Conference paper

Reducing recovery time in a small recursively restartable system

We present ideas on how to structure software systems for high availability by considering MTTR/MTTF characteristics of components in addition to the traditional criteria, such as functionality or state sharing. Recursive restartability (RR), a recently proposed technique for achieving high availability, exploits partial restarts at various levels within complex software infrastructures to recover from transient failures and rejuvenate software components. Here we refine the original proposal and apply the RR philosophy to Mercury, a COTS-based satellite ground station that has been in operation for over 2 years. We develop three techniques for transforming component group boundaries such that time-to-recover is reduced, hence increasing system availability. We also further RR by defining the notions of an oracle, restart group and restart policy, while showing how to reason about system properties in terms of restart groups. From our experience with applying RR to Mercury, we draw design guidelines and lessons for the systematic application of recursive restartability to other software systems amenable to RR

    Keywords: aerospace computing;ground support systems;software reliability;system recovery;


    software systems;MTTR/MTTF characteristics;functionality;state sharing;small recursively restartable system;recovery time reduction;high availability;partial restarts;complex software infrastructures;transient failure recovery;software component rejuvenation;Mercury;COTS-based satellite ground station;component group boundaries;oracle;restart group;restart policy;


    Record created on 2006-12-22, modified on 2016-08-08


Related material