A602 - Triple-Redundant 6U VME PowerPC Safe Computer

The A602 is a 6U 64-bit VME COTS computer with onboard functional safety that realizes triple redundancy on a single board to achieve fail-operational, fault-tolerant behavior.

Petr Chalupa

Petr Chalupa

Odolné PC, Military, TEMPEST, Doprava +420 251 614 073

Základní informace

Main Features

  • 3x PowerPC 750 (lockstep mode), 3x 512 MB DDR RAM
  • Fail-operational, fault-tolerant behavior
  • Fail-safe and fail-silent board architecture
  • Clustering of two A602 to raise availability
  • Board management, BITE
  • SEU (radiation) tolerant
  • Certifiable up to SIL 4 (with report from TÜV Süd) and DAL-A
  • Developed according to RTCA DO-254, EN 50129 and IEC 61508
  • EN 50155 compliance
  • Up to -40 to +70°C with qualified components
  • Convection or conduction cooling


Technical Data
  • 3x PowerPC 750 CL
    • Scalable performance
    • 1 GHz processor core frequency
    • Superscalar
    • Classic PowerPC FPU, MMU
    • CPU bus to FPGA: 100-MHz/64-bit
  • Lock-step operation
    • All CPUs do the same thing at the same time
    • 2-out-of-3 voting in FPGA with CPU bus clock speed (100MHz)
    • Software-assisted resynchronization
    • No functional interruption in case of an SEU inside the CPU
  • Chipset
    • North- and Southbridge realized in FPGA
  • 2x 32 kB L1 cache, 1MB L2 cache integrated in each CPU
  • 3 independent ranks of 512MB DDR SDRAM system memory, FPGA-controlled
    • 100MHz memory bus frequency (32 bit)
    • Up to 800 MB/s
    • 2-out-of-3 voting in FPGA
    • Scrubbing to prevent accumulation of SEU
    • No functional interruption in case of an SEU inside the memory
  • 2 independent ranks of 256MB Flash, FPGA-controlled
    • Primary and backup Flash ranks contain the same data, auto-selection by boot loader
    • ECC protection
  • 1MB FRAM
    • ECC protection
  • 4KB serial EEPROM for production data (serial number etc.)
  • All I/O realized in FPGA and available at rear I/O
  • Sextuple UART
    • E.g., for communication with other A602
    • Data rates up to 460,800 Baud for each channel
    • Handshake lines: none
  • RS232 UART
    • Also available at front panel
    • Data rates up to 460,800 Baud
    • 2x 256 Byte transmit/receive buffer
    • Handshake lines: none
  • I²C bus
Mezzanine Slots
Two PMC slots
  • 32 bit/33 MHz, 3.3V V(I/O)
  • PMC slot 1 with rear I/O
  • Voltage monitoring
  • Temperature monitoring
  • Watchdog
  • Reset signal control
  • Control of redundant power supplies
  • Sleep mode
    • Lowers power consumption in case of primary power supply interruption
    • Power failure indicated through signals from backplane
    • Supports power interruptions specified in Airbus directive ABD0100.1.9
    • CPUs and memory can be put into sleep mode
  • Redundant clock generation
  • Connection with second A602 possible (with special backplane)
    • Control of shared outputs
    • Exchange of state information
    • BMC and 6x UART link
Local PCI Bus
  • 32-bit/33-MHz, 3.3V V(I/O)
  • Compliant with PCI Specification 2.2
  • TSI148 controller
  • Compliant with VME64, VME64 and 2eSST specification
  • Slot-1 function with auto-detection
  • Master
    • D08(EO):D16:D32:D64:A16:A24:A32:ADO:BLT:RMW
  • 1MB shared fast SRAM
  • Mailbox functionality
  • Single level 3 fair requester
  • Single level 3 arbiter
  • Bus timer
  • Location Monitor
  • Performance
    • Coupled read/write D32 non-block transfer rate 6.5 MB/s
Electrical Specifications
  • Dual power input from VMEbus, uninterrupted (EN50155, Class S1)
    • +5V (-3%/+5%)
    • +3.3V (-5%/+5%) optional
    • Standard backplane supplies both input rails with power
    • Continued operation if one power input fails (or is not present)
    • Separate power supplies for the three CPUs and the three main memory ranks
  • Supply voltage/power consumption:
    • 33W (39W when 3.3V are not supplied)
    • 6 W (optional +3.3V supply)
Mechanical Specifications
  • Dimensions: standard double Eurocard, 233.3mm x 160mm
  • Weight (without mezzanines and accessories): 548g
Environmental Specifications
  • Temperature range (operation):
    • 1-slot models: -40..+55°C (qualified components), temperature classes T1, T2, and TX inside buildings, or in containers with temperature control for signalling equipment, according to EN 50125-3, table 2
    • 2-slot models: -40..+70°C (qualified components), temperature classes T1, T2, and T3 for equipment onboard rolling stock, according to EN 50125-1, table 2
    • Airflow: min. 2 m/s
  • Temperature range (storage): -40..+85°C
  • Relative humidity (operation): max. 95% non-condensing
  • Relative humidity (storage): max. 95% non-condensing
  • Altitude: -300m to +2,000m (EN50124, Class AX)
  • Compliant to EN50125-1, meeting requirements of EN61373, Cat. 1, Class B and Classes GTX, GL3 for rolling stock
    • Shock: 50 m/s², 30 ms (EN 61373)
    • Vibration (function): 1 m/s², 5 Hz - 150 Hz (EN 61373)
    • Vibration (lifetime): 7.9 m/s², 5 Hz - 150 Hz (EN 61373)
  • For signalling equipment, a distance of 3m from the track bed is required
  • Protection class IP00 (EN50124, Category PD1)
  • Conformal coating on request
  • All components soldered
  • 270 311 h @ 40°C according to IEC/TR 62380 (RDF 2000)
  • 424 061 h for continuous operation @ 25°C according to IEC/TR 62380 (RDF 2000)
  • Erroneous behavior of CPU/memory subsystem < 1E-8/h
    • Considering hardware failures and worst-case SEU environment
  • PCB manufactured with a flammability rating of 94V-0 by UL recognized manufacturers
EMC Conformity
  • EN55011 (radiated emission disturbances - rolling stock)
  • EN 61000-6-4 (radiated emission disturbances - signalling equipment)
  • EN 61000-4-3 (electromagnetic field immunity)
  • EN61000-4-2 (electrostatic discharge immunity)
  • EN61000-4-8 (power - frequency magnetic field)
  • EN61000-4-9 (pulsed magnetic field)
Software Support
  • VxWorks, VxWorks/Cert
  • PikeOS

Blokové schéma

MEN A602 - PowerPC Safe Computer


Ke stažení


Hledáte technologického partnera? Neváhejte se na nás obrátit.

šipka nahoru