It is widely recognized that real-time, fault-tolerant and distributed computing technologies play a key role in the deployment of many current and future (civilian or Defense) critical and complex applications. Computing systems needed to support such applications are referred to as C3 systems. Lack of a clear identification of those issues involved with designing and dimensioning C3 systems can only lead to failures, as recently demonstrated by a number of sizeable projects that have been aborted or suspended in Europe and in the USA, in various application domains. This paper describes a Systems Engineering methodology that, given some specification of a particular Systems Engineering problem, permits to develop a specification of a C3 system such that provably satisfies . It is explicitly assumed that includes arbitrarily stringent timeliness requirements, arbitrary distribution requirements as well as arbitrarily stringent dependability requirements. Moving from to involves some number of design stages and one final dimensioning stage. It is shown how to verify whether every single design decision satisfies the logical part of as well as whether a dimensioning decision satisfies the physical part of .This methodology is fully orthogonal to formal specification methods or formal software engineering methods currently in use. It does not rest on any particular programming language either. Too often, system design and/or system dimensioning stages are conducted in ad-hoc ways, or even confused with implementation or software development. We believe this to be the main reason why so many complex systems fail to operate correctly or are abandoned, contrary to widespread belief that software faults are the primary culprit. The formal aspects of the methodology are related to demonstrating that specific safety, timeliness and dependability properties are enforced by a given design. Such demonstrations lead to provably correct generic (i.e. reusable) designs. Proofs that play a prominent part in this methodology are called timeliness proofs ("hard" real-time properties), serializability proofs (safety properties) and dependability proofs (availability properties). Examples of some techniques used to establish such proofs in the presence of incomplete advance knowledge of the future are given.