The A602 is a 6U 64-bit VME COTS computer with onboard functional safety that realizes triple redundancy on a single board to achieve fail-operational, fault-tolerant behavior. The board can also act as a fail-silent subsystem, i.e. it can shut down in case of a fatal fault. Its complex FPGA-based design helps dramatically lower software development costs as it automatically manages the system's triple-redundant processors and memory. The result: The system's redundant architecture is fully taken advantage of by software designed for a standard single-CPU board.
The A602 is designed for deterministic operation and offers extensive BITE features (e.g., ECC error counters for all types of memory, monitoring of all internal voltages), internal buses with error correction and fault-tolerant (fail-operational) implementation. Its three processors run in lockstep mode with 2-out-of-3 (2oo3) voting implemented in FPGA and software-assisted resynchronization, while its triple redundant dynamic memory automatically corrects upsets caused by cosmic radiation (SEU) and hardware faults. The system is powered by redundant local power supplies with separate power supplies for the three CPUs and the three main memory ranks.
The A602 has been developed according to DO-254, compliant to DO-160 and certifiable up to DAL-A in avionics applications. Additionally, the product meets the requirements of EN50128/EN50129 and can be deployed in signalling and rolling stock applicationsup to SIL 4. All I/O is realized in SEU-resistant FPGAs and available on the system's rear connectors. Additionally, the A602 offers two PMC slots with rear I/O for PMC1. As an option, the second PMC slot can be customized for an AFDX PMC (rear I/O only). A second A602 can be connected to build a high reliability/availability cluster. The two A602s exchange data via a sextuple UART connection and a BMCX link.
Anmeldung