Building Dependable Systems: the Openvms Approach
Total Page:16
File Type:pdf, Size:1020Kb
Building Dependable Systems: The OpenVMS Approach Order Number: AA–PV5YB–TE March 1994 This handbook describes the principles of building dependable computing systems. It also highlights the dependability features of OpenVMS software, layered products software, and related hardware components. Revision/Update Information: This manual supersedes Building Dependable Systems: The OpenVMS VAX Approach, OpenVMS VAX Version 6.0. Software Versions: OpenVMS AXP Version 6.1 OpenVMS VAX Version 6.1 Digital Equipment Corporation Maynard, Massachusetts March 1994 Digital Equipment Corporation makes no representations that the use of its products in the manner described in this publication will not infringe on existing or future patent rights, nor do the descriptions contained in this publication imply the granting of licenses to make, use, or sell equipment or software in accordance with the description. Possession, use, or copying of the software described in this publication is authorized only pursuant to a valid written license from Digital or an authorized sublicensor. © Digital Equipment Corporation 1994. All rights reserved. The postpaid Reader’s Comments forms at the end of this document request your critical evaluation to assist in preparing future documentation. The following are trademarks of Digital Equipment Corporation: ACMS, Alpha AXP, AXP, BI, Bookreader, Business Recovery Server, CDA, CDD/Repository, CI, COHESION, DATATRIEVE, DECADMIRE, DECalert, DECamds, DBMS, DECalert, DECdecision, DECdesign, DECdtm, DECforms, DECmcc, DECnet, DECquery, DEC RALLY, DEC Rdb, DEC Reliable Transaction Router, DECscheduler, DECset, DECstart, DECsupport, DECtalk, DECtp, DECtrace, DEC VUIT, DECwindows, DELUA, DEMPR, DEQNA, DEUNA, Digital, HSC, HSC70, LAT, MicroVAX, MicroVAX II, MSCP, NETplan, NETstart, OpenVMS, PATHWORKS, POLYCENTER, Performance Solution, Q–bus, RA, SPM, TA, ULTRIX, UNIBUS, VAX, VAX–11/780, VAX 6000, VAX 9000, VAXBI, VAXcluster, VAX FORTRAN, VAX MACRO, VAX OPS5, VAX Performance Advisor, VAX RMS, VAXserver, VAXsim, VAXsimPLUS, VAXstation, VIDA, VMS, XUI, the AXP logo, and the DIGITAL logo. The following are third-party trademarks: Adobe is a registered trademark of Adobe Systems Incorporated. Apple and Macintosh are registered trademarks of Apple Computer, Inc. Australian Stock Exchange is a registered trademark of Australian Stock Exchange, Ltd. Data Phone is a registered trademark of American Telephone and Telegraph Company. Halon is a registered trademark of Allied Corporation. IBM is a registered trademark of International Business Machines Corporation. Internet is a registered trademark of Internet, Inc. Motif and OSF/Motif are registered trademarks of Open Software Foundation, Inc. MS, Microsoft, and MS–DOS are registered trademarks of Microsoft Corporation. Open Software Foundation is a trademark of the Open Software Foundation, Inc. OS/2 is a registered trademark of International Business Machines Corporation. People Finder is a registered trademark of Motorola Corporation. POSTSCRIPT is a registered trademark of Adobe Systems Incorporated. SkyPager is a registered trademark of National Satellite Paging, Inc. TARGET–>ALERT is a trademark of Target Systems Corporation. UNIX is a registered trademark of UNIX System Laboratories, Inc. All other trademarks and registered trademarks are the property of their respective holders. ZK5709 This document is available on CD–ROM. This document was prepared using VAX DOCUMENT Version 2.1. Send Us Your Comments We welcome your comments on this or any other OpenVMS manual. If you have suggestions for improving a particular section or find any errors, please indicate the title, order number, chapter, section, and page number (if available). We also welcome more general comments. Your input is valuable in improving future releases of our documentation. You can send comments to us in the following ways: • Internet electronic mail: [email protected] • Fax: 603-881-0120 Attn: OpenVMS Documentation, ZKO3-4/U08 • A completed Reader’s Comments form (postage paid, if mailed in the United States), or a letter, via the postal service. Two Reader’s Comments forms are located at the back of each printed OpenVMS manual. Please send letters and forms to: Digital Equipment Corporation Information Design and Consulting OpenVMS Documentation 110 Spit Brook Road, ZKO3-4/U08 Nashua, NH 03062-2698 USA You may also use an online questionnaire to give us feedback. Print or edit the online file SYS$HELP:OPENVMSDOC_SURVEY.TXT. Send the completed online file by electronic mail to our Internet address, or send the completed hardcopy survey by fax or through the postal service. Thank you. Contents Preface ............................................................ xiii 1 Introduction to Dependable Computing 1.1 Levels of System Dependability Requirements ...................... 1–1 1.2 How Do You Build Dependable Systems? . ....................... 1–3 1.3 Dependability Terms . ........................................ 1–5 1.4 Basic Concepts of Dependability ................................ 1–8 1.4.1 Primary Dependability Strategies ............................ 1–10 1.4.2 Redundant Functional Units ................................ 1–13 1.4.2.1 Manual Redundancy . ................................ 1–13 1.4.2.2 Automatic Redundancy . ................................ 1–13 1.4.2.3 Capacity-Related Redundancy ............................ 1–14 1.4.2.4 Redundancy in Computing Systems . ....................... 1–14 1.5 How a Dependable System Supports the Business ................... 1–14 1.6 Balance Is Critical to a Dependable System . ....................... 1–17 2 Analyzing Dependable System Requirements 2.1 Dependability Is a Journey, Not a Destination ...................... 2–1 2.2 Determining Your Dependability Requirements .................... 2–4 2.2.1 Collecting Requirements . ................................ 2–5 2.2.2 Priority Requirements ..................................... 2–8 2.2.3 Analyzing the Sample Company’s Dependability Requirements ..... 2–9 2.2.4 Generating the Sample Company’s First Steps to Dependability .... 2–11 2.2.5 Mapping Options to Requirements for the Sample Company ....... 2–13 3 Dependability Options of the System Building Blocks 3.1 Analyzing Environmental Options .............................. 3–2 3.1.1 Utilities ................................................ 3–2 3.1.2 Structures .............................................. 3–2 3.1.3 Networks ............................................... 3–3 3.2 Analyzing Hardware Options . ................................ 3–3 3.2.1 Starting with New Equipment .............................. 3–4 3.2.2 Making Do with Currently Installed Equipment . ............... 3–4 3.2.3 Investing a Little to Gain a Lot .............................. 3–5 3.3 Analyzing Communications Options .............................. 3–5 3.3.1 Restricting Access to the Computer Room ...................... 3–5 3.3.2 Providing Corporate Data to Local Personal Computers ........... 3–5 3.3.3 Weaving a Tapestry of Computing Resources .................... 3–6 3.3.4 Providing a System Network ............................... 3–7 3.4 Analyzing Software Options .................................... 3–7 3.4.1 Writing Custom Applications ................................ 3–8 v 3.4.2 Acquiring Software Packages ................................ 3–10 3.4.3 Selecting a Systems Integrator . ............................ 3–11 3.5 Analyzing Operational Procedures Options ........................ 3–12 3.5.1 Avoiding User Errors . .................................... 3–12 3.5.2 Training, Testing, and Drills ................................ 3–12 3.5.3 Extended Hours of Operator Coverage ......................... 3–13 3.5.4 Beepers for System Managers and Programmers ................. 3–13 3.5.5 Lights Out Computer Facilities . ............................ 3–13 3.5.6 Policies Regarding System Privileges .......................... 3–14 3.6 Analyzing Personnel Options ................................... 3–15 3.6.1 Teamwork Makes the System Work ........................... 3–15 3.6.2 Robots, We Are Not! . .................................... 3–16 4 Balancing Dependability with Other Business Considerations 4.1 Identifying Constraints to Achieving a Dependable System . ........... 4–1 4.1.1 Performance Tradeoffs . .................................... 4–3 4.1.1.1 Circuit Level Redundancy . ............................ 4–4 4.1.1.2 Subsystem Level Redundancy ............................ 4–4 4.1.1.3 System Kernel Level Redundancy ......................... 4–5 4.1.1.4 Independently Recoverable System Kernels .................. 4–6 4.1.1.5 Network Level Redundancy . ............................ 4–11 4.1.1.6 Operating System Performance ........................... 4–12 4.1.1.7 Application Software Performance ......................... 4–13 4.1.1.8 Personnel Productivity and System Performance . ........... 4–13 4.1.2 Implementation Tradeoffs .................................. 4–13 4.1.2.1 Feasibility Considerations . ............................ 4–14 4.1.2.2 Timing Considerations .................................. 4–14 4.1.2.3 Learning Curve Considerations ........................... 4–14 4.1.3 Staffing Tradeoffs and Considerations ......................... 4–14 4.1.4 Vendor Tradeoffs ......................................... 4–15 4.1.4.1 Reliable Products . .................................... 4–15 4.1.4.2 Adequate Coverage .................................... 4–15 4.1.4.3 Committed Response ..................................