That would be too radical. ;-)
How about a UML state machine diagram
(http://www.agilemodeling.com/artifacts/stateMachineDiagram.htm) to model
the states and a UML deployment diagram
(http://www.agilemodeling.com/artifacts/deploymentDiagram.htm) to model the
various nodes? Or perhaps just one of the two diagrams if it proves
sufficient on its own?
- Scott


====================================================
Scott W. Ambler
Senior Consultant, Ronin International, Inc.
www.ronin-intl.com/company/scottAmbler.html

www.agiledata.org
www.agilemodeling.com
www.ambysoft.com
www.enterpriseunifiedprocess.info
www.modelingstyle.info
www.ronin-intl.com

For more information about AM, visit the Agile Modeling Home Page at www.agilemodeling.com
--^----------------------------------------------------------------
This email was sent to: gcma-***@gmane.org

EASY UNSUBSCRIBE click here: http://topica.com/u/?bUrKDA.bWnbtk.Z2NtYS1h
Or send an email to: agilemodeling-***@topica.com

TOPICA - Start your own email discussion group. FREE!
http://www.topica.com/partner/tag02/create/index2.html
--^----------------------------------------------------------------

Scott Ambler Sent Mon, 16 Feb 2004 07:58:15 -0500
I thought about a state diagram. Here are some of the issues I came up with:

A state diagram represents the state of one object - what is the object? The
service? What about the component pieces?
A service is made up of lots of components each with its own state - do I
use composite states?
How do I model the situation where if a process on one node fails the
service is still available but if it fails on two nodes the service is
unavailable? i.e. one event of a type is ok, two is not, unless we've
recovered in the meantime.

What most of this adds up to is how do I keep it simple? I ended up with a
"service compromised" state that had huge numbers of transitions to "service
available", each with a huge guard. I was just hoping someone had had come
up with a better way.

Regards

Ian Chamberlain

_________________________________________________________________
Stay in touch with absent friends - get MSN Messenger
http://www.msn.co.uk/messenger

For more information about AM, visit the Agile Modeling Home Page at www.agilemodeling.com
--^----------------------------------------------------------------
This email was sent to: gcma-***@gmane.org

EASY UNSUBSCRIBE click here: http://topica.com/u/?bUrKDA.bWnbtk.Z2NtYS1h
Or send an email to: agilemodeling-***@topica.com

TOPICA - Start your own email discussion group. FREE!
http://www.topica.com/partner/tag02/create/index2.html
--^----------------------------------------------------------------

(responding to Ian)
I've done this sort of thing a couple of times before. Each
service to a client depends on zero or more other services,
and each service has one or more clients. The clients
want information that means something to them.

This means that each service in the network has its own
state machine, and the state it's in depends on its own
state and the states of services it depends upon. Yet
the state the client is interested in will probably need
less detail. The client may only be interested in
'Working' or 'Not Working', or he may be interested
in other potential states. One system I worked on
reported several states; { Working, Reduced Throughput;
Reduced Functionality; Reduced Both; Emergency
Shutdown; Not Available } and if things got worse, it
failed to report at all. These were states that caused
different client behaviour, so were of interest to the
client.

Sometimes, different clients want different information;
in this system, one monitoring client wanted to know
when there was no fault-tolerance capacity left in
the supplier services to this service - e.g. unless
both suppliers of a service (or at least two) were
reporting 'Working', the service reported 'Not Fault
Tolerant' to the monitoring client.

Guidelines - keep a state machine on each node of the
service network; let the client needs drive what states
get reported; let the need for reporting these states
drive what states are recorded internally. Report
changes of state only when it would result in changed
behaviour on the part of the client. If he can't respond
differently he doesn't need to know.

The problem is complex, but don't make it harder than
it needs to be by trying to cut corners.


Paul Oldfield

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
www.aptprocess.com

any opinions expressed herein are not necessarily those of
Mentors of Cally or the Appropriate Process Movement
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

For more information about AM, visit the Agile Modeling Home Page at www.agilemodeling.com
--^----------------------------------------------------------------
This email was sent to: gcma-***@gmane.org

EASY UNSUBSCRIBE click here: http://topica.com/u/?bUrKDA.bWnbtk.Z2NtYS1h
Or send an email to: agilemodeling-***@topica.com

TOPICA - Start your own email discussion group. FREE!
http://www.topica.com/partner/tag02/create/index2.html
--^----------------------------------------------------------------

Depending on what kind of analysis you want to do on the model, you
can choose to model multiple sub-systems in various ways.

The "pure state machine" approach is to combine the multiple state
machines into one - the "whole system" state machine has nodes that
represent a state tuple containing one state from each of the
constituent machines). That is, you might have states with names like
"MachineA_Ready_and_MachineB_Ready"). This leads to state explosion and
also doesn't work if the number of machines in the cluster isn't fixed
(your model embeds the number of machines).

Another approach is to include conditionals on your state transitions,
so that you might have a transition labeled "Event X<at least one other
machine still Ready>". This allows you deal with an arbitrary number of
machines (the model doesn't explicitly embed the number of machines)
On the other hand, while it does explicitly point out where you have to
be able to determine the whole-system state, it doesn't give you any
particular guidance as to where to implement it.

Or you could go lightweight and model the common case in a state machine
and sequence diagram, with comments in the diagrams indicating where
such conditionals would need to be checked.

Or, you could make a "system manager" an explicit component that the
individual machines send messages to and make it responsible for
tracking the whole configuration. The downside to this is that it
implies an architecture.

Of course, a lot depends on what you want the model for. If you're
looking at availability requirements, you might really want a
queuing-theoretical (mathematical) model instead of a behavioral model.

scott

| From: Scott Ambler<***@ronin-intl.com>
| Date: Mon, 16 Feb 2004 07:58:15 -0500
|
| At 12:05 PM 2/16/2004 +0000, you wrote:
| >Hi All,
| >
| >How about a real world modelling question for a change?
|
| That would be too radical. ;-)
|
|
|
| >I'm trying to come up with a nice simple way to represent the current
| >state of a service, where the service consists of a number of processes
| >spread over several nodes.
| >
| >For example the web server part of a web service might consist of two
| >clustered nodes running a web server listening to requests on port 80 and
| >passing the request to another node cluster to do the actual processing.
| >For the web server part of the service to be available at least one node
| >has to be available, running the web server process, listening on port 80
| >and able to connect to the next tier. Other tiers would have similar
| >combinations of processes so in order to say the web service is actually
| >available a path through all the tiers must be traceable.
| >
| >Depending on different combinations of states across the tiers you might
| >want to trigger alerts to notify the state of the service to operators.
| >
| >Any suggestions that don't involve multiple levels of composite states
| >gratefully received.
|
| How about a UML state machine diagram
| (http://www.agilemodeling.com/artifacts/stateMachineDiagram.htm) to model
| the states and a UML deployment diagram
| (http://www.agilemodeling.com/artifacts/deploymentDiagram.htm) to model the
| various nodes? Or perhaps just one of the two diagrams if it proves
| sufficient on its own?
|
|
|
| >Regards
| >
| >Ian Chamberlain
|
| - Scott
|
--
scott preece
motorola urbana design center (il67), 1800 s. oak st., champaign, il 61820
e-mail: ***@urbana.css.mot.com fax: 217-384-8550
phone: 217-384-8589 cell: 217-433-6114 pager: ***@msg.myvzw.com

For more information about AM, visit the Agile Modeling Home Page at www.agilemodeling.com
--^----------------------------------------------------------------
This email was sent to: gcma-***@gmane.org

EASY UNSUBSCRIBE click here: http://topica.com/u/?bUrKDA.bWnbtk.Z2NtYS1h
Or send an email to: agilemodeling-***@topica.com

TOPICA - Start your own email discussion group. FREE!
http://www.topica.com/partner/tag02/create/index2.html
--^----------------------------------------------------------------

(responding to Ashley, Ian)
The last time I implemented something like this, we opted
for Polling because a service could fall over without
informing clients that it was about to do so - theoretically.
We considered 'heartbeat' messages as an alternative,
but polling won out because it only happened when the
information was needed.


Paul Oldfield
www.aptprocess.com

For more information about AM, visit the Agile Modeling Home Page at www.agilemodeling.com
--^----------------------------------------------------------------
This email was sent to: gcma-***@gmane.org

EASY UNSUBSCRIBE click here: http://topica.com/u/?bUrKDA.bWnbtk.Z2NtYS1h
Or send an email to: agilemodeling-***@topica.com

TOPICA - Start your own email discussion group. FREE!
http://www.topica.com/partner/tag02/create/index2.html
--^----------------------------------------------------------------