Tag: Walkthrough

HPE NonStop Tandem Architecture Walkthrough

The HPE NonStop architecture (originally engineered by Tandem Computers in 1976) is a specialized, 100% fault-tolerant computing platform designed to achieve continuous application availability and absolute data integrity. Unlike traditional mainframes or high-availability clusters that rely on rapid rebooting or switching resources upon a crash, NonStop prevents downtime entirely by masking failures through a hardware-software co-designed shared-nothing architecture.

1. Hardware Architecture: Massively Parallel & Shared-Nothing

At the physical tier, a NonStop system is built as a Loosely Coupled Multiprocessing (LCM) environment.

  • Independent Processor Modules: A single system consists of 2 to 16 independent CPUs (expandable via clustering up to 4,000+ CPUs). Each processor module contains its own dedicated Intel Xeon cores, memory, and I/O logic. Processors share no main memory, buses, or execution states. This isolation guarantees that a memory corruption or hardware crash in one CPU cannot physically propagate to another.
  • The Interconnect Fabric (ServerNet / RoCE): Because CPUs share nothing, they cooperate entirely by passing high-speed messages. Historically, this handled via a proprietary dual-bus named Dynabus, which evolved into ServerNet (the foundational grandfather of InfiniBand). Modern HPE NonStop X systems leverage RDMA over Converged Ethernet (RoCE) as the multi-gigabit interconnect fabric, providing dual-path, point-to-point messaging with sub-microsecond latency.
  • Dual-Ported, Redundant I/O Controllers: Every storage device, network interface, and controller card is physically dual-ported and cross-connected to two separate processor modules. If Processor A fails, Processor B seamlessly accesses the disk or network line using the alternate hardware path.
  • No-Spare, Active-Active Components: Every active element operates under a “no-spare” philosophy. Power supplies, cooling fans, and storage arrays are fully redundant and hot-swappable, ensuring the system can be repaired or upgraded while fully operational.

2. Operating System Architecture: NonStop OS (Guardian)

The foundational operating system is NonStop OS, which embeds the Guardian Kernel.

  • Distributed Copy Model: Every individual processor module loads and runs its own separate copy of the Guardian kernel. Rather than a monolithic OS orchestrating all chips, the system runs as a highly cooperative, message-driven distributed microkernel OS.
  • The Message System: The core of Guardian is its message router. Every operational request—whether writing a line to a database, opening a network socket, or checking a disk—is written as an inter-process message sent across the RoCE fabric. If a local resource is occupied, the message router redirects the request transparently across the fabric, making the entire cluster appear to applications as a single system image (SSI).
  • Continuous Heartbeats: All components and processors continually broadcast periodic “alive” heartbeat messages to one another. If a processor fails to respond to a heartbeat within a few milliseconds, the remaining CPUs immediately sever ties with it, declare it dead, and safely re-route pending workloads.

3. Software Fault Tolerance: Process Pairing

Hardware isolation is only half the battle. To tolerate software failures without dropping transactions, NonStop utilizes Process Pairs.

  • Primary and Backup Processes: When a critical application or system service starts, it creates two instances: a Primary Process executing on Processor 1, and a Hot-Standby Backup Process residing on Processor 2.
  • Real-Time Checkpointing: As the primary process performs work (e.g., executing a financial transaction step), it sends regular checkpoint messages to the backup process. These checkpoints copy vital state changes, register values, and memory updates.
  • Instant Takeover: If Processor 1 crashes, the Guardian OS instantly promotes the backup process to Primary. Because the backup contains the mirror state of the last transaction checkpoint, it picks up execution precisely where the failed process stopped. No state is lost, no connections drop, and the end-user experiences zero interruption.

4. Database & Storage Architecture: Enscribe, NonStop SQL, and TMF

Data integrity is paramount in NonStop’s design. It enforces strict ACID compliance at massive scale through layered data management software.

  • Enscribe & NonStop SQL/MX: NonStop supports Enscribe (a highly resilient structured file system) and NonStop SQL/MX (an ANSI-compliant relational database management system). Both are entirely decentralized, natively distributing table partitions across different physical disk drives managed by separate CPUs.
  • Mirrored Disks: Storage volumes are configured via volume-level mirroring (Disk 1 and Disk 2 track identical data blocks). Disk writes are executed in parallel across distinct I/O paths. If a drive fails or a sector corrupts, reads are immediately diverted to the mirror disc.
  • Transaction Monitoring Facility (TMF): TMF is the protected transaction manager. It acts as a distributed two-phase commit coordinator. If an application crashes mid-transaction, or an entire processing module loses power, TMF uses audit logs to back out incomplete transactions cleanly, guaranteeing that the database is never left in an inconsistent or corrupt state.