Artesyn Embedded Technologies has launched one of the first embedded computing systems to use commercial-off-the-shelf (COTS) components to create a fail-safe computing platform designed to be SIL4 certified for a wide range of train control and rail signalling applications.
The ControlSafe Platform enables rail application developers and system integrators to substantially accelerate time-to-market without being deterred by the potentially high costs and risks associated with the stringent SIL4 system development and certification process.
Designed to deliver best-in-class system availability as high as six nines (99.9999%),
Artesyn’s ControlSafe Platform is designed to meet all the functional safety, reliability and availability requirements mandated by rail standards and specifications. Reliability, availability, maintainability and safety (RAMS) processes are designed to be certified to EN50126, all safety-related software to EN50128, and hardware to EN50129.
The platform uses a data lock-step architecture that supports high performance modern processors, and is modular, scalable and designed to seamlessly accommodate additional I/O interfaces as well as upgraded processors that will be required throughout the product life cycle.
“Artesyn’s new ControlSafe Platform leverages 30 years of expertise in developing highly reliable and available embedded computer systems based on open standards,” said Shlomo Pri-Tal, vice president ControlSafe Platforms, Artesyn Embedded Technologies. “With this new launch, we are providing rail industry customers with an unmatched, highly reliable platform with 15 years of planned product life and 25 years of extended support and service. ControlSafe will help to improve our customers’ competitiveness by allowing them to focus their development efforts on differentiating end applications.”
The ControlSafe Platform consists of two redundant ControlSafe Computers (CSCs), each of which delivers fail-safe operation. They are linked by a Safety Relay Box (SRB) that monitors the health of the two CSCs, designates one as active and the other as standby, and controls fail-over operation between the two CSCs to deliver a fail-safe fault tolerant computer system. At the core of each CSC are two identical CPU boards that run in data lock-step mode and implement a two-out-of-two (2oo2) voting mechanism. Proprietary extensions to Wind River’s VxWorks 653 operating system assure loose synchronisation of the two CPUs.
The Artesyn ControlSafe Platform includes I/O modules that provide interface to a range of communication protocols such as CAN, Ethernet, Ethernet Ring, and UART, with additional communication interfaces planned for future releases. All I/O modules have a common architecture based on the same Freescale CPU core and the same Wind River VxWorks 653 operating system, simplifying the software development environment, delivering high performance, energy-efficient processing, and supporting the extended life required by rail equipment.
All I/O modules are accessed over Ethernet allowing a seamless distributed architecture where additional expansion can be contained in a remote chassis. All modules support remote on-line software and firmware upgrade without risk of rendering a system inoperable.