Why Do Upgrades Fail and What Can We Do About It?: Toward Dependable, Online Upgrades in Enterprise System

TitleWhy Do Upgrades Fail and What Can We Do About It?: Toward Dependable, Online Upgrades in Enterprise System
Publication TypeConference Papers
Year of Publication2009
AuthorsDumitras T, Narasimhan P
Conference NameMiddleware'09 Proceedings of the 10th ACM/IFIP/USENIX International Conference on Middleware
Date Published2009///
PublisherSpringer-Verlag New York, Inc.
Abstract

Enterprise-system upgrades are unreliable and often produce downtime or data-loss. Errors in the upgrade procedure, such as broken dependencies, constitute the leading cause of upgrade failures. We propose a novel upgrade-centric fault model, based on data from three independent sources, which focuses on the impact of procedural errors rather than software defects. We show that current approaches for upgrading enterprise systems, such as rolling upgrades, are vulnerable to these faults because the upgrade is not an atomic operation and it risks breaking hidden dependencies among the distributed system-components. We also present a mechanism for tolerating complex procedural errors during an upgrade. Our system, called Imago, improves availability in the fault-free case, by performing an online upgrade, and in the faulty case, by reducing the risk of failure due to breaking hidden dependencies. Imago performs an end-to-end upgrade atomically and dependably, by dedicating separate resources to the new version and by isolating the old version from the upgrade procedure. Through fault injection, we show that Imago is more reliable than online-upgrade approaches that rely on dependency-tracking and that create system states with mixed versions.

URLhttp://dl.acm.org/citation.cfm?id=1656980.1657005