The architecture of HA-NFS consists of two server machines, each acting as a nondedicated backup for the other, and a set of dual-ported disks accessible to both machines. Each machine is designated as the primary server for a subset of the file systems on the dual-ported disks. During failure-free operation, each machine monitors the liveness of the other, but both operate independently, each serving its own file systems. Each machine logs the changes that occur to its file systems on a disk log. If one machine fails, the other will become the server of all file systems on the disks. The surviving machine uses the information written by the failed one on the disk log to reconstruct a consistent state of the file systems. Then, in addition to its own identity, it impersonates the failed machine by using the latter's network address in communicating with the clients. Thus, it appears to the rest of the network as if both machines were alive: the clients of the failed server continue to use the same network bindings and are oblivious to the takeover, and the clients of the surviving machine continue to operate normally.
The prototype implementation showed that the overhead during failure-free operation is negligible, and that impersonation allows the takeover to be completely client-transparent. Therefore, HA-NFS provides an efficient alternative to providing high availability in network file server, at a fraction of the cost of conventional replication techniques. The prototype file server has been converted into a commercial product by IBM. SUN Microsystems is also developing a similar system using some of the concepts presented in the original prototype.