[Ace-users] Re: [ciao-users] redundant component groups

Jaiganesh Balasubramanian jai at dre.vanderbilt.edu
Wed Jun 27 11:39:09 CDT 2007 

Hi Friedhelm,

> To become more specific now:
> The following approach is inspired by the CORBA fault tolerance service:
> The basic idea is, that a group of components (having interdependencies),
> provides some services which need to have a very high availability.
> So all components will be instantiated more than one time to have a 
> redundant backup
> (keeping these components in sync might be necessary, depending on the 
> component
> type but this is not in the scope of this question).
> If one of these components fails (assuming that there is a way to find 
> out when a component
> fails ... usually through CORBA exceptions), it will not only be 
> necessary to replace
> this single component by its backup, but also to inform the whole 
> component group to reconnect
> to the correct component.
> 
> Can you give me some advice, how to achieve this using standard CCM 
> mechanisms?

There are no standards mechanisms in CCM to provide fault tolerance 
capabilities to components or their assemblies.

However, mechanisms that work for plain CORBA should work for CCM as 
well, as components are CORBA objects as well.

The state of a component can include the connections the component had, 
so that when the backup starts, it can have the same connections that 
were present with the primary that failed.

FT mechanisms can take care of redirecting the connections external 
components had to the failed component.

However, the biggest winner of moving towards FT using CCM would be the 
deployment and configuration tools that can automate most of the 
activities concerned with configuration/reconfiguration of FT 
capabilities to components. IN the plain CORBA world, application 
developers would have to program those capabilities themselves, while 
with the availability of deployment and configuration tools, those 
responsibilities can be shielded from the application developers.

> 
> I think that ReDaC might aim in this direction.
> Is it possible to dynamically create an assembly file, which reflects 
> the necessary connection
> changes to integrate a backup component instead of an unresponsive 
> component?
> Can you foresee any technical or performance problems, that would 
> conflict with such an approach?

ReDac is not intended to provide FT capabilities to CCM components or 
assemblies.

Dynamically creating assemblies to provide FT will make the recovery 
process slow, which will not be acceptable for RT applications. 
Moreover, it would waste already deployed resources, and to instantiate 
an assembly on the fly involves lot of state transfers, which could 
again make the recovery process slow.

> Besides from technical issues:
> ReDaC seems to be a nonstandard enhancement of the CCM spec by DAnCE.
> Is that correct?

Yes, it is an enhancement added by the DOC group, and not part of any 
standards.

> Are there other CCM standard features, I didn't think about, which could 
> provide fault
> tolerance on component assembly level.

There are no standards right now to provide FT to CCM applications.

Thanks,
	Jai

More information about the Ace-users mailing list