Posted by John McHale
AMBLER, Pa. 10 April 2010. MEN Micro Inc. is offering a 6U field programmable gate array (FPGA)-based, triple-redundant D602 CompactPCI (CPCI) single-board computer (SBC) that uses a lock-step architecture to keep software development costs low for mission-critical applications in the avionics and railway markets.
The lock-step architecture provides a redundant computing system that runs the same set of operations in parallel, so the programming only views hardware components once.
Developed according to RTCA DO-254 as a safe computer for controlling the freight load system of the Airbus A400M, the single-slot D602 is now available as an off-the-shelf component. It provides high reliability up to Design Assurance Level (DAL) A (catastrophic) in avionics and up to Safety Integrity Level (SIL) 4 in trains, the most stringent level in each class.
PikeOS from Sysgo and several VxWorks operating systems platforms targeting safety-critical deployments are now available. In addition to the general purpose real-time operating system (RTOS) VxWorks 6.6, Wind River also supplies VxWorks platforms that support safety certifications up to DO-178B and EUROCAE ED-12B Level A, and to DAL-A or IEC 61508 SIL 4. Wind River provides support with board support packages (BSPs) for its safety certification operating systems, VxWorks DO-178B and VxWorks 61508.
The 900 MHz PowerPC 750, the 512 MB main memory and the internal structure of the FPGA are triple redundant. Critical functions, such as voters, implemented as IP cores in the FPGA ensure that at least two of the three redundant components provide the same result to guarantee safety. The system remains completely operational even if one of the three redundant components fails, providing the required availability for highly critical systems.
The new SBC incorporates increased data safety and high-availability features. Additional redundant components include the Flash banks, the PSUs and the clock oscillators as well as the additional ECC protection for the Flash and the FRAM. Diagnosis mechanisms (BITE, e.g. extensive self tests) help detect latent errors before they lead to a system error. For the same purpose, the design is oriented towards strictly deterministic operation avoiding interrupts and DMA.
The D602 provides two PMC slots, one of which is used for an AFDX connection. Both PMC modules are accessible at the front in the standard version, but can be accessed via rear I/O when used in a conductive-cooling system.
Pricing for the D602 starts at $14,193.