1. Field of the Invention
The present invention relates to a high availability system to which a duplexing technique is applied and an execution state control method for the system.
2. Description of the Related Art
There are available techniques of allowing a server computer to continue a service by concealing a fault caused in the hardware of the server computer. As such a technique, a fault tolerant server is known. In a fault tolerant server, all the main pieces of hardware are duplexed. The fault tolerant server is equipped with dedicated hardware for controlling the duplexed hardware. The dedicated hardware achieves perfect synchronous execution by the duplexed hardware. For this reason, even if a fault occurs in a given portion of the duplexed hardware, the faulty portion is automatically disconnected to allow the server to continue a service.
Such a fault tolerant server, however, requires dual redundant main components. In addition, since the server needs to be equipped with dedicated hardware, the server becomes very expensive. Furthermore, since a special design is required to mount dedicated hardware, it is difficult to follow rapid advances in server hardware technology.
As a technique replacing the technique using dedicated hardware for duplexing, a technique of forming a fault tolerant server by combining two general servers (unitary severs which are not duplexed) is available.
The technique disclosed in U.S. Pat. No. 5,615,403 implements a fault tolerant system by combining two independent servers. According to this technique, based on a prerequisite that the CPUs of two servers each comprise logically two or more CPUs using SMPs, multicores, and the like, the servers are duplexed by synchronizing execution by the two servers using software.
The behaviors of OSs and applications become nondeterministic due to I/O events which occur asynchronously with the execution of the OSs and applications. For this reason, in order to implement a duplexed system by using two independent servers, it is absolutely necessary to synchronize nondeterministic I/O events between the servers. The technique disclosed in U.S. Pat. No. 5,615,403 solves the above problem by dividing the two CPUs in each server into a CE (Computing Elements) in charge of the execution of an OS and applications and an IOP (I/O processor) in charge of input/output operation and separating the execution of the OSs and applications from I/O operation.
The method of forming a duplexed fault tolerant server by combining two independent servers can use inexpensive servers equipped with latest techniques which are mass-produced. However, since two servers must be permanently assigned for a fault tolerant server, it is impossible to change the combination of servers constituting a duplexed system during operation. When, for example, one of two serves constituting a fault tolerant server is to be stopped for maintenance, it is preferable to continue duplexed operation by making the third server take over the processing by the server which is stopped, in order to prevent a non-duplexed operation state from occurring. However, it is impossible to perform such operation.
In addition, I/O processing and OS/application processing are assigned to different CPUs. For this reason, when the load of I/O processing or the load of OS/application processing is disproportionally heavy, it is impossible to make full use of the ability of the hardware of each server.