Hardware Architectures for
Safety-Critical Applications
For the evaluation of safety it is necessary to
detect errors – redundancy is one applicable
method. The systems or part of them are du-
plicated. Only both computers combined can
set the system into the critical state. A “voter”
carries out the evaluation. If this voter detects a
difference between the two systems it sets the
system into the safe state – switches it off. This
architecture is also called “1oo2“ (1 out of 2).
This method only works in “fail-safe systems”.
In “safe operational systems” the system is kept
in the “hot standby” state. This means that a
faulty system part switches itself off and the
other part takes over its function. Now the sys-
tem is functional, but unsafe. With a 1oo2 ar-
chitecture only single faults can be detected.
With classic redundant systems and a voter
the error probability can be decreased as the
system switches into the safe state when there
To achieve a SIL 4 safety level most of the
safety measures are taken by software. On
the hardware side the systems have double
or triple redundancy. A typical “2-out-of-3“
system has three independent CPU cards with
identical I/O functions, using independent
backplanes and power supplies – all of these
components installed in the same 19“ rack. At
least two of the three computers must yield
identical results to guarantee the correct ope-
ration of the complete system.
is an error. However, availability is then de-
creased. If availability is important triple sys-
tems are often used (2oo3, 2 out of 3). Here it
is assumed that the single components are
safe. Now the voter evaluates three votes. The
majority decides. If one component delivers a
deviating result it is switched off. The system
stays safe but availability is now decreased.
With another additional computer a 2oo4
structure is achieved. When one component
fails three functional components remain – the
system is still safe and available.
6U VMEbus master/slave
2 LVDS channel links
4 MB dual-ported SDRAM
LVDS and RAM implemented in FPGA
1 ESM™ Embedded System Module slot
-5 to +70°C operating temperature
Conformal coating
No critical components (e.g. sockets)
6U CompactPCI
®
SBC D6
– Intel
®
Celeron
®
M, 1 GHz
– (Up to Pentium
®
M 2 GHz)
– PCI Express
®
– Up to 12 Gigabit Ethernet
– 2 XMC slots
Quad Gigabit Ethernet XMC P601
– PCI Express
®
2 x4
Dual HDLC/SDLC M-Module™ M75
– Optically isolated
48-bit TTL I/O PC-MIP
®
P13
Proprietary OS
Enlarging Availability – 2oo3 System
Custom Triple-Redundant
CompactPCI
®
System
for Signaling Control
.....................floating softly over the clouds............... not in the mood for waking up..............................
.................... sanft über den Wolken schweben.......... keine Lust, aufzuwachen..........................................
EN 50155 in Development
and Production
Flexible and Future-Safe
with FPGA Technology
System Solutions and
Packaging Technology
Standard Computer Boards
I/O Boards for Control and
Instrumentation
Fieldbus Solutions
Traffi c Management Systems
Passenger Information Systems
Application Samples
Short Product Overview
References
4
6
8
12
16
20
24
28
32
35
38
(36 paginas)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales