Fault-tolerance in the Advanced Automation System
Abstract
The Advanced Automation System is a 3.55 billion dollar distributed real-time system under development by IBM's Systems Integration Division for the U.S. Federal Aviation Administration. The system is intended to replace the present en-route and terminal approach air traffic control computer systems over the next decade. High availability of air traffic control services is an essential requirement for the system. This paper discusses the general approach to fault-tolerance adopted in the design of the Advanced Automation System, by reviewing its basic architectural concepts, the questions which were asked during its design, the various alternative solutions considered, and the reasons for the design choices made. Although the choices made take into account constraints unique to this project, we believe that the structuring concepts used and the list of architectural issues considered can be useful to others as a road map through the labyrinth of fault-tolerant system design.