Architectural Details of Fault-Tolerance Model

Server Replication When you initially start-up the Replication manager (as described in "How to Run the Fault-Tolerant Baseline Application) it will automatically start four servers. These servers are those that will be managed by the replication manager. When they are started you will be able to determine which is the primary server as its button will be shaded red. All of the active servers that can be switched to in a fail-over are shaded in green. If a server is shaded with grey this indicates that the given server is inactive. Upon startup of the replication manager three of the servers should be shaded green and one should be shaded red. This indicates that we have one operational primary server and three active replicas. For now all of these replicas are launched on the machine running the replication manager. Later on we plan on allowing these replicas to run on a remote machine. Non-Replicated Items Our database and orbd are not being replicated. They will be located on the sacred machine. Number of faults tolerated at a time We can tolerate multiple faults due to the fact that the client will simply wait until an active replica becomes the new primary. Since we are also re-launching the crashed/killed replica, then we can deal with mutiple faults however if all replicas are killed then the client must wait longer to make their request. Successive Faults Tolerated We can tolerate three successive faults and still guarantee that a single replica is still around. Since we are re-launched the crashed/killed replicas then eventually the system will have all four replicas back up and running.