top - download
⟦1fb5fda6c⟧ Wang Wps File
Length: 45299 (0xb0f3)
Types: Wang Wps File
Notes: CPS/210/SYS/0001
Names: »0597A «
Derivation
└─⟦69f081490⟧ Bits:30006004 8" Wang WCS floppy, CR 0039A
└─ ⟦this⟧ »0597A «
WangText
…0a……00……00……00……00…C…02……00……00…C
:…0b…:…00…:…05…9…0b…9…00…9…05…8…0a…8…0f…8…01…8…06…7…0b…7…01…7 6…08…6…86…1 …02… …02… …02…
…02…CPS/210/SYS/0001
…02…831219…02……02…
CAMPS SYSTEM REQUIREMENTS
…02…ISSUE 3.14…02…CAMPS
T̲A̲B̲L̲E̲ ̲O̲F̲ ̲C̲O̲N̲T̲E̲N̲T̲S̲
S̲e̲c̲t̲i̲o̲n̲ ̲3̲.̲2̲.̲5̲
…02……02……02…3.2.5 Logging .............................. 180
…02……02……02……02…3.2.5.1 Categories of Transactions to be
Logged ...........................
180
…02……02……02……02…3.2.5.2 Logging Events ................... 180
…02……02……02……02…3.2.5.3 Storage of Log Records............ 181
…02……02……02……02…3.2.5.4 Print of Log Records.............. 181
…02……02……02……02…3.2.5.5 Tracing (Computer Analysis) of
Log Information ..................
181
…02……02……02……02…3.2.5.6 Definition of Specific Log Records 182
…02……02……02……02……02…3.2.5.6.1 Log Records Relating to In-
coming Messages...............
182
3.2.5.6.1.1 Log Records Related to
incoming NICS-TARE/TRC/
Point to Point connec-
tion Messages ............
182
3.5.2.6.1.1.1 Valid Messages .......
182
3.4.2.6.1.1.2 Invalid Messages .....
183
3.5.2.6.1.1.3 Automatically Deleted
Messages .............
184
3.2.5.6.1.2 Log Records Relating to
Incoming ACE CCIS Messa-
ges ......................
184
3.2.5.6.1.3 Log Records Relating to
Incoming SCARS II Messa-
ges ......................
184
…02……02……02……02……02…3.2.5.6.2 Log Records Relating to outgo-
ing Messages .................
185
3.2.5.6.2.1 NICS-TARE/TRC/Point to
Point connection
Messages .................
185
3.2.5.6.2.2 Log Records Relating to
Outgoing ACE CCIS Messages
185
3.2.5.6.2.3 Log Records Relating to
outgoing SCARS II Messages
185
…02……02……02……02……02…3.2.5.6.3 Channel Discontinuity......... 186
3.2.5.6.3.1 NICS-TARE/TRC/Point to
Point connection Channel
Discontinuity.............
186
3.2.5.6.3.2 Log Records Relating to
ACE CCIS Channels
Discontinuity ............
186
3.2.5.6.3.3 Log Records Relating to
SCARS II Channel Discon-
tinuity ..................
186
…02……02……02……02……02…3.2.5.6.4 Terminal Procedures........... 187
3.2.5.6.4.1 Denotation of Log Fields
Contents .................
187
3.2.5.6.4.2 Log of User Transactions .
187
3.2.5.6.4.3 Log of Security Procedures
188
3.2.5.6.4.4 Log of Automatically
Deleted Comments/
Notifications ............
189
3.2.5.6.4.5 Log of Printer, PTP and
OCR Transactions .........
189
…02……02……02……02……02…3.2.5.6.5 Message Distribution Control.. 190
…02……02……02……02……02…3.2.5.6.6 Message Service............... 190
…02……02……02……02……02…3.2.5.6.7 Supervisor Transactions ...... 190
3.2.5…02…L̲o̲g̲g̲i̲n̲g̲
The system shall maintain a log for all transactions,
including those terminated before completion.
3.2.5.1…02…C̲a̲t̲e̲g̲o̲r̲i̲e̲s̲ ̲o̲f̲ ̲t̲r̲a̲n̲s̲a̲c̲t̲i̲o̲n̲s̲ ̲t̲o̲ ̲b̲e̲ ̲l̲o̲g̲g̲e̲d̲
A log shall be maintained with respect to:
a) external transactions related to:
1) incoming messages
2) outgoing messages
3) channel discontinuity.
b) internal transactions related to:
1) terminal procedures (refer to section 3.2.3).
2) message distribution control
3) message servicing
4) dedicated supervisory commands.
3.2.5.2…02…L̲o̲g̲g̲i̲n̲g̲ ̲E̲v̲e̲n̲t̲s̲
The log shall consist of records generated at specific
events during a transaction i.e.
a) time of initiation and/or
b) time of termination, including premature completion
caused by:
1) cancel
2) suspend
3) time out
4) unsuccessful security interrogation.
The log records defined by the above events are in
the following referred to as initial respective final
log record.
3.2.5.3…02…S̲t̲o̲r̲a̲g̲e̲ ̲o̲f̲ ̲L̲o̲g̲ ̲R̲e̲c̲o̲r̲d̲s̲
…02…a) Log records will be stored on-line and off-line as
specified for messages in 3.4.1.3.1 and 3.4.1.4.1.
…02…b) Log records shall at least be stored, when 30 seconds
have elapsed or 5 records are collected, whichever
occurs first.
3.2.5.4…02…P̲r̲i̲n̲t̲ ̲o̲f̲ ̲L̲o̲g̲ ̲R̲e̲c̲o̲r̲d̲s̲
a) Log records.
1) The stored log records will be queued periodically
for printing at the supervisor printer and
on request from the supervisor.
…02…2) Log records shall be printed in a way facilitating
a visual separation of those entries referring
to internal transactions and those referring to
external transactions.
3) Each printed log record shall be preceded by
a log record identification, i.e. a format,
a device or a function identifying what the
log record refers to. Each field in the log
entry shall be separated by one or more spaces.
…02…b) Log records retrieved during computer analysis of the
log storage (refer to section 3.2.5.5) shall be printed
at the printer assigned supervisor print.
3.2.5.5…02…T̲r̲a̲c̲i̲n̲g̲ ̲(̲C̲o̲m̲p̲u̲t̲e̲r̲ ̲A̲n̲a̲l̲y̲s̲i̲s̲)̲ ̲o̲f̲ ̲L̲o̲g̲ ̲I̲n̲f̲o̲r̲m̲a̲t̲i̲o̲n̲.̲
The log records stored may be retrieved by the supervisor
with respect to:
…02…a) a specific channel. The retrieval key is time interval
and a parameter defining:
1) incoming messages
2) outgoing messages
3) channel discontinuity
…02…b) a specific terminal.
…02… The retrieval key is time interval and a parameter
defining:
1) terminal procedures
2) message distribution control
3) message service
4) supervisor transactions
5) security procedures
…02…c) The retrieval is executed in such a way that no significant
performance reduction occurs.
3.2.5.6 D̲e̲f̲i̲n̲i̲t̲i̲o̲n̲ ̲o̲f̲ ̲S̲p̲e̲c̲i̲f̲i̲c̲ ̲L̲o̲g̲ ̲R̲e̲c̲o̲r̲d̲s̲
This section defines the logging events and the corresponding
log records contents.
3.2.5.6.1…02…L̲o̲g̲ ̲R̲e̲c̲o̲r̲d̲s̲ ̲R̲e̲l̲a̲t̲i̲n̲g̲ ̲t̲o̲ ̲I̲n̲c̲o̲m̲i̲n̲g̲ ̲M̲e̲s̲s̲a̲g̲e̲s̲
3.2.5.6.1.1 L̲o̲g̲ ̲R̲e̲c̲o̲r̲d̲s̲ ̲R̲e̲l̲a̲t̲e̲d̲ ̲t̲o̲ ̲I̲n̲c̲o̲m̲i̲n̲g̲ ̲N̲I̲C̲S̲ ̲T̲A̲R̲E̲/̲T̲R̲C̲/̲P̲o̲i̲n̲t̲
̲t̲o̲
P̲o̲i̲n̲t̲ ̲C̲o̲n̲n̲e̲c̲t̲i̲o̲n̲/̲P̲T̲R̲ ̲M̲e̲s̲s̲a̲g̲e̲s̲
3.2.5.6.1.1.1 V̲a̲l̲i̲d̲ ̲M̲e̲s̲s̲a̲g̲e̲s̲
A log record for each valid incoming NICS TARE/TRC/Point
to Point connection message is created when the message
is stored and analyzed.
…02…a) The log record contains:
…02… 1) ACP127 message format line 1-4 extract as defined
in b) below
…02… 2) Time of reception of the end-of-message.
3) Message type identifying the message as incoming.
4) Item Reference Identity giving the CAMPS internal
reference id of the message.
…02… 5) The SIC's determined by analysis of "line 12b"
of the message as defined in the ACP 127 format.
…02…b) ACP 127 Message format line 1-4 extract used in logging.
An indicator for the following items is where applicable
extracted from an ACP 127 message and inserted in the
corresponding log record:
…02… 1) format line 1 extract, which contains:
1.1) channel (station) designator
1.2) transmission serial No.
…02… 2) Format line 2 extract:
…02… 2.1) precedence of message
…02… 3) Format line 3 extract:
…02… 3.1) calling station (routing indicator)
…02… 3.2) station serial No.
…02… 3.3) filing time
…02…4) Format line 4 extract:
…02… 4.1) classification (security warning)
…02… 4.2) special handling category.
3.2.5.6.1.1.2 I̲n̲v̲a̲l̲i̲d̲ ̲M̲e̲s̲s̲a̲g̲e̲s̲
A log record with respect to incoming NICS TARE/TRC/Point
to Point connection messages is defined at the time
it is sent for message service.
The log record contains:
a) ACP127 message format line 1 - 4 extract as defined
in 3.2.5.6.1.1.1 b).
b) Same entries as described in 3.2.5.6.1.1.1 a).
c) If not available in the ACP127 messages:
Expected transmission serial no.
…02…d) A code indicating the reason for requesting message
service.
3.2.5.6.1.1.3 A̲u̲t̲o̲m̲a̲t̲i̲c̲a̲l̲l̲y̲ ̲D̲e̲l̲e̲t̲e̲d̲ ̲M̲e̲s̲s̲a̲g̲e̲s̲
For messages, which are automatically deleted i.e.
COSMIC TOP SECRET and ATOMAL the following record is
used per message deleted:
a) Channel designator
b) Transmission serial number
c) Message type
d) The time of deletion
e) Item reference identification
3.2.5.6.1.2 L̲o̲g̲ ̲R̲e̲c̲o̲r̲d̲s̲ ̲R̲e̲l̲a̲t̲i̲n̲g̲ ̲t̲o̲ ̲I̲n̲c̲o̲m̲i̲n̲g̲ ̲A̲C̲E̲ ̲C̲C̲I̲S̲ ̲M̲e̲s̲s̲a̲g̲e̲s̲.̲
A Log record is created and stored for each message,
comment, and VDU display recieved from the ACE CCIS.
The contents of log the record is as follows
a) E1 modified format line B, C, and D1 extract
b) Time of end-of-reception
c) Message and E1 modified transaction types
d) Item reference identity
For invalid CCIS messages the log record will contain
the available parameters of the above listed.
3.2.5.6.1.3 L̲o̲g̲ ̲R̲e̲c̲o̲r̲d̲s̲ ̲R̲e̲l̲a̲t̲i̲n̲g̲ ̲t̲o̲ ̲I̲n̲c̲o̲m̲i̲n̲g̲ ̲S̲C̲A̲R̲S̲ ̲I̲I̲ ̲M̲e̲s̲s̲a̲g̲e̲s̲.̲
Same as for ACE CCIS messages, refer section 3.2.5.6.1.2.
3.2.5.6.2 L̲o̲g̲ ̲R̲e̲c̲o̲r̲d̲s̲ ̲R̲e̲l̲a̲t̲i̲n̲g̲ ̲t̲o̲ ̲O̲u̲t̲g̲o̲i̲n̲g̲ ̲M̲e̲s̲s̲a̲g̲e̲s̲.
3.2.5.6.2.1 N̲I̲C̲S̲ ̲T̲A̲R̲E̲/̲T̲R̲C̲/̲P̲o̲i̲n̲t̲-̲t̲o̲-̲P̲o̲i̲n̲t̲ ̲C̲o̲n̲n̲e̲c̲t̲i̲o̲n̲/̲P̲T̲P̲ ̲M̲e̲s̲s̲a̲g̲e̲s̲
a) A log record with respect to each outgoing NICS
TARE/TRC/Point-to-Point connnection message is
defined, when the message transmission is terminated.
b) The above log record contains:
1) ACP127 message line 1-4 extract as defined
in 3.2.5.6.1.1.1(b), however for messages punched
the device designator and serial number are
logged instead of channel designator and transmission
serial number.
2) Time of end-of-transmission.
3) Message type indicating an outgoing message.
4) Item reference identity.
5) The SICs derived from FL 12b.
c) A̲u̲t̲o̲m̲a̲t̲i̲c̲a̲l̲l̲y̲ ̲D̲e̲l̲e̲t̲e̲d̲ ̲M̲e̲s̲s̲a̲g̲e̲s̲
Log records are generated on deletion of CTS/ATOMAL
messages.
The log records contain:
1) Message type
2) The time of deletion
3) Item reference identification
4) Calling station
5) Station serial number
6) Filing time
3.2.5.6.2.2 L̲o̲g̲ ̲R̲e̲c̲o̲r̲d̲s̲ ̲R̲e̲l̲a̲t̲i̲n̲g̲ ̲t̲o̲ ̲O̲u̲t̲g̲o̲i̲n̲g̲ ̲A̲C̲E̲ ̲C̲C̲I̲S̲ ̲M̲e̲s̲s̲a̲g̲e̲s̲
A log record is created and stored for each message,
comment and VDU display transmitted to the ACE
CCIS.
The contents of log the record is as follows
a) E1 modified format line B, C, and D1 extract
b) Time of end-of-transmission
c) Message and E1 modified transaction types
d) Item reference identity
3.2.5.6.2.3 L̲o̲g̲ ̲R̲e̲c̲o̲r̲d̲s̲ ̲R̲e̲l̲a̲t̲i̲n̲g̲ ̲t̲o̲ ̲O̲u̲t̲g̲o̲i̲n̲g̲ ̲S̲C̲A̲R̲S̲ ̲I̲I̲ ̲M̲e̲s̲s̲a̲g̲e̲s̲
Same as for ACE CCIS messages, refer section 3.2.5.6.2.2.
3.2.5.6.3 C̲h̲a̲n̲n̲e̲l̲ ̲D̲i̲s̲c̲o̲n̲t̲i̲n̲u̲i̲t̲y̲
3.2.5.6.3.1 N̲I̲C̲S̲ ̲T̲A̲R̲E̲/̲T̲R̲C̲/̲P̲o̲i̲n̲t̲-̲t̲o̲-̲P̲o̲i̲n̲t̲ ̲C̲o̲n̲n̲e̲c̲t̲i̲o̲n̲ ̲C̲h̲a̲n̲n̲e̲l̲
̲D̲i̲s̲c̲o̲n̲t̲i̲n̲u̲i̲t̲y̲
The external channel accounting with respect to NICS
TARE/TRC/Point-to-Point connection messages shall result
in a log record in case of the following events:
a) Discontinuity of incoming message traffic as detected
from improper serial number sequence.
…02…b) Missing transmission serial number of incoming traffic.
The log record contains the following information.
1) Expected transmission serial number
2) Channel designator
3) Actual Transmission serial number. If missing
insert 0000.
4) Time of event
5) Message type identifying channel discontinuity
3.2.5.6.3.2 L̲o̲g̲ ̲R̲e̲c̲o̲r̲d̲s̲ ̲R̲e̲l̲a̲t̲i̲n̲g̲ ̲t̲o̲ ̲A̲C̲E̲ ̲C̲C̲I̲S̲ ̲C̲h̲a̲n̲n̲e̲l̲ ̲D̲i̲s̲c̲o̲n̲t̲i̲n̲u̲i̲t̲y̲
A Log record is created and stored for each discontinuity
of the channel traffic to/from ACE CCIS. The contents
of the record is as listed in 3.2.5.6.3.1, if applicable.
3.2.5.6.3.3 L̲o̲g̲ ̲R̲e̲c̲o̲r̲d̲s̲ ̲R̲e̲l̲e̲a̲t̲i̲n̲g̲ ̲t̲o̲ ̲S̲C̲A̲R̲S̲ ̲I̲I̲ ̲C̲h̲a̲n̲n̲e̲l̲ ̲D̲i̲s̲c̲o̲n̲t̲i̲n̲u̲i̲t̲y̲
Same as for ACE CCIS channel discontinuity, refer
to section 3.2.5.6.3.2.
3.2.5.6.4 T̲e̲r̲m̲i̲n̲a̲l̲ ̲P̲r̲o̲c̲e̲d̲u̲r̲e̲s̲
This section defines the log records to be created
for transactions on:
- the VDU:
- User transactions
- Security transactions
- the printer, the PTP and the OCR.
For each transaction, the associated format and the
exact contents of the log record is given.
The denotation of the indicated field designators is
described in section 3.2.5.6.4.1. If a field content
denotes something special for a specific transaction
this is listed immediately after the description of
the log records for each type of VDU transaction.
3.2.5.6.4.1 D̲e̲n̲o̲t̲a̲t̲i̲o̲n̲ ̲o̲f̲ ̲L̲o̲g̲ ̲F̲i̲e̲l̲d̲ ̲C̲o̲n̲t̲e̲n̲t̲s̲ ̲-̲ ̲G̲e̲n̲e̲r̲a̲l̲
Terminal Designator: 3 alpha characters
identifying the terminal.
Transaction Serial No.: 3 digit number, incremented
by one for each new
transaction.
Format id.: Identification of
the format being used.
Log time: Time of the log event
itself.
Item ref. id.: Identification of
the created/accessed
item.
Exit cause: A code indicating,
what caused the transaction
(use of format) to
terminate.
Classification: Classification of
the created/accessed
item.
Special handling cat.: Security related special
handling category
of the created/accessed
item.
Start time of transaction: The time at which
the transaction was
initiated.
Month + day: Month and day of month
at which a retrieved/appended
item was stored.
Decision code: A code indicating,
which decision a release
officer took with
respect to a message
sent for release.
Initial: Indicates that a log
record shall be made
when the transaction
is initiated.
Final: Indicates that a log
record shall be made
when the transaction
is completed.
3.2.5.6.4.2 L̲o̲g̲ ̲o̲f̲ ̲U̲s̲e̲r̲ ̲T̲r̲a̲n̲s̲a̲c̲t̲i̲o̲n̲s̲
The contents of log records for user transactions are
defined in table 3.2.5.6.4-1. Following descriptive
notes are given:
1) Format M: The second "Item ref. id" identifies
the
stored predefined message used for
preparation of the item identified by
the
first "Item ref. id" listed. (Predefined
message number).
2) Format O: Trans. ser no. is identical to that
of the
transaction from which the append is
requested, i.e. from the corresponding
format A or C1.
Both an initial and a final log record
will be generated.
3) Format H: The message/catalog requested to be
retrieved will be subject to both an
initial and a final log.
4) Format D: First "item ref. id" refers to the message
itself, i.e. the message for which release
is requested.
If the release officer did make a release
decision the
- second "Item ref. id" refers to the
release notification (format F)
- the decision code indicates the
decision taken, i.e. release, defer,
reject.
5) Format F: The first "Item ref. id" refers to the
message to which the release notification
is related.
Second "Item ref. id" refers to the
release
notification itself.
6) Dummy: This log record will be generated if
a
request format has been used, and the
transaction has been aborted.
Format id: Indicates the request format.
3.2.5.6.4.3 L̲o̲g̲ ̲o̲f̲ ̲S̲e̲c̲u̲r̲i̲t̲y̲ ̲P̲r̲o̲c̲e̲d̲u̲r̲e̲s̲
Invocation of security procedures, format K1, K2, I1,
and I2 shall result in a final log record with the
following information fields:
a) Terminal designator
b) Transaction serial number. For format I1 and I2
transaction serial numbers to which the interrogation/warning
is related.
c) Format identification.
d) Log time.
e) Exit cause.
f) Start time of transaction. Not applicable for
format K2.
g) User identification is only applicable for format
K1 and I1. This field will be empty if the security
interrogation is unsuccessful.
3.2.5.6.4.4 L̲o̲g̲ ̲o̲f̲ ̲A̲u̲t̲o̲m̲a̲t̲i̲c̲a̲l̲l̲y̲ ̲D̲e̲l̲e̲t̲e̲d̲ ̲C̲o̲m̲m̲e̲n̲t̲s̲/̲N̲o̲t̲i̲f̲i̲c̲a̲t̲i̲o̲n̲s̲
Log records are generated on deletion of CTS/ATOMAL
comments or notifications. The log record contains:
a) A code identifying whether it is a comment or a
notification.
b) The time of deletion.
c) Item reference identification.
d) Terminal designator.
e) The time when the comments/notification was sent.
3.2.5.6.4.5 L̲o̲g̲ ̲o̲f̲ ̲P̲r̲i̲n̲t̲e̲r̲ ̲a̲n̲d̲ ̲O̲C̲R̲ ̲T̲r̲a̲n̲s̲a̲c̲t̲i̲o̲n̲s̲
The use of a printer or an OCR shall result in a final
log record with the following information fields:
a) Device designator
b) Transaction serial number
c) Format identification
d) Log time
e) Item reference identification
f) Exit cause
g) Classification
h) Special handling category
i) Start time of transaction
j) System print control number, only applicable for
printer.
3.2.5.6.5 M̲e̲s̲s̲a̲g̲e̲ ̲D̲i̲s̲t̲r̲i̲b̲u̲t̲i̲o̲n̲ ̲C̲o̲n̲t̲r̲o̲l̲
The supervisor's use of message distribution control
procedures shall result in a final log record with
the following information:
a) Terminal designator
b) Transaction serial number
c) Item reference identity
d) Format identification
e) Month and day, only applicable for retrieval
f) A code indicating the reason for diversion.
g) Log time
h) Exit cause
i) Start time of transaction
3.2.5.6.6 M̲e̲s̲s̲a̲g̲e̲ ̲S̲e̲r̲v̲i̲c̲e̲
The supervisor's use of message service procedures
shall result in a final log record with the information
defined in section 3.2.5.6.5.
3.2.5.6.7 S̲u̲p̲e̲r̲v̲i̲s̲o̲r̲ ̲T̲r̲a̲n̲s̲a̲c̲t̲i̲o̲n̲s̲
The supervisor's use of transactions shall result in
a final log record with the information defined in
section 3.2.5.6.5 except for the code indicating the
reason for diversion.
Table 3.2.5.6.4-1…01…Log of VDU User Transactions
T̲A̲B̲L̲E̲ ̲O̲F̲ ̲C̲O̲N̲T̲E̲N̲T̲S̲…01…S̲e̲c̲t̲i̲o̲n̲ ̲3̲.̲2̲.̲6̲
3.2.6 Statistical Requirements .............
192
3.2.6.1 Statistical Data on Messages .....
192
3.2.6.1.1 Incoming Messages ............
192
3.2.6.1.2 Outgoing Messages ............
193
3.2.6.1.3 Rejected Messages ............
193
3.2.6.2 Storage Occupancy ................
193
3.2.6.3 Channel Availability and Occupancy
194
3.2.6.4 Message Distribution .............
195
3.2.6.5 Use of Message Formats ...........
195
3.2.6.5.1 Formats A, C1, G1, M, O ......
196
3.2.6.5.2 Formats B, D, F, G2, H, I, N
P1, P2, Q, ...................
196
3.2.6.6 Statistics Printout ..............
196
3.2.6.6.1 Daily Statistics Contents ....
196
3.2.6.6.2 Weekly Statistics Contents ...
196
3.2.6.6.3 Monthly Statistics Contents ..
196
3.2.6 S̲t̲a̲t̲i̲s̲t̲i̲c̲a̲l̲ ̲R̲e̲q̲u̲i̲r̲e̲m̲e̲n̲t̲s̲
Statistics recorded and maintained by the system as
specified in the subsections of this section shall
be queued for print out at the supervisors printer
assigned statistics print each day at 24.00 hour, if
not otherwise specified in the proper subsection.
3.2.6.1 S̲t̲a̲t̲i̲s̲t̲i̲c̲a̲l̲ ̲D̲a̲t̲a̲ ̲o̲n̲ ̲M̲e̲s̲s̲a̲g̲e̲s̲
3.2.6.1.1 I̲n̲c̲o̲m̲i̲n̲g̲ ̲M̲e̲s̲s̲a̲g̲e̲s̲
The information shall be recorded for each incoming
channel and a statistics maintained for the
- current day for each complete hour from 0001 hours
to 2400 hours
- previous days, upto 7, from a predefined starting
day
- previous weeks, upto 4, with starting day defined
as above
- previous month, with starting day as defined above.
A month is 4 complete weeks
The following information shall be recorded:
a) Total number of messages received
b) Average length of messages in characters (from
start of transmission indicator to end of transmission
function).
c) Number of messages received by each precedence
level.
d) Number of messages received by each security classification
category.
e) Number of messages received for each special handling
category.
3.2.6.1.2 O̲u̲t̲g̲o̲i̲n̲g̲ ̲M̲e̲s̲s̲a̲g̲e̲s̲
Statistics concerning transmitted messages shall be
compiled on the same channel and time basis as for
incoming messages and contain the same information
categories.
3.2.6.1.3 R̲e̲j̲e̲c̲t̲e̲d̲ ̲M̲e̲s̲s̲a̲g̲e̲s̲
The system shall maintain the following statistics
concerning incoming messages which were rejected for
manual editing when input to the system for automatic
processing; they shall be compiled on the same channel
and time criteria as in 3.2.6.1.1. The statistic shall
be maintained for:
- Total number of rejected messages
3.2.6.2 S̲t̲o̲r̲a̲g̲e̲ ̲O̲c̲c̲u̲p̲a̲n̲c̲y̲
The system shall record hourly the "storage occupancy"
with respect to messages being processed. The occupancy
shall be defined as a percentage of used sectors out
of total number for use.
The occupancy is maintained as specified in 3.2.6.1.1.
The areas in question are:
- short term storage
- intermediate storage
Storage occupancy shall be recorded periodically and
shall be printed on request. The print-out shall be
at the supervisor printer assigned statistics print.
3.2.6.3 C̲h̲a̲n̲n̲e̲l̲ ̲A̲v̲a̲i̲l̲a̲b̲i̲l̲i̲t̲y̲ ̲a̲n̲d̲ ̲O̲c̲c̲u̲p̲a̲n̲c̲y̲
The system shall maintain a record of "channel status
(open/closed)" to calculate the actual availability.
The availability shall be recorded and maintained
as specified in section 3.2.6.1.1
The channel occupancy with traffic shall be calculated
as a percentage of the availability based on the traffic
information collected in 3.2.6.1.1 and 3.2.6.1.2 and
with the same time criteria as the availability.
3.2.6.4 M̲e̲s̲s̲a̲g̲e̲ ̲D̲i̲s̲t̲r̲i̲b̲u̲t̲i̲o̲n̲
The system shall maintain a record of message distribution
information for
incoming messages:
- total system
- each distribution terminal separately
and for information copies of outgoing messages:
- total system
- each distribution terminal separately
The record shall contain
a) Number of messages delivered
b) Average and maximum length of a message
c) Distribution by classification
d) Distribution by special handling category
e) Distribution by precedence and with respect to
the total values only
f) The average and maximum number of terminals included
in the distribution
g) The number of messages requiring assistance.
The statistic shall be based on the time criteria of
3.2.6.1.1.
3.2.6.5 U̲s̲e̲ ̲o̲f̲ ̲M̲e̲s̲s̲a̲g̲e̲ ̲F̲o̲r̲m̲a̲t̲s̲
The system shall record the information below based
on the time criteria of 3.2.6.1.1.
Formats associated with CAMPS/CCIS and CAMPS/SCARS
interface shall also be treated in the same manner.
3.2.6.5.1 F̲o̲r̲m̲a̲t̲s̲ ̲A̲,̲ ̲C̲1̲,̲ ̲G̲1̲,̲ ̲M̲,̲ ̲O̲
Statistics shall be compiled for each format for
- total system
- each terminal
as follows:
a) Number of times the format has been used
b) The average and maximum duration of use
c) Distribution by security classification category
d) Distribution by precedence level
3.2.6.5.2 F̲o̲r̲m̲a̲t̲s̲ ̲B̲,̲ ̲D̲,̲ ̲F̲,̲ ̲G̲2̲,̲ ̲H̲,̲ ̲I̲,̲ ̲N̲,̲ ̲P̲1̲,̲ ̲P̲2̲,̲ ̲Q̲,̲ ̲R̲
Statistics shall be compiled for each format for
- total system
- each terminal
of the number of times the format has been used.
3.2.6.6 S̲t̲a̲t̲i̲s̲t̲i̲c̲s̲ ̲P̲r̲i̲n̲t̲-̲O̲u̲t̲
The statistics queued each day at 24.00 hour for print
out at the supervisor's printer assigned statistics
print consists of 1 out of 3 components:
- daily statistics
- weekly statistics
- monthly statistics
During the week, daily statistics are queued for print,
at the end of a 7 day period the weekly statistics
are queued and at the end of a 4 week period the monthly
statistics are queued.
3.2.6.6.1 D̲a̲i̲l̲y̲ ̲S̲t̲a̲t̲i̲s̲t̲i̲c̲s̲ ̲C̲o̲n̲t̲e̲n̲t̲s̲
Contents of day statistics are
- 24 one hourly statistics
- 1 daily statistics
- 1 previous daily statistics
3.2.6.6.2 W̲e̲e̲k̲l̲y̲ ̲S̲t̲a̲t̲i̲s̲t̲i̲c̲s̲ ̲C̲o̲n̲t̲e̲n̲t̲s̲
Plus the day statistics as listed above, the following
information are included:
- 7 one daily statistics
- 1 weekly statistics
- 1 previous weekly statistics
3.2.6.6.3 M̲o̲n̲t̲h̲l̲y̲ ̲S̲t̲a̲t̲i̲s̲t̲i̲c̲s̲ ̲C̲o̲n̲t̲e̲n̲t̲s̲
Plus the daily and weekly statistics as listed above
the following information are included:
- 4 one weekly statistics
- 1 monthly statistics
- 1 previous monthly statistics
T̲A̲B̲L̲E̲ ̲O̲F̲ ̲C̲O̲N̲T̲E̲N̲T̲S̲
S̲e̲c̲t̲i̲o̲n̲ ̲3̲.̲2̲.̲7̲ ̲
…02……02……02…3.2.7 Storage and Retrieval of Messages and
Transactions .........................
198
…02……02……02……02…3.2.7.1 Storage of Messages and
Transactions ....................
198
…02……02……02……02……02…3.2.7.1.1 Types of Messages to be Stored 198
…02……02……02……02……02…3.2.7.1.2 Types of Transactions to be
Stored .......................
199
…02……02……02……02…3.2.7.2 Retrieval of Messages and trans-
actions ..........................
199
3.2.7.2.1 Retrieval Keys ...............
200
3.2.7.2.2 Retrieval by User ............
202
3.2.7.2.3 Retrieval by Supervisor ......
202
3.2.7.3 Retrieval Restrictions .........
206
3.2.7 S̲t̲o̲r̲a̲g̲e̲ ̲a̲n̲d̲ ̲R̲e̲t̲r̲i̲e̲v̲a̲l̲ ̲o̲f̲ ̲M̲e̲s̲s̲a̲g̲e̲s̲ ̲a̲n̲d̲ ̲T̲r̲a̲n̲s̲a̲c̲t̲i̲o̲n̲s̲
a) This section describes the storage and retrieval
as available to supervisory terminal positions
and preparation terminal position.
b) This section excludes a description of the temporary
storage of messages and other output from transactions
as required in order to support initial preparation,
suspend, edit, coordination and other transactions
related to a message prior to release authorization
being given.
3.2.7.1 S̲t̲o̲r̲a̲g̲e̲ ̲o̲f̲ ̲M̲e̲s̲s̲a̲g̲e̲s̲ ̲a̲n̲d̲ ̲T̲r̲a̲n̲s̲a̲c̲t̲i̲o̲n̲s̲
a) Storage shall be on-line or off-line.
b) On-line storage is characterized by the fact that
no mounting of physical media is required to retrieve
the message.
c) The timespan for online storage is in the order
of days (refer 3.4.1.3.1, 3.4.1.4.1).
d) Off-line storage normally requires that a media
must be loaded prior to retrieval.
e) Timespan for offline storage in the order of weeks
(refer 3.4.1.3.2, 3.4.1.4.2).
3.2.7.1.1 T̲y̲p̲e̲s̲ ̲o̲f̲ ̲M̲e̲s̲s̲a̲g̲e̲s̲ ̲t̲o̲ ̲b̲e̲ ̲S̲t̲o̲r̲e̲d̲
a) The following types of messages shall be stored.
1) Released messages
2) Incoming messages after being analyzed for
correctness according to ACP127 Supp. 3 after
possibly being corrected by message service.
b) Operational messages and service messages are subject
to storage except those of categories COSMIC TOP
SECRET and ATOMAL and encrypted messages.
c) CTS and ATOMAL classified messages shall be kept
in temporary storage as required for all processing
of:
1) Outgoing messages until dispatch to outgoing
channel and an acknowledgement is received.
After dispatch the temporary storage is deleted.
2) Incoming messages until distribution has been
finalized (all copies delivered). When delivery
has been done the temporary storage is deleted.
d) The encrypted version of an encrypted message is
deleted after transmission for outgoing and after
punch for incoming messages.
e) Data messages are subject to storage for reruns
only.
f) Outgoing messages marked with CLEAR shall be stored
with its original classification.
3.2.7.1.2 T̲y̲p̲e̲s̲ ̲o̲f̲ ̲T̲r̲a̲n̲s̲a̲c̲t̲i̲o̲n̲s̲ ̲t̲o̲ ̲b̲e̲ ̲S̲t̲o̲r̲e̲d̲
The following types of transactions shall be stored:
1) First Draft upon completion of initial preparation.
2) Release notification.
3) Comments after submission for distribution.
3.2.7.2 R̲e̲t̲r̲i̲e̲v̲a̲l̲ ̲o̲f̲ ̲M̲e̲s̲s̲a̲g̲e̲s̲ ̲a̲n̲d̲ ̲T̲r̲a̲n̲s̲a̲c̲t̲i̲o̲n̲s̲
a) Operational messages and service messages are subject
to retrieval except those of categories CTS and
ATOMAL.
b) CTS, ATOMAL, and the encrypted version of an encrypted
message shall not be subject to any kind of retrieval
(incl. rerun), except as implied by editing.
c) Data messages are subject to retrieval for reruns
only.
d) Messages and transactions listed in para. 3.2.7.1.1
and 3.2.7.1.2 shall be available for retrieval
by using a set of retrieval keys as identified
in para. 3.2.7.2.1.
e) It is acceptable that retrieval from off-line storage
is temporarily impossible when the interface/drive
is occupied by other tasks.
f) Messages and transactions shall, at the moment
of cataloging of retrieval keys, be assigned the
current time (time of occurrence = TOC). The TOC
shall be specified in full minutes.
g) The execution of a retrieval requests may result
in a presentation of either catalogue information
or the retrieved item depending on whether several
or just one item meed the search request. The catalogue
display will only contain information from one
volume.
h) The catalogue display shall include all the catalogue
entries that meet the search request specified
by the use of retrieval search keys limited by
security classification.
i) For retrieval of messages/transactions, access
is granted to those messages/transactions meeting
the criteria set by the retrieval search keys plus
the retrieval security filter parameters.
3.2.7.2.1 R̲e̲t̲r̲i̲e̲v̲a̲l̲ ̲K̲e̲y̲s̲
The following explicit retrieval keys are available
to the users (U) and supervisor (S) as specified:
a) Time of occurrence (U, S)
b) Time of occurrence window (U, S).
Time of occurrence window refers to a time interval
of TOCs.
c) Date-time-group (U, S)
DTG refers to the time information that exists
as a part of Format Line 5 of ACP127 formatted
messages.
d) Originating Headquarters (U, S)
ORIG HQ refer to the originating headquarters PLA
as derived from format line 6 of ACP127 formatted
messages.
e) Staff Cell designator (U)
(Not used for search)
f) Item reference identity (IDENT) (U, S)
IDENT is the number which shall be 5 digits. This
number shall always be assigned as the next from
a common services within a CAMPS site. The number
following 65535 shall be 0001.
g) Subject indicator code, SIC (S)
h) Channel identifier (ID) (S)
Identification of channel of transmission as of
Format line 1 of ACP127 formatted messages.
i) Channel serial number (S)
Channel serial number as of format line 1 of ACP127
formatted messages.
j) Station ID (S)
Station ID of the sending station as of format
line 3 in ACP127 formatted messages.
k) Time of File (S)
TOF refers to the Julian Date as derived from Format
Line 3 of ACP127 formatted messages.
l) Station serial number (S)
Station serial number as of format line 3 of ACP127
formatted messages.
3.2.7.2.2 R̲e̲t̲r̲i̲e̲v̲a̲l̲ ̲b̲y̲ ̲U̲s̲e̲r̲
Retrieval by user is specified in figure 3.2.7.2.2-1.
The numbers marked in the figure refers to the explanatory
notes below:
1) Applies only to released messages and to incoming
messages.
2) The displayed object must have been originated
by the specified SCD or distributed to the specified
SCD. The SCD must be one of the SCDs associated
with the requesting terminal. Distributed here
means that the SCD must be one of the SCDs on the
distribution list as specified for transactions
and released messages and as derived from HQs,
SICs and modified by the MDCO for incoming messages.
3.2.7.2.3 R̲e̲t̲r̲i̲e̲v̲a̲l̲ ̲b̲y̲ ̲S̲u̲p̲e̲r̲v̲i̲s̲o̲r̲
Retrieval by supervisor is specified in figure 3.2.7.2.3-1.
The numbers marked in the figure refer to the explaining
text below.
1) Applies only to released messages and incoming
messages.
2) Applies after start of transmission on a channel.
Figure ?
Figure ?
3.2.7.3 R̲e̲t̲r̲i̲e̲v̲a̲l̲ ̲R̲e̲s̲t̲r̲i̲c̲t̲i̲o̲n̲s̲
a) Any time zone suffix shall be disregarded. Time
stamp DTGs shall be processed on the basis of the
value of time without zone suffix.
b) Messages with non-recognizable DTG may only be
retrieved by the supervisor using TOC + IDENT.
c) Any PLA (ORIG HQ) recognized in messages for retrieval
purposes must be one of the known 3000 at the receiving
site. Whenever a message is stored in the Historical
Database it is acceptable that PLAs are converted
to reference numbers. At the moment of retrieval
request any PLA in the retrieval key shall be recognized
by the corresponding reference number.
d) Time-window searches shall be limited to 6 hours
and to one volume. For the case that a request
covers more than one volume, only the volume containing
the lower part of the window shall be searched.
A "not found" message shall be returned to the
user.
e) Retrieval by Means of DTG of Release is restricted
as follows:
As messages and transactions are off-loaded in
intervals of 24 hours or more (less if requested
by supervisor), it shall be required for the supervisor
to know which off-load period is applicable. CAMPS
shall (TBD by design) possibly support him in this
by keeping TOC window and min., max. DTG for each
volume.
SUPERVISOR CATALOGUES
SYSTEM Catalogue is as for the USER
TRANSMISSION catalogue is as follows:
ITEM TYPE TOC ITEM REF ID CHLID CHLSER#
STNID SSN FILE TIME
I TOC NNNN AAA NNNN AAA
NNNN FILETIME
R
Figure ?
Figure ?
T̲A̲B̲L̲E̲ ̲O̲F̲ ̲C̲O̲N̲T̲E̲N̲T̲S̲…01…S̲e̲c̲t̲i̲o̲n̲ ̲3̲.̲2̲.̲8̲
…02……02……02…3.2.8 Start-up and Error Handling .......... 210
…02……02……02……02…3.2.8.1 On-line and Off-line CAMPS site
Software Packages ................
210
…02……02……02……02…3.2.8.2 Initialization ................... 212
…02……02……02……02…3.2.8.3 Error Handling ................... 212
…02……02……02……02……02…3.2.8.3.1 Error Types .................. 212
…02……02……02……02……02…3.2.8.3.2 Error Detection .............. 213
…02……02……02……02……02……02…3.2.8.3.2.1 On-line Error Detection .. 213
…02……02……02……02……02……02…3.2.8.3.2.2 Off-line Error Detection . 213
…02……02……02……02……02…3.2.8.3.3 Error Reports ................ 213
…02……02……02……02……02…3.2.8.3.4 Error Reactions .............. 214
…02……02……02……02……02…3.2.8.3.5 Audit reports ................ 214
…02……02……02……02…3.2.8.4 Recovery Situations .............. 214
…02……02……02……02……02…3.2.8.4.1 Recovery/Restart from
Total System Error ...........
214
…02……02……02……02……02…3.2.8.4.2 Recovery after Switch-over ... 216
…02……02……02……02…3.2.8.5 Degraded Availability
Configuration.....................
216
3.2.8 S̲t̲a̲r̲t̲ ̲u̲p̲ ̲a̲n̲d̲ ̲E̲r̲r̲o̲r̲ ̲H̲a̲n̲d̲l̲i̲n̲g̲
This chapter describes:
- on-line and off-line software packages, which are
used during initialization and recovery.
- initialization
- error handling, defining error detection, error
reporting and error reactions (includes recovery
actions)
- degraded availability configuration.
Definition of terms:
- start up:
includes all aspects of initialization, recovery
and restart.
- Initialization:
brings the system from cold start into operational
use.
- Recovery:
reestablishes continuity in memory and file contents.
- Restart:
Reestablishes the dynamic behaviour of the system
based upon recovered data.
3.2.8.1 O̲n̲-̲l̲i̲n̲e̲ ̲a̲n̲d̲ ̲O̲f̲f̲-̲l̲i̲n̲e̲ ̲C̲A̲M̲P̲S̲ ̲S̲i̲t̲e̲ ̲S̲o̲f̲t̲w̲a̲r̲e̲ ̲P̲a̲c̲k̲a̲g̲e̲s̲
a) CAMPS contains for each site an on-line and an
off-line software package.
b) The off-line CAMPS site software package shall
be selected from a common library of routines and
shall form the basis for generation of the on-line
software package.
c) The off-line CAMPS site software package shall
contain the following data:
1) initial system parameter file, which contains:
1.1) a description of the planned hardware
configuration.
1.2) the standard settings of all other system
parameters required to put the system
into operational use, including default
values for those parameters, which can
be set by the supervisor.
2) a back-up of the current on-line system parameter
file (refer to point f. below.)
3) system programs library.
4) application programs library
d) The initial system parameters (refer point c, 1)
for each CAMPS installation shall be provided by
the contractor using information supplied by the
purchaser.
e) The on-line CAMPS site software package shall contain
the following data:
1) current system parameter file, which contains
the initial system parameter file last loaded
into the system with all the parameter changes
entered by supervisory commands since the time
of loading.
2) system programs library, which contains an
extract of the off-line system programs library.
3) application programs library, which contains
an extract of the off-line application programs
library.
f) It shall be possible for the supervisor to back-up
the current on-line system parameter file, i.e.
to command the production of an off-line copy of
the on-line file.
1) The back-up shall be made without interruption
to the normal operation of the system.
2) The back-up system parameter file may be used
as initial system parameter file at a succeeding
initialization.
3.2.8.2 I̲n̲i̲t̲i̲a̲l̲i̲z̲a̲t̲i̲o̲n̲
a) The initialization contains the steps to bring
the system from cold start into operational use.
b) The CAMPS site software package shall normally
be available on-line for the initialization procedures.
c) It shall be possible to generate the on-line CAMPS
site software package by loading the off-line CAMPS
site software package.
d) The maximum allowable period from start until completion
of the initialization from an off-line source shall
not exceed 15 minutes.
e) The system shall be initialized with an empty historical
data base.
3.2.8.3 E̲r̲r̲o̲r̲ ̲H̲a̲n̲d̲l̲i̲n̲g̲
a) Error handling shall fulfil the requirements for
1) equipment availability/reliability
2) the integrity of operation (refer to b below)
b) I̲n̲t̲e̲g̲r̲i̲t̲y̲ ̲o̲f̲ ̲o̲p̲e̲r̲a̲t̲i̲o̲n̲:
The probability that a message or internal transaction
is:
1) lost wholly or in part, or
2) misdirected, or
3) corrupted
as a result of an equipment error, shall be less
than 1 in 10…0e…7…0f….
3.2.8.3.1 E̲r̲r̲o̲r̲ ̲T̲y̲p̲e̲s̲
a) Transient errors, which cannot be verified by repetition,
shall not imply that the associated equipment or
software is considered erroneous.
b) Transient errors shall be categorized in relation
to equipment configuration
3.2.8.3.2 E̲r̲r̲o̲r̲ ̲D̲e̲t̲e̲c̲t̲i̲o̲n̲
3.2.8.3.2.1 O̲n̲-̲l̲i̲n̲e̲ ̲E̲r̲r̲o̲r̲ ̲D̲e̲t̲e̲c̲t̲i̲o̲n̲
a) The system shall be provided with automatic on-line
facilities to detect hardware and software errors:
- on-line test programs operating as low priority
tasks shall be available.
b) The use of these facilities shall not degrade the
normal message handling function.
c) Peripheral equipment shall be interfaced to the
central computer system, in such a way that its
error conditions can be evaluated.
3.2.8.3.2.2 O̲f̲f̲-̲l̲i̲n̲e̲ ̲E̲r̲r̲o̲r̲ ̲D̲e̲t̲e̲c̲t̲i̲o̲n̲
a) The engineering staff shall have the facilities
to run diagnostic programs.
b) These programs shall be stored in a rapid access
storage.
c) Refer to section 3.2.8.5 for a description of the
configurational requirements.
3.2.8.3.3 E̲r̲r̲o̲r̲ ̲R̲e̲p̲o̲r̲t̲s̲
a) An error report shall be printed at the supervisor
printer, when an error has been detected.
b) The error report shall specify the error type.
c) When manual intervention is specified, the error
condition detected shall be signalled clearly to
the supervisor together with a suggested corrective
procedure.
3.2.8.3.4 E̲r̲r̲o̲r̲ ̲R̲e̲a̲c̲t̲i̲o̲n̲s̲
a) Subsequent corrective actions to errors such as
reconfiguration of replaceable modules shall be
defined to fulfill the requirements in section
3.2.8.3 (a).
b) Reconfiguration of units or modules shall be automatic,
whenever possible.
3.2.8.3.5 A̲u̲d̲i̲t̲ ̲R̲e̲p̲o̲r̲t̲s̲
a) Audit reports based upon error reporting and log
information shall be generated to fulfil the requirements
for system availability, integrity, and overall
security.
3.2.8.4 R̲e̲c̲o̲v̲e̲r̲y̲ ̲S̲i̲t̲u̲a̲t̲i̲o̲n̲s̲
Section 3.2.8.4 handles detailed recovery requirements
in the following situations:
- total system error
- error requiring a switchover
3.2.8.4.1 R̲e̲c̲o̲v̲e̲r̲y̲/̲R̲e̲s̲t̲a̲r̲t̲ ̲f̲r̲o̲m̲ ̲T̲o̲t̲a̲l̲ ̲S̲y̲s̲t̲e̲m̲ ̲E̲r̲r̲o̲r̲
a) The system shall preserve essential data enabling
recovery in case of total system error.
b) A total system error may be caused by:
1) simultaneous error in redundant equipment
2) error in main power supply
3) detection of a program error, which cannot
be recovered internally.
c) No message must be lost within the system e.g.
1) messages, which were only partially transmitted
or for which FLASH acknowledgement have not
been received prior to the error, shall be
retransmitted.
2) continuity of the reporting system shall be
maintained to ensure, that messages are not
lost within the network as a consequence of
the loss of either a report or an automatically
generated service message.
3) The CAMPS System shall store messages under
preparation in segments which are related to
the size of blocks passed back from the VDU
and which makes efficient use of backing store.
The system's units or recovery shall be these
segments, which shall in any case never comprise
more than one message.
d) Continuity shall be maintained to the time defined
by the last storage with respect to the following
data items:
1) log records
2) statistics
3) messages/comments in the HDB
4) current system parameter file
5) message accounting
e) The data (defined above) stored prior to the total
system error can be recalled by the use of normal
commands.
f) Integrity of memory shall be maintained to ensure
that the system will not fail as a consequence
of operating upon corrupted data generated by a
preceding error.
g) Restart subsequent to recovery shall be based upon
the system parameter file obtained in 3.2.8.1(e).
h) Certain errors may preclude total recovery. In
these cases the system is recovered so that the
chance of losing a message is minimized.
i) Recovery and restart subsequent to a total system/restart
error will be finalized within 15 minutes.
3.2.8.4.2 R̲e̲c̲o̲v̲e̲r̲y̲ ̲a̲f̲t̲e̲r̲ ̲S̲w̲i̲t̲c̲h̲-̲o̲v̲e̲r̲
a) Where redundant equipment is provided to meet the
availability/reliability requirements, the switch
over from an active configuration to a standby
configuration shall not result in loss of messages,
i.e
1) The communication protocols shall ensure retransmission
of messages being garbled or partly lost.
2) The accountability log shall ensure that the
accountability related to messages is not lost
b) Where a transaction at a terminal is in progress
the user shall be informed of the state to which
the transaction has been recovered after switch
over.
c) A switch over initiated by the detection of an
error, shall normally not require operator intervention.
3.2.8.5 D̲e̲g̲r̲a̲d̲e̲d̲ ̲A̲v̲a̲i̲l̲a̲b̲i̲l̲i̲t̲y̲ ̲C̲o̲n̲f̲i̲g̲u̲r̲a̲t̲i̲o̲n̲
a) It is acceptable, that redundant modules are withdrawn
from use in the operational configuration. The
hereby obtained configuration is named: degraded
availability configuration.
b) The degraded availability configuration may be
entered in order to perform any of the following
actions:
1) preventive maintenance
2) loading and checkout of new software
3) execution of diagnostics programs
4) on-job training
c) Any of the above mentioned action shall not result
in interruption in the normal message handling
function.
d) An error in the degraded availability configuration
shall be handled as a total system error (refer
to section 3.2.8.4.1).
e) It shall be possible to reintegrate withdrawn modules
into the operational configuration and return them
to service within 5 minutes with a minimum of operator
action.
f) For preventive maintenance actions requiring longer
than this time, sufficient units shall be provided
to maintain the overall availability of the equipment.
g) If switch over is required for maintenance purposes
this switch over shall proceed automatically once
it has been initiated by the supervisor.
h) The availability/reliability and integrity of operation
requirements applies to the normal dualized CAMPS
equipment configuration and not to the degraded
availability configuration.
