Virtualization and HA, Scalability
-
@kelsey said in Virtualization and HA, Scalability:
This is a picture of an IPOD. . .
AKA Inverted Pyramid of Doom.
If you lose your storage server for any reason, both physical host 1 and 2 are useless.
-
@dustinb3403 thanks
-
@kelsey Do you know why if you lose the storage server the physical hosts 1 and 2 are useless?
-
@dustinb3403 not really
-
@kelsey so the report is based on NOT having HA? Then you have a HUGE opportunity to teach the class why the challenge is that even the professor failed to identify that this isn't HA!
In fact, this is what we call an LA (Low Availability) solution. We have SO much reference material on this for you.
https://mangolassi.it/topic/8822/why-dual-controllers-is-not-a-risk-mitigation-strategy-alone
https://mangolassi.it/topic/8743/risk-single-server-versus-the-smallest-inverted-pyramid-design -
@kelsey said in Virtualization and HA, Scalability:
@dustinb3403 not really
Because you have this huge network with all of these pieces, but all of them depend on the most fragile piece - the storage server. The storage piece, often a SAN or NAS device, is the most likely piece to fail out of all of them, and it is a piece that is completely unnecessary, and it is the one piece that is not protected in any way.
-
@kelsey said in Virtualization and HA, Scalability:
@dustinb3403 not really
Look at the image and the triangle I drew on it.
Based on the image, we have to assume that all Virtual Machine storage is on the "storage server". The Physical server 1 and 2 are running the hypervisor, and attaching to the storage server (iscsi or DAS or some other method).
In this case though the method doesn't matter.
If that storage server goes down, your VM files are inaccessible and the hypervisors cannot load and run them.
IE you're up shits creek without a paddle until the storage server is repaired.
-
What your professor is proposing is know as the most standard scam in the IT industry - every vendor who thinks that they can trick someone because they don't understand risk uses this model as it is the most effective way to empty the pockets of those that try to "buy" their IT rather than doing their IT themselves.
It creates a dependency chain, for no reason, and every layer completely depends on all other layers, with the most dangerous layer having no protection at all.
http://www.smbitjournal.com/2014/11/the-weakest-link-how-chained-dependencies-impact-system-risk/
-
@dustinb3403 i get it now thanks
-
@kelsey said in Virtualization and HA, Scalability:
@dustinb3403 i get it now thanks
This also means, if the switch that the storage server goes down, you're in the same boat.
Which this leads into the conversation that @scottalanmiller just brought up which is dependency chain.
-
@dustinb3403 said in Virtualization and HA, Scalability:
@kelsey said in Virtualization and HA, Scalability:
@dustinb3403 not really
Look at the image and the triangle I drew on it.
Based on the image, we have to assume that all Virtual Machine storage is on the "storage server". The Physical server 1 and 2 are running the hypervisor, and attaching to the storage server (iscsi or DAS or some other method).
In this case though the method doesn't matter.
If that storage server goes down, your VM files are inaccessible and the hypervisors cannot load and run them.
IE you're up shits creek without a paddle until the storage server is repaired.
Right, in this example, if the storage server fails, EVERYTHING fails.
Also, if the switch fails, EVERYTHING fails.
Also, if both hypervisors fail at the same time, EVERYTHING fails.So there are three layers of potential failure. Two of them have no protection at all. Not only do they have no protection, they serve no purpose. Why is there a switch here? No idea, it's totally unnecessary. Why is there a storage server here? No idea, it is totally unnecessary. Those would never exist unless a sales person thought that they could scam the customer and really took a risk at not getting caught. (But we see this EVERY day. It's awful.)
Simply by removing those points of risk (there is no reason to replace them) we can take 99.99% of the risk out of the system.
-
@kelsey said in Virtualization and HA, Scalability:
@dustinb3403 i get it now thanks
But does your professor?
-
@scottalanmiller dont think so
-
@kelsey said in Virtualization and HA, Scalability:
@scottalanmiller dont think so
This is where you get extra credit then.
Take the same picture and cut it up into the triangle but in 4 pieces. Explaining that any piece breaks the chain, and thus the system as a whole.
The client system is just sitting there saying "WTF I can't work" and is just a distraction.
Only the servers and switch matter in that picture, and its a perfect example of what not to do when designing server systems.
-
@kelsey said in Virtualization and HA, Scalability:
@scottalanmiller dont think so
This is the fear with universities. Typically the professors are pulled from the ranks of those that failed in the field.
If your professor implemented something like this to one of my customers, we'd recommend legal action for having either actively been involved in a scam (on the fiddle) or being professionally negligent. At best we'd demand immediate termination and removal as unsafe. But we'd discuss legal action with a client, as it is a failure so heavily documented and exposed that no one in a position of making that recommendation today can reasonably claim to not have known, without claiming to have been so untrained and unskilled as to have knowingly put the company at risk by faking their ability to do the job.
-
@dustinb3403 what do u mean 4 pieces i am dyslexic
-
This article is about SAN, but really applies equally to all external shared storage in the manner that your professor proposed:
-
Pretty much in any case of any piece of the triangle fails, you lose services.
Take any 1 away and something is gone / not functional until repaired or replaced.
-
Here is a video talking about why everyone is trying to take advantage of businesses, by trying to sell them a SAN that they clearly have no need for.
-
I've seen a lot of people (not in professional communities, of course, but this could easily come up in a buyer's community or in a uni class...) claim that anything a vendor is willing to sell them HAS to be a good idea, because, presumably, vendors are infallible and altruistic?