This topic describes the typical scenarios of primary/standby cluster configuration where IDC- and region-level disaster recovery are implemented.
Dual IDCs
As each IDC serves as a separate disaster recovery unit, users may require disaster recovery at the IDC level. If only two IDCs are available, one IDC must be able to take over the services when the other becomes unavailable.
If an application is deployed as a single cluster across the two IDCs, one of them hosts the majority of replicas. When the IDC that hosts the majority of replicas goes down, the primary cluster no longer provides services. Therefore, the single-cluster deployment mode is unable to achieve disaster recovery in the dual-IDC scenario.
Instead, a deployment mode that features one primary cluster and one standby cluster allows for disaster recovery in this situation. A primary cluster is deployed in the primary IDC and adopts a multi-replica architecture to achieve server-level disaster recovery. A standby cluster is deployed in the standby IDC. You can deploy this cluster with a single replica to reduce the cost or multiple replicas to achieve server-level disaster recovery in the standby IDC.
The primary cluster is not affected when the standby IDC becomes unavailable. When the primary IDC fails, the standby cluster becomes the new primary cluster and takes over the services through a failover process. This meets the requirement for IDC-level disaster recovery.
Three IDCs across two regions
In this mode, three IDCs are deployed in two regions, with two deployed in one region and one in the other. In addition to IDC-level disaster recovery, users may also expect geo-disaster recovery capability. This means that when a failure occurs in one region, the other region can take over the services.
OceanBase Database provides a solution that is derived from the "three IDCs across two regions" mode. This solution involves five replicas in three IDCs across two regions. For example, you may have deployed your cluster in three IDCs, with two in Shanghai and one in Hangzhou. Each of these three IDCs hosts one replica. When one of the IDCs becomes unavailable, the availability of the entire cluster is not affected because the majority of replicas survive and are sufficient to ensure lossless disaster recovery, which indicates a recovery time objective (RTO) of 0. However, if a regional failure occurs in Shanghai, the majority of replicas are unavailable, so is the cluster. Therefore, the single-cluster deployment is unable to achieve disaster recovery in the "three IDCs across two regions" mode.
To achieve geo-disaster recovery in this mode, create a standby cluster for your primary cluster. In this example, you can deploy the standby cluster of one or more replicas in the Hangzhou IDC. The primary cluster is not affected if a regional failure occurs in Hangzhou. If a regional failure occurs in Shanghai, the standby cluster becomes the new primary cluster and takes over the services through a failover process. This meets the requirement for region-level disaster recovery.