Forced Unit Access (FUA) and Write‑Through

All components in a storage solution must honor the write‑to‑stable media intent.

A solution that has write‑back caching enabled must guarantee acknowledged writes are non‑volatile under all failure conditions. JADE uses two mechanisms to achieve the stable media requirement.

Using an external Uninterruptible Power Supply (UPS) to achieve this on its own is not sufficient, because failure modes that are unrelated to power do occur.

A Write Through command, which is available only for Small Computer System Interface (SCSI) disk devices, is implemented by issuing a WRITE command to the disk with the Force Unit Access (FUA) bit set. This command is used by JADE database journaling, and it instructs the disk to write the current packet of data to the disk immediately, bypassing the onboard write cache.

Storage solutions that do not support FUA semantics (for example, Integrated Drive Electronics (IDE)/ATA Packet Interface (ATAPI) disks) must be configured with write‑back caching disabled.

Legacy IDE drives provide no support for the equivalent of SCSI FUA in drives based on any version of the Advanced Technology Attachment (ATA) specification prior to version 7. That means that if you were to host journals on an IDE drive, controller write caching must be disabled, which is not usually the default. This issue was addressed in ATA‑7, on which most‑current Serial ATA (SATA) drives are based.

If the write journal drive is an ATA‑type device, you cannot rely on data being stable on the media for the WRITE command with FUA. Although it has been the standard since ATA‑7 (2005), it is not always supported by commodity drives or device drivers. From JADE releases 7.1.09 and 16.0.02, writes to the audit files are now synchronized on such devices.
A Flush Buffers command, which is available for SCSI and IDE/ATAPI disk devices, instructs the disk to write all cached data to the disk immediately. For SCSI disks, this is implemented by issuing the SYNCHRONIZE CACHE command to the disk. For IDE/ATAPI disks, the FLUSH CACHE command is sent to the disk.

Caching storage solutions designed for use in data‑critical transactional environments may not honor these commands immediately. Such solutions must guarantee that, after a failure such as power loss or system reset, cached data is eventually persisted on the physical media.

As each new volume is encountered when opening a writable file, the JADE database logs the device write‑cache settings. If the device reports that write‑cache is enabled and the write‑cache type is not write‑through, warning messages are logged if the device does not support flush‑cache operations or you have configured the device as power protected (suppressing flush‑cache operations).

If the device settings cannot be determined, the following warning is logged.

<<WARNING>> Unable to determine write‑cache settings for volume <volume>, drive letter=<drive>, label=<label>

If write‑cache is enabled and it is not write‑through but the device reported flush-cache as not supported, the following warnings are logged.

<<WARNING>> Unsafe write‑cache settings for volume <volume>, drive letter=<drive>, label=<label>

<<WARNING>> Device does not support host software forced flush of device write‑cache

If write‑cache is enabled and it is not write‑through but you have configured the device as power protected on the Policies sheet in device properties, the following warnings are logged;

<<WARNING>> Possibly unsafe write-cache settings for volume <volume>, drive letter=<drive>, label=<label>

<<WARNING>> Host software forced flush of device write-cache is disabled

If a warning is logged for a device, it means that the reported device configuration does not guarantee that acknowledged writes are non‑volatile and therefore the device configuration does not comply with the database stable media requirement.

If a warning was logged, an indication of the implications of a failure for the system is also logged.

If archival recovery is enabled, the following message is logged.

A power outage might result in data loss or corruption necessitating roll‑forward recovery from a checked backup

If archival recovery is disabled, the following message is logged.

A power outage might result in irrecoverable data loss or corruption (archival recovery is disabled)