To Upgrade or Not to Upgrade: Impact of Online Upgrades across Multiple Administrative Domains

ACM Onward! Conference, Oct. 2010, Reno, NV.

T. Dumitras, E. Tilevich*, P. Narasimhan

Parallel Data Laboratory
Carnegie Mellon University
Pittsburgh, PA 15213

*Virginia Tech


For example, the interactions among multiple versions of the software expose the system to race conditions that can introduce latent errors or data corruption. Moreover, industry trends suggest that online upgrades are currently needed in large-scale enterprise systems, which often span multiple administrative domains (e.g., Web 2.0 applications that rely on AJAX client-side code or systems that lease cloudcomputing resources). In such systems, the enterprise does not control all the tiers of the system and cannot coordinate the upgrade process, making existing techniques inadequate to prevent mixed-version races. In this paper, we present an analytical framework for impact assessment, which allows system administrators to directly compare the risk of following an online-upgrade plan with the risk of delaying or canceling the upgrade. We also describe an executable model that implements our formal impact assessment and enables a systematic approach for deciding whether an online upgrade is appropriate. Our model provides a method of last resort for avoiding undesirable program behaviors, in situations where mixed-version races cannot be avoided through other technical means.

KEYWORDS: Mixed-version race, Online upgrade, Multiple administrative domains, Risk assessment





© 2017. Last updated 15 March, 2012