Each node canister in the control enclosure caches critical data and holds state
information in volatile memory.
If power to a node canister fails, the node canister uses battery power to write cache
and state data to its boot drive.
Note: Expansion canisters do not cache volume data or store
state information in volatile memory. Therefore, expansion canisters do not require battery
power. If AC power to both power supplies in an expansion enclosure fails, the enclosure powers
off. When AC power is restored to at least one power supply, the enclosure restarts without
operator intervention.
The battery is maintained in a fully charged state by the
battery subsystem. At maximum power, the battery can save critical data and state information in
two back-to-back power failures. If power to a node canister is lost, saving critical data
starts after a five-second wait. (If the outage is shorter than five seconds, the battery
continues to support the node and critical data is not saved.) The node canister stops handling
I/O requests from host applications. The saving of critical data runs to completion, even if
power is restored during this time. The loss of power might be because the input power to the
enclosure is lost, or because the node canister is removed from the enclosure.
When power
is restored to the node canister, the system restarts without operator intervention. How quickly
it restarts depends on whether there is a history of previous power failures. The system
restarts only when the battery has sufficient charge for the node canister to save the cache and
state data again. A node canister with multiple power failures might not have sufficient charge
to save critical data. In such a case, the system starts in service state and waits to start I/O
operations until the battery has sufficient charge.
Two light-emitting diode (LED)
indicators indicate the state of the battery:
- Status LED - Green
- Fault LED - Amber
Important: Although the system is resilient to power failures and brown outs, always
install the enclosures in an environment that has reliable, consistent, and required AC power.
Consider uninterruptible power supply units to avoid extended interruptions to data
access.
Design parameters
Consider the following important design parameters:
- The design life of the battery in the control enclosure is five years service after one
year on the shelf.
- Each battery is automatically reconditioned every three months to measure the battery
capacity. Batteries in the same enclosure are not reconditioned within two days of each other.
If a battery has a lower capacity than required (below the planned threshold), it is marked as
End Of Life
and should be replaced.
- Each battery provides power only for the canister in which it is installed. If a battery
fails, the canister goes offline and reports a node error. The single running canister
destages its cache and runs the I/O group in
write-through
mode until its partner
canister is repaired and online.