CompactPCI® Serial for Safety-Relevant Architectures

Version 2

    Author: Manfred Schmitz, CTO MEN Mikro Elektronik

     

    Safety-relevant computers often use the principle of redundancy to detect errors. If two computers are combined, this is called a 2-out-of-2 system. These two computers are often different to avoid that common cause errors remain undetected. Besides safety, availability is also of special importance for applications in critical areas.

     

    Availability is also achieved through redundancy. If non-diversitary subsystems are extended by another subsystem, you get a 2-out-of-3 system. For diversitary 2-out-of-2 systems, the desired availability is achieved by doubling the whole 2-out-of-2 system.

     

    The computers have to compare and align their results. To do this, they need an interface which on the one hand offers a high enough data transfer rate and on the other hand guarantees absence of feedback. After all, the defect of one computer is not supposed to paralyze the whole system. Ethernet, especially the electrically isolated communication standards (10/100/1000/10GBase-T) are particularly well-suited.

     

    CompactPCI Serial CPCI-S.0 particularly focuses on safety-relevant systems. For this reason, additional features such as hot swapping are included beside Ethernet as the communication interface. A board can be removed from the system without interrupting the function of the other computers. As the communication between the boards is based on Ethernet, which implicitly supports hot swapping already, not even a special hot swap controller is needed for this function. A single 12V power rail is used as the main power supply. Building up redundant PSUs is especially simple if they only have to supply one output voltage.

     

    A double 2-out-of-2 system might for example consist of three CompactPCI Serial subsystems. Each subsystem would have its own independent (standard) backplane with possibly independent PSUs. The connection of the subsystems can be done via Ethernet and rear I/O (another advantage of 10/100/1000/10GBase-T).

     

    For wiring 2-out-of-3 systems, a full-mesh architecture is well suited. A standard backplane accommodates three identical CPU boards. Switches, which are also redundant, can also be realized as independent CompactPCI Serial components on standard backplanes. The wiring of the subsystems among each other is possible with rear I/O. A customer-specific backplane will be helpful for optimizing this system function.

     

    These are only some examples of safety-relevant architectures which can be realized using CompactPCI Serial. And all this can be done with standard backplanes and standard boards.