Re: Ariane V update - John McCabe

comp.lang.ada
 help / color / mirror / Atom feed

From: john@assen.demon.co.uk (John McCabe)
Subject: Re: Ariane V update
Date: 1996/06/14
Date: 1996-06-14T00:00:00+00:00	[thread overview]
Message-ID: <834775919.28876.0@assen.demon.co.uk> (raw)
In-Reply-To: 31C04FA1.45D9@lmtas.lmco.com

Ken Garlington <garlingtonke@lmtas.lmco.com> wrote:

<..snip..>

>Hmmm... for most flight control systems, we usually have to have at least
>triplex (or triple-redundant; my experience is to use these terms interchangably), 

This is basically the only place we differ on this (terminology). I
coonsider there to be two distinct methods of increasing reliability
in this manner:

multiplexing:      e.g. duplex, triplex etc. In this case you have
                   more than one unit operating in parallel on the
                   same data, using e.g. a voting mechanism.
redundancy:        is where each unit is essentially 2 or more units
                   (in one box) only one of which is operational at
                   any one time.

Redundancy can then be split into 2 separate cases:

"cold" redundancy: where only 1 of the "sub-units" is powered at any
                   one time - resulting in complicated switching and
                   commanding mecahnisms which take some time to be
                   performed.
"hot" redundancy:  where all "sub-units" are powered but only 1 is
                   operational.

It is therefore quite feasible (although maybe not particularly
practical or useful) for each unit in a multiplexed system to also
have internal redundancy.

<..snip..>

>(Of course, this assumes no simultaneous failures. You know, like a software
>fault in a redundant system with a common mode software error. :)

>I would have thought, given the monetary, safety, etc. effects of a flight control 
>failure on a missile, that the system would be designed to always handle a first 
>failure, which usually implies triplex (triple-redundant) at a minimum.

I agree entirely with this. A triplex (in my terminology) system would
appear to be best type of implementation for a launch vehicle as it is
continually monitoring itself and can therefore respond immediately to
a first failure.

Redundancy (in my terminology) is better suited to a satellite
(instrument) implementation where a fault is less likely to be
unrecoverable, unlike the Ariane-5 failure.

I'll try to find out more about the actual configuration and let you
know if I find anything of use.

Best Regards
John McCabe <john@assen.demon.co.uk>

next prev parent reply	other threads:[~1996-06-14  0:00 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
1996-06-12  0:00 Ariane V update Ken Garlington
1996-06-12  0:00 ` John McCabe
1996-06-13  0:00   ` Ken Garlington
1996-06-14  0:00     ` John McCabe [this message]
  -- strict thread matches above, loose matches on Subject: below --
1997-03-25  0:00 Ken Garlington

replies disabled

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox