Disaster recovery for a high availability configuration
You can configure a disaster recovery (DR) solution such that an appliance at a remote location can take over if both the appliances in a high availability (HA) pair fail at the same time.
If you are running a queue manager on an appliance in an HA pair, and both appliances in the pair become unavailable (for example, the data center has a major power failure), then you can manually start and run the queue manager on a DR appliance at a different site. You can fail over to another high availability configuration at the recovery site, so that the queue manager is running in an identical environment.
Replication between the appliances in a high availability pair is synchronous, but in a HA/DR configuration queue manager data is replicated to the DR appliance asynchronously. This means that following a recovery situation, some messaging data might be lost. But the queue manager on the DR appliance will be in a consistent state, and able to start running immediately, even if it is started at a slightly earlier part of the message stream.
In the case of a configuration of an HA pair on the main site and a single DR appliance on the recovery site, a floating IP address can be allocated to each queue manager under HA/DR control. The DR appliance can connect to a single IP address regardless of which of the appliances in the HA group is running the queue manager (there are real interfaces configured with static IP address underlying the floating IP address). A floating IP address cannot be used where there are HA groups at both the main site and the recovery site.
The following diagram shows an HA pair at both main site and recovery site.