HADR

SQL Server Backups are Not a High-Availability Solution

October 17, 2023 by Kevin3NF Leave a Comment

Please continue doing your backups!

Backups are Disaster Recovery, yes…but not HA.

Some will argue with this (in the comments most likely), but I broadly define “High Availability” as a system that can recover in seconds or minutes at most. Sometimes that is automatic, sometimes manual.

Backups might be quick to restore IF they are small enough and the right people are in place (not at lunch or otherwise out). But automated restores to prod just aren’t a thing.

SQL Server has this cute little marketing term called “Always On” which is nonsense. Always? Really? 9 Nines?

Always On covers both Failover Cluster Instances and Availability Groups. There are significant differences between the two. Both depend on the O/S Cluster…and they diverge a LOT from there. They are both HA.

Log Shipping (ancient tech) is great for DR and hitting your RPO number, but failover to a log shipped copy is manual.

Replication is not and never will be an HA or DR solution. Some things cannot be replicated, so they are lost if the publication database goes poof.

There are of course things outside of SQL Server that can help you hit your RPO/RTO goals. Feel free to share them.

What are you using for your HA solution?

Thanks for reading!

Kevin3NF

Follow @Dallas_DBAs

SQL Server HADR overview

March 25, 2020 by Kevin3NF 2 Comments

My Pluralsight course for new SQL Server DBAs

Image credit to Jeff (t)

Back in June of 2019, I published this YouTube video covering the highlights of the various SQL Server High Availability and Disaster Recovery options. But I didn’t do any of it in writing like I usually do in the companion piece…so here we go!

First, some definitions:

High Availability (HA)—typically means that the database will be back online in seconds or minutes, not hours or days
Disaster Recovery (DR)—the ability to bring the database server and databases online after something really bad happens
HADR—An umbrella term covering any feature that encompasses HA, DR or both.
RPO—Recovery Point Objective—Essentially governs what point we can recover to (or…how much data loss can we handle)
RTO—Recovery Time Objective—How long to get everything running again.

SQL Server comes with a number of features that cover different scenarios, in different ways. Some are only in the Enterprise edition.

I am going to cover these at a very high level so you can quickly get the idea in your head, and refer back to this post as needed later. We will start with the most basic.

Backup and Restore

It sounds simple, but backing up the databases is the simplest, most cost effective choice in a DR solution. BACKUP DATABASE is available in all editions of SQL Server. Express edition makes it hard to automate, because there is no SQL Agent functionality. There are answers for that, such as Windows Task Scheduler and the Ola Hallengren Scripts.

Backups by themselves are great, but in the event of an actual disaster, the ability to RESTORE them is the critical part. You should be backing up and test restoring your databases regularly.

This is database level only. Backup all user and system databases.

Backup and Restore is DR, not HA.

Log Shipping (LS)

Transaction Log Shipping at its core is just a Backup-Copy-Restore process with some bells and whistles added to it. GUI for setup, alert jobs to let you know when it gets behind, etc. But the basic concept is that every 15 minutes a T-log backup is taken, then copied to another server, then restored there. In LS, you can set up the Secondary server to be read-only between restores. You can have multiple Secondaries.

This is database level only, so Logins, jobs, etc. are not copied.

You need to be familiar with File shares, UNC paths, permissions settings, etc. to set LS up.

Log Shipping is DR only, not HA unless you write a bunch of scripts to detect an issue, catch it all up and repoint your applications to the new Primary.

Database Mirroring (DBM):

Database mirroring is a deprecated feature, but it still exists in some recent versions of SQL Server. Check the Microsoft documentation for your version. DBM is available in Standard and Enterprise editions. As the name implies, the Principal copy of the database is mirrored to the Mirror copy on a secondary server.

DBM works at the transaction level, unlike Log Shipping which uses T-log backups. DBM can be set to be either Synchronous or Asynchronous modes, and either Automatic or Manual failover. Not all combinations of these two exist.

This is Database level, so jobs, logins, etc. do not participate.

Since Automatic failover is available, I classify DBM as HA, and DR at the Database level.

Always On—a marketing term from MS that includes 2 features:

SQL Server Failover Cluster Instance (FCI)

This is a traditional Windows Cluster (WSFC) that has been around for ages, with one or more SQL Server Instances installed into it.

Failover is handled by the Windows Cluster service and is usually very quick. A few seconds, but exceptions exist, such as 10000 databases all starting up at the same time.

An over-simplified explanation—2 or more servers (nodes) are connected to a SAN. The databases exist on the SAN, so in a failover situation, they don’t move.

If the SQL Instance on Server A becomes unreachable, the cluster stops the SQL Service there and starts it on Server B.

The SAN is a single point of failure, unless it is being replicated via some non-SQL Server technology. For this reason, a SQL FCI (in my opinion) is not a full HADR solution…but definitely IS HA.

SQL Server Availability Groups (AGs):

AGs are an Enterprise only feature as of this writing.

AGs are essentially a much-improved version of Database Mirroring. Transaction level data movement from Primary to Secondary for one or more databases in a Group. Multiple groups are allowed. Synchronous or Asynchronous. Manual or Automatic failover. Readable secondaries to offload reporting queries.

Standard Edition has a “Basic Availability Group” which has lots of limitations, chief among these being one database per group.

When set up correctly, AGs are both HA and DR for the user databases, with no single point of failure. There are script options to keep the jobs, logins, etc. in sync between the Primary and all Secondary replicas.

A Windows Cluster is required, but a SAN is not. AGs work off local storage, not shared since there is a copy of each database on each server participating.

The licensing of AGs has changed a lot, so I won’t get into it here…but you probably already know that Enterprise Edition licenses are VERY expensive. Plan accordingly with your license vendor.

Replication—a very Special Snowflake:

SQL SERVER REPLICATION IS NEITHER HA NOR DR.

Not everything in a SQL Server user database CAN be replicated, such as users, or tables with no Primary Key. New objects are not automatically sent from Publisher to Subscriber. System databases are not replicated.

Replication IS a great option to send a subset of your data to another server for reporting, or for filtering by region or salesperson.

Replication is for Distributed Data Processing. Backup and Restore beats Replication when you have to rebuild an environment, every time.

Summary:

I hope this helps you have a better understanding of the high level concepts of the various HA/DR options available to you. There are “gotchas” and details that are impossible to cover in this post. But, all of these are extensively well documented by Microsoft and the SQL Server Community at large.

Thanks for reading!

Kevin3NF

Follow @Dallas_DBAs

T-SQL Tuesday #118: Fantasy SQL Feature

September 10, 2019 by Kevin3NF Leave a Comment

T-SQL Tuesday is a monthly blog party for the SQL Server community. It is the brainchild of Adam Machanic (b|t) and this month’s edition is hosted by Kevin Chant (b|t), SQL dude and fellow cyclist! Kevin wants to know what our “Fantasy SQL Feature” is.

I asked my LinkedIn connections a very similar question in my “Question of the Week” there. Hit the link to see a lot of different responses.

One of the recurring themes and possibly the most common was:

Load Balanced Writes. Unless I’ve completely missed something, there is nothing in SQL Server natively that will allow you to write to different copies of the database (leaving out Merge and Bi-Directional Transactional Replication, because they suck and don’t scale).

Don’t get me wrong…I love read-only replicas in an Availability Group, replication for reporting, or even delayed Log Shipping. They are wonderful for taking the read traffic off an OLTP box, but if you are dying under heavy load in a very optimized setup…oh well.

Bonus Fantasy: Give me a button in the Log Shipping Setup GUI (Database Properties>>Log Shipping) that just says “Re-initialize”. Sometimes LS just falls apart and its easier to tear it down and start over. Even easier is to just back up the db, restore over the Secondary db and go. But, for the small business using LS for poor-man’s DR and no DBA on staff…give me a button. Ideally that button calls sp_ReInit_Log_Shipping @DBName = ‘MyDB’. But someone will have to write that first. I am not that someone. This may already be in the DBATools.io set of toys, but I haven’t looked, and again…small customers need a button in a GUI.

Thanks for reading!

Kevin3NF

Follow @Dallas_DBAs

Video: SQL Server HA/DR Overview

June 24, 2019 by Kevin3NF Leave a Comment

This is meant to be a high-level overview, not an exhaustive setup guide. I skip over some relevant bits so the main points don’t get buried.

In my DBA Fundamentals pre-conference, we spend a good hour going over the various High Availability and Disaster Recovery options available in SQL Server. From simple Backup/Restore up to Distributed Availability Groups.

This video is a more succinct version of that conversation. Enjoy!

If you have questions or comments, please add them in the YouTube comments, so I’ll see them more quickly.

Thanks for reading!

Kevin3NF

Follow @Dallas_DBAs

Your DR Plan isn’t a Plan

August 8, 2018 by Kevin3NF 9 Comments

My apologies, but someone had to tell you.

You don’t have a Disaster Recovery Plan™. You have a Disaster Recovery Hope. (paraphrased from a source I’ve forgotten…)

If I’m wrong (and I hope I am), its because you are in the 10% (optimistically) of companies that actually test their DR plans and document the results.

In the 18 years I’ve been asking the following question, I’ve gotten one excellent and correct response, and one that was good, but I still poked holes in it.

“If your most important database server melted right now, how long until you are back online?”

I get a lot of responses on this question:

2 days
30 minutes
I don’t know
Blank Stares (its a response…just a scary one)

If you are not testing your DR plan, you may be betting your company’s existence on a flawed premise: “Our people know what to do. We have backups.”

If your DR plan is a digital “living document” that lives on your Sharepoint server, you are already in trouble. Everyone involved needs a current, non-digital copy on their desk and at their home.

Disaster recovery is about far more than restoring databases. But, for my mostly-SQL Server audience, let me ask you this:

Can you do an emergency test restore of your most mission critical database onto identical hardware, to a point 27.5 minutes ago and have everything work as expected?

If you don’t do test restores, you are HOPING your backups are valid. If you don’t have the ability to replace critical hardware or spin up an identical VM, you are HOPING that your server or SAN never fails.

If you are running through your DR Plan regularly, with everyone ready to go and knowing their place in the process…you are HOPING the next disaster happens when everyone is available, online and up to speed. What if that disaster happens when your Sr. DBA is on vacation? Who is her backup? A Jr. DBA?

If you don’t know the answer to the “How long…” question above, you really should go find out who in your organization does. If nobody does, contact me.

If you think you have it 100% nailed…I challenge you to let me into your server room unattended.

Thanks for reading!

Kevin3NF

Follow @Dallas_DBAs

SQL Saturday Dallas, 2018

June 4, 2018 by Kevin3NF Leave a Comment

Quacky rides bikes!

SQL Saturday Dallas #734 is a wrap!

I’m still tired, 2 weeks later!

This is my 7th or 8th SQL Saturday as an attendee. 3rd as a pre-con presenter. 5th delivering a Saturday session, 1st as a sponsor and 1st as a co-organizer.

And it was a blast.

Months of prep work went into getting things ready…venue change, sponsor chasing, speakers, goodies for speakers and attendees, pre-con stuff, after-part, speaker dinner…you name it, I at least read an email about it. This was my first time around so I was following the lead of veterans on the NTSSUG board. We had over 1000 people register…I don’t recall the final tally of actual attendees but the place was packed all day!

My pre-con (DBA Fundamentals) went really well, with a record number of attendees. By design this class is usually small and intimate. The BI session next door had 65 or so! I’ve done this pre-con 3 times now, and this was the first time I actually had a technical issue (fonts went wacky) and a brain cramp in the middle. But, I recovered and people (hopefully) learned something they can take back with them to the office.

I also did my Disaster recovery session on Saturday, which I think went really well, and got a bonus of meeting someone I knew through a previous client and only by phone. I always think you’ve done your session well when people line up to chat with you afterwards:

Either something was really funny, or my backpack has way too much stuff in it…

Our Dallas DBAs sponsor table went really well…except everyone seemed to think I was raffling off my personal racing bike. Lots of folks came by for the raffle and the free t-shirts (100 only…gone in 90 minutes). Some even stopped to ask what we do, giving me the chance to promote our Apprentice program. Thanks to everyone that came by! And also to Richardson Bike Mart for providing the $150 gift card for our raffle.

Not the raffle item….just clickbait apparently:

The entire staff of Dallas DBAs, in official uniform

A very special shout out to my good friend and graphics/web guy, Jeff Miller of Igniss Images for shooting this event as a free service to the SQL Server Community. See the pics!

Thanks to all the attendees for coming, and to the Sponsors that make it possible!

Kevin3NF