(Requirement) The infrastructure must survive destruction of one or more data storage nodes
Data storage nodes (Member Nodes or Coordinating Nodes) will go offline for various reasons - maintenance, hardware failure, decommissioning, etc. The infrastructure built by DataONE must not be adversely affected by such events.
This is a requirement of content persistence (#410).
No systems have 100% uptime, and so we should design and plan for failure of MN or CN nodes.
- XX% of all Data remains available if XX% of member nodes go offline
- The infrastructure remains functional if two CNs go offline