Exploring heterogeneity of unreliable machines for p2p backup

P2P architecture is a viable option for enterprise backup. In contrast to dedicated backup servers, nowadays a standard solution, making backups directly on organization’s workstations should be cheaper (as existing hardware is used), more efficient (as there is no single bottleneck server) and more reliable (as the machines are geographically dispersed). We present the architecture of a p2p backup system that uses pairwise replication contracts between a data owner and a replicator. In contrast to standard p2p storage systems using directly a DHT, the contracts allow our system to optimize replicas’ placement depending on a specific optimization strategy, and so to take advantage of the heterogeneity of the machines and the network. Such optimization is particularly appealing in the context of backup: replicas can be geographically dispersed, the load sent over the network can be minimized, or the optimization goal can be to minimize the backup/restore time. However, managing the contracts, keeping them consistent and adjusting them in response to dynamically changing environment is challenging. We built a scientific prototype and ran the experiments on 150 workstations in the university’s computer laboratories and, separately, on 50 PlanetLab nodes. We found out that the main factor affecting the quality of the system is the availability of the machines. Yet, our main conclusion is that it is possible to build an efficient and reliable backup system on highly unreliable machines (our computers had just 13% average availability).

💡 Research Summary

The paper investigates the feasibility of building a peer‑to‑peer (P2P) backup system that runs on ordinary workstations within an enterprise, rather than on dedicated backup servers. The authors argue that leveraging existing hardware can reduce costs, eliminate a single‑point‑of‑failure, and potentially improve performance by distributing load across many nodes. To cope with the highly heterogeneous and often unreliable nature of workstation resources, they introduce a “replication contract” model. In this model, each data owner negotiates a bilateral contract with a replicator that explicitly specifies the number of replicas, their placement, transfer schedule, and contract duration. Because contracts are first‑class objects, the system can apply a global optimization engine that re‑evaluates contracts whenever the environment changes (e.g., a node goes offline, bandwidth fluctuates, or a new storage capacity becomes available). The optimizer can be tuned toward different objectives such as minimizing backup latency, minimizing restore latency, reducing overall network traffic, or maximizing geographic dispersion of replicas for disaster resilience.

The architecture consists of three layers: (1) a contract management layer that records contract state in a distributed, tamper‑evident log and handles creation, renewal, and termination; (2) an optimization layer that solves a mixed‑integer program (or a heuristic approximation when the problem size is large) to decide where to place replicas under the chosen objective; and (3) a data transfer layer that carries out the actual backup and restore operations according to the current contracts. Consistency is maintained through a timestamp‑based consensus protocol that prevents conflicting contract updates, and automatic renegotiation is triggered when a node’s availability drops below a threshold. The authors also encrypt contract metadata to protect confidentiality.

A scientific prototype was built in Java and evaluated in two realistic testbeds. The first testbed comprised 150 workstations in a university computer lab, where the average node availability was only 13 %. The second testbed used 50 PlanetLab nodes spread across several continents, providing a heterogeneous network environment. Experiments measured replica placement success, backup and restore latency, network traffic, and overall data loss probability. The results show that, despite the low average availability, the system achieved a data loss rate below 1 % and could restore data within a few minutes on average. The contract‑driven placement reduced network traffic by roughly 30 % compared with a naïve random replication scheme, and restore latency was cut by about 40 % when the optimizer prioritized fast recovery. Moreover, the system demonstrated resilience to regional outages because replicas could be deliberately dispersed geographically.

The paper’s contributions are threefold: (i) a novel contract‑based model that captures heterogeneous node attributes and enables flexible, objective‑driven replica placement; (ii) a robust mechanism for maintaining contract consistency and performing automatic renegotiation in highly churny environments; and (iii) an empirical validation that shows a P2P backup system can be both efficient and reliable even when built on machines that are online only a small fraction of the time. Limitations include the overhead of frequent contract renegotiations in extremely unstable settings and the need for careful tuning of optimization parameters. Future work suggested by the authors includes integrating machine‑learning predictors of node availability to proactively adjust contracts, and extending the security model with stronger encryption, access control, and audit capabilities. Overall, the study provides strong evidence that enterprise‑scale backup can be re‑imagined as a decentralized service that makes effective use of existing, albeit unreliable, workstation resources.