Realizing and refining architectural tactics

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.


Architectural patterns and styles have been proposed to reduce the enormous size and complexity of the search space. Tactics are the building blocks of architectures, and hence the building blocks of architectural patterns. Patterns are complex and their interactions with other patterns are not always clear. Furthermore, patterns are always underspecified. Thus sets of tactics that address six quality attributes are defined: performance, usability, availability, modifiability, testability, and security. These tactics are used over the past five years, as a foundation for designing and analyzing architectures.

There are discussions regarding the relationships between tactics and quality attributes and for the categorization of quality attribute effects of tactics on design decisions.

In this term paper, I will discuss the whole availability tactics in detail. Availability tactics are designed to enable a system to endure system faults such that a service being delivered by the system remains compliant with the specification.


Basically there are three types of availability tactics:

* Fault detection

* Fault recovery

* Fault prevention

Let us take an example of Modifiability tactics to illustrate the impact of availability tactics. There are three classes of modifiability tactics:

1. those that defer binding time decisions, to control deployment time and cost

2. Those that help to localize changes, reducing the number of modules directly affected by a change

3. Those that prevent ripple effects, limiting the modifications to localized modules.

To make architecture more modifiable, the designer needs to select and realize one or more tactics from this set.

The most common architectural pattern-the layered pattern. Layers group together similar sets of functionality and separate them from other functions that are expected to change independently. Through this separation, the modifiability of the system is expected to increase.

Every design decision has side effects. Once the use an Intermediary tactic is in place, it will have an effect on runtime performance. Each of these attributesâ€"cost, coupling, and performance impactâ€"can be estimated by the architect and a reasoned decision can be made on whether to use the tactic.

I will show how tactics are used in practice and how they inform both design and analysis. In particular we will show how availability tactics have been used and how they have been augmented over time to meet the needs of a changing world.


Ping/Echo, Heartbeat, and Exception are the tactics that were classified for fault detection.

1. Ping/Echo refers to an asynchronous request/response message pair exchanged between nodes, used to determine reach ability and the round-trip delay through the associated network path. Standard implementations of Ping/Echo are available for nodes interconnected via IP.

2. A System Monitor tactic is used to monitor state of health, which includes the detection of hung or runaway processes; a heartbeat is one measure of health that a System Monitor could observe. When the detection mechanism is implemented using a counter or timer that is periodically reset, this specialization of System Monitor is referred to as a Watchdog.

3. The final Fault Detection tactic identified is the Exception tactic. The Exception tactic can be further refined into Exception Detection, Exception Handling, and Exception Prevention tactics. Exception Detection refers to the detection of a system condition that alters the normal flow of execution. For distributed real-time embedded systems, the Exception Detection tactic can be further refined to include System Exceptions, Parameter Fence, and Parameter Typing tactics. System Exceptions will vary according to the processor hardware architecture employed and include faults such as divide by zero, bus and address faults, illegal program instructions, and so forth.

Fault Recovery Tactics

Fault Recovery tactics are refined into Preparation and Repair tactics and Reintroduction tactics. Preparation and Repair tactics include Active Redundancy, Passive Redundancy, Spare, Exception Handling, and Software Upgrade. Reintroduction tactics include Shadow, Rollback, Escalating Restart, and Non-Stop Forwarding.

1. Active Redundancy refers to a configuration where all of the nodes (active or redundant spare) in a protection group receive and process identical inputs in parallel, allowing the redundant spare(s) to maintain synchronous state with the active node(s). Active Redundancy can also be used for Facilities Protection, where active and standby network links are used to ensure highly available network connectivity.

2. Passive Redundancy refers to a configuration where only the active members of the protection group process input traffic, with the redundant spare(s) receiving periodic state updates. Because the state maintained by the redundant spares is only loosely coupled with that of the active node(s) in the protection group (with the looseness of the coupling being a function of the check- pointing mechanism employed between active and redundant nodes), the redundant nodes are referred to as warm spares. Passive Redundancy provides a solution that achieves a balance between the more highly available but more complex Active Redundancy tactic and the less available but significantly less complex Spare tactic.

3. Cold sparing refers to a configuration where the redundant spares of a protection group remain out of service until a fail-over occurs, at which point a Power-On-Reset procedure is initiated on the redundant spare prior to its being placed in service. Due to its poor recovery performance, cold sparing is better suited for systems having only high-reliability (MTBF) requirements as opposed to those also having high-availability requirements.

State synchronization

Active redundancy Input data

Periodic checkpoint data input data

Diagram for passive redundancy

4. Software Upgrade is another Preparation and Repair tactic whose goal is to achieve in-service upgrades to executable code images in a non-service. This tactic is refined by Function Patch, Class Patch, and Hitless In-Service Software Upgrade (ISSU) tactics. The Function Patch tactic is used in a procedural programming environment and employs an incremental linker/loader to store an updated software function into a pre-allocated segment of tar-get memory.

Some Fault Recovery tactics rely on component reintroduction, where a failed component is reintroduced after it has been corrected. Reintroduction tactics include Shadow, State Resynchronization/Graceful Restart, Rollback, Escalating Restart, and Non-Stop Forwarding.

1. The Shadow tactic refers to operating a previously failed or in-service upgraded component in a "shadow mode" for a pre-defined duration of time prior to reverting the component back to an active role.

2. Similarly, State Resynchronization is a reintroduction refinement to the Active Redundancy and Passive Redundancy preparation and repair tactics. When realized as a refinement to the Active Redundancy tactic, the State Resynchronization occurs organically, as the active and standby components each receive and process identical inputs in parallel.

3. The Function Patch tactic is used in a procedural programming environment and employs an incremental linker/loader to store an updated software function into a pre-allocated segment of tar-get memory. The term Non-Stop Forwarding has emerged as the standard nomenclature used when the Headless Mode tactic is applied to packet router designs targeting high-availability services.

Fault Prevention Tactics

Fault Prevention tactics include Removal from Service, Transactions, Process Monitor, and Exception Prevention.

1. The Removal from Service tactic refers to placing a system component in an out-of-service state for the purpose of mitigating potential sys-tem failures.

2. The Process Monitor tactic is employed to monitor the state of health (SOH) of a system process in order to ensure that the system is operating within its nominal operating parameters. The Process Monitor may be a lower level function of a hierarchical sys-tem monitoring function.

3. The Exception Prevention tactic refers to techniques employed for the purpose of preventing system exceptions from occurring. The use of Exception Classes, which allows a system to transparently recovery from system exceptions.


Architectural tactics are the building block for both architectural design and analysis. Architectural patterns and styles have been proposed to reduce the enormous size and complexity of the search space. Sets of tactics that address six quality attributes are defined

1. Performance

2. Usability

3. Availability

4. Modifiability

5. Testability

6. Security.

There are three types of availability tactics that are fault detection, recovery and prevention.


Text book of software engineering by Roger S .Pressman