The recent growth of networking technologies, as, for example, those associated with the Internet, has helped to cause a shift in the manner in which databases are maintained and used. For example, applications and associated databases that were typically local and in a one-to-one relationship have migrated to wide-area-networks (WANs) with many client applications associated with one centralized server and database. Despite numerous advantages associated with a centralized database configuration, one drawback associated with such a configuration is the vulnerability of the entire system to a single failure in the centralized database.
Such a failure may affect the security of the data stored and the reliability of the system in general. For example, financial institutions such as banks typically maintain proprietary customer data that is accessed for the purpose of both reading from existing customer records as well as writing to such records. Accordingly, the content of such a data collection is time dependent. As this customer data is accessed, it is vulnerable to system failures that may occur in the course of such access.
To avoid a complete catastrophic loss of customer data, a backup copy of the data is conventionally maintained. Where the primary data collection is time dependent and where backup copies are created at certain time intervals, the backup copies will correspond to “snapshots” of the primary data collection at specific intervals of time. During the time intervals between the creation of backup copies, there will occur some “latency” in the data content of the primary data collection and the backup data collection.
More recently, in an effort to address some of the security and reliability concerns mentioned above, there has been an interest in more complex networking configurations that are decentralized. One example of such a configuration makes use of what is referred to as a “distributed transaction.” Where a conventional transaction involves the reading, writing, or updating of a database record in a single database, a distributed transaction involves the reading, writing, or updating of a database record in a plurality of databases, where the plurality of databases may be redundant databases.
There are various technologies such as clustered operating and database systems, storage disk-based data replication, and database replication systems to provide instant redundant data. As used herein, “instant redundant data” implies a latency time between a first database and a second database (which may be a backup of the first database or merely a related database) that is optimally or arbitrarily small. For example, the latency time between a first database physically located in New York and a second database physically located in Los Angeles is at least equal to the amount of time required for communication between such locations.
FIG. 1 depicts an example of a distributed transaction system of the prior art. More generally, a conventional distributed transaction will occur across, for example, two or more databases and is generally processed in what is referred to as an “ACID” way. As used herein, “ACID” is an acronym for Atomic, Consistent, Isolation, and Durable. The term “atomic” is intended to indicate, for example, that every database either commits to the operation (reading, writing, or updating) or the operation aborts. It is the “all or nothing” sense of the operation that is “atomic,” or indivisible. The term “consistent” is intended to indicate that the entire operation transforms the set of databases from one consistent state to another consistent state. The term “isolation” is intended to indicate that each operation is independent of other operations. For example, the incompleteness of one transaction should not impact other transactions. Finally, the term “durable” is intended to indicate that the effects of the operation performed in a distributed way is permanent.
Returning now to FIG. 1, we observe that a transaction manager 130 communicates with a database instance 102 and a database instance 112 through a resource manager 101 and a resource manager 111 respectively over a network 140. One skilled in the art will appreciate that resource manager 101 and database instance 102 may be physically part of one complete computer system including its own CPU and memory in addition to the long-term storage that may be more particularly associated with database instance 102. The same may be true for resource manager 111 and database instance 112.
As depicted in FIG. 1, each of the resource managers maintains a transaction journal that reflects previous transactions that have been proposed by transaction manager 130 and that have been committed to by the respective resource managers and databases and the time associated with the transaction. One skilled in the art will appreciate that such transaction journals may also include information about transactions that have not been committed to or that have been rolled back. In addition, one skilled in the art will appreciate that the transactions and the time associated with the transactions may not be completely identical as implemented in each database instance.
If the databases are exact duplicates, then the transactions will generally be duplicate transactions. However, if the databases are not intended to be exact duplicates, but, rather, are intended to function with data in some one-to-one manner, then the transactions may not be exact duplicates. This dependency of the transaction upon the database is indicated in FIG. 1 by including the database reference number parenthetically with the transaction reference number. More specifically, if database instance 102 is identical to database instance 112, then transaction 151(102) should be identical to transaction 151(112). On the other hand, if database instance 102 is not identical to database instance 112, transaction 151(102) may not be exactly the same as transaction 151(112). This may occur, for example, when database instance 102 is a set of employee records for a company's human resource department including both confidential information and non-confidential information, and database instance 112 is a database of employee records to be accessed by a publicly available web server with only non-confidential information. In such an instance, the two databases may not contain all the same information; however, the records contained in each database are correlated in a one-to-one manner and may be processed according to a conventional distributed transaction.
Moreover, one skilled in the art will also appreciate, regardless of whether the databases used in the distributed transaction process are completely identical, the respective time associated with a transaction in each respective database will vary. The dependency of the time associated with a given transaction upon the database is indicated in FIG. 1 by including the database reference number parenthetically with the time reference number. Accordingly, although time 151(102) may correspond to exactly to affiliated time 151(112), one skilled in the art will appreciate that, in fact, there will occur some variation in the values of affiliated times 152(102) and 152(112). As mentioned above, if database instance 102 is physically located, for example, in New York and database instance 112 is physically located in Los Angeles, then one might expect that the variation between affiliated times 152(102) and 152(112) is comparable to the amount of time required to physically communicate between the two database instances.
In addition, the “atomic” nature of the transaction is illustrated in the following example. Suppose that transaction manager 130 proposes a new transaction (transaction 171, for example, not depicted) and database instance 102 commits while database instance 112 is not able to commit. In that instance, transaction manager 130 will conventionally instruct resource manager 101 to rollback or undo the committed transaction 171(102) (not depicted) in database instance 102. In this manner, the “atomic” nature of the distributed transaction is preserved.
Even though the above example involves only two databases, one skilled in the art will appreciate that a distributed transaction may occur across any number of databases.
Conventionally, systems that support distributed transactions are costly, and platform and vendor dependent. In addition, conventional systems that support distributed transactions will only support automatic or manual fail-over. As used herein, a “fail-over” is a process whereby, for example, a database cannot participate in a distributed transaction due to some critical exception, that is, becomes “sick.” Following the critical exception, the transaction processing service will exclude the sick database and subsequently utilize the remaining active database(s) (the “healthy” databases).
As used herein, a “critical exception” refers to a failure of the ability of one database to continually record proposed transactions such that repeated undoing or roll-back of the transaction in other databases (due to the “atomic” nature of the process) is too costly for the system. One skilled in the art will appreciate that the “critical exception” level of failure of one database is generally determined by the judgment of the operator of the system. Although such automatic fail-over support may be provided by a vendor, there is no commercially available fail-back solution in which the sick database automatically recovers and merges back into the distributed system. As used herein, a “fail-back” refers to the process whereby, for example, the recovered sick database (which has been made “healthy”) is automatically merged back into future distributed transactions.
As stated above, in the case where any one database repeatedly fails to commit to a transaction, (a “sick database”) then transaction manager 130 will conventional switch into a “fail-over” mode where the sick database is automatically excluded from future proposed transactions and a notification may be generated for an administrator. An administrator may then determine the status of the sick database, perform whatever operation may be required in order that it is “healthy” again, and then manually merge the database back into the distributed system.
Such a manual merge operation may involve, for example, shutting the distributed system down in its entirety for a time period while the records in the healthy database are updated to be redundant with the records in the other databases. During this time period, the distributed transaction system is unavailable for use.
Accordingly, there is a need for a method and system to automatically merge a database into a distributed database system without manually shutting down the distributed transaction system.