Some thoughts about Lotus Domino high availability

Someone wondered out loud today if a new Domino domain we're about to configure should rely on Domino clustering or Windows clustering to provide high availability. It occurred to me awhile back that another way of providing high availability would be to virtualize our servers. I'd intended to write something about this. Maybe now I will.

The goal is for our servers to be available for something approaching 24x7x365. Here is my first pass at this:

Domino clustering

• Up to six Domino servers can be clustered together.
• The servers keep close tabs on each other.
• They communicate frequently with each other.
• They consume a lot of network bandwidth. Therefore, it's a good practice for the servers to be connected to a second network segment, dedicated to inter-server communications.
• They consume a lot of processor time. Clustered servers a noticeably slower to  respond to a user request than are non-clustered servers.
• Not every cluster member need be identical. They can have different processors, different amounts of RAM and disk capacity, different OSes, different physical platforms, and different subsets of databases on them.
• You can take down a cluster member for maintenance whenever you want (though you'll want to gently shoo the users off the server first) and Notes users will automatically fail over to another member of the cluster.
• You can set up the cluster to fail HTTP users over as well.
• You can tune each cluster member to turn away new requests upon reaching a defined level of activity - load balancing.
• Domino admins would manage the cluster.
• Domino Enterprise or Utility license.

Windows clustering

• Two Windows servers share access to a single drive array. One is the active server and runs a Domino server that resides on the shared drive array. The other is a hot backup and would take over control of the drive array and restart the Domino server from the array should the active server go down for any reason.
• A short outage (less than a minute?) would exist until the Domino server came back up.
• You could configure the two Windows servers to share two arrays. Each server could be active on one array, passive on the other. That way, you wouldn't be wasting a whole server for the sole purpose of insuring that the Domino server comes back up quickly should the active Windows box go down.
• Windows admins would manage the cluster.
• Special Windows licensing?

Virtual machines

• A virtual machine on which a Domino server resides and runs would itself reside on a LUN on a Storage Area Network (or a similar "independent-disk" technology). Any VM host that can access the LUN could host the VM running the Domino server.
• If the host on which the Domino-resident VM was running should go down for any reason, another host could take control of the LUN and restart the Domino VM within a short period of time. This is the high availability.
• If the VM on which Domino runs or Domino itself had to go down for any reason, the Domino server is out of service.
• One could piggyback Domino clustering on top of the virtualization, so that, when a VM running Domino (or Domino itself running on the VM) goes down, Domino failover would cause users to find another Domino server in the cluster. (Could one also run Windows clusters comprised of two VMs? Would there be any benefit to doing so?)
• The primary benefit of virtualizing the machine on which Domino runs is to make more intensive use of available hardware resources. One could run multiple VMs on a single VM host, rather than have to run each hosted machine on its own, dedicated physical box.
• Another benefit of virtualization is that any machine dependent on old technology could continue to run as a virtual machine where it might not be able to continue existence as a physical machine if the underlying hardware/software platform is no longer available. Don't know that this is relevant to Domino.