top - download
⟦0cf231c72⟧ Wang Wps File
Length: 16995 (0x4263)
Types: Wang Wps File
Notes: Spelunked
Names: »~ORPHAN64.00«
Derivation
└─⟦e53c2fc59⟧ Bits:30006055 8" Wang WCS floppy, CR 0087A
└─ ⟦this⟧ »~ORPHAN64.00«
WangText
T̲A̲B̲L̲E̲ ̲O̲F̲ ̲C̲O̲N̲T̲E̲N̲T̲S̲
4.3 SYSTEM SUPERVISION .................. 157
4.3.1 CAMPS Modes of Operation ......... 157
4.3.1.1 On-Line Operation ............. 158
4.3.1.2 Off-Line Operation ............ 160
4.3.1.3 Watchdog Operation ............ 160
4.3.1.4 Switch-Over ................... 164
4.3.1.4.1 Emergency Switch-Over ..... 164
4.3.1.4.2 Ordered Switch-Over ....... 165
4.3.1.5 Start-Up of CAMPS Modes ....... 165
4.3.1.6 Load of Modified Software ..... 167
4.3.1.6.1 Load of Modified Applica-
tion Software Prepared at
the CSSI ................. 167
4.3.1.7 Detailed Start-Up of On-Line
Operations .................... 168
4.3.1.8 Close Down of CAMPS Modes of
Operation ..................... 168
4.3.2 Equipment Resource Handling ....... 169
4.3.2.1 Dis Equipment ................ 170
4.3.2.1.1 Modes of Operation ........ 170
4.3.2.1.2 Hardware Control .......... 171
4.3.2.1.3 Software Control .......... 173
4.3.2.1.4 Reconfiguration ........... 173
4.3.2.2 TDX-Bus System ............... 173
4.3.2.2.1 Modes of Operation ........ 173
4.3.2.2.2 Hardware Control .......... 174
4.3.2.2.3 Software Control .......... 174
4.3.2.2.4 Reconfiguration ........... 174
4.3.2.3 LTU and Attached Lines ....... 174
4.3.2.3.1 Modes of Operation ........ 174
4.3.2.3.2 Hardware Control .......... 175
4.3.2.3.3 Software Control .......... 176
4.3.2.3.4 Re-configuration .......... 176
4.3.2.4 LTUX and Attached Terminal
Equipment ..................... 176
4.3.2.4.1 Modes of Operation ........ 176
4.3.2.4.2 Hardware Control .......... 176
4.3.2.4.3 Software Control .......... 177
4.3.2.4.4 Re-configuration .......... 177
4.3.3 Watchdog and Manual Supervision
Facilities ........................ 178
4.3.3.1 Watchdog Control .............. 178
4.3.3.2 Watchdg Monitoring ........... 180
4.3.3.3 Manual Fallback ............... 182
4.3 S̲Y̲S̲T̲E̲M̲ ̲S̲U̲P̲E̲R̲V̲I̲S̲I̲O̲N̲
System supervision addresses the monitoring and control
of the CAMPS modes of operation.
The description is separated into three sections:
1) control o CAMPS modes of operation
2) control of peripheral equipment
3) watchdog and manual control and monitoring facilities.
4.3.1 C̲A̲M̲P̲S̲ ̲M̲o̲d̲e̲s̲ ̲o̲f̲ ̲O̲p̲e̲r̲a̲t̲i̲o̲n̲
The CAMPS system supports on-line and off-line operations.
The on-line modes of operationare:
- a dualized mode consisting of an active and a standby
processor.
- a degraded mode consisting of an active processor
unit (PU).
In the degraded mode, the non-active processor is used
for off-line operations:
- software development an test (SD&T) at CSSI site
- table generation (TG) at CSSI site
- maintenance and diagnostics (M&D) at all sites
- off-line utilities (OU) at all sites
- print memory dump
- print trace records
The CAMPS modes of operations are controled software-
and hardware-wise from the watchdog position, which
contains:
- the watchdog (WPD)
- the operator VDU
- the operator printer
4.3.1.1 O̲n̲-̲L̲i̲n̲e̲ ̲O̲p̲e̲r̲a̲t̲i̲o̲n̲
CAMPS on-line operations are supported by either a
dualized PU configuration or by single PU configuration.
The dualized configuration consists of an active PU,
which performs on-line functions and a standby PU,
which is ready to assume on-line functions, when a
switch-over is executed. On an event basis checkpoints
(defininge.g. terminal and traffic status) are transferred
to the standby processor to assure an acceptable level
of data continuity at the time of recovery and restart
during a switch-over. The active processor owns all
disks, terminals, and external chanels, whereas the
standby PU has none. The dualized configuration is
depicted in figure 4.3.1-1 overleaf.
The single PU configuration consists of an active PU,
which operates as the active PU above, except for checkpoint
generation.
Fig. 4.3.1-1…01…D̲u̲a̲l̲i̲z̲e̲d̲ ̲O̲p̲e̲r̲a̲t̲i̲o̲n̲
4.3.1.2 O̲f̲f̲-̲L̲i̲n̲e̲ ̲O̲p̲e̲r̲a̲t̲i̲o̲n̲
In the M&D configuration (refer to figure 4.3.1-2),
the off-line processor may be assigned a number of
devices:
- the off-line disk or the floppy dis for load of
M&D SW
- two LTUXs on the same DTM-X
- one LTU
- the off-line disk or an out of service mirrored
disk
The M&D test programs are operated from the operator
VDU, whereas test output is directed to the operator
printer. M&D programsare residing on the off-line
disk and on the floppy disk.
The OU configuration is assigned the floppy disk or
the off-line disk. OU programs are operated like M&D
Programs.
The SD&T and TG configuration (refer figure 4.3.1-3)
at the developmentsite (CSSI) is assigned VDU and printer
on the IO BUS for control of operation and output of
results.
The SD&T and TG programs are residing on the floppy
disk or on the off-line disk. Modified software (incl.
M&D software) are generated at a flopy disk for transportation
to CAMPS sites.
4.3.1.3 W̲a̲t̲c̲h̲d̲o̲g̲ ̲O̲p̲e̲r̲a̲t̲i̲o̲n̲
The watchdog is an independent processor, which:
- monitors and controls the CAMPS hardware as described
in section 4.3.3.
- determines and executes switch-over, therebyauthority
conflicts between the two processors are avoided.
- provides an operator command interface from the
operator VDU to both PUs, thereby enabling a software
control of all CAMPS modes of operation.
- monitors the active and standby PU by the periodic
reception of a "keep alive" message.
The operator VDU contains a display of the CAMPS system
status.
The operator printer rovides a hard copy facility for
system status print-out (e.g error reports).
Fig. 4.3.1-2…01…D̲e̲g̲r̲a̲d̲e̲d̲ ̲O̲p̲e̲r̲a̲t̲i̲o̲n̲ ̲(̲M̲&̲D̲)̲
Fig. 4.3.1-3…01…D̲e̲g̲r̲a̲d̲e̲d̲ ̲O̲p̲e̲r̲a̲t̲i̲o̲n̲ ̲S̲D̲&̲T̲
4.3.1.4 S̲w̲i̲t̲c̲h̲-̲O̲v̲e̲r̲
During dualized operation, a switch-over to the standby
PU will take place:
- subsequent to a non-recoverable hardware or software
error in the active PU (eergency switch-over).
- subsequent to an operator switch-over command (ordered
switch-over).
The error detection is described in section 4.11.
A switch-over implies, that:
- the active PU is taken off-line by the watchdog.
- the watchdog irects the standby PU to capture all
peripherals and go into a recovery/restart procedure
to restore CAMPS on-line operations.
The active PU normally directs the watchdog to perform
a switch-over, however, the watchdog executes automatically
an eergency switch-over, if:
- no keep alive message is received from the active
PU.
- a non-recoverable hardware error (e.g. power down)
is detected via the configuration control bus (refer
section 4.3.3).
4.3.1.4.1 E̲m̲e̲r̲g̲e̲n̲c̲y̲ ̲S̲w̲i̲t̲c̲h̲-̲O̲v̲e̲r̲
The aulty active PU is electrically disconnected from
its peripherals and the standby PU is commanded to
go active. The standby PU captures all peripherals
and loads and starts the application software. The
recovery actions based upon received checkpints are
defined in section 4.7.
4.3.1.4.2 O̲r̲d̲e̲r̲e̲d̲ ̲S̲w̲i̲t̲c̲h̲-̲O̲v̲e̲r̲
All input/output to/from external lines are stopped,
when a complete message is received/transmitted.
Terminal operators are given a limited time o stop
input. Having completed a transaction (inclusive presentation)
the terminal position is signed off. All remaining
packages are commanded to stop processing and the standby
PU is notified to become active.
4.3.1.5 S̲t̲a̲r̲t̲-̲U̲p̲ ̲o̲f̲ ̲C̲A̲M̲P̲S̲ ̲M̲o̲d̲e̲s̲o̲f̲ ̲O̲p̲e̲r̲a̲t̲i̲o̲n̲
The operator starts all CAMPS modes of operation.
At first, the operator defines an initial hardware
configuration via operator commands directly to the
watchdog:
- enable Pu
- set PU in normal mode
- connect disk to the PU in qestion
- issue master clear
(Refer to section 4.3.3 for a detailed description
of these signals).
Hereby a dialogue to a MIA PROM program executed by
a CPU is set-up and the PU has access to a disk.
The operator specifies a disk drive and th above program
loads a number of segments into RAM and starts execution.
The loaded program performs further loading, which
may be:
- start-up active PU
- start-up standby PU
- start-up M&D in off-line PU
- start-up OU in off-line PU
- startup SD&T in off-line PU
- start-up TG in off-line PU
Overleaf in figure 4.3.1.5-1, the start-up modes of
on-line operations are illustrated. Prior to a start-up,
a memory dump can be performed to the floppy disk or
the off-line disk. Via OU softare, it can later be
disassembled and printed at the operator printer.
Fig. 4.3.1.5-1…01…S̲t̲a̲r̲t̲-̲U̲p̲ ̲o̲f̲ ̲O̲n̲-̲L̲i̲n̲e̲ ̲O̲p̲e̲r̲a̲t̲i̲o̲n̲s̲
4.3.1.6 L̲o̲a̲d̲ ̲o̲f̲ ̲M̲o̲d̲i̲f̲i̲e̲d̲ ̲S̲o̲f̲t̲w̲a̲r̲e̲
4.3.1.6.1 L̲o̲a̲d̲ ̲o̲f̲ ̲M̲o̲d̲i̲f̲i̲e̲d̲ ̲A̲p̲p̲l̲i̲c̲a̲t̲i̲o̲n̲ ̲S̲o̲f̲t̲w̲a̲r̲e̲ ̲P̲r̲e̲p̲a̲r̲e̲d̲
̲a̲t̲ ̲t̲h̲e̲ ̲C̲S̲S̲I̲
At the CSSI site new application software is developed
and tested. On foppy disk packs, the modified application
software is transported to CAMPS sites, where it is
copied to the mirrored disks or the off-line disk.
At a subsequent switch-over or a start-up subsequent
to an ordered close down, the modified applicatio software
can be brought into operation.
4.3.1.7 D̲e̲t̲a̲i̲l̲e̲d̲ ̲S̲t̲a̲r̲t̲-̲U̲p̲ ̲o̲f̲ ̲O̲n̲-̲L̲i̲n̲e̲ ̲O̲p̲e̲r̲a̲t̲i̲o̲n̲s̲
During start-up of on-line operations the CAMPS operating
system (COPSY) is loaded and started at first. COPSY
is the parent of al processes and assigns resources
(e.g. memory, CPU, lines, access, and security rights)
to its children based on a system status table. LTU
and LTUX lines are assigned/deassigned by COPSY, whereas
THP(LTU-lines), TEP (LTUX terminal lines), and TH (LTUX-TRC
lines) opens/closes the lines. During assignment,
the watchdog is commanded to execute physical connection
as described in section 4.3.3.
Processes and procedures are given start-up information,
which defines the type of start-up. Soinitialization
and recovery actions are performed decentralized.
The mapping of recovery requirements to packages are
defined in section 4.7.
A description of disk start-up information is given
in section 5.10.1.2.1.1.
4.3.1.8 C̲l̲o̲s̲e̲-̲D̲o̲w̲n̲ ̲o̲f̲ ̲C̲M̲P̲S̲ ̲M̲o̲d̲e̲s̲ ̲o̲f̲ ̲O̲p̲e̲r̲a̲t̲i̲o̲n̲
The operator can close all CAMPS modes of operation
either ordered or non-ordered.
During a non-ordered close down, the PU in question
is physically isolated (the PU is disabled as described
in section 4.3.3). If the actve PU is closed non-ordered
an emergency switch-over will take place.
During an ordered close down the concerned PU is commanded
to stop execution. Having done so, the PU is disabled.
For the active PU two types of ordered close-down
are handle:
a) C̲l̲o̲s̲e̲-̲d̲o̲w̲n̲ ̲a̲n̲d̲ ̲D̲i̲e̲-̲o̲u̲t̲
All input from external lines are stopped, when
a complete message is received (Handled by THP).
All input from terminals are stopped after a limitedtime
(Handled by TEP).
Hereafter, the system will slowly die out. When
all queues are empty, all processing will be terminated
and the PU disabled.
b) C̲l̲o̲s̲e̲-̲d̲o̲w̲n̲ ̲a̲n̲d̲ ̲S̲a̲v̲e̲ ̲Q̲u̲e̲u̲e̲ ̲I̲n̲f̲o̲r̲m̲a̲t̲i̲o̲n̲
All input/output to/from external lines are stoppe,
when a complete message is received/transmitted
(handled by THP). Terminal operators are given
a limited time to stop all input. Having completed
a transaction (incl. presentation) the terminal
position is signed off. (TEP and SSC actions).
Al remaining packages are commanded to stop execution
and the current queue content are saved on disk
by the CAMPS system function (CSF) package.
4.3.2 E̲q̲u̲i̲p̲m̲e̲n̲t̲ ̲R̲e̲s̲o̲u̲r̲c̲e̲ ̲H̲a̲n̲d̲l̲i̲n̲g̲
This section defines the:
- modes of operation
- hardware andsoftware control
- reconfiguration possibilities
for DISK, TDX-bus system, LTU and LTUX equipment.
The Configuration Table contains a description of all
CAMPS equipment. The SSC in the active PU updates
this table, when:
- operator commands or
- error fix-up procedures
are executed.
Device control is implemented via hardware and software.…86…1
…02… …02… …02… …02…
The hardware control connects a device to either of
the PUs. Also it ensures that active PU activities
will not interfere with off-line PU activities. The
hardware control is imlemented by the SSC, but executed
by the watchdog as described in section 4.3.3.
The software control is handled by the SSC, which defines
access and security rights for the users of the devices.
4.3.2.1 D̲i̲s̲k̲ ̲E̲q̲u̲i̲p̲m̲e̲n̲t̲
4.3.2.1.1 M̲o̲d̲e̲s̲ ̲o̲f̲ ̲O̲p̲r̲a̲t̲i̲o̲n̲
A CAMPS site configuration contains:
- two mirrored disk drives
- one off-line disk drive
- one floppy disk drive
The mirrored disk drives are always assigned to the
active PU, except when a drive is erroneous.
The off-line disk drve may be assigned to either the
active or the off-line PU.
The off-line disk is used in performing the following
active PU functions:
- retrieval of off-loaded messages
- start-up of active operation
- back-up of the system parameter file
-off-loading of messages
- memory dump and trace information storage
- loading of modified application software
and for the following standby PU function:
- start-up of standby operation
and for the following off-line PU functions:
- start-up of off-line operation
- source for memory dump and trace information print-out
- source for load of M&D SW
The mirrored and off-line disks are permanently defined
a start-up time i.e. no interchange between mirrored
and off-line disk drives takes place.
The floppy disk is used as storage for:
- modified application software, which are generated
at the CSSI and loaded at CAMPS sites.
- M&D and OU program.
- memory dump and trace information
4.3.2.1.2 H̲a̲r̲d̲w̲a̲r̲e̲ ̲C̲o̲n̲t̲r̲o̲l̲
The SSC controls via the watchdog whether all DISKs
in common can be accessed from either IO BUS-A or B,
or from both A and B, or from none. Access means that
the PU "take owneship", i.e. executes an IO instruction,
which connects an IO BUS device to the PU issuing the
command. The command has only effect if the IO BUS
in question is not disabled by the watchdog. Via manual
switches in the Channel Unit, it is possible t override
this decision and enable a specific device to be accessed
via either of the IO BUSes.
The use of the manual facility makes it possible to
assign peripherals to the off-line PU and totally shield
the off-line operations from those of theactive PU.
In table 4.3.2.1.2-1 below, the co-operation of the
above facilities are defined.…86…1 …02… …02… …02… …02…
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
Start-up of Start-up f Dualized Off-Line
Active PU Standby PU Operation Operation
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
IO BUS A enable IO BUS A enable IO BUS A enable IO
BUS
A
enable
IO BUS B disable IO BUS B enable IO BUS B diable IO
BUS
B
disable
Manual enable of:
- floppy disk
- off-line disk
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
Assumption: IO Bus A is connected to the active PU
…01…Table 4.3.2.1.2-1…01…I̲O̲ ̲B̲U̲S̲ ̲H̲a̲r̲d̲a̲r̲e̲ ̲C̲o̲n̲n̲e̲c̲t̲i̲o̲n̲s̲
4.3.2.1.3 S̲o̲f̲t̲w̲a̲r̲e̲ ̲C̲o̲n̲t̲r̲o̲l̲
During on-line operation, the assignment/deassignment
of disk drives are performed by the SSC, whereas the
volume handling is split:
- the mirrored ad the floppy disk volumes are controlled
by the SSC via operator commands.
- the off-line disk volumes are controlled by the
TEP (via supervisor commands).
However, during start-up, the PU in question performs
assignment and volume handling.
uring off-line operation, the off-line PU performs
assign/deassign and mount/dismount.
4.3.2.1.4 R̲e̲c̲o̲n̲f̲i̲g̲u̲r̲a̲t̲i̲o̲n̲
A suspected erroneous disk drive may be connected to
the off-line PU. A repaired disk drive can be connected
to the active PU. T
