How Cluster Storage Uses SCSI Reservations to Prevent Data Corruption

Cluster Basics

A cluster groups multiple servers to provide resources as a single entity; each server is a node. When a node that provides resources fails, the remaining nodes take over to continue serving clients.

Resource Access Control

All nodes can access the cluster’s shared resources. Simultaneous operations on the same resource can cause problems, such as data inconsistency when two nodes write to the same storage location at the same time.

Cluster Modes

Cluster resource‑access control has evolved into three main modes: No‑Reservation , SCSI‑2 Reservation , and SCSI‑3 Reservation . Each mode imposes different requirements on the underlying storage system.

No‑Reservation Mode Workflow

Create a volume group and logical volume on the LUN.

Start the cluster services on each node.

Determine which node is primary and which is secondary.

The primary node activates the volume group and mounts the logical volume.

The secondary node deactivates its volume group to block access.

This approach only needs a LUN that can be used to create volume groups and logical volumes with normal read/write capability. Its major drawback is vulnerability to split‑brain (heartbeat) failures, which can cause multiple nodes to believe they own the resource and compete for it.

SCSI Reservation Concept

When multiple hosts may write to the same LUN simultaneously, a SCSI reservation locks the LUN to a single initiator, preventing data corruption. Most modern disks and arrays support the SCSI reservation command.

SCSI‑2 Reservation Workflow

The node sends a reservation request to the LUN.

If the reservation succeeds, the node gains exclusive access; if a conflict occurs, it retries until successful.

After completing I/O, the node releases the reservation so other nodes can reserve.

Limitations of SCSI‑2 include path‑based reservations (a reservation cannot be cancelled if the path fails) and the fact that only the reserving initiator (the host’s HBA) can access the LUN, often called a Single Path Reservation.

SCSI‑3 Persistent Reservation

Each node first registers a Persistent Reservation (PR) key with the LUN. After registration, the node performs a Persistent Reserve operation to obtain access rights. Different nodes can use the same or different PR keys, allowing flexible sharing or pre‑emptive acquisition without data loss.

SCSI‑3 requires storage that supports the more complex Persistent Reservation command set.

Windows Cluster Example

Windows Server 2003 clusters use the non‑persistent SCSI‑2 Reserve/Release command. A node holds the reservation lock and refreshes it every few seconds; during failover, the new node places a fresh reservation on the disk.

Windows Server 2008 clusters adopt SCSI‑3 Persistent Reservation. If a node crashes, its reservation may remain on the disk, requiring manual removal before another node can acquire the lock.