Chen-Liang Fang

Fault tolerant Web service

Zwass (1996) suggested that middleware and message service is one of the five fundamental technologies used to realize electronic commerce (EC). The simple object access protocol (SOAP) is recognized as a more promising middleware for EC applications among other leading candidates such as CORBA. Many recent polls reveal however that security and reliability issues are major concerns that discourage people from engaging in EC transactions. We notice that the fault-tolerance issue is somewhat neglected in the current standard, i.e., SOAP 1.1. We therefore propose a fault tolerant Web service called fault-tolerant SOAP or FT-SOAP through which Web services can be built with higher resilience to failure. FT-SOAP is based on our previous experience with an object fault tolerant service (OFS) [Liang, D. et al., (1999)] and OMGs fault tolerant CORBA (FT-CORBA). There are many architectural differences between SOAP and CORBA. One of the major contributions of this work is to discuss the impact on FT-SOAP design due to these architectural differences. Our experience shows that Web services built on a SOAP framework enjoy higher flexibility as opposed to those built on CORBA. We also point out the limitations of the current feature sets of SOAP 1.1. We believe our experience is valuable not only to the fault-tolerance community, but also to other communities as well, in particular, to those who are familiar with the CORBA platform.

Fault tolerant Web Services

Zwass suggested that middleware and message service is one of the five fundamental technologies used to realize Electronic Commerce (EC). The Simple Object Access Protocol (SOAP) is recognized as a more promising middleware for EC applications among other leading candidates such as CORBA. Many recent polls reveal however that security and reliability issues are major concerns that discourage people from engaging in EC transactions. We notice that the fault-tolerance issue is somewhat neglected in the current standard, i.e., SOAP 1.2. We therefore propose a fault tolerant Web Services called fault tolerant SOAP or FT-SOAP through which Web Services can be built with higher resilience to failure. FT-SOAP is based on our previous experience with an object fault tolerant service (OFS) and OMGs fault tolerant CORBA (FT-CORBA). There are many architectural differences between SOAP and CORBA. One of the major contributions of this work is to discuss the impact of these architectural differences on FT-SOAP design. Our experience shows that Web Services built on a SOAP framework enjoy higher flexibility compared to those built on CORBA. We also point out the limitations of the current feature sets of SOAP 1.2, e.g. the application of the intermediary. In addition, we examine two implementation approaches; namely, one based on the SOAP 1.2s intermediary, and the other on Axis handler. We conclude that the intermediary approach is infeasible due to the backward compatibility issue. We believe our experience is valuable not only to the fault-tolerance community, but also to other communities as well, in particular, to those who are familiar with the CORBA platform.

A fault-tolerant object service on CORBA

Abstract The Common Object Request Broker Architecture (CORBA), is a major industrial standard for distributed object-based applications. Todays large-scale CORBA applications have to deal with object crashes, node failures, networks partitioning and unpredictable communication delays. Existing efforts to enhance the CORBA reliability can be roughly categorized into three approaches: integration approach, interception approach and service approach. Each approach has its own merits and prices. In this paper, we propose a service approach solution called Object Fault–tolerance Service (OFS). Solutions that adopt the service approach usually specify their service in terms of CORBA IDL interfaces. The implementations of such solutions in general do not modify the ORB infrastructure or IDL language mappings, and thus applications developed with those systems appear to be more portable. OFS differs from other service approach solutions in that OFS does not assume underlying support of reliable group communication. Applications with advance registration can rely on OFS for detection of object and node crashes, and for customized recovery. In this paper, we first present the service specification of OFS. We then give the system architecture of an OFS implementation. This OFS implementation is developed on the Solaris 2.5 platform and with IONAs Orbix 2.0. The performance evaluation of the OFS implementation is also presented. The preliminary experiments indicate that OFS overhead is minimal and client objects experience little response delay when a service object is under OFS surveillance.

A redundant nested invocation suppression mechanism for active replication fault-tolerant Web service

Zwass suggested that middleware and message service is one of the five fundamental technologies used to realize electronic commerce (EC) [Zwass, V. (1996)]. The simple object access protocol (SOAP) is recognized as a more promising middleware for EC applications among other leading candidates such as CORBA. We notice that the fault-tolerance issue is somewhat neglected in the current standard, i.e., SOAP 1.1. We therefore proposed a fault tolerant Web service called fault-tolerant SOAP or FT-SOAP through which Web services can be built with higher resilience to failure. Active replication is a common approach to building highly available and reliable distributed software applications. The redundant nested invocation (RNI) problem arises when servers in a replicated group issues nested invocations to other server groups in response to a client invocation. In this work, we propose a mechanism to perform auto-suppression of redundant nested invocation in an active replication FT-SOAP system. Our approach ensures the portability requirement of a middleware, especially for FT-SOAP.

A Portable Interceptor Mechanism on SOAP for Continuous Audit

Web services has become popular in modern distributed applications, and the SOAP technology currently is the most used in Web services. Recent middleware research works widely use interception approach for many problem domains, for example fault tolerance, continuous audit {CA), security etc. Instead of providing a portable interceptor as CORBA does, SOAP 1.2 provides an intermediary mechanism. Due to backward compatibility issue, we found intermediary mechanism is not a feasible solution for interception. Furthermore, our use case analysis found that CORBA Portable Interceptor functionality does not fulfill all requirements of continuous audit. This motivates us to develop a new portable interceptor mechanism (PIM) on SOAP for CA. In this paper, we propose a PIM on SOAP to meet the interception requirements for Web services. Our PIM includes portable interceptor management in SOAP engine and portable interceptor interface definitions.

A nested invocation suppression mechanism for active replication fault-tolerant CORBA

Active replication is a common approach to building highly available and reliable distributed software applications. The redundant nested invocation (RNI) problem arises when servers in a replicated group issues nested invocations to other server groups in response to a client invocation. Automatic suppression of RNI is always a desirable solution, yet it is usually a difficult design issue. If the system has multithreading (MT) support, the difficulties of implementation increase dramatically. Intuitively, to design a deterministic thread execution control mechanism is a possible approach. Unfortunately, some modern operating systems implement threads on the kernel level for execution fairness. For the kernel thread case, modification on thread control implies modifying the operating system kernel. This approach loses system portability which is one of the important requirements of CORBA or middleware. In this work, we propose a mechanism to perform the auto-suppression of redundant nested invocation in an active replication fault-tolerant (FT) CORBA system. Besides the mechanism design, we discuss the design correctness semantic and the correctness proof of our design.

A nested invocation suppression mechanism for active replicated SOAP systems

The simple object access protocol (SOAP) is recognized as a more promising middleware for electronic commerce applications among other leading candidates such as CORBA. Many recent polls reveal however that security and reliability issues are major concerns that discourage people from engaging in electronic commerce transactions. We note that these issues are not adequately addressed in the current standard, i.e., SOAP 1.2. Active replication is a common approach to building readily available and highly reliable distributed software applications. The redundant nested invocation (RNI) problem arises when servers in a replicated group issues nested invocations to other server groups in response to a client invocation. Automatic suppression of RNI from active group is always a desirable function, yet this function usually requires careful if not complex design. The design complexity increases if the system involves multithreading implementation. Existing solutions either solve RNI problem for single-threading cases or solve multithreading cases at the expense of portability. In this work, we propose a mechanism to perform auto-suppression of redundant nested invocation on an active replication fault tolerant Web service. Our approach is portable so that the Web service running on our platform is able to interact with any other SOAP applications. Our preliminary experiments show that the proposed auto-suppression mechanism is efficient in most cases.

A Preliminary Study of Suppressing Redundant Nested Invocations from a Web Service with Active Replication

Zwass (1996) suggested that middleware and message service is one of the five fundamental technologies used to realize electronic commerce (EC). The Simple Object Access Protocol (SOAP) is recognized as a more promising middleware for EC applications among other leading candidates such as CORBA. We notice that the fault-tolerance issue is somewhat neglected in the current standard, that is, SOAP 1.1. We therefore proposed a fault tolerant Web service called fault-tolerant SOAP or FT-SOAP through which Web services can be built with higher resilience to failure. Active replication is a common approach to building highly available and reliable distributed software applications. The redundant nested invocation (RNI) problem arises when servers in a replicated group issue nested invocations to other server groups in response to a client invocation. In this work, we propose a mechanism to perform auto-suppression of redundant nested invocation in an active replication FT-SOAP system. Our approach ensures the portability requirement of a middleware, especially for FT-SOAP. The current design of the suppression mechanism itself does not consider the fault-tolerance issue. In other words, it suffers from the single-point of failure. Furthermore, the preliminary performance results indicates significant performance penalty due to inefficient SOAP invocations. More comprehensive experiments are needed to further investigate the feasibility of the current approach in the context of system performance.

A nested invocation suppression framework for active replication fault-tolerant CORBA

Active replication is a common approach to building highly available and reliable distributed software applications. The redundant nested invocation (RNI) problem arises when servers in a replicated group issue nested invocations to another server group in response to a client invocation. Automatic suppression of RNI is always a desirable solution, yet it is usually a difficult design issue. In this research, we propose a new determinism reference model based on accomplishing the verification process in a more systematic manner The proposed determinism reference model consists of four levels, namely: ideal determinism, isomorphic determinism, similar determinism, and non-determinism. We consider a class of multi-threading CORBA environments to demonstrate the power of the proposed determinism reference model.