Failsafe strategy, mulitple applications on flash?

[kstsauveur]

I have been asked and am attempting to devise a failsafe strategy in the case of a bad flash of an application.

Once the system I am developing for is deployed I will only have access to the netburner via ethernet. This means that if an auto update goes bad for any reason, faulty code, corrupt programming, whatever scenario one could dream up that could potentially make auto update unable to receive connections; due to legacy constraints I will not have the serial connection to reprogram the flash.

I would like to do something similar to what is already done with the netburner boot monitor, but via ethernet instead of serial (or reconfigure the netburner boot monitor if possible):

On boot: Netburner boot monitor times out and loads custom boot monitor which then waits for some arbitrary ethernet message (probably via udp):
a) if the message is received, wait for reprogramming of application via autoupdate
b) on timeout load application from separate memory space

The key here is that the custom boot monitor code (once deployed) will never change but the application could, again just like the current netburner boot monitor.

This would require a couple of capabilities that I need to know if they exist:
1) Can more than one application be programmed into flash memory space?
2) If so could one application load another and then kill off itself?

or

3) Can the Netburner boot monitor be configured to receive ethernet data rather than serial

If the netburner gets hosed somehow and it can't be recovered remotely I have a potential issue...

Thanks in advace for info/ideas,
-K