Webcasts‎ > ‎

FT demo

This short video shows Polyhedra's fault tolerance in action. It runs on a pair of Beagle Bone Black boards under Linux, with a client application running on a Raspberry Pi board fitted with some extra LEDs on a 'slice of Pi' extension card. (The Raspberry Pi board is the same as the one used in another Polyhedra video; the difference is that in the new video it is using a remote, fault-tolerant database service rather than using a local database.)

The Video

About the demo

When fault tolerance is enabled in commercial embedded systems, the boards would normally be fitted with battery back-up so that file operations can be completed in the event of power loss, and there would be special hardware connecting the boards to quickly detect when one has failed. In this demo, though, we have used a rather cheaper solution, based on network connectivity and fast heartbeats:
  • if a board can see its network connection is 'up', but is getting no response from the partner board, then it can assume the other board is dead; and,

  • if a board realises its network connection has failed, then it is to stop and Polyhedra service it is running
Thus, if a board is running the master server of a fault tolerant board, then not only will the standby take over immediately if the master database server fails, it will also react quickly if the master board has a power failure or is unplugged from the network. In the case of a board being disconnected, stopping the server on that board will ensure that you don't accidentally get both servers in a master state - which would be a sure recipe for problems in a fault-tolerant system.

The arbitration service for this set-up is implemented by two CL-coded applications, one running on each board, that also start off and monitor both the database server that runs on that board and the client applications that use it. The code is based on a combination of the 'demo_runner' example included in the release kits, plus the arbiter.cl file included in the demo_4 example in the release kits. The arbiters set up a connection to each other so they can make sure that we don't have both database servers acting as master, and also ensure fast fail-over should the master server crash; they also each have a connection to themselves via the network, to help detect when the board loses its network connection. There is a link to download a copy a ZIP file containing this arbitrator at the bottom of this page.

Polyhedra and Security

In computing, "security" means different things to different people. A fairly common definition, though, breaks it down into three aspects: availability, integrity and confidentiality. Polyhedra addresses the need for security by a number of mechanisms, that can be enabled as needed to meet the operational requirements. For availability, Polyhedra provides a database snapshot capability coupled with transaction logging to protect against data loss in the face of complete system failure, while 
the well-established fault tolerance mechanism illustrated in the video helps in the case of partial system failure by providing a hot standby that can take over at a moment's notice. To protect the integrity of data, Polyhedra uses the client server-model to guard against accidental data corruption, complemented by checksums on the snapshots, journal records and master-standby communications, and for confidentiality there is a user-based privilege mechanism that can control access to the data.

Of course, both integrity and confidentiality are at risk if the network traffic is open to eavesdropping, so to guard against this risk an SSL module was introduced in Polyhedra 8.8. This provides confidentiality of data in transit between client applications and the Polyhedra database server(s) - but it can also be used to protect the communications between the master server and its standby. The use of SSL also provides additional data integrity, by protecting against tampering and replay attacks.

Adding security to a system is always costly: if nothing else, it affects performance and code complexity (and size). However, Enea has worked hard to ensure these costs are low for Polyhedra, the features are easy to use, and that systems designers have the flexibility to choose which features they deploy according to their assessment of the risks.
ċ
ft_runner.zip
(50k)
Nigel Day,
19 Aug 2015, 04:47