Dual Channel Fault Tolerant System – “No One Fault”

In the dual channel fault tolerant system the power supplies, CPUs, field wiring, annunciation facilities, instrumentation and equipment conveying the commands to the field based modules, are duplicated. In effect two electrically separated systems, each capable of performing the control task are connected to the final control modules in the field.

By means of software and duplicated hardware, a sequence recovery from a fault can be achieved by activation of the second alternative channel which will execute an "assume command.... roll back, roll forward" or "change strategy" operation.

Although designed such that "no one fault" can prevent completion of the task, our system can negotiate multiple none related faults as demonstrated in the graphic to the right.

Rapid and detailed fault handling is a key feature of the system. Several layers of passive and active fault detection protect the functionality of the control system and the field modules. Any fault or change of status is immediately texted to personnel and displayed on local operator panels and wireless tablets ( Optional ).