Lenovo Storage V7000 node canisters cache volume data and hold state information in volatile memory.
If the power fails, cache and state data is written to a local flash drive in the canister. The batteries within the control enclosure provide the power to write the cache and state data to a local drive.
Two power supply units exist in the control enclosure. Each one contains an integrated battery. Both power supply units and batteries provide power to both control canisters. Each battery has sufficient charge to save critical data from both node canisters to the local drive. A fully redundant system has two batteries and two canisters. In such a system, the batteries can save critical data and state information from both canisters to a local drive twice. In a system with a failed battery, there is enough charge in the remaining battery to support saving critical data from both canisters to a local drive once.
Without ac power, a canister starts saving critical data to a local drive approximately 10 seconds after it detects the loss. If power is restored within the 10 seconds, the system continues to operate. This loss in power is called a brown out. When it saves critical data, the system stops handling I/O requests from host applications. At the same time, Metro Mirror and Global Mirror relationships go offline. The system powers off after it saves the critical data.
If both node canisters shut down without writing the cache and state data to the local drive, the system is unable to restart without an extended service action. The system configuration must be restored. If any cache write data is lost, volumes must be restored from a backup. It is, therefore, important not to remove the canisters or the power supply units from the control enclosures unless directed to do so by the service procedures. Removing either of these components might prevent the node canister from writing its cache and state data to the local drive.
When the ac power is restored to the control enclosure, the system restarts without operator intervention. How quickly it restarts depends on whether there is a history of previous power failures.
When ac power is restored after both canisters save critical data, the system restarts without operator intervention. How quickly it restarts depends on whether there is a history of previous power failures. The system restarts only when the batteries have sufficient charge to save critical data for both node canisters again. A fully redundant system can restart as soon as power is restored after it saves critical data once. If a second ac power outage occurs before batteries charge completely, the system starts in service state. The system does not begin I/O operations until the batteries are half charged. Recharging takes approximately 30 minutes.
In a system with a failed battery, an ac power failure causes both canisters to save critical data and completely discharges the remaining battery. When the ac power is restored, the system starts in service state and does not start I/O operations until the remaining battery is fully charged. The recharging takes approximately 1 hour.
Other conditions can cause critical data to be saved and the nodes to go into service state and stop I/O operations. Each node canister saves critical data if it detects there is no longer sufficient battery charge to support saving critical data. This situation happens, for example, when both batteries have two-thirds of a charge. The total charge is sufficient to support saving critical data once. Therefore, both canisters are in active state and I/O operations occur. If one battery fails, the remaining battery has only two-thirds of a charge. The total charge in the enclosure is now insufficient to save critical data if the ac power fails. Data protection is not guaranteed in this case. When the battery has sufficient charge, the system automatically restarts.