RTC Magazine

High-availability computer systems provide non-stop operation for mission-critical business, telecommunication and defense applications. To tolerate failure of both hardware and software components, the architecture of high-availability systems is provided with various forms of redundancy. When one part of the system fails, other redundant parts of the system take over, and new redundancies are introduced to accommodate further component failures. When a failed component is repaired, that component is restored into the system, where it quickly configures itself as a primary or backup participant in the ongoing computations.

In the past, high-availability (HA) systems were the exclusive domain of very expensive and proprietary hardware and operating systems. But recently, increasing reliance on computer systems for mission-critical activities has moved HA requirements into mainstream markets. The concurrent maturation of both Linux and Java has resulted in both technologies offering the specialized capabilities required in HA applications.

The appeal of using Linux and Java together for the implementation of HA systems derives largely from the fact that both technologies are widely recognized as open industry standards and both technologies have now proven themselves to deliver the breadth of features and the reliability required in HA applications.

For its part, the more recent Linux distributions include support for networked and journaling file systems, more robust driver and kernel coding to minimize panics, additional kernel preemption modes, hot-swap PCI devices, bonded Ethernet connections, backplane messaging and hardware monitoring. This support builds on open standards such as OpenAIS, OpenHPI, OpenIPMI, and the Carrier Grade Linux (CGL) specification produced by the Open Source Development Labs (OSDL).

Java builds on this foundation, providing high-level programming language support to facilitate the development of HA application software. The strengths that Java brings to the HA community include easier and less costly software development and maintenance, improved security through built-in language features like byte-code verification and array subscript checking, and dynamic class loading to support no-downtime software upgrades and on-the-fly system reconfiguration.

As a high-level programming environment, the Java platform generally hides its implementation details, including its dependencies on the underlying operating system, from Java software developers. Abstraction of this detail encourages software portability and simplifies development and maintenance activities. However, software engineers responsible for delivering HA must tunnel through the layers of abstraction in order to analyze and address availability vulnerabilities that might exist in the underlying implementation.

For example, Java provides standardized libraries for file input and output operations, network socket communication, and interaction with commercial data base implementations. When a Java virtual machine is running on a typical desktop operating system, the implementation of the file, network and database services is unlikely to support high-availability operation.

However, when the Java virtual machine is properly integrated within a Linux distribution that is configured for HA operation, the same portable Java code will support HA operation. In this configuration, the implementation of the java.io libraries is likely to support journaling, data mirroring and/or redundant distribution; the implementation of the java.net communication libraries is likely to exploit redundant network interface controllers and multiple wired connections to the network; and the implementation of the java.sql data base library would probably be based on a commercial HA data base implementation.

Many HA systems must comply with application-specific real-time constraints. Network infrastructure nodes, for example, are expected to report their status regularly and frequently. If companion nodes do not receive particular status reports within certain 50 ms timing windows, the network may conclude (erroneously) that certain nodes have failed. This will trigger fault recovery activities, adding to the network load, and increasing the likelihood that additional nodes will subsequently miss their status report timing windows. Reliable message delivery and overall message throughput will both suffer as a result of missed real-time deadlines. Other HA applications have similar timing constraints.

To meet HA timing constraints, both the Java virtual machine and the underlying real-time operating system must cooperate. Commercially supported Linux distributions have demonstrated consistent interrupt response latencies of less than 50 microseconds and thread preemption latencies of less than 65 microseconds. Each Linux distribution will have marked differences depending on the markets it serves and on which software packages are included in the distribution. Linux’ ability to satisfy real-time constraints is an essential part of a complete HA solution. The implementation of the Java virtual machine must support similar timing guarantees (Figure 1).