Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

 All Forums
 SQL Server 2008 Forums
 High Availability (2008)
 A question on FO Cluster Updates

Author  Topic 

DBA in the making
Aged Yak Warrior

638 Posts

Posted - 2014-03-09 : 09:46:40
We have an active/passive cluster with 2 nodes, and a single instance of SQL server with 4 databases that support our ecommerce website.

We have a new infrastructure manager at work, and he wants us to change the update process for performing windows updates. At the moment, we update the passive node, then failover the cluster, which take a few seconds, during which time we display a page letting telling customers that were doing maintenance to our site. the infrastructure manager wants to change this process so that we take the site down at the start, update both nodes, the bring the site up after we have confirmed that the updates have been successful. This will leave our site down for anywhere up to an hour, instead of a few seconds.

I was just wondering, what do other DBAs out there do in this regard? I was under the impression that one of the primary advantages of having a failover cluster was that you could perform windows updates etc. with minimal downtime. so is he right, is there any real risk involved in doing it the way we have been for several years?

------------------------------------------------------------------------------------
Any and all code contained within this post comes with a 100% money back guarantee.

robvolk
Most Valuable Yak

15732 Posts

Posted - 2014-03-09 : 14:23:40
That might depend, is this a Windows 2003 or Windows 2008 cluster? I can't answer for a Windows 2003 cluster, I've only used Windows 2008 R2.

For 2008, bringing the site down before doing the cluster failover seems reasonable, but a 1 hour outage doesn't. The only database downtime in your scenario is the time it takes for cluster failover to occur. Assuming the updates succeed on both nodes, that's all there is to it.

If they fail on the passive node, simply don't fail over, and investigate at your leisure, but there's no downtime involved. The only "problem" is that your cluster will show validation warnings if the software patch level is different, but that shouldn't impact the online node.

I've done what you describe several times without any incident. We also use database mirroring to a second cluster for added redundancy. If that's not an option, perhaps a 3rd node added to your cluster will maintain the necessary redundancy in case one node fails to update.
Go to Top of Page

DBA in the making
Aged Yak Warrior

638 Posts

Posted - 2014-03-09 : 17:01:59
Thanx robvolk. It is indeed a Win 2008 R2 server. I'll see if I can talk some more sense into the infrastructure manager.

------------------------------------------------------------------------------------
Any and all code contained within this post comes with a 100% money back guarantee.
Go to Top of Page

tkizer
Almighty SQL Goddess

38200 Posts

Posted - 2014-03-10 : 12:17:28
I'm quite surprised that this new infrastructure manager wants to INCREASE downtime! WOW. My managers and customers are the opposite. They don't want even the 30-45 seconds of downtime due to the failover. I can't give them that solution. lol

Your current process is the correct way. We do matching monthly for numerous clusters (over 50). This is on Windows 2003, Windows 2008, Windows 2008 R2 and Windows 2012. Downtime is typically 30-90 seconds, though sometimes it has been about an hour as we've encountered hardware failures, disk issues and other things just because of the reboot. Patching has caused some extra downtime, but that is rare.

Tara Kizer
SQL Server MVP since 2007
http://weblogs.sqlteam.com/tarad/
Go to Top of Page
   

- Advertisement -