Australia may be the smallest continent, but it is still a large country. The challenging climate and population distribution provide unique transportation hurdles. Most residents live within 50 km of the coast in two "crescent" shaped areas, one in the southeast and a smaller one on the southwest coast. The country's rail system, mostly single track lines, is the main link for freight within these regions and passes through the arid bush country to link them.
The Australian Rail Track Corporation (ARTC) was faced with having to replace long-serving, far-flung track infrastructure, such as trackside train safety signals. The ARTC decided that rather than simply replacing existing equipment, it would endeavor to modernize the system with communications and networking technologies that would improve safety, increase efficiency, and save operating costs. This past May the Australian government funded the first stage of implementing the Advanced Train Management System (ATMS), one of the most sophisticated types in the world, developed by Lockheed Martin along with partners such as MEN Mikro Elektronik. ARTC noted that the cost of putting ATMS in place is roughly equal to the expense of replacing existing technology without adding any modern benefits.
"ATMS is a smart train management system that can locate and control trains on the network allowing them to travel at closer intervals safely and has collision avoidance systems and remote braking override to help prevent accidents," notes John Fullerton ARTC CEO. "It will transform the rail industry in Australia by substantially increasing capacity and avoid the need to build additional tracks and sidings."
Features and benefits
ATMS is targeted at improving rail capacity, operational flexibility, service availability, and safety and reliability, while cutting transit time. The system:
- Replaces trackside signaling with in-locomotive displays for drivers
- Furnishes GPS-based exact train location, front and rear
- Utilizes digital network control centers, each of which could control all network traffic to serve as a back up if one center should fail
- Enforces track authorizations on each locomotive
- Provides switch settings, automatic route clearances, and voice and data communications to locomotives via Telstra 3G National Network
The anticipated benefits include:
- Increasing rail capacity via closer train operation
- Improving reliability with better on-time performance
- Greater network flexibility and efficiency
- Safety improvements through speed limit enforcement and track authorizations
- Cost savings from reduced trackside infrastructure maintenance, lower fuel consumption, and less wear on rolling equipment
The safety-critical computing system for control centers developed by MEN Mikro Elektronik for the ATMS partitions applications on a single platform—built with standard COTS components. The architecture is based on a CompactPCI® - CompactPCI Serial hybrid configuration and is certifiable up to SIL 4.
Management of network control center train authorizations, communications, and network controller requests runs on a Wind River VxWorks® certified safe operating system on either one or two computers with deterministic operation and extensive built-in test features—with three RISC processors running in lockstep mode with two-out-of-three voting . Ethernet is integrated using a P511 PCI mezzanine card, with an M66 M-Module providing binary I/O.#_msocom_2
Twin F19P Intel® Core™ processor-based CompactPCI PlusIO single board computers connected to an Ethernet switch and four hard disk drives running Linux handle the wireless interface between the control center management and trainborne or trackside systems, provide the graphical user interface to the network controllers, and "propose" controller requests to the authorization system.
When asked to highlight the key technology in the ATMS computing system, MEN Mikro's Robert Kueffner, member of the product management team, notes the redundant architecture for important components. Most common is a triple-redundant system where three CPUs or systems are "polled" for two-out-of-three voting—a problem with one will see it isolated and the remaining two continuing operations.
But Kueffner cautions that to lower failure probability, diversity is important. "Through [employing] different CPUs (types or generations such as Core 2 Duo and i5 CPU), operating systems, or software, you can make sure that not all of the redundant systems will fail because of the same, common cause," he says.
While the easiest solution with modular systems would be simply to triple the number of cards, Kueffner notes such an approach requires triple space, power, and potential software complexity for voting. Instead, by taking redundancy down to the board level, power, space, and development costs are saved and software is simplified. The example above shows a design where the hardware was developed according to specific safety standards, making it safe from the beginning. The processors are completely synchronized in lockstep mode and the software "sees" one unit. This integration also shortens the certification process for the complete system.
A different hardware approach combines two redundant Intel® Atom™ processors on one 3U CompactPCI board for safety, along with independent RAM and flash (for greater safety), and a third processor controlling the I/O interfaces. Two clustered cards provide higher system availability. Being a COTS product certifiable to SIL 4, MEN’s solution (F75P) also simplifies implementation of functional safety in embedded systems, while saving space and cost (see below).
Kueffner says the highest hurdles in developing safe railway systems are that operators require these to have long term availability, at a minimum of 15 years. Development and certification can add another five years to the timeline for having the same chip available and working.
"The MEN CompactPCI family solves this problem in its own way. As all boards are 100% pin-compatible with the same front I/O, you can easily change an older CPU-card, e.g. F14 with an Intel® Pentium® M processor on it, with a successor board like the F21P, which uses the current Intel i7 processor," he highlights (see below). "The system is still working, but needs re-certification, which adds costs. From a customer’s point of view, long-term availability of the processor components would be a preferable solution."
Finally, Kueffner notes, "Especially in the railway market, Intel processors are very popular. Because of their large [production] volume, they are considered tried, tested, and well suited for safety-critical applications. But typical features like overclocking, power safe modes, interrupts, and DMA structures have to be disabled, because for safety-critical applications deterministic behavior is a must.”
Solutions in this blog:
- Communications – Top Picks (blogs, white papers, and more)
- Connectivity – Top Picks (blogs, white papers, and more)
MEN-Mikro Elektronik is an Affiliate member of the Intel® Intelligent Systems Alliance.
Wind River Systems is an Associate member of the Alliance.
Roving Reporter (Intel Contractor), Intel Intelligent Systems Alliance
Follow me on Twitter: @rickdemeis