Information Technology Reference
In-Depth Information
the probability that it will continue to be reliable for some specified period of
time. A storage system is available at some moment of time if a read or write
operation could be completed at that time, and we dene a storage system's
availability as the probability that the system will be available at any given
Denition: availability
moment of time.
To see the difference between reliability and availability, consider the highly
reliable but highly unavailable storage device shown in Figure 14.1. In the 70's,
the two Voyager spacecraft sent out of our solar system each included a golden
record on which various greetings, diagrams, pictures, natural sounds, and music
were encoded as \a present from a small, distant world, a token of our sounds,
our science, our images, our music, our thoughts and our feelings." (President
Carter) To protect against erosion, the record is encased in an aluminium and
uranium cover. This storage device is highly reliable|it is expected to last
for many tens of thousands of years in interstellar space|but it is not highly
available (at least, not to us.)
To take a more pedestrian example, suppose a storage system required each
data block to be written to a disk on each of 100 different machines physically
distributed across 100 different machine rooms spread across the world. Such a
system might be highly reliable (since it would take a fairly spectacular catas-
trophe to wipe out all of the copies of any data that is stored), highly available
for reads (since there are 100 different locations to read from), but not highly
available for writes (since the unavailability of any one of the 100 machines
would prevent new writes from completing.)
Two problems.
Broadly speaking, storage systems must deal with two threats
to reliability.
Operation interruption. A crash or power failure in the middle of a
series of related updates may leave the stored data in an inconsistent state.
For example, suppose that a user has asked an operating system to move
a file from one directory to another:
>mvdrafts/really-important.docfinal/really-important.doc
As we discuss in later chapters, such a move may entail many low level op-
erations such as writing the
drafts
directory file to remove
really-important.doc
,
updating the last-modified time of the
drafts
directory, growing the
final
directory's le to include another block of storage to accommo-
date a new directory entry for
really-important.doc
, writing the new
directory entry to the directory le, updating the le system's free space
bitmap to note that the newly allocated block is now in use, and updating
the size and last-modfied time of the
final
directory.
Suppose that the system's power fails when the updates to the
drafts
directory are stored in nonvolatile storage but when the updates to the
