This is where a design philosophy chapter in the documentation would really help, especially since its brilliance would make for a very nice read. The self hosted engine (SHE) is in fact extremely highly available, because it always leaves behind a fully working 'testament' on what needs to run where e.g. in case of a major hickup or servers (including the one running the SHE) dying. And that includes instructions to bring up a new instance of the SHE, which will then use this "testament" to create the next one, as workloads and systems change. So as long as there is always a good enough testmament and an SHE running long enough to create the next iteration, there is no need for the SHE to run at all: the VDSM daemons on each host will faithfully do their work without stepping on each other's toes. The principle isn't really that original to oVirt and has been used for things like mainframe job scheduling systems for decades. But it's extremely solid in principle as long as the "testament" or execution plan doesn't need to be to complex. You can even run a mathematical proof on it then. On the other hand, two servers will only create chaos, because they'd have to decide who is right. That can take so long, the winner might die during the negotiations and then what?