Tandem’s hardware is designed to have no potential for a “single point of failure”: any one component of the system, hardware or software, can fail without causing the entire system to fail. Beyond this, it is designed for graceful degradation. In most cases, the system as a whole can continue running despite multiple failures, though this depends greatly on the nature of the individual failure.
The first implication of this architecture is that there must be at least two of each component in case one should fail. In particular, this means that the system requires at least two CPUs.
But how should the CPUs be connected? The traditional method, then as now, is for the CPUs to communicate via shared memory. At Tandem we call this tightly coupled multiprocessors. But if the processors share memory, that memory could be a single point of failure.
Theoretically, it is possible to duplicate memory (a later Tandem architecture actually did that), but it’s very expensive, and it creates significant timing problems. Instead, at the hardware level, Tandem chose a pair of high-speed parallel buses, the “interprocessor bus” or IPB, sometimes also referred to as Dynabus, which transfer data between the individual CPUs. This architecture is sometimes called loosely coupled multiprocessors.
There’s more to a computer than the CPU, of course. In particular, the I/O system and data storage are of great importance. The basic approach here is also duplication of hardware; we’ll look at it further ...