Showing papers in "Distributed Systems Engineering in 1999"

Active Cache: caching dynamic contents on the Web

Abstract: Dynamic documents constitute an increasing percentage of contents on the Web, and caching dynamic documents becomes an increasingly important issue that affects the scalability of the Web. In this paper, we propose the Active Cache scheme to support caching of dynamic contents at Web proxies. The scheme allows servers to supply cache applets to be attached with documents, and requires proxies to invoke cache applets upon cache hits to furnish the necessary processing without contacting the server. We describe the protocol, interface and security mechanisms of the Active Cache scheme, and illustrate its use via several examples. Through prototype implementation and performance measurements, we show that Active Cache is a feasible scheme that can result in significant network bandwidth savings at the expense of moderate CPU costs.

Jonathan: an open distributed processing environment in Java

Abstract: This paper describes a minimal and modular Object Request Broker (ORB) framework from which it is possible to build highly flexible ORBs supporting the introduction of arbitrary binding mechanisms between interacting objects. We show that such a framework consists essentially of extending the Java notion of object reference to make it distributed. Jonathan is a Java implementation of such a framework, featuring a CORBA 2.0 `personality' and several different binding factories. It could be easily extended with new binding factories and personalities (e.g. a RMI personality) or scaled down to fit particular needs.

A scalable middleware solution for advanced wide-area Web services

Abstract: To alleviate scalability problems in the Web, many researchers concentrate on how to incorporate advanced caching and replication techniques. Many solutions incorporate object-based techniques. In particular, Web resources are considered as distributed objects offering a well-defined interface. We argue that most proposals ignore two important aspects. First, there is little discussion on what kind of coherence should be provided. Proposing specific caching or replication solutions makes sense only if we know what coherence model they should implement. Second, most proposals treat all Web resources alike. Such a one-size-fits-all approach will never work in a wide-area system. We propose a solution in which Web resources are encapsulated in physically distributed shared objects. Each object should encapsulate not only state and operations, but also the policy by which its state is distributed, cached, replicated, migrated, etc.

Group membership failure detection: a simple protocol and its probabilistic analysis

Abstract: A group membership failure (in short, a group failure) occurs when one of the group members crashes. A group failure detection protocol has to inform all the non-crashed members of the group that this group entity has crashed. Ideally, such a protocol should be live (if a process crashes, then the group failure has to be detected) and safe (if a group failure is claimed, then at least one process has crashed). Unreliable asynchronous distributed systems are characterized by the impossibility for a process to get an accurate view of the system state. Consequently, the design of a group failure detection protocol that is both safe and live is a problem that cannot be solved in all runs of an asynchronous distributed system. This paper analyses a group failure detection protocol whose design naturally ensures its liveness. We show that by appropriately tuning some of its duration-related parameters, the safety property can be guaranteed with a probability as close to one as desired. This analysis shows that, in real distributed systems, it is possible to achieve failure detection with a negligible probability of wrong suspicions.

Hierarchical, competitive scheduling of multiple DAGs in a dynamic heterogeneous environment

Abstract: With the advent of large-scale heterogeneous environments, there is a need for matching and scheduling algorithms which can allow multiple, directed acyclic graph structured applications to share the computational resources of the network. This paper presents a hierarchical matching and scheduling framework where multiple applications compete for the computational resources on the network. In this environment, each application makes its own scheduling decisions. Thus, no centralized scheduling resource is required. Applications do not need direct knowledge of the other applications - knowledge of other applications arrives indirectly through load estimates (like queue lengths). This paper presents an algorithm, called the dynamic hierarchical scheduling algorithm, which schedules tasks within this framework. A series of simulations are presented to examine the performance of these algorithms in this environment, compared with a more conventional, single-user environment.

The implementation of a high-performance ORB over multiple network transports

Abstract: This paper describes the implementation of a high-performance Object Request Broker (ORB) - omniORB2. The discussion focuses on the experience in achieving high performance by exploiting the protocol and other characteristics of the CORBA 2.0 specification. The design is also highly adaptable to a variety of network transports. The results of running the ORB over TCP/IP, shared memory, Scalable Coherent Interface (SCI) and ATM Adaptation Layer 5 (AAL5) are presented. In both null calls and bulk data transfers, the performance of omniORB2 is significantly better than other commercial ORBs.

System support for scalable and fault tolerant Internet services

Abstract: Over the past few years, we have seen the proliferation of Internet-based services ranging from search engines and map services to video-on-demand servers. All of these kinds of services need to be able to provide certain guarantees of availability and scalability to their users. With millions of users on the Internet today, these services must have the capacity to handle a large number of clients and remain available even in the face of extremely high load. In this work, we present a generic architecture for supporting such Internet applications. We provide a substrate for scalable network services, on top of which application developers can design their services without worrying about the details of service management. We back our design with three real-world services: a Web distillation proxy, a proxy-based Web browser for PDAs, and an MBone archive server.

The hierarchical daisy architecture for causal delivery

Abstract: In this paper, we propose the hierarchical daisy architecture, which provides causal delivery of messages sent to any subset of processes. The architecture provides fault tolerance and maintains the amount of control information within a reasonable size. It divides processes into logical groups. Messages inside a logical group are sent directly, while messages that need to cross logical groups' boundaries are forwarded by servers. We prove the correctness of the daisy architecture, discuss possible optimizations, and present simulation results.

Supporting customized failure models for distributed software

Abstract: The cost of employing software fault tolerance techniques in distributed systems is strongly related to the type of failures to be tolerated. For example, in terms of the amount of redundancy required and execution time, tolerating a processor crash is much cheaper than tolerating arbitrary (or Byzantine) failures. This paper describes an approach to constructing configurable services for distributed systems that allows easy customization of the type of failures to tolerate. Using this approach, it is possible to configure custom services across a spectrum of possibilities, from a very efficient but unreliable server group that does not tolerate any failures, to a less efficient but reliable group that tolerates crash, omission, timing, or arbitrary failures. The approach is based on building configurable services as collections of software modules called micro-protocols. Each micro-protocol implements a different semantic property or property variant, and interacts with other micro-protocols using an event-driven model provided by a runtime system. In addition to facilitating the choice of failure model, the approach allows service properties such as message ordering and delivery atomicity to be customized for each application.

Scalability evaluation of a distributed agent system

Abstract: The use of new computing paradigms is intended to ease the design of complex systems. However, the non-functional aspects of a system, including performance, reliability and scalability, remain significant issues. It is hard to detect and correct many scalability problems through system testing alone - especially when the problems are rooted in the higher levels of the system design. Late corrections to the system can have serious implications for the clarity of the design and code. We have analysed the design of a system of multiple near-identical, `reactive' agents for scalability. We believe that the approach taken is readily applicable to many object oriented systems, and may form the basis of a rigorous design methodology. It is a simple, yet scientific extension to current design techniques using message sequence charts, enabling design options to be compared quantitatively rather than qualitatively. Our experience suggests that such analysis should be used to consider the effect of artificial intelligence, to ensure that autonomous behaviour has an overall beneficial effect for system performance.

An approach to interoperation between autonomous database systems

Abstract: In this paper we present an approach to support interoperation between autonomous database systems. In particular, we concentrate on distributed information discovery and access for systems with a large number of databases. We avoid the need for integrated global schemas or centralized structures containing information on the available data and its location. We instead provide an architecture that supports data distribution, autonomy and heterogeneity. The architecture also supports system evolution by the addition and removal of databases. A distributed information discovery algorithm is provided to perform data requests, database location and data access. A feature of our approach is to distribute the information about database contents using simple hierarchical information structures composed of special terms. A prototype has been developed to demonstrate and evaluate the approach. A hospital case study is used to illustrate its feasibility and applicability.

An adaptive architecture for causally consistent distributed services

Abstract: This paper explores causally consistent distributed services when multiple related services are replicated to meet performance and availability requirements. This consistency criterion is particularly well suited for distributed services such as cooperative document sharing, and it is attractive because of the efficient implementations that are allowed by it. A new protocol for implementing causally consistent services is presented. It allows service instances to be created and deleted dynamically according to service access patterns in the distributed system. It also handles the case where different but related services are replicated independently. Another novel aspect of this protocol lies in its ability to use both push and pull mechanisms for disseminating updates to objects that encapsulate service state.

Mobile Java objects

Abstract: In this paper we discuss the engineering requirements for adding object mobility to the Java programming language, and give an overview of the design and implementation of our mobile object system. We show that it is helpful to cluster objects for mobility, and that if these clusters represent untrusted pieces of code (for example, agents) then they must be encapsulated both to control their access and to control access to them. We show that managing large numbers of mobile objects in an open environment is a difficult problem, but has its roots in the management of large distributed name spaces. We propose an architecture for relocating moved objects that is both scaleable and tuneable. The mobile object system we describe has been implemented, and is currently in use as part of an ESPRIT agent project. We are currently evolving the design and implementation to provide additional security and distribution facilities.

A comprehensive distributed shared memory system that is easy to use and program

Abstract: An analysis of the distributed shared memory (DSM) work carried out by other researchers shows that it has been able to improve the performance of applications, at the expense of ease of programming and use. Many implementations require application programmers to write code to explicitly associate shared variables with synchronization variables or to label the variables according to their access patterns. Programmers are required to explicitly initialize parallel applications and, in particular, to create DSM parallel processes on a number of workstations in the cluster of workstations. The aim of this research has been to improve the ease of programming and use of a DSM system while not compromising its performance. RHODOS' DSM allows programmers to write shared memory code exploiting their sequential programming skills without the need to learn the DSM concepts. The placement of DSM within the operating system allows the DSM environment to be automatically initialized and transparent. The results of running two applications demonstrate that our DSM, despite paying attention to ease of programming and use, achieves high performance.

CORBA and RM-ODP: parallel or divergent?

Abstract: Modern architectures for distributed object environments (or distributed `middleware') are revealing an increasing trend towards standardization. The recent emergence of a standard for open distributed processing, the ISO/IEC Reference Model for Open Distributed Processing (RM-ODP) (ITU-T Recommendation X.901) and the coincidence of the development of the Object Management Group's Common Object Request Broker Architecture (CORBA), has prompted us to explore the relationship between these architectures. This paper analyses the CORBA architecture as a support environment for open distributed processing by comparing the business requirements for ODP, RM-ODP viewpoints, functions and distribution transparencies as specified in RM-ODP (ITU-T Recommendations X.901-4) with the CORBA architecture. Through this examination it is evident that despite distinctly divergent terminology, there exist significant parallels between CORBA and RM-ODP.

Guest Editor's Introduction: Special section on dependable distributed systems

Abstract: We rely more and more on computers. For example, the Internet reshapes the way we do business. A `computer outage' can cost a company a substantial amount of money. Not only with respect to the business lost during an outage, but also with respect to the negative publicity the company receives. This is especially true for Internet companies. After recent computer outages of Internet companies, we have seen a drastic fall of the shares of the affected companies. There are multiple causes for computer outages. Although computer hardware becomes more reliable, hardware related outages remain an important issue. For example, some of the recent computer outages of companies were caused by failed memory and system boards, and even by crashed disks - a failure type which can easily be masked using disk mirroring. Transient hardware failures might also look like software failures and, hence, might be incorrectly classified as such. However, many outages are software related. Faulty system software, middleware, and application software can crash a system. Dependable computing systems are systems we can rely on. Dependable systems are, by definition, reliable, available, safe and secure [3]. This special section focuses on issues related to dependable distributed systems. Distributed systems have the potential to be more dependable than a single computer because the probability that all computers in a distributed system fail is smaller than the probability that a single computer fails. However, if a distributed system is not built well, it is potentially less dependable than a single computer since the probability that at least one computer in a distributed system fails is higher than the probability that one computer fails. For example, if the crash of any computer in a distributed system can bring the complete system to a halt, the system is less dependable than a single-computer system. Building dependable distributed systems is an extremely difficult task. There is no silver bullet solution. Instead one has to apply a variety of engineering techniques [2]: fault-avoidance (minimize the occurrence of faults, e.g. by using a proper design process), fault-removal (remove faults before they occur, e.g. by testing), fault-evasion (predict faults by monitoring and reconfigure the system before failures occur), and fault-tolerance (mask and/or contain failures). Building a system from scratch is an expensive and time consuming effort. To reduce the cost of building dependable distributed systems, one would choose to use commercial off-the-shelf (COTS) components whenever possible. The usage of COTS components has several potential advantages beyond minimizing costs. For example, through the widespread usage of a COTS component, design failures might be detected and fixed before the component is used in a dependable system. Custom-designed components have to mature without the widespread in-field testing of COTS components. COTS components have various potential disadvantages when used in dependable systems. For example, minimizing the time to market might lead to the release of components with inherent design faults (e.g. use of `shortcuts' that only work most of the time). In addition, the components might be more complex than needed and, hence, potentially have more design faults than simpler components. However, given economic constraints and the ability to cope with some of the problems using fault-evasion and fault-tolerance, only for a small percentage of systems can one justify not using COTS components. Distributed systems built from current COTS components are asynchronous systems in the sense that there exists no a priori known bound on the transmission delay of messages or the execution time of processes. When designing a distributed algorithm, one would like to make sure (e.g. by testing or verification) that it is correct, i.e. satisfies its specification. Many distributed algorithms make use of consensus (eventually all non-crashed processes have to agree on a value), leader election (a crashed leader is eventually replaced by a new leader, but at any time there is at most one leader) or a group membership detection service (a crashed process is eventually suspected to have crashed but only crashed processes are suspected). From a theoretical point of view, the service specifications given for such services are not implementable in asynchronous systems. In particular, for each implementation one can derive a counter example in which the service violates its specification. From a practical point of view, the consensus, the leader election, and the membership detection problem are solvable in asynchronous distributed systems. In this special section, Raynal and Tronel show how to bridge this difference by showing how to implement the group membership detection problem with a negligible probability [1] to fail in an asynchronous system. The group membership detection problem is specified by a liveness condition (L) and a safety property (S): (L) if a process p crashes, then eventually every non-crashed process q has to suspect that p has crashed; and (S) if a process q suspects p, then p has indeed crashed. One can show that either (L) or (S) is implementable, but one cannot implement both (L) and (S) at the same time in an asynchronous system. In practice, one only needs to implement (L) and (S) such that the probability that (L) or (S) is violated becomes negligible. Raynal and Tronel propose and analyse a protocol that implements (L) with certainty and that can be tuned such that the probability that (S) is violated becomes negligible. Designing and implementing distributed fault-tolerant protocols for asynchronous systems is a difficult but not an impossible task. A fault-tolerant protocol has to detect and mask certain failure classes, e.g. crash failures and message omission failures. There is a trade-off between the performance of a fault-tolerant protocol and the failure classes the protocol can tolerate. One wants to tolerate as many failure classes as needed to satisfy the stochastic requirements of the protocol [1] while still maintaining a sufficient performance. Since clients of a protocol have different requirements with respect to the performance/fault-tolerance trade-off, one would like to be able to customize protocols such that one can select an appropriate performance/fault-tolerance trade-off. In this special section Hiltunen et al describe how one can compose protocols from micro-protocols in their Cactus system. They show how a group RPC system can be tailored to the needs of a client. In particular, they show how considering additional failure classes affects the performance of a group RPC system. References [1] Cristian F 1991 Understanding fault-tolerant distributed systems Communications of ACM 34 (2) 56-78 [2] Heimerdinger W L and Weinstock C B 1992 A conceptual framework for system fault tolerance Technical Report 92-TR-33, CMU/SEI [3] Laprie J C (ed) 1992 Dependability: Basic Concepts and Terminology (Vienna: Springer)