instance is not responsive (Resource DLL cannot receive data from sp_server_diagnostics within the HealthCheckTimeout settings).

3 (Default)Failover or restart on critical server errors

• System stored procedure sp_server_diagnostics returns ‘system error’. (Critical errors > 20)

4Failover or restart on moderate server errors

• System stored procedure sp_server_diagnostics returns ‘resource error’. (Moderate errors > 17)

5Failover or restart on any qualified failure conditions

• System stored procedure sp_server_diagnostics returns ‘query_processing error’. (Deadlock)

Quorum

It’s not just bad cologne anymore

Understanding Quorum There are a few slides on this topic, it’s

a little confusing In a nutshell, you cluster has to be able to

talk to itself to keep the cluster service up in running

This applies to both SQL Server Failover Cluster Instances and AlwaysOn Availability Groups

Quorum Quorum is critical—contains master

copy of the cluster’s configuration Serves as a tiebreaker if network

communications between cluster nodes fail

If Quorum fails—cluster is shut down until it’s restored

Quorum Models Node and Disk Majority (Default) Node Majority No Majority (Quorum Disk Only) Node and File Share Majority (Good for

Geo Clusters)

Quorum Failure Tolerance

Number of Nodes 2 3 4 5 6 7

Node Majority 0 1 1 2 2 3

Node and Disk/File Share Majority

1 2 2 3 3 4

• Assuming Disk is Up Calculation is: Cluster Up = RoundUp(Total # of Nodes/2)

• Assuming Disk is Down Calculation is: ClusterUp = RoundUp (Total # of Nodes/2)-1

DR in SQL 2008 Mirroring

Allowed automatic failover, but only one target

Mirror target is unreadable Log Shipping

Allowed multiple targets, but failover a manual process, requiring a connection string change

Replication

AlwaysOn Availability Groups

AlwaysOn Requirements Windows Enterprise (Clustering is a

requirement) SQL Server Enterprise Edition Windows Cluster No shared storage is required Quorum Disk Preferred

Flexible AG Failover Similar to how a failover clustered

instance fails over Connects to instance every 30 seconds

to perform health check Also, similar quorum model to Windows

Failover Clustering

Allows for SAN Less HA/DR This isn’t a huge thing for SQL Server at

big shops It may allow us to incorporate a level of

DR into a virtual environment

Client Connections in This Model Availability Group Listener (Yes, SQL

Server now has a listener) Works just like a failover clustering

instance (single instance, single IP) Creates a VCO (AD Virtual Computer

Object)

Contained Databases Isolate Database from Instance

Currently only fully supported with SQL Logins

No numbered procedures Eases database movement Allows for ease of migration to Azure

Not quite baked out as of RC0

Read Only Replicas Can have up to 3 SQL Client 2012 will allow for this

routing specifically Can take backups from read-only copys*

Copy Only Backups (only full copy, does not affect primary log)

Indexing must be same on replicas Bad queries can affect status of replica

Considerations for Availability Groups All SQL servers (including the secondary in

the DR site) in the same Windows domain All the databases must be in FULL recovery

model The unit of failover (for local HA, as well as

DR) is at the AG level, i.e., group of databases – not the instance

No delayed apply on the secondary Removing log shipping means the regular log

backup job is removed Need to re-establish periodic log backup

(essential for truncating the log)

Failover Modes Automatic failover Planned manual failover (without data

loss) Forced manual failover (with possible

data loss)

Failover

Asynchronous-commit mode

Synchronous-commit mode with manual-failover mode

Synchronous-commit mode with automatic-failover mode

Automatic failover No No Yes

Manual failover No Yes Yes

Forced failover Yes Yes No

Availability Groups Demo

Summary Lots of Change in the HA/DR Space Licensing also changes—talk to your MS

rep SQL Server Failover Clusters still a good

HA option AlwaysOn Availability Groups add a lot

more flexibility to DR

Contact Info @jdanton jdanton1@yahoo.com

http://spkr8.com/s/19509