Before considering design complexity, it is necessary to consider that for a resilient system – with no single points of failure (SPOFs) – a failure event must be, by definition, the result of two or more simultaneous events. These can be component failures, or incorrect intervention, for example switching without understanding how the system will react.
Tweeted by @ServerLIFT https://twitter.com/ServerLIFT/status/1035177069091676160