Simon Riggs wrote:
> Do you agree that requiring response from 2 sync standbys, or
> locking up, gives us 94% server availability, but 99.9992% data
> durability?
I'm not sure how to answer that. The calculations so far have been
based around up-time and the probabilities that you have a machine up
at any moment and whether you can have confidence that if you do, you
have all committed transactions represented. There's been an implied
assumption that the down time is unplanned, but not much else. The
above question seems to me to get into too many implied assumptions
to feel safe throwing out a number without pinning those down a whole
lot better. If, for example, that 2% downtime always means the
machine irretrievably went up in smoke, hitting unavailable means
things are unrecoverable. That's probably not the best assumption
(at least outside of a combat zone), but what is?
-Kevin