Computer systems often have various roles and relationships. For example, one computer system may operate as an email server, a web server, or a domain controller, while another computer system may operate as a client. Some computer systems may have authority to perform actions, such as authenticating other computer systems, not granted to others. One type of relationship is a trust relationship, in which a trustee establishes that a particular computer system is trusted to perform one or more actions.
One type of trust relationship is established between a computer system acting in the role of a domain controller and one or more computer systems that are members of a domain. Computer systems join the domain by performing a domain join action that typically involves presenting a set of credentials (e.g., a username and password) to the domain controller, waiting for the domain controller to validate the credentials, and providing information (e.g., keys or other information) that allows the computer system to act as a member of the domain. In a Microsoft Windows environment, a domain join may involve saving state changes to Active Directory Domain Services and saving state changes on the computer system that is joining the domain.
A common point of failure in domain join and other trust establishing operations is that each computer system involved in the operation is expected to maintain uninterrupted network connectivity during the entire operation, which may involve sending and receiving many packets back and forth between the computer systems. Although the probability of a single domain join action failing due to an interruption in connectivity is generally low, the probability increases dramatically in common server provisioning scenarios. For example, an organization might want to deploy many physical or virtual machines in a data center over a short period. The extra burden on the domain controller or other trust authority may cause slow responses to some target computer systems and failures of the trust operation. Even if only 5% of the operations fail, the administrative burden to track down which target computer systems successfully established a trust relationship and which did not can be unacceptably high.
Data centers commonly have a provisioning server that configures a disk image and then sends that image to be deployed on a target production computer. An administrator sets up the production computer, joins the computer to the domain, and restarts the computer. If there are any problems associated with the domain join, such as network connectivity problems or problems that are associated with dependent servers that are offline, the administrator has to diagnose and resolve the problems at that time.