PowerMail manual
Prev 

Chapter 12. Best practice setups

An ideal setup consists of at least three servers. This guarantees that a single-machine failure does not hamper service in any way. As there are still two servers available, which together contain all messages, both delivery and retrieval continue. There is no lack of functionality.

A futher failure will cause part of the messages (around 33%) to disappear, but mail retrieval will still be possible. Mail deliveries will cease.

12.1. High redundancy

Six machines in three groups with a redundancy target of 3 means that any two servers can fail before messages might be lost. In other words, 33% of your servers may fail before problems occur.

Mail deliver patterns then look like this: 

	1 2   3 4   5 6
1	x     x     x
2	x     x       x
3	x       x   x
4	x       x     x
5	  x   x     x
6	  x   x       x
7	  x     x   x
8	  x     x     x

If servers 1, 2 and 3 fail, no mail is lost. In the general case, mail might only be lost if all groups lose a server. Otherwise, at least one undamaged group survives and by our configuration, each group has a copy of all mesages.

The chance for three failures to fall into three groups is 1-((3/3) * (2/3) * (1/3))=1/3. So only in one-third of the cases, there is a chance of all groups losing a message. This only happens if the failures exacly strike the three servers that house your message, for which the chance is (1/2)*(1/2)*(1/2)=1/8.

Summarizing, the compound expected loss of mail in case of 50% failure is (1/3)*(1/8)=1/24, which is around 4%.

There is a 1/3 chance that messages can continue to be stored redundantly, but in that case, 12.5% of already present mail is lost.

There is a 2/3 chance that mail reception is disabled, but not a single message is lost.

PrevHome 
Quotas