1. Field of Invention
This invention relates generally to the management of distributed systems in computer networks.
2. Prior Art
In many enterprise computer networks, a ‘multi-tier’ application deployment model is used. A client application, running on a user's desktop computer system attached to the enterprise network, accesses a network-based service provided by an application server located on a server computer on that network. That application server may in turn act as a middleware client to access other network-based services, provided by backend servers or databases located on other server computer systems on that network. FIG. 2 is a diagram that illustrates the network protocol connections between a client (35) and an application server that integrates a middleware component (34), and between that middleware component and a backend server (37) and optionally an alternate backend computer system (38).
Many servers and databases support high availability for the services they provide, by enabling the service to be implemented by multiple, coordinated servers located on distinct server computer systems. Should one computer system providing the service become unavailable, the other server or servers for that service will continue to provide the service to the middleware clients.
In some cases, the high availability capability provided by a particular vendor's servers is integrated with the network infrastructure, so that a middleware client is not aware when a particular server becomes unavailable. However, it is more common for the server software to be independent of the network infrastructure. Thus, the middleware client for a particular service must be configured with a set of network addresses of the servers that provide that service. If the middleware client detects that a server providing a particular service is unavailable, then the middleware client will retry the operation at another server for that service. This requires that the configuration information of the network addresses of the set of servers providing a particular service be provided to all potential middleware clients of that service. As in many cases this is manually configured by a system administrator when an application server that contains a middleware client is installed, there is a risk that changes to the server or network topology might result in the application server that contains a middleware client no longer holding the correct configuration information. This configuration issue has historically been difficult to detect as the application server might appear to be working properly, and only fail when some of the servers that it has been relying upon become unavailable.
Testing of the failover behavior of a middleware software component under conditions of network or backend server failure is useful to validate the correct operation of that component, and to predict whether the component will function properly should a particular backend server which that component relies upon become unavailable. However, shutting down a backend server in order to test middleware software can be difficult or inappropriate for many enterprises, as:                the backend server might be operated by a different department in the enterprise, or might be operated by another enterprise to which this enterprise has outsourced some network services,        improperly shutting down a backend server might risk corruption of that server's state,        shutdown of a backend server might result in alarms being generated, or        the shutdown and recovery of a backend server might require several hours as the backend server restores its state prior to the failure.        