Kenneth P Birman Reliable Distributed Systems Technologies, Web Services, and Applications Kenneth P Birman Cornell University Department of Computer Science Ithaca, NY 14853 U.S.A ken@cs.cornell.edu Mathematics Subject Classification (2000): 68M14, 68W15, 68M15, 68Q85, 68M12 Based on Building Secure and Reliable Network Applications, Manning Publications Co., Greenwich, c 1996 ISBN-10 0-387-21509-3 ISBN-13 978-0-387-21509-9 Springer New York, Heidelberg, Berlin Springer New York, Heidelberg, Berlin c 2005 Springer Science+Business Media, Inc All rights reserved This work may not be translated or copied in whole or in part without the written permission of the publisher (Springer Science+Business Media Inc., 233 Spring Street, New York, NY, 10013 USA), except for brief excerpts in connection with reviews or scholarly analysis Use in connection with any form of information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed is forbidden The use in this publication of trade names, trademarks, service marks and similar terms, even if they are not identified as such, is not to be taken as an expression of opinion as to whether or not they are subject to proprietary rights Printed in the United States of America 987654321 springeronline.com SPIN 10969700 (KeS/HP) Contents Preface xvii Introduction xix A User’s Guide to This Book xxix Trademarks xxxiii PART I Basic Distributed Computing Technologies Fundamentals 1.1 1.2 1.3 1.4 1.5 Introduction Components of a Reliable Distributed Computing System 1.2.1 Communication Technology 1.2.2 Basic Transport and Network Services 1.2.3 Reliable Transport Software and Communication Support 1.2.4 Middleware: Software Tools, Utilities, and Programming Languages 1.2.5 Distributed Computing Environments 1.2.6 End-User Applications Critical Dependencies Next Steps Related Reading 12 14 15 16 17 19 20 22 23 Basic Communication Services 25 2.1 2.2 2.3 2.4 2.5 25 27 31 33 33 33 34 34 35 36 37 2.6 2.7 Communication Standards Addressing Network Address Translation IP Tunnelling Internet Protocols 2.5.1 Internet Protocol: IP layer 2.5.2 Transmission Control Protocol: TCP 2.5.3 User Datagram Protocol: UDP 2.5.4 Multicast Protocol Routing End-to-End Argument vi Contents 2.8 2.9 2.10 High Assurance Communication 3.1 3.2 3.3 3.4 3.5 3.6 Notions of Correctness and High Assurance Distributed Communication The Many Dimensions of Reliability Scalability and Performance Goals Security Considerations Next Steps Related Reading Remote Procedure Calls and the Client/Server Model 4.1 4.2 4.3 4.4 4.5 4.6 45 45 45 49 50 51 52 53 53 57 60 63 65 67 67 69 70 71 74 75 78 81 83 Styles of Client/Server Computing 85 5.1 5.2 5.3 5.4 5.5 5.6 5.7 The Client/Server Model RPC Protocols and Concepts Writing an RPC-based Client or Server Program The RPC Binding Problem Marshalling and Data Types Associated Services 4.6.1 Naming Services 4.6.2 Time Services 4.6.3 Security Services 4.6.4 Threads packages 4.6.5 Transactions The RPC Protocol Using RPC in Reliable Distributed Systems Layering RPC over TCP Related Reading Stateless and Stateful Client/Server Interactions Major Uses of the Client/Server Paradigm Distributed File Systems Stateful File Servers Distributed Database Systems Applying Transactions to File Servers Message-Queuing Systems 39 41 43 4.7 4.8 4.9 4.10 OS Architecture Issues: Buffering and Fragmentation Next Steps Related Reading 85 85 92 99 106 113 116 Contents 5.8 5.9 The ANSA Project Beyond ANSA to CORBA Web Services The CORBA Reference Model IDL and ODL ORB Naming Service ENS—The CORBA Event Notification Service Life-Cycle Service Persistent Object Service Transaction Service Interobject Broker Protocol Properties of CORBA Solutions Performance of CORBA and Related Technologies Related Reading System Support for Fast Client/Server Communication 141 7.1 7.2 7.3 7.4 7.5 7.6 143 146 147 149 154 155 Web Technologies 157 The World Wide Web 159 8.1 8.2 8.3 8.4 8.5 159 161 164 169 169 The World Wide Web The Web Services Vision Web Security and Reliability Computing Platforms Related Reading 119 119 122 124 124 131 132 133 133 135 135 135 136 136 137 140 Lightweight RPC fbufs and the x-Kernel Project Active Messages Beyond Active Messages: U-Net Protocol Compilation Techniques Related Reading 116 117 PART II Related Topics Related Reading CORBA: The Common Object Request Broker Architecture 6.1 6.2 6.3 6.4 6.5 6.6 6.7 6.8 6.9 6.10 6.11 6.12 6.13 6.14 6.15 vii viii Contents Major Web Technologies 171 9.1 9.2 9.3 9.4 9.5 9.6 9.7 9.8 9.9 9.10 9.11 9.12 9.13 171 173 174 174 175 179 180 187 188 189 190 192 192 193 Components of the Web HyperText Markup Language Extensible Markup Language Uniform Resource Locators HyperText Transport Protocol Representations of Image Data Authorization and Privacy Issues Web Proxy Servers Web Search Engines and Web Crawlers Browser Extensibility Features: Plug-in Technologies Future Challenges for the Web Community Consistency and the Web Related Reading 10 Web Services 10.1 10.2 10.3 10.4 10.5 10.6 10.7 10.8 10.9 10.10 10.11 What is a Web Service? Web Service Description Language: WSDL Simple Object Access Protocol: SOAP Talking to a Web Service: HTTP over TCP Universal Description, Discovery and Integration Language: UDDI Other Current and Proposed Web Services Standards 10.6.1 WS− RELIABILITY 10.6.2 WS− TRANSACTIONS 10.6.3 WS− RELIABILITY 10.6.4 WS− MEMBERSHIP How Web Services Deal with Failure The Future of Web Services Grid Computing: A Major Web Services Application Autonomic Computing: Technologies to Improve Web Services Configuration Management Related Readings 11 Related Internet Technologies 11.1 11.2 File Transfer Tools Electronic Mail 193 197 198 201 202 203 203 204 206 208 208 210 211 212 213 215 215 216 Contents 11.3 11.4 11.5 11.6 11.7 11.8 ix 217 219 220 222 225 226 12 Platform Technologies 227 12.1 Network Bulletin Boards (Newsgroups) Instant Messaging Systems Message-Oriented Middleware Systems (MOMS) Publish-Subscribe and Message Bus Architectures Internet Firewalls and Network Address Translators Related Reading 235 13 How and Why Computer Systems Fail 237 Hardware Reliability and Trends Software Reliability and Trends Other Sources of Downtime Complexity Detecting Failures Hostile Environments Related Reading 237 238 240 241 242 243 246 247 Consistent Distributed Behavior 14.1.1 Static Membership 14.1.2 Dynamic Membership 247 249 251 14 Overcoming Failures in a Distributed System 14.1 PART III Reliable Distributed Computing 13.1 13.2 13.3 13.4 13.5 13.6 13.7 228 228 229 230 230 230 231 231 232 232 233 233 233 233 234 12.3 12.4 12.2 Microsoft’s NET Platform 12.1.1 NET Framework 12.1.2 XML Web Services 12.1.3 Language Enhancements 12.1.4 Tools for Developing for Devices 12.1.5 Integrated Development Environment Java Enterprise Edition 12.2.1 J2EE Framework 12.2.2 Java Application Verification Kit (AVK) 12.2.3 Enterprise JavaBeans Specification 12.2.4 J2EE Connectors 12.2.5 Web Services 12.2.6 Other Java Platforms NET and J2EE Comparison Further Reading x Contents 14.2 14.3 14.4 14.5 253 254 261 262 264 271 274 275 15 Dynamic Membership 277 14.6 15.1 Formalizing Distributed Problem Specifications Time in Distributed Systems Failure Models and Reliability Goals The Distributed Commit Problem 14.5.1 Two-Phase Commit 14.5.2 Three-Phase Commit 14.5.3 Quorum update revisited Related Reading 16 Group Communication Systems 303 16.1 16.2 303 307 311 313 314 316 318 320 333 335 336 336 338 17 Point to Point and Multi-group Considerations 341 16.4 16.5 16.6 17.1 Causal Communication Outside of a Process Group 16.3 Group Communication A Closer Look at Delivery Ordering Options 16.2.1 Nonuniform Failure-Atomic Group Multicast 16.2.2 Dynamically Uniform Failure-Atomic Group Multicast 16.2.3 Dynamic Process Groups 16.2.4 View-Synchronous Failure Atomicity 16.2.5 Summary of GMS Properties 16.2.6 Ordered Multicast Communication from Nonmembers to a Group 16.3.1 Scalability Communication from a Group to a Nonmember Summary of Multicast Properties Related Reading 277 278 282 284 286 288 290 294 297 300 302 15.4 15.5 15.2 15.3 Dynamic Group Membership 15.1.1 GMS and Other System Processes 15.1.2 Protocol Used to Track GMS Membership 15.1.3 GMS Protocol to Handle Client Add and Join Events 15.1.4 GMS Notifications With Bounded Delay 15.1.5 Extending the GMS to Allow Partition and Merge Events Replicated Data with Malicious Failures The Impossibility of Asynchronous Consensus (FLP) 15.3.1 Three-Phase Commit and Consensus Extending our Protocol into the Full GMS Related Reading 342 Contents 17.2 17.3 17.4 17.5 17.6 17.7 Extending Causal Order to Multigroup Settings Extending Total Order to Multigroup Settings Causal and Total Ordering Domains Multicasts to Multiple Groups Multigroup View Management Protocols Related Reading 18 The Virtual Synchrony Execution Model 18.1 18.2 18.3 18.4 344 346 348 349 349 350 351 Virtual Synchrony Extended Virtual Synchrony Virtually Synchronous Algorithms and Tools 18.3.1 Replicated Data and Synchronization 18.3.2 State Transfer to a Joining Process 18.3.3 Load-Balancing 18.3.4 Primary-Backup Fault Tolerance 18.3.5 Coordinator-Cohort Fault Tolerance Related Reading 19 Consistency in Distributed Systems 19.1 19.2 19.3 19.4 19.5 xi 376 384 385 389 390 PART IV Applications of Reliability Techniques 391 20 Retrofitting Reliability into Complex Systems 393 20.2 20.3 20.4 20.5 20.1 375 351 356 362 362 367 369 371 372 374 Consistency in the Static and Dynamic Membership Models Practical Options for Coping with Total Failure General Remarks Concerning Causal and Total Ordering Summary and Conclusion Related Reading Wrappers and Toolkits 20.1.1 Wrapper Technologies 20.1.2 Introducing Robustness in Wrapped Applications 20.1.3 Toolkit Technologies 20.1.4 Distributed Programming Languages Wrapping a Simple RPC server Wrapping a Web Site Hardening Other Aspects of the Web Unbreakable Stream Connections 20.5.1 Reliability Options for Stream Communication 20.5.2 An Unbreakable Stream That Mimics TCP 394 396 402 405 407 408 410 411 415 416 417 xii Contents 20.6 20.7 20.5.3 Nondeterminism and Its Consequences 20.5.4 Dealing with Arbitrary Nondeterminism 20.5.5 Replicating the IP Address 20.5.6 Maximizing Concurrency by Relaxing Multicast Ordering 20.5.7 State Transfer Issues 20.5.8 Discussion Reliable Distributed Shared Memory 20.6.1 The Shared Memory Wrapper Abstraction 20.6.2 Memory Coherency Options for Distributed Shared Memory 20.6.3 False Sharing 20.6.4 Demand Paging and Intelligent Prefetching 20.6.5 Fault Tolerance Issues 20.6.6 Security and Protection Considerations 20.6.7 Summary and Discussion Related Reading 21 Software Architectures for Group Communication 21.1 21.2 21.3 21.4 21.5 21.6 21.7 21.8 21.9 21.10 PART V 419 420 420 421 424 424 425 426 428 431 431 432 433 433 434 435 Architectural Considerations in Reliable Systems Horus: A Flexible Group Communication System 21.2.1 A Layered Process Group Architecture Protocol stacks Using Horus to Build a Publish-Subscribe Platform and a Robust Groupware Application Using Electra to Harden CORBA Applications Basic Performance of Horus Masking the Overhead of Protocol Layering 21.7.1 Reducing Header Overhead 21.7.2 Eliminating Layered Protocol Processing Overhead 21.7.3 Message Packing 21.7.4 Performance of Horus with the Protocol Accelerator Scalability Performance and Scalability of the Spread Toolkit Related Reading Related Technologies 22 Security Options for Distributed Settings 22.1 22.2 436 439 440 443 445 448 450 454 455 457 458 458 459 461 464 465 467 Security Options for Distributed Settings Perimeter Defense Technologies 467 471 Bibliography 653 Ricciardi, A., and K P Birman Using Process Groups to Implement Failure Detection in Asynchronous Environments Proceedings of the Eleventh ACM Symposium on Principles of Distributed Computing (Quebec, August 1991) New York: ACM Press, 341–351 Ricciardi, A M The Group Membership Problem in Asynchronous Systems Ph.D diss., Cornell University, January 1993 Riecken, D Intelligent Agents Communications of the ACM 37:7 (July 1994): 19–21 Ritchie, D M A Stream Input-Output System Bell Laboratories Technical Journal, AT & T 63:8 (1984): 1897–1910 Rivest, R L., A Shamir, and L Adleman A Method for Obtaining Digital Signatures and Public Key Cryptosystems Communications of the ACM 22:4 (December 1978): 120–126 Rodeh, O., K Birman, D Dolev The Architecture and Performance of the Security Protocols in the Ensemble Group Communication System Journal of ACM Transactions on Information Systems and Security (TISSEC) —— Using AVL Trees for Fault-Tolerant Group Key Management International Journal of Information Security (IJIS), Vol 1, No 2, February 2002, 84–99 Rodrigues, L., K Guo, P Verissimo, and K.P Birman A Dynamic Light-Weight Group Service Journal of Parallel and Distributed Computing, 60, (2000), 1449–1479 Rodrigues, L., and P Verissimo Causal Separators for Large-Scale Multicast Communication Proceedings of the Fifteenth International Conference on Distributed Computing Systems (May 1995), 83–91 —— xAMP: A MultiPrimitive Group Communications Service Proceedings of the Eleventh Symposium on Reliable Distributed Systems (Houston, October 1989) New York: IEEE Computer Society Press Rodrigues, L., P Verissimo, and J Rufino A Low-Level Processor Group Membership Protocol for LANs Proceedings of the Thirteenth International Conference on Distributed Computing Systems (May 1993), 541–550 Rosenblum, M., and J K Ousterhout The Design and Implementation of a Log-Structured File System Proceedings of the Twelfth ACM Symposium on Operating Systems Principles (Asilomar, CA, October 1991) New York: ACM Press, 1–15 Also ACM Transactions on Computing Systems 10:1 (February 1992): 26–52 Rowe, L A., and B C Smith A Continuous Media Player Proceedings of the Third International Workshop on Network and Operating Systems Support for Digital Audio and Video (San Diego, CA, November 1992) Rowstron, A and P Druschel, Pastry: Scalable, distributed object location and routing for large-scale peer-to-peer systems IFIP/ACM International Conference on Distributed Systems Platforms (Middleware), Heidelberg, Germany, pages 329-350, November, 2001 654 Bibliography Rowstron, A., and Druschel, P Storage management and caching in PAST, a large scale, persistent peer-to-peer storage utility 18th ACM Symposium on Operating Systems Principles (SOSP), Banff, Canada October 2001 Rowstron, A., A.M Kermarrec, M Castro, P Druschel: SCRIBE: The Design of a LargeScale Event Notification Infrastructure Second International Workshop on Networked Group Communication, Oakland CA, 2001: 30–43 Rowstron, A., Kermarrec, A.M., Druschel, P., and Castro, M SCRIBE: A large-scale and decentralized application-level multicast infrastructure IEEE Journal on Selected Areas in communications (JSAC), 2002 —— Storage management and caching in PAST, a large-scale, persistent peer-to-peer storage utility, ACM Symposium on Operating Systems Principles (SOSP’01), Banff, Canada, October 2001 Rozier, M et al Chorus Distributed Operating System Computing Systems Journal 1:4 (December 1988): 305–370 —— The Chorus Distributed System Computer Systems, Fall 1988: 299–328 Sabel, L., and K Marzullo Simulating Fail-Stop in Asynchronous Distributed Systems Proceedings of the Thirteenth Symposium on Reliable Distributed Systems (Dana Point, CA, October 1994) New York: IEEE Computer Society Press, 138–147 Saito, Y., H M Levy Optimistic Replication for Internet Data Services Proceedings of 14th International Conference on Distributed Computing (DISC), 2000: 297–314 Saito, Y., B N Bershad, H M Levy Manageability, availability, and performance in porcupine: a highly scalable, cluster-based mail service ACM Transactions on Computer Systems 18(3) (2000): 298 Saltzer, J H., D P Reed, and D D Clark End-to-End Arguments in System Design ACM Transactions on Computer Systems 39:4 (April 1990) Saroiu, S., P.K.Gummadi, R J Dunn, S D Gribble, H M Levy An Analysis of Internet Content Delivery Systems Proceedings of 5th Operating System Design and Implementation Conference (OSDI), Boston, MA (Dec 2002) Satyanarayanan, M et al Integrating Security in a Large Distributed System ACM Transactions on Computer Systems 7:3 (August 1989): 247–280 —— The ITC Distributed File System: Principles and Design Proceedings of the Tenth ACM Symposium on Operating Systems Principles (Orcas Island, WA, December 1985) New York: ACM Press, 35–50 Schantz, R E., R H Thomas, and G Bono The Architecture of the Chronus Distributed Operating System Proceedings of the Sixth International Conference on Distributed Computing Systems (New York, June 1986) New York: IEEE Computer Society Press, 250–259 Schiller, J I Secure Distributed Computing Scientific American (November 1994): 72–76 Schiper, A., A A Shvartsman, H Weatherspoon, B Zhao: Future Directions in Distributed Computing, Research and Position Papers Springer-Verlag, 2003 Bibliography 655 Schiper, A., J Eggli, and A Sandoz A New Algorithm to Implement Causal Ordering Proceedings of the Third International Workshop on Distributed Algorithms (1989) Springer-Verlag Lecture Notes in Computer Science, vol 392, 219–232 Schiper, A., and M Raynal From Group Communication to Transactions in Distributed Systems Communications of the ACM 39:4 (April 1996): 84–87 Schiper A., and A Sandoz Uniform Reliable Multicast in a Virtually Synchronous Environment Proceedings of the Thirteenth International Conference on Distributed Computing Systems (May 1993) New York: IEEE Computer Society Press, 561–568 Schlicting, R D., and F B Schneider Fail-Stop Processors: An Approach to Designing Fault-Tolerant Computing Systems ACM Transactions on Computer Systems 1:3 (August 1983): 222–238 Schmuck, F The Use of Efficient Broadcast Primitives in Asynchronous Distributed Systems Ph.D diss., Cornell University, August 1988 Also Technical Report Department of Computer Science, Cornell University Schmuck, F., and J Wyllie Experience with Transactions in QuickSilver Proceedings of the Twelfth ACM Symposium on Operating Systems Principles (Asilomar, CA, October 1991) New York: ACM Press, 239–252 Schneider, F B On Concurrent Programming New York: Springer-Verlag, in press —— Implementing Fault-Tolerant Services Using the StateMachine Approach ACM Computing Surveys 22:4 (December 1990): 299–319 —— The StateMachine Approach: A Tutorial Proceedings of the Workshop on FaultTolerant Distributed Computing (Asilomar, CA, 1988) Springer-Verlag Lecture Notes on Computer Science, Vol 448, 18–41 —— Byzantine Generals in Action: Implementing Fail-Stop Processors ACM Transactions on Computer Systems 2:2 (May 1984): 145–154 —— Synchronization in Distributed Programs ACM Transactions on Programming Languages and Systems 4:2 (April 1982): 179–195 Schneider, F B., D Gries, and R D Schlicting Fault-Tolerant Broadcasts Science of Computer Programming 3:2 (March 1984): 1–15 Schwarz, R., and F Mattern Detecting Causal Relationships in Distributed Computations Technical Report 215-91 Department of Computer Science, University of Kaiserslautern, 1991 Seltzer, M Transaction Support in a Log-Structured File System Proceedings of the Ninth International Conference on Data Engineering (April 1993) Shroeder, M., and M Burrows Performance of Firefly RPC Proceedings of the Eleventh ACM Symposium on Operating Systems Principles (Litchfield Springs, AZ, December 1989), 83-90 Also ACM Transactions on Computing Systems 8:1 (February 1990): 1–17 Siegal, A Performance in Flexible Distributed File Systems Ph.D diss., Cornell University, February 1992 Also Technical Report TR-92-1266 Department of Computer Science, Cornell University 656 Bibliography Siegel, A., K P Birman, and K Marzullo Deceit: A Flexible Distributed File System Technical Report 89-1042 Department of Computer Science, Cornell University, 1989 Simons, B., J N Welch, and N Lynch An Overview of Clock Synchronization In FaultTolerant Distributed Computing, (B Simons and A Spector, eds), Springer-Verlag Lecture Notes in Computer Science, Vol 448, 1990, 84–96 Skeen, D Determining the Last Process to Fail ACM Transactions on Computer Systems 3:1 (February 1985): 15–30 —— Crash Recovery in a Distributed Database System Ph.D diss., Department of EECS, University of California, Berkeley, June 1982 —— A Quorum-Based Commit Protocol Proceedings of the Berkeley Workshop on Distributed Data Management and Computer Networks (Berkeley, CA, February 1982), 69–80 —— Nonblocking Commit Protocols ACM International Conference on Management of Data (SIGMOD), Ann Arbor, MI May 1981 Snoeren, A.C., Conley, K., and Gifford, D.K Mesh-based Content Routing using XML 18th ACM Symposium on Operating Systems Principles (SOSP), Banff, Canada October 2001 Spasojevic, M., and M Satyanarayanan An Empirical Study of a Wide Area Distributed File System ACM Transactions on Computer Systems 14:2 (May 1996) Spector, A Distributed Transactions for Reliable Systems Proceedings of the Tenth ACM Symposium on Operating Systems Principles (Orcas Island, WA, December 1985), 12–146 Srikanth, T K., and S Toueg Optimal Clock Synchronization Journal of the ACM 34:3 (July 1987): 626–645 Srinivasan, V., and J Mogul Spritely NFS: Experiments with Cache Consistency Protocols Proceedings of the Eleventh ACM Symposium on Operating Systems Principles (Litchfield Springs, AZ, December 1989), 45–57 Steiner, J G., B C Neuman, and J I Schiller Kerberos: An Authentication Service for Open Network Systems Proceedings of the 1988 USENIX Winter Conference (Dallas, February 1988), 191–202 Stephenson, P Fast Causal Multicast Ph.D diss., Cornell University, February 1991 Also Technical Report Department of Computer Science, Cornell University Stoica, I., R Morris, D Karger., M.F Kaashoek, and H Balakrishnan, Chord: A Scalable Peer-to-peer Lookup Service for Internet Applications, ACM SIGCOMM 2001, San Deigo, CA, August 2001, pp 149–160 Sussman, J., K Marzullo The Bancomat Problem: An Example of Resource Allocation in a Partitionable Asynchronous System Journal of Theoretical Computer Science 291(1), January 2003 Tanenbaum, A Computer Networks, 2d ed Englewood Cliffs, NJ: Prentice Hall, 1988 Bibliography 657 Tanenbaum, A., and R van Renesse A Critique of the Remote Procedure Call Paradigm Proceedings of the EUTECO ’88 Conference (Vienna, April 1988), 775–783 Telecommunications Information Network Architecture Conference, Proceedings of (Heidelberg, September 3–5, 1996) Berlin: VDE-Verlag Tennenhouse, D Layered Multiplexing Considered Harmful In Protocols for High Speed Networks Elsevier, 1990 Terry, D B et al Managing Update Conflicts in a Weakly Connected Replicated Storage System Proceedings of the Fifteenth Symposium on Operating Systems Principles (Copper Mountain Resort, CO, December 1995) New York: ACM Press, 172–183 Thekkath, C A., and H M Levy Limits to Low-Latency Communication on High-Speed Networks ACM Transactions on Computer Systems 11:2 (May 1993): 179–203 Thekkath, C A., T Nguyen, E Moy, and E Lazowska Implementing Network Protocols at User Level IEEE Transactions on Networking 1:5 (October 1993): 554–564 Thekkath, C., Mann, T., and Lee, E Frangipani: A scalable distributed file system 16th ACM Symposium on Operating Systems Principles (SOSP), Saint-Malo, France, October 1997 Thomas, T A Majority Consensus Approach to Concurrency Control for Multiple Copy Databases ACM Transactions on Database Systems 4:2 (June 1979): 180–209 Torrellas, J., and J Hennessey Estimating the Performance Advantages of Relaxing Consistency in a Shared-Memory Multiprocessor Technical Report CSL-TN-90-265 Stanford University Computer Systems Laboratory, February 1990 Turek, J., and D Shasha The Many Faces of Consensus in Distributed Systems IEEE Computer 25:6 (1992): 8–17 Triantafillou, P Peer-to-Peer Network Architectures: The Next Step, SIGCOMM Workshop on Future Directions in Network Architectures (FDNA-03) August 2003 van Renesse, R Why Bother with CATOCS? Operating Systems Review 28:1 (January 1994): 22–27 —— Causal Controversy at Le Mont St.-Michel Operating Systems Review 27:2 (April 1993): 44–53 van Renesse, R., K.P Birman and W Vogels Astrolabe: A Robust and Scalable Technology for Distributed System Monitoring, Management, and Data Mining ACM Transactions on Computer Systems, May 2003, Vol.21, No 2, 164–206 van Renesse, R., K.P Birman, D Dumitriu, and W Vogels Scalable Management and Data Mining Using Astrolabe Proceedings of the First International Workshop on Peer-to-Peer Systems (IPTPS) Cambridge, Massachusetts March 2002 van Renesse, R., K P Birman, R Cooper, B Glade, and P Stephenson Reliable Multicast between Microkernels Proceedings of the USENIX Workshop on Microkernels and Other Kernel Architectures (Seattle, April 1992) van Renesse, R., K P Birman, R Friedman, M Hayden, and D Karr A Framework for Protocol Composition in Horus Proceedings of the Fourteenth Symposium on the 658 Bibliography Principles of Distributed Computing (Ottawa, August 1995) New York: ACM Press, 80–89 van Renesse, R., K P Birman, and S Maffeis Horus: A Flexible Group Communication System Communications of the ACM 39:4 (April 1996): 76–83 van Renesse, R., H van Staveren, and A Tanenbaum The Performance of the Amoeba Distributed Operating System Software-Practice and Experience 19:3 (March 1989): 223–234 —— Performance of the World’s Fastest Operating System Operating Systems Review 22:4 (October 1988): 25–34 Verissimo, P Causal Delivery in Real-Time Systems: A Generic Model Real-Time Systems Journal 10:1 (January 1996) —— Ordering and Timeliness Requirements of Dependable Real-Time Programs Journal of Real-Time Systems 7:2 (September 1994): 105–128 —— Real-Time Communication In Distributed Systems, 2d ed., 1993, S J Mullender, ed Reading, MA: Addison-Wesley/ACM Press, 1993, 447–490 Verissimo, P Uncertainty and Predictability: Can They Be Reconciled? Future Directions in Distributed Computing, Springer-Verlag (2003): 108–113 Verissimo, P., A Casimiro The Timely Computing Base Model and Architecture IEEE Transactions on Computers 51(8) (2002): 916–930 Verissimo, P., L Rodrigues, A Casimiro CesiumSpray: a Precise and Accurate Global Time Service for Large-scale Systems Real-Time Systems 12(3) (1997): 243–294 Verissimo, P., and L Rodrigues A-Posteriori Agreement for Fault-Tolerant Clock Synchronization on Broadcast Networks Proceedings of the Twenty-Second International Symposium on Fault-Tolerant Computing (Boston, July 1992) Vogels, W The Private Investigator Technical Report Department of Computer Science, Cornell University, April 1996 Vogels, W File System Usage in Windows NT 4.0 Proc of the 17th ACM Symposium on Operating Systems Principles, Kiawah Island, SC, December 1999 W Vogels, Birman, K., R van Renesse Six Misconceptions about Reliable Distributed Computing Proceedings of the Eighth ACM SIGOPS European Workshop Sintra, Portugal, September 1998 von Eicken, T., A Basu, V Buch, and W Vogels U-Net: A User-Level Network Interface for Parallel and Distributed Computing Proceedings of the Fifteenth Symposium on Operating Systems Principles (Copper Mountain Resort, CO, December 1995) New York: ACM Press, 40–53 von Eicken, T and W Vogels Evolution of the Virtual Interface Architecture IEEE Computer November 1998 von Eicken, T., D E Culler, S C Goldstein, and K E Schauser Active Messages: A Mechanism for Integrated Communication and Computation Proceedings of the Nineteenth International Symposium on Computer Architecture (May 1992), 256–266 Bibliography 659 Voydock, V L., and S T Kent Security Mechanisms in High-Level Network Protocols ACM Computing Surveys 15:2 (June 1983): 135–171 Wahbe, R., S Lucco, T Anderson, and S Graham Efficient Software-Based Fault Isolation Proceedings of the Thirteenth ACM Symposium on Operating Systems Principles (Asheville, NC, December 1993) New York: ACM Press, 203–216 Walter, B et al The Locus Distributed Operating System Proceedings of the Ninth ACM Symposium on Operating Systems Principles (Bretton Woods, NH, October 1993), 49–70 Weatherspoon, H., J Kubiatowicz Erasure Coding Vs Replication: A Quantitative Comparison IPTPS 2002, 328–338 Welsh, M., Culler, D and Brewer, E SEDA: An Architecture for Well-Conditioned, Scalable Internet Services 18th Symposium on Operating Systems Principles (SOSP), Banff, Canada October 2001 Whetten, B A Reliable Multicast Protocol In Theory and Practice in Distributed Systems, K Birman, F Mattern, and A Schiper, eds Springer-Verlag Lecture Notes on Computer Science, Vol 938, July 1995 Wilkes, J et al The HP AutoRAID Hierarchical Storage System Proceedings of the Fifteenth Symposium on Operating Systems Principles (Copper Mountain Resort, CO, December 1995) New York: ACM Press, 96–108 Also ACM Transactions on Computing Systems 13:1 (February 1996) Wolman, A., G.M Voelker, N Sharma, N Cardwell, A R Karlin, H M Levy: On the scale and performance of cooperative Web proxy caching Proceedings of the 17th Symposium on Operating Systems (SOSP), Charleston SC, 1999: 16–31 Wood, M D Replicated RPC Using Amoeba Closed-Group Communication Proceedings of the Twelfth International Conference on Distributed Computing Systems (Pittsburgh, 1993) —— Fault-Tolerant Management of Distributed Applications Using a Reactive System Architecture Ph.D diss., Cornell University, December 1991 Also Technical Report TR 91-1252 Department of Computer Science, Cornell University Wu, Y Verification-Based Analysis of RMP Technical Report NASA-IVV-95-003 NASA/WVU Software Research Laboratory, December 1995 Zhao, B., Y Duan, L Huang, A D Joseph, J Kubiatowicz Brocade: Landmark Routing on Overlay Networks IPTPS 2002, 34–44 Zhao, B., L Huang, J Stribling, S C Rhea, A D Joseph, and J Kubiatowicz Tapestry: A Resilient Global-scale Overlay for Service Deployment, IEEE Journal on Selected Areas in Communication Zhao, B Y Duan, L Huang, A.D Joseph and J.D Kubiatowicz Brocade: landmark routing on overlay networks, First International Workshop on Peer-to-Peer Systems (IPTPS), Cambridge, MA March 2002 27 Index a-posteriori clock synchronization, 496 abcast, 305, 336, 366 locally total and globally total ordering, 347 access control technologies, 475 accidental failures compared to attack, 243 ACE (Adaptive Computing Environment), 119 ACID properties of a database system, 111 actions (transactional), 603 active messages, 148 Active Registry (Windows), 68 Advanced Automation System (AAS), 592 AFS, 100–102, 104, 106, 116, 475 Agarwal’s replication algorithm for transactional databases, 527 aggregation, 560 Ameoba, 590 analysis of buying patterns, 186 ANSA project, 119 application-level proxy (in firewalls), 225 architectural structures for reliable systems, 436 Argus, 603 Arjuna, 604 AS/400 database server product, 519 Astrolabe, 558 asynchronous consensus problem, 296 asynchronous message agent technology, 222 asynchronous message passing (for MOMS), 220 asynchronous model, 6, 255, 295 at least once semantics, 77 at most once semantics, 76 ATM, 154 atomic rename operation, 115 atomicity, 111, 316 authentication, 16, 34, 70, 100, 171, 173, 180, 182, 185, 186, 192, 215, 225, 395, 468, 470, 477, 482, 490, 491 in Kerberos, 470 authentication (with wrappers), 403 authentication services, 17 Authority chains in secure systems, 488 authorization, 246 automated trust negotiation, 184 Autonomic Computing, 212, 584 availability in secure systems, 483 in secure systems , 490 Avalon, 604 Bayou, 605 Bimodal multicast, 546 Binding, 63 binding, 55, 129, 137 body (of a message), 12 Bohrbugs, 239 broadcast, 13 hardware, 13 broadcast storm, 608 broadcast storms, 36 buffering, 39 Byzantine Agreement, 291 Byzantine Agreement used in highly robust servers, 294 Byzantine failure model, 5, 261, 290–296, 300, 320, 352, 470, 491 lower bounds, 292 Byzantine Quorum Systems, 294 cabcast, 305 cache coherency in Sprite, 101 Caching, 86 caching, 56, 97 caching web proxies consistency options, 413 Camelot, 605 CASD protocols, 498 causal gap freedom, 345 causal order, 255 controversy, 385 in overlapping process groups, 344 with multiple, overlapping groups, 330 662 Index cbcast, 304, 322, 336, 366, 385, 593 compared to synchronous multicast protocol, 505 in overlapping process groups, 344 CFS on Chord, 536 Chains of authority, 488 checkpoints, 594 Chorus, 590 churn, 530 CICS (IBM’s transactional product), 606 class D internet address, 28 client/server computing, 53, 83 clients of a process group, 333 clock synchronization, 493 closely synchronous execution, 353 cluster computing used in telecommunications coprocessor, 508 Coda, 101 coherent caching Web proxy, 412 commercial off the shelf (COTS), 394 Common Request Broker Architecture, 18 communication from a group to a non-member, 336 communication from non-members to a group, 333 communications segment, 153 complexity as a threat to reliability, 241 Components of a reliable distributed computing system, computer network, concurrency control, 110 concurrency control tools, 406 conservative scheme, 345 Consistency, 4, 192, 376, 377, 521 consistency, 247 consistency in caching web proxies, 436 consistent and inconsistent cuts, 256, 327 consistent caching, 403 consistent cuts in log-based recovery, 594 Content routing, 224, 579 continuous availability, 4, 261 Continuous Media Toolkit (CMT), 446 convoy phenomenon in reliable systems, 461 coordinator-cohort algorithm, 372 Corba, 15, 18, 22, 39, 119, 122, 124–128, 130– 137, 224, 242, 400, 448, 449 event notification service, 134 hardening applications with Horus/Electra, 448 inter-object broker protocol (IOP), 136 interface definition language, 131 interface definition language (IDL), 126 introducing reliability technologies with, 396 life cycle service, 135 naming service, 133 object request broker, 133 object request broker (ORB), 124 Orbix example, 127 persistent object service, 135 rebinding to a different server after failure, 129 reference model, 124 reliability issues, 130 reliability properties of Corba solutions, 136 transaction service, 136 transactional services, 128 viewed as a wrapper technology, 396 CORBA event notification service, 220 CORBA Fault Tolerance Standard, 397 Correct specification, COTS (Commercial off the shelf), 394 Cyclic UDP, 446 data access patterns in distributed file systems, 101 data aggregation, 560 data mining, 558 data replication, 56 DCE, 15, 18, 70 defense against intrusion and attack, 243 Delta-4, 591 denial of access in secure systems, 483 DES, 479 detecting failures, 242 DHTs (Distributed Hash Tables), 538 dialback security mechanisms, 472 digital signatures (used in firewalls), 225 Dining Philosophers problem, 347 distributed commit problem, 262 distributed computing environments, 17 distributed computing system, Distributed database systems, 106 distributed database systems, 108 Index abort viewed as a “tool”, 112 ACID properties, 111 concurrency control, 110, 514 nested transactions, 516 serializability, 108 state shared by clients and server, 112 transactional model, 108, 509 write-ahead log, 511 Distributed Hash Tables (DHTs), 538 Chord, 538 Kelips, 543 Pastry, 541 Tapestry, 543 distributed programming languages, 407 distributed shared memory, 426, 431 distributed system control, 558 distributed transaction, 514 DNS, 28, 67 Domain name service, 28 DSM, 431 dynamic membership model, 251, 277, 376 Dynamic uniformity, 596 dynamic uniformity, 310, 321, 332, 355, 362, 366, 523 performance implications, 380 dynamically uniform multicast delivery property, 307 Electra, 448 Encina, 116, 605 encryption used in virtual private networks, 474 End-to-End Argument, 37 end-to-end argument, 386 ENS, 134 Ensemble system relationship with Horus, 435 enterprise web servers, 436 Eternal System (UCSD implementation of CORBA Fault-Tolerance Standard, 397 event dispatch, 72, 74 event notification service, 134 exactly once semantics, 76 extended virtual synchrony, 356 Extensible Markup Language, 174 External Data Representation, 65 Fail-stop failures, failover in Corba, 397 663 failstop model, 262 failure detectors, 242 failures, false sharing, 431 Fault-tolerance, 4, 167, 402, 432 fault-tolerance tools, 406 fault-tolerant real-time control, 495 fbcast, 304, 321, 336 fbufs, 147 Ficus, 104 file transfer protocols, 215 Filtering actions as a way to enforce security, 490 Firefly RPC costs, 144 firewall protection (with wrappers), 403 firewalls, 395, 471 flush, 348 flush primitive, 307 fragmentation, 12 Frangiapani, 117, 596 gap freedom guarantee, 356 gbcast, 305 GIF, 179 Global Positioning System, 69 globally total order, 347 GMS property summary, 319 Google File System, 117 GPS receivers, 69, 493, 498, 619 Grid Computing, 54 group address, 442 group communication and Java applets, 436 group communication in Web applications, 412 group membership protocol, 81, 279, 384 group membership service, 318 extensions to allow partition and merge, 288 primary partition properties, 287 summary of properties, 318 group object, 442 Gryphon, 224, 578 guaranteed execution tools, 406 guardians, 603 GUI builders, 190 halting failures, 5, 261 Hardening a Web Services Platform, 415 hardware cryptographic protection, 474 Harp, 98, 591 664 Index HAS, 592 HCPI, 443 header (of a message), 12 Heisenbugs, 239, 354 high availability, Horus system basic performance, 450, 461 Horus Common Protocol Interface (HCPI), 443 protocol accelerator, 454 real-time protocols, 506 replication in the Web, 439 robust groupware application, 445 story behind name, 435 hostile environments, 243 HTTP commands, 176 HTTPS Security Limitations, 182 Hyper-Text Markup Language, 173 Hyper-Text Transport Protocol, 175 ID-90, 150 IDL, 126 impossibility results for the asynchronous model, 299 IN coprocessor fault-tolerance, 508 information warfare, 243 intentional threats, 243 Internet Protocols, 25 IP addresses, 27 IP Multicast, 35 IP protocol, 33 Isis Toolkit, 593 story behind name, 435 ISO protocol model, iterated multicast, 334 J2EE, 18, 74, 75, 119, 122, 123, 142, 158, 161, 169, 227, 231, 561, 607 Java groupware opportunities, 412 integrated with group communication tools, 436 Java applets structured as object groups, 412 Java Enterprise Edition, 119 JDBC, 561 JPEG, 179 Kerberos, 70, 100, 468, 471, 477, 478, 480, 482, 483, 490, 491 Kerberos authentication, 100 layered protocol architectures (pros and cons), 10 LFS, 106 lightweight process groups, 350 Lightweight remote procedure call, 144 lightweight remote procedure call, 145–147 lightweight tasks, 71 lightweight threads, 73 load balancing, 369 local procedure call, 76 locally total order, 347 Locus, 594 log-based recovery, 594 log-structured file system, 106 logical clock, 255 used to implement cbcast, 323 long-haul connection (security exposures), 475 Lotus Notes, 107 Low bandwidth file system, 117 LPC, 76 Mach, 590 management information base (MIB), 561 Manetho, 594 MARS, 495 marshalling, 65 master-slave parallel programming style, 150 mbufs, 39 measurements of distributed file systems, 101 message, message oriented middleware, 220 MIB used for failure detection, 242 Microsoft NET, 18, 51, 58, 60, 61, 63, 122, 123, 142, 158, 161, 193, 202, 227, 230, 234, 240, 304, 561, 607 Microsoft Windows bursty packet loss associated with scheduling quanta, 40 MOMS, 220 monitoring, 558 monitoring and logging (with wrappers), 404 MPEG, 179 multi-level architecture for group computing tools, 436 Index multi-phase commit, 514 multicast consistency issues, 384 hardware, 13 ordering domains, 348 ordering protocols (causal and total), 320 stability, 345 totally ordered, 330 multicast storms, 36 multiple protocol stacks in Transis, 600 naming service, 16 Napster, 532 NavTech, 595 Network Address Translators, 31 network database server, 53, 107 Network file server, 53 network file server, 92, 107 network file servers replication for high availability, 98 Network File System, 65 Network Information Service, 68 Network partitioning, network partitioning, 356 Newtop, 604 NFS, 15, 55, 65, 79, 80, 96–99, 102–104, 106, 116, 164, 187, 386, 475, 476, 484 prefetching, 97 reliability of, 97 security of, 483 security problems with, 476 NIS, 68 NNTP, 217 non-uniform multicast delivery flush used to force dynamic uniformity, 307 non-uniform multicast delivery property, 307 non-volatile RAM (NVRAM) (used in HARP), 592 Notions of Correctness and High Assurance Distributed Communication, 45 NET, 18, 51, 58, 60, 63, 75, 119, 122, 123, 142, 158, 161, 169, 227, 231, 408, 561, 607 object groups, 397, 449 object orientation groupware solutions, 398 technologies supporting, 398 665 viewed as a form of wrapper, 398 Object Request Broker, 124 ODBC, 561 off the shelf components (COTS), 394 OLE-2 introducing reliability technologies with, 396 viewed as a wrapper technology, 396 omission failures, On-the-fly security enforcement, 489 ONC, 15, 18, 406, 484 security of, 483 Open Network Computing, 18 Open Systems Interconnect Protocols, 26 Orbix, 127 Orbix+Isis, 448, 593 orphan termination (in Argus), 603 overhead of layered protocols, 455 P2P protocols, 529 packet filter, 395 packet sniffers, 471 packets, 12 parallel computing (communication support), 150 parallel shared memory systems, partition failures, 356 passwords, 471 PAST on Pastry, 536 Paxos, 117, 253, 306, 313, 359, 380, 596 pbcast, 546 peer-to-peer aggregation, 560 Peer-to-peer archival storage OceanStore, 536 peer-to-peer communication, 529 Peer-to-peer distributed indexing, 538 Peer-to-peer file sharing, 531 CAN, 534 Gnutella, 533 Kazaa, 533 Napster, 532 Peer-to-peer protocols used to build a robust Web Services system, 581 performance, performance issues in file systems, 101 persistent data, 510 Phoenix, 596 potential causality, 255 666 Index potential groupware uses of the Web, 412 prefetching in NFS, 97 prefetching versus whole-file transfer, 97 Presentation (layer in ISO hierarchy), primary component of a partitioned network, 356, 382 primary partition model, 280 primary-backup fault-tolerance, 371 Privacy, privacy, 185 private investigator (failure detection scheme), 242 probabilistic protocols, 531 protocol, protocol compilation, 155 protocol stack, 440 protocol verification, 600 Psync, 596 publish subscribe process group implementation, 446 Publish subscribe hardware, 224 publish-subscribe, 603 implemented over scalable multicast, 556 publish-subscribe paradigm, 222 quality of service guarantees in Transis, 600 quality of service negotiation (with wrappers), 404 QuickSilver, 115, 556, 603 quorum replication, 366 RAID, 99 Rampart, 597 real-time, 495 CASD protocol, 498, 593 fault-tolerant, in MARS, 495 Horus protocols , 506 real-time virtual synchrony, 508 Recoverability, recoverability, 261, 510 Relacs, 597 Release consistency, 428 Reliability, 45 reliability in distributed computing systems, reliability of NFS, 97 reliable multicast in synchronous systems, 498 multicast, 13 Remote procedure call, 53 remote procedure call, 57 error handling, 63 authentication service, 70 binding, 63 lightweight, 145 marshalling, 65 naming service, 67 over TCP, 81 performance issues, 144 protocol, 75 replay problem, 77 time services, 69 use in reliable distributed systems, 78 remote procedure call stub generation, 60 rename (atomic operation), 115 replicated data, 98, 353, 362 best solution, 366 caching in web proxies, 187 high performance transactional scheme, 525 in transactional systems, 515 with Byzantine failures, 290 replicated data tools, 406 replication algorithm for transactional databases, 527 replication and load-balancing in Web servers, 412 replication of web servers, 436 representations of image data, 179 resource discovery, 16 rich text format, 179 RMP, 597 rollback, 594 Routing, 36 RPC, 53 RSA, 478 Runtime security enforcement, 489 Sarvega, 224 Sarvega XML ontent router, 578 Scalability, Scalability analysis of Spread Toolkit, 461 scalability of peer-to-peer protocols, 530 scalable data mining, 558 Scalable virtual synchrony, 554 Scribe, 543, 603 secure electronic transfer, 186 Index secure sockets layer, 186 Security, 4, 70, 78, 137, 173, 191, 192, 433, 467 security, 185, 219 Security (with wrappers), 403 Security and Availability, 490 Security by filtering operations on-the-fly, 490 security enclave, 403 Security policy languages and inference, 488 Security problems and limits of the Web Services security model, 182 SEDA, 157 self-repair in peer-to-peer systems, 530 sender-based logging, 594 Service oriented computing, Session (layer in ISO hierarchy), shared memory used for ATM communication in U-Net, 153 shared memory tools, 406 Simple Object Access Protocol, 54 SMTP, 216 snapshot of a distributed system, 256 SOAP, 54 The Simple Object Access Protocol, 25 SPIN project, 155 SPKI/SDSI, 184, 488 Split C, 150 split secret schemes, 491 Spread, 461, 598 Spread Toolkit, 435 Sprite, 102 SS7 telecommunications protocol, 508 SSL encryption, 186 SSL Security Limitations, 182 SSL security protocol, 484 stability of a multicast, 345 state machine approach, 353 state transfer, 335, 367 stateful client/server systems, 89, 108 Stateful File Servers, 99 stateless client/server systems, 88 static membership model, 277, 376 streams unbreakable (wrapped for reliability), 415 strong and weak virtual synchrony in Horus, 508 STUN, 32 667 synchronous model, 7, 290 system management, 558 TAO (The ACE Orb), 119, 408 Tcl/Tk, 446 TCP used to support remote procedure call, 81 TCP protocol, 34 TCP protocol (over U-Net), 154 telecommunications coprocessor, 508 testing for liveness of an application, 242 The Web, 54, 56, 88, 160, 171, 186, 215, 408 architectural structures and reliability tools, 436 basic authentication protocol, 180 commercial use, 165 commercial use of, 186 consistency issues, 192 fault-tolerance and load-balancing, 412 groupware tools and solutions, 412 HTML, 173 HTTP, 175 Java applets structured as object groups, 412 military use, 166 reliability, 167 replication and reliability, 439 search enginers and web crawlers, 188 secure sockets layer, 181 security, 167, 219 security and privacy issues, 185 security with digital signatures, 412 web proxies, 187 XML, 174 The World Wide Web, 160 Thor system, 604 threads, 71 threads (versus event dispatch), 73 three-phase commit, 514 time in distributed systems, 254 time service, 17 timed asynchronous model, 498, 592 timeliness, Timing failures, Token passing, 305, 330 toolkits, 394, 405 tools for consistent caching, 436 top-level transactions, 520 topological knowledge used in cbcast, 329 668 Index Totem, 599 transactional actors, 603 transactional commit protocols, 514 transactional model compared to virtual synchrony, 510 problems encountered in distributed uses, 520 systems that implement transactions, 603 weak consistency, 521 transactional system architectures, 509 transactions, 108 replicated data used for scalability, 527 Transis, 600 Transport (layer in ISO hierarchy), trust negotiation, 184 Tuxedo, 116 two-phase commit, 264, 514 two-phase locking, 110 U-Net, 150 UDDI, 54, 67 UDP protocol, 34 over U-Net, 154 unauthorized use of resources, 246 unintentional threats, 243 Universal Description, Discovery and Intergration language (UDDI), 67 Universal Resource Indentifier, 176 Universal Resource Locators, 174 V System, 590, 600 vector clock, 258, 592 causal communication with non-members of a group, 342 timestamp compression, 326 used to implement cbcast, 324 verification of protocols, 600 view (of a process group), 315, 442 view synchronous multicast delivery, 356 virtual memory used in communication architecture, 147 virtual private networks, 245, 474 virtually synchronous execution model, 351 virtually synchronous process groups, 439 algorithms and tools, 362 compared to transactional model, 510 execution model, 351 extended virtual synchrony, 356 flush protocol, 317 guarantees compared to synchronous model, 505 in Horus, 443 Isis Toolkit, 593 replicated data, 362 reporting membership through “views”, 315 security, 491 summary of membership properties, 318 virus, 243 Visual Studio NET, 607 Web, 56 web proxy, 187, 439 web server wrapped for fault-tolerance, 408 Web servers (replication and load-balancing), 412 Web Services, 19, 54, 65, 67, 124, 571 High assurance, 571 Web services Extending WSDL to represent High Assurance properties, 583 Potential value of Astrolabe, 581 Suggested experimental project, 611 Web Services Security Example Scenarios and Limitations, 182 White-Pages, 68 whole file transfer compared with prefetching, 97 wide-area group communication for the Web, 412 Willow, 543 Windows operating system, 26, 40, 68, 72, 88, 101, 116, 123, 193, 202, 229, 230, 401, 426, 520, 561 worm, 243 wrappers, 394, 400 write-ahead log, 511 x-Kernel, 22, 147, 440, 444, 455 X.500, 68 XDR, 65 XML Content Routing, 224 Yellow Pages, 68 ... Authorization and Privacy Issues Web Proxy Servers Web Search Engines and Web Crawlers Browser Extensibility Features: Plug-in Technologies Future Challenges for the Web Community... How Web Services Deal with Failure The Future of Web Services Grid Computing: A Major Web Services Application Autonomic Computing: Technologies. .. 27 Other Distributed and Transactional Systems 589 27.1 Web Services and Their Assurance Properties High Assurance for Back-End Servers High Assurance for Web Server