Enhancing replica management services to cope with group failures

In a distributed system, replication of components, such as objects, is a w ell known way of achieving availability. For increased availability, crashe d and disconnected components must be replaced by new components on availab le spare nodes. This replacement results in the membership of the replicate d group 'walking' over a number of machines during system operation. In thi s context, we address the problem of reconfiguring a group after the group as an entity has failed. Such a failure is termed a group failure which, fo r example, can be the crash of every component in the group or the group be ing partitioned into minority islands. The solution assumes crash-proof sto rage, and eventual recovery of crashed nodes and healing of partitions. It guarantees that (i) the number of groups reconfigured after a group failure is never more than one, and (ii) the reconfigured group contains a majorit y of the components which were members of the group just before the group f ailure occurred, so that the loss of state information due to a group failu re is minimal. Though the protocol is subject to blocking, it remains effic ient in terms of communication rounds and use of stable store, during both normal operations and reconfiguration after a group failure.