Originally developed as safe computers for controlling the systems such as freight load in the Airbus A400M, these types of computers are now also available as COTS hardware for CompactPCI systems. These new MEN Mikro-elektronik computer assembly products are suitable for safety-critical applications in airplanes and in trains and are available through Dominion Electronics .
The Triple-Redundant 6U CompactPCI SBC (D602) was originally developed originally as a safe computer for controlling the freight load system of the Airbus A400M, the computer assembly D602 is now also available as COTS hardware for CompactPCI systems. It is used in safety-critical applications in airplanes (up to DAL-A) and in trains (up to SIL 4).
Computer assembly D602 provides complete triple redundancy of the hardware components on a single board for the safe operation of critical systems and at the same time high availability. Critical functions like voters are implemented as IP cores in the FPGA which also has a triple-redundant structure. Using voters it is ensured that at least two of the three redundant components provide the same result in order to guarantee safety. The system remains fully operational even if one of the three redundant components fails, providing the required availability.
Computer assembly D602 is developed according to DO-254 and is airworthy in a safety-critical environment up to DAL-A. Additional diagnosis mechanisms (BITE, e.g. extensive self tests) help to detect latent errors before they lead to a system error, increasing safety and availability. The design is oriented towards strictly deterministic operation avoiding interrupts and DMA for the same purpose.
The Triple-Redundant 6U VMEbus SBC (A602) is a 6U 64-bit VMEbus SBC with advanced safety features that realise the functionality of three redundant systems on a single board. The complex FPGA-based design of the computer assembly helps dramatically lower software development costs as it automatically manages the system's triple-redundant processors and memory. The result: The system's redundant architecture is fully taken advantage of by software designed for a standard single-CPU board.
Computer assembly A602 has been designed for deterministic operation and offers extensive BITE features (e.g., ECC error counters for all types of memory, monitoring of all internal voltages), internal buses with error correction and fault-tolerant (fail-operational) implementation. Its three processors run in lockstep mode with 2-out-of-3 voting implemented in FPGA and software-assisted resynchronization, while its triple redundant dynamic memory automatically corrects upsets caused by cosmic radiation (SEU) and hardware faults. The system is powered by redundant local power supplies with separate power supplies for the three CPUs and the three main memory banks.
All I/O is realized in FPGAs (SEU-resistant, developed according to DO-254) and available on the system's rear connectors. Additionally, the A602 offers an RS232 interface at the front panel and two PMC slots: One universal PMC slot with front and rear I/O and a customized slot for an AFDX PMC with rear I/O only. A second A602 can be connected to build a high reliability cluster. The two A602 computer assemblies exchange data via a sextuple UART connection and a BMCX link.