HP's new powerfail strategy is to use intelligent UPSs and shut the system
down when the available energy in the batteries drops below a fixed
threshhold. The shutdown mechanism is a system abort, which presumably carries
with it all the other problems of any other system abort. The only benefit is
to guarantee that writes in progress will be completed, as with any other
system abort.
 
Of course this is no worse than what happens with SPU battery backup when the
battery energy is depleted, but there's an opportunity for something better.
If an application knows it might not be able to complete a logical
transaction, it has the option of not starting it in the first place.
 
How about a CI variable that can be interrogated to find out how much time is
left before the protective shutdown? If a site runs only applications that
take advantage of that feature, they can be assured that no logical
transactions were in progress at the time of the shutdown. This could avoid
the need for a data base recovery cycle and make the recovery significantly
faster. It can also prevent problems with distributed applications, since
applications which are about to go down can initiate graceful terminations of
all connections before the failure occurs.
 
The variable would have a value of INT_MAX when the system is operating on
line power, or the number of seconds of power available when the system is
operating on emergency power. I suggest HPSECSTOMIDNIGHT :-).
 
-- Bruce
 
--------------------------------------------------------------------------
Bruce Toback    Tel: (602) 996-8601| My candle burns at both ends;
OPT, Inc.            (800) 858-4507| It will not last the night;
11801 N. Tatum Blvd. Ste. 142      | But ah, my foes, and oh, my friends -
Phoenix AZ 85028                   | It gives a lovely light.
[log in to unmask]                   |     -- Edna St. Vincent Millay