Primary system failure workflow
The table below outlines what happens when the primary system for an active/passive link fails.
Step | What you do | What happens |
Primary system fails | ||
1 | On the replica, fail over the link | Applicable tenants and directories on the replica become read-write; applicable tenants and directories on the primary system either remain read-write or become read-only depending on whether the two systems can communicate with each other; if DNS failover is enabled, the replica broadcasts new DNS configuration |
2 | If DNS failover is disabled, direct clients to write only to the replica | |
Primary system comes back online | ||
3 |
If the primary system has been rebuilt:
| |
4 | On the replica, update the link configuration as needed | |
5 | If the link is broken, on the replica, send a request to restore the link | Replication link is recreated |
6 | On the replica, begin data recovery | Applicable tenants and directories on the replica remain read-write; applicable tenants and directories on the primary system remain or become read-only; data recovery from the replica to the primary system begins |
7 | Wait for data recovery to come close to being up to date | |
8 | On the replica, complete data recovery | Applicable tenants and directories on the replica become read-only; applicable tenants and directories on the primary system remain read-only; data recovery from the replica to the primary system continues to completion |
Data recovery finishes | ||
9 | Nothing | Applicable tenants and directories on the replica remain read-only; applicable tenants and directories on the primary system become read-write; the primary system and the replica broadcast original DNS configurations; replication from the primary system to the replica restarts |
10 | If DNS failover is disabled, after you see this message in the system log, direct clients to write only to the primary system: Replication data recovery completed |