On Thu, 7 May 2009, Tom Limoncelli wrote: > David, > > I'm confused if you are saying that a data-center sized UPS is a good > thing or bad thing. I do agree that even with a UPS there are other > power problems (we've all accidentally kicked a power cable and > crashed a machine, right?).
I'm saying that it's a good thing, but having one doesn't mean that power loss can't happen. > What's best is different at each data center because each data center > is different. In the old days a data center often only served itself > and had little external connections. Today a data center is just a > "cloud" that external users access... so if the intervening network > will be down due to a power outage, having the data center up doesn't > make much of a difference. yes and no, having the datacenter up allows you to do a graceful shutdown of things, rather than having to recover from a crash. > Multi-layer power redundancy is required to protect against all the > types of power problems we face. However, too much redundancy is > wasteful. In particular, wasteful of power. Each redundency has some > kind of power loss. A UPS converts A/C -> D/C, goes through a > battery, the converts D/C -> A/C. All three of those transitions are > less than 100% efficient. By the time you add up all the conversions > you can be losing 20% of your power. You may not see the power bill > but it eats away at the operational cost that eat into profits. (in > my entire career, I've never actually had the power bill come out of > my budget!) also, each extra device you put in the process has it's own probability of failure. having 10 UPSs plugged into each other results in a much larger chance that you will be running on battery power. > Google (where I work) has publicly announced we put a small battery in > each server. However, we did so only after specially engineering > efforts we put into the hardware and software made it the right thing > to do. http://blog.sentilla.com/2009/04/google-unveils-custom-serverup.php > The battery is just enough power to carry a server over until the > generators kick in AND one has to remember (as we've presented in many > talks and papers) that our software is all custom built from the > ground up to expect failures of all kinds. That's not something most > companies are willing to do. You can't call Oracle and ask them to > add the kind of failure-proofing that, for example, BigTable does. > > So for the other 99.999% of data centers out there, you really need a UPS. > > And a load-balancer. > > And RAID. > > And backups. > > And off-site backups. > > And really good procedures with fire-drills to make sure all of the above > works. > > And even then you still need an insurance policy. and this is my point. I'm having people argue that software should have to be designed to deal with power loss, on the theory that if you just have a UPS your system will never loose power unexpectedly. for people with experiance with Murphy's Law in action, this may seem like a really silly thing to believe, but I'm finding that I need to 'prove' this repeatedly (not to the same group, but to different groups of people each time) David Lang _______________________________________________ Discuss mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
