N+1 redundancy...
http://en.wikipedia.org/wiki/N%2B1_Redundancy

In short, if one fails you're safe until you replace the failing unit.
N+1 redundancy is a form of resilience that ensures system availability in the event of component failure. Components (N) have at least one independent backup component (+1). The level of resilience is referred to as active/passive or standby as backup components do not actively participate within the system during normal operation. The level of transparency (distruption to system availability) during failover is dependant on a specific solution, though degradation to system resilience will occur during failover.

1+1 redundancy typically offers the advantage of additional fail-over transparency in the event of component failure. The level of resilience is referred to as active/active or hot as backup components actively participate with the system during normal operation. Fail-over is generally transparent (disruption to system availability) as fail-over does not actually occur (just degradation to system resilience) as the backup components were already active within the system.

Examples of 1+1 redundancy:

# Dual active power supplies in a server.
# Mirrored hard drives within a server/PC system.

If your modules are identical and have an MTBF of X (so a failure probability of 1/x), then having those three modules makes your failing probability (1/x)^3 because they are in parallel.
With "99.99% availability" modules, it means you've 0,01*0,01*0,01 % chance of a general failure (roughly 1 millionth of percent)