This invention relates to a computer system which has fault tolerance, and more particularly, to a technology of guaranteeing consistency of processed contents by replicating data between computers.
An application system required of fault tolerance (or redundancy) can secure reliability through a cluster configuration which includes an active system for processing data by a plurality of systems and a standby system for taking over data processing when a fault occurs in the active system. As in the case of a database (DB), an application that accumulates data in a disk takes over data by a shared disk accessible from the active and standby systems to continue processing by the standby system. Thus, I/O processing for writing data on the disk in synchronization has to be carried out, and system performance is decided by I/O processing performance.
In the widely used application system, there has recently been an increase in cases where system performance equal to or more than the system performance decided by the I/O processing performance is required. To meet such a request, an in-memory application system has been developed, which improves system performance by holding data only in a memory and eliminating synchronous I/O processing in a disk device.
This in-memory application system inhibits sharing of the data held in the memory with the standby system as it is. Thus, for example, as in the case of an in-memory DB, in an application that needs fault tolerance inhibiting a loss of data held in the memory by a fault, the data has to be made redundant through communication carried out from the active system to the standby system to hold a copy of data of the active system in a memory of the standby system.
Considering fault tolerance, in the in-memory application system, in the 2-unit configuration of the active and standby systems, when a fault occurs in one of the systems, data remains in only one system. When a system fault occurs in the remaining computer, a data loss occurs. Consequently, the data of the memory which is a volatile storage medium has to be saved in a nonvolatile storage medium such as a disk. However, when a fault occurs in the middle of the data saving after the number of remaining system is one, data that has not been saved is lost. Thus, when high fault tolerance is required, data replication has to be simultaneously carried out for two or more standby systems. In this case, communication is executed with the plurality of standby systems through use of multicast communication.
As a communication method for carrying out data replication for the plurality of standby systems, a 2-phase commit method is known. The 2-phase commit method includes a preparation phase for executing communication to send data to be replicated when data is replicated from the active system to the standby system, and a commit phase for executing communication to fix, when the active system checks reception of data at the standby systems, the sent data. Upon success of the commit phase, consistency is guaranteed in a state where the data is fixed between the active system as a source and the standby system, thereby completing an application process carried out by the active system.
In the case of the 2-phase commit method, multicast communication has to be executed twice to synchronize the data of the active system with the standby systems and to complete the application process at the active system. Thus, as the number of standby systems is larger, time until reception of phase responses from the standby systems becomes longer, causing a problem of greater overhead.
To solve the problem, US 2003/0018732 discloses a technology of realizing data redundancy by using, to reduce the number of communication times, a synchronization method A based on a 1-phase commit method for periodically notifying the standby system of data updating of the active system through multicast communication (heartbeat communication), and executing data replication through a request of data made by the standby system to the active system for data updating at the time of reception. US 2003/0018732 additionally describes a preparation phase of data updated through heartbeat communication, and a synchronization method B for substituting the multicast communication of the 2-phase commit method with a heartbeat by sending commitments of preparation phase-finished data en bloc, thereby disclosing a technology of realizing data redundancy by reducing the number of communication times more than the number of data updating times. US 2003/0018732 associatively discloses a technology of, even when standby systems whose synchronization with the active system has failed in the synchronization methods A and B are present, enabling the active system to fix a process, and the synchronization-failed standby systems to request resending of unsynchronized data to the active system to be resynchronized.