A DESIGN METHODOLOGY

This chapter focuses on proposing a top-down design methodology and discusses its application in a detailed example, the VAXft 310. The definition of system objectives imposes the needs of the selected set of applications onto the key fault-tolerant metrics. Error-detection techniques should be established at the various boundaries to ensure that the coverage holes from one level to the next do not align. The percentage of faults detected is the single most important factor in successful recovery. The purpose of reconfiguration/recovery is to return the system to an operational state. A fault-tolerant computer system is measured in terms of the degree to which the attributes of data integrity, computational integrity, availability, and recovery time are realized. Given the need for an application-independent, fault-tolerant platform, a basic design tenet was to implement a hardware-intensive, rather than a software-intensive, fault-tolerant system.