You gotta love when they agree their own product is junk Hope everything worked out.

Unless fail-over configurations are tested frequently they will not work when you need them.

* Written properly, monitoring scripts and scenarios can pinpoint easily the failure in your applications/systems. You need to monitor not only your balanced app, but also each individual app instance; doing so may have helped pinpoint failure at the balancer.

* How is moving to a new vendor going to solve a poorly-architected system? Most SANs I’ve ever known of are out of the box crazily-redundant. Either your datacenter was hit by a nuke, or a monkey architected your SAN, plain and simple.

[Joel: Turns out the vendor agreed the SAN's were bad. We tried new drivers, new hardware components, etc, etc. Finally they tried to upsell us to a higher quality SAN at a deep discount.]

I recommend really good centralized monitoring software, so that you can determine very quickly what the less-anticipated problems really are, so you can fix them and get back online as fast as possible.

You said: “It took us 30 minutes to realize our applications were down because of the failed load balancer.” You could have reduced your downtime by bunch of minutes if you had scripts or monitors watching your load balancer. This sort of solution is generally much more affordable than the “figure out if the load balancer is less than robust and replace it with a more robust system if it is” situation.

I have since come to realize that the importance of having things in place to recover information is extremely important even on a personal level.

We’ve all heard it before – I think – yet we often fail to put systems and methodologies in place that actaully monitor all three. Sometimes it isn’t about adding more protection and complexity, it’s about simplifying and watching what exists more closely or more effectively to see when there are symptoms and recover more quickly.

You also have to be willing to invest in all three. Skimping on one usually means you’ll be reinvesting back into one of the other areas – skimp a few dollars of the technology and you’ll likely invest in people and process to keep it in play. Neglect the growth of your staff and there’s a good chance you’ll be adding process or technology attempting to compensate. Keep in mind that symptoms don’t always point you to the area that is the REAL cause.

So what do you do to break the cycle? Take steps to understand where you are today. Are your existing process effective in supporting your business objectives. Are your people able to use them effectively in their roles. Examine the source of your outages – I mean the REAL source. Just like any self-critique, you’re going leanr stuff you don’t like and aren’t fun to admit, but it’s the only way to really get on the path to improvement.

I don’t want to ramble on here so lastly I’ll just say, don’t be afraid to get some outside help. Being the “self-reliant” culture that we are it’s not something that we’re very good at doing or knowing when to do it. That “objective” perspective can often provide valuable insight that can be learned in no other way.

But in practice, the sales pitches almost never measure up.

We once had some Sun clustering solution for our 12 CPU twin E4500’s, and the only serious problems we ever really had with those machines were due to the clustering. We gave it more than it’s share of chances to measure up. Once we finally gave up and removed the cluster, we finally got to enjoy some of that legendary Sun reliability and never experienced unexpected downtime again.

Our next Tech Director purchased a Hitachi SAN that seemed to work alright.

Experiences with other HA solutions similar to yours seem to be the status quo, including horror stories around Raid 5 and tons of wasted effort and money on Oracle RAC. There is a semi-formal “club” of sorts, composed of many of the biggest names in Oracle, dedicated to stamping out all incarnations of Raid 5 (http://www.miracleas.com/BAARF/BAARF_members_sql.php).

So testing the brains out of one’s HA solution seems to be the best recourse.

I agree with Phillip Cox that fail-over testing is essential. It is our policy that we use our fail-over systems during all system upgrades. We fail-over, do the upgrade of the primary system, and return the primary system back to production, then upgrade the fail-over system. You kill two birds with one stone by testing fail-over and upgrading in the same process. This is basically training the staff to deal with system failures as a normal upgrade (which would have to occur anyway to fix whatever broke.)