TITLE: Fault Tolerance Under UNIX
AUTHORS: Anita Borg, Wolfgang Blau, Wolfgang Graetsch, Ferdinand Herrmann, Wolfgang Oberle

ABSTRACT:
The initial design for a distributed, fault-tolerant version of UNIX based on a three-way atomic message transmission was presented in an earlier paper. The implementation effort then moved from Auragen Systems to Nixdorf Computer where it was completed. This paper describes the working system, now known as the TARGON/32.
The original design left open questions in at least two areas: fault tolerance for server processes and recovery after a crash were briefly and inaccurately sketched: rebackup after recovery was not discussed at all.  The fundamental design involving three-way message transmission has remained unchanged. However, in addition to important changes in the implementations, server backup has been redesigned and is now more consistent with that of normal user processes. Recovery and rebackup have been completed in a less centralized and thus more efficient manner than previously envisioned.
In this paper we review important aspects of the original design and note how the implementation differs from our original ideas. We then focus on the backup and recovery fo server processes and the changes and additions in the design and implementation of recovery and rebackup.

PROBLEM:

GOAL: To transparently allow arbitrary processes to survive any individual hardware failure.

BOTTLENECK:

TRADEOFF:

ABSTRACTION:

TECHNIQUE: Use logging of communication between processes and periodic checkpointing to recover state of a crashed process.  Key to logging 

ALTERNATIVES: use dedicated hardware to mirror processes and communication

NOTES: