Each node canister in a system contains a battery.
The battery within a node supplies power only to that node. If the power to a node canister fails, the node can write its configuration state and cache state to its internal drive using the power provided by the canister battery.
If a system loses power, there is a 500 ms delay before the system starts to save critical data. If power is not restored after the 500 ms "ride through" window, the system starts a "fire hose dump" to save critical data. The dump always runs to completion. If power returns when the dump completes, the node canisters immediately restart.
When charged, a canister battery holds enough charge to save the data in the node twice in quick succession. If there is not enough charge in the battery for a node to save its internal state, the node does not start and a critical node error is reported. If battery power drops below the required level while a node is running, it is no longer protected by the battery. The node then safely enters service state while the canister battery recharges.