Safety Critical Applications
One of the key design elements of a safety-critical system is redundancy. The complex architecture of such systems usually requires equally complex software, resulting in a very time-consuming and expensive development process. The design of MEN’s safe computers keeps the special requirements of a redundant setup entirely on the hardware level – to the application, the single-board computers A602 and D602 appear as regular single-CPU cards with just one main memory rank despite their triple-redundant architecture. A 2-out-of-3 voting mechanism keeps the boards’ three PowerPC® CPUs in lockstep. The voter is implemented in a safe FPGA, which is designed to counter the negative effects of single-event upsets (SEUs) – a common problem for avionics applications caused by cosmic radiation.
Also, the A602 and D602 are designed for strictly deterministic operation without interrupts and DMA to avoid compromising the system’s reaction time. A safety-critical system must react to an external event within a defined time, and this reaction time must be met even under worst case conditions.
The two 6U safe computers have been developed according to DO-254 (avionics) and EN 50129 (railways), and the boards comply with environmental standards DO-160 and EN 50155.
Thinking Ahead: Fail-Safe and Fail-Silent on 3U CompactPCI®
Another safe computer, F75P, makes onboard functional safety even more compact. It unites three CPUs on one 3U CompactPCI® PlusIO card and pairs Intel® Atom™ E6xx performance with dual redundancy. Developed according to EN 50129, and with full EN 50155 compliance, it mainly targets railway applications.
With redundant software running on F75P, and with the software instances on the two CPs comparing their output, the board becomes a fail-silent subsystem, i.e. it can shut down in case of a fatal fault. The redundant kernels support real-time operating systems and diversity, while the third CPU can run Windows® for convenient user interaction. A number of design details round out the safety features of this product.
SIL 4 / DAL-A: Certification Simplified
For all its COTS safe computers, MEN offers a certification package that documents the board's suitability up to SIL 4 requirements. The A602 and D602 also meet avionics demands up to DAL-A.
Typical Applications: Demanding Markets
Safe computers from MEN are typically used in avionics or railway applications requiring particularly high reliability. This also goes for the medical and research markets, while industrial environments demand more and more functional safety as technology becomes readily available.
MEN is certified to both EN/AS 9100 and IRIS.
|
