top - download
⟦43db4c531⟧ Wang Wps File
Length: 8541 (0x215d)
Types: Wang Wps File
Notes: CPS/SDS/001 ISSUE 1
Names: »0673A «
Derivation
└─⟦f9d7301d0⟧ Bits:30006008 8" Wang WCS floppy, CR 0043A
└─ ⟦this⟧ »0673A «
WangText
…02…CPS/SDS/001
…02…FH/810227…02……02…
CAMPS SYSTEM DESIGN SPECIFICATION
…02……02…CAMPS
T̲A̲B̲L̲E̲ ̲O̲F̲ ̲C̲O̲N̲T̲E̲N̲T̲S̲
4.10 AVAILABILITY, MAINTAINABILITY AND INTEGRITY
OF OPERATION ..............................
334
4.10.1 Availability ........................
335
4.10.1.1 Definitions .....................
335
4.10.1.2 Requirements and Verification ...
335
4.10.1.3 Unavailability and Switch-over
Time ............................
344
4.10.2 Maintainability .....................
345
4.10.2.1 Definitions .....................
345
4.10.2.2 Requirements and Verification ...
345
4.10.3 Integrity of Operation ..............
346
4.10.3.1 Definition ......................
346
4.10.3.2 Requirements ....................
347
4.10.3.3 Verification ....................
347
4.10.1 A̲v̲a̲i̲l̲a̲b̲i̲l̲i̲t̲y̲
4.10.1.1 A̲v̲a̲i̲l̲a̲b̲i̲l̲i̲t̲y̲ ̲D̲e̲f̲i̲n̲i̲t̲i̲o̲n̲s̲
a) A̲v̲a̲i̲l̲a̲b̲i̲l̲i̲t̲y̲.̲ The probability of finding an item
in a functioning condition at a given time.
b) M̲e̲a̲n̲ ̲t̲i̲m̲e̲ ̲b̲e̲t̲w̲e̲e̲n̲ ̲F̲a̲i̲l̲u̲r̲e̲ ̲(̲M̲T̲B̲F̲)̲.̲ The statistical
mean of the functioning time between failures.
For a given interval, the total measured functioning
time of the item divided by the total number of
failures of that item during the interval. Agreed
scheduled preventive maintenance of modules of
the equipment shall not be counted, when estimating
MTBF.
c) M̲e̲a̲n̲ ̲t̲i̲m̲e̲ ̲t̲o̲ ̲R̲e̲p̲a̲i̲r̲ ̲(̲M̲T̲T̲R̲)̲.̲ The statistical mean
of distribution of times to repair. The summation
of active repair times during a given period of
time divided by the total number of malfunctions
during the same time interval. This repair time
shall include all actions required to detect, locate
and repair the fault.
4.10.1.2 A̲v̲a̲i̲l̲a̲b̲i̲l̲i̲t̲y̲ ̲R̲e̲q̲u̲i̲r̲e̲m̲e̲n̲t̲s̲ ̲a̲n̲d̲ ̲V̲e̲r̲i̲f̲i̲c̲a̲t̲i̲o̲n̲
The detailed hardware requirements are defined in CPS/210/SYS/0001
section 3.4.4.4.
Verification that the CAMPS system fulfils the requirements
is given in the R&M Program Plan, CPS/PLN/004.
The CAMPS on-line operations affect the MTTR of equipment
by providing detailed error reports upon detection
of an error. A description of these facilities is given
in section 4.11.
The availability requirements are partitioned into
6 major requirements:
1- Service to individual user connecting points
2- Service to individual external channels
3- Service common to groups of user connecting points
4- Service common to groups of external channels
5- Service common to 75% of user connecting points
6 Service common to all circuits, channels and user
connecting points
Overleaf 6 figures are depicted to summarize the availability
requirements.
The figures also indicate the hardware involved (shaded
areas).
C̲o̲m̲m̲e̲n̲t̲s̲ ̲t̲o̲ ̲t̲h̲e̲ ̲F̲i̲g̲u̲r̲e̲ ̲C̲o̲n̲f̲i̲g̲u̲r̲a̲t̲i̲o̲n̲s̲
The following information is given:
- A = availability (fraction)
- MTTR
- MTBF
a) D̲I̲S̲K̲
The configuration contains 2 mirrored disks. The
physical placement of the mirrored disks is determined
at system generation. The third disk is a stand
alone disk (used for e.g. off line retrieval) and
is not included in the availability verification.
b) D̲u̲a̲l̲i̲z̲e̲d̲ ̲E̲q̲u̲i̲p̲m̲e̲n̲t̲
If a MTTR is specified for a dualized equipment,
then the MTTR for the single equipment is: 2 x
MTTR.
c) W̲a̲t̲c̲h̲d̲o̲g̲ ̲P̲o̲s̲i̲t̲i̲o̲n̲
The Watchdog Processor, the operator VDU and printer
contribute to the unavailability of the shaded
equipment in two cases:
- the Watchdog Processor fails at the time of
an automatic reconfiguration involving the
watchdog (e.g. PU switchover).
- the Watchdog Processor, the operator VDU or
printer fails during execution of M&D software
and thereby prolongs the MTTR.
6 stk. tegninger inds`ttes 2 p> hver side
4.10.1.3 U̲n̲a̲v̲a̲i̲l̲a̲b̲i̲l̲i̲t̲y̲ ̲a̲n̲d̲ ̲S̲w̲i̲t̲c̲h̲-̲o̲v̲e̲r̲ ̲T̲i̲m̲e̲
This section defines the sources, which gives unavailability
for the total CAMPS system:
- unavailability of a PU and attached IO-BUS
- unavailability of the redundant DISK system
- unavailability of the redundant TDX system
- unavailability of the watchdog
- switch-over time
The switch over time is determined from the following
equation:
SWT * PU ̲IOBUS ̲ERRORS =
MAX ̲U - U ̲WDP - U ̲PU ̲IOBUS - U ̲DISK ̲CTR
where
SWT = switch-over time in minutes
MAX ̲U max allowed unavailability = 26.28 minutes per
year
U ̲WDP = watchdog unavailability = 4.73 minutes per
year
U ̲DISK ̲TDX = redundant DISK + TDX system unavailability
= 2.10 minutes per year
U ̲PU ̲IOBUS = redundant PU + IOBUS
unavailability = 0,37 minutes per
year
PU ̲ IOBUS ̲ERRORS = no of errors in nonredundant
PU + IOBUS equipment = 7,35 per year
This gives SWT = 2,6 minutes
The above calculation is based on the following figures
taken from the R&M plan:
1- system availability required = 0.99995
2- TDX + DISK system availability provided = 0.999996
3- watchdog: 9 errors per million hours
4- PU: 816 errors per million hours
5- IO BUS: 23 errors per million hours
6- MTTR = 1 hour
To provide a reasonable safety factor, a design value
for the switch-over time of 60 seconds is selected.
4.10.2 M̲a̲i̲n̲t̲a̲i̲n̲a̲b̲i̲l̲i̲t̲y̲
4.10.2.1 M̲A̲I̲N̲T̲A̲I̲N̲A̲B̲I̲L̲I̲T̲Y̲ ̲D̲E̲F̲I̲N̲I̲T̲I̲O̲N̲S̲
a) C̲o̲r̲r̲e̲c̲t̲i̲v̲e̲ ̲m̲a̲i̲n̲t̲e̲n̲a̲n̲c̲e̲.̲ The maintenance undertaken
to restore an item to a specified condition after
a failure has occurred (the corrective maintenance
aims at reducing the MTTR).
b) P̲r̲e̲v̲e̲n̲t̲i̲v̲e̲ ̲m̲a̲i̲n̲t̲e̲n̲a̲n̲c̲e̲.̲ The maintenance undertaken
systematically with the intention of keeping an
item in a specified condition, reducing the occurence
of failures, and prolonging the useful life of
the equipment (the effective MTBF is increased).
c) O̲f̲f̲l̲i̲n̲e̲ ̲m̲a̲i̲n̲t̲e̲n̲a̲n̲c̲e̲ ̲a̲n̲d̲ ̲d̲i̲a̲g̲n̲o̲s̲t̲i̲c̲s̲ ̲(̲M̲&̲D̲)̲.̲ The
M&D software contains a set of hardware test programs,
which provides error detection down to module level.
The command interpreter software in the diagnostics
package enables the operator to execute the diagnostic
tests.
The test programs are either residing on floppy
disk or on the offline disk.
Test results are printed at the operator printer.
4.10.2.2 R̲e̲q̲u̲i̲r̲e̲m̲e̲n̲t̲s̲ ̲a̲n̲d̲ ̲V̲e̲r̲i̲f̲i̲c̲a̲t̲i̲o̲n̲ ̲o̲f̲ ̲t̲h̲e̲s̲e̲
Requirements to preventive and corrective maintenance
and verification of these are given in:
Maintenance Plan: CPS/PLN/006
Generally the corrective maintenance aims at a detection
of a faulty module by means of
- on-line diagnostics or
- direct operator observation or
- execution of M&D software
and subsequent
- replacement of faulty module or
- reconfiguration
The M&D software is defined in:
Maintenance and diagnostics software, CPS/SDS/XXX
On-line error reporting is described in section 4.11.
4.10.3 I̲n̲t̲e̲g̲r̲i̲t̲y̲ ̲o̲f̲ ̲O̲p̲e̲r̲a̲t̲i̲o̲n̲
4.10.3.1 D̲e̲f̲i̲n̲i̲t̲i̲o̲n̲
Integrity of operation defines the means to limit the
effect of an error through
- timely detection of an error
- error reporting
- corrective actions
Violation of integrity of operation can occur if
- an error is not detected
- an error is not detected in proper time
- an error detected but not reported
- actions subsequent to an error can not remedy the
situation.
4.10.3.2 R̲e̲q̲u̲i̲r̲e̲m̲e̲n̲t̲s̲
The probability that a message or internal transaction
is:
- lost wholly or in part or
- misdirected, or
- corrupted
as a result of an equipment error shall be less than
1 in 10…0e…7…0f….
This requirement is interpreted as:
The probability, that a message or comment is misdirected
or corrupted as a result of a hardware error shall
be less than 1 in 10…0e…7…0f….
4.10.3.3 V̲e̲r̲i̲f̲i̲c̲a̲t̲i̲o̲n̲
Section 4.11 defines the CAMPS on-line facilities for
error detection, error reporting and corrective actions.
This section also includes a description of defensive
mechanisms (e.g. validation of data passed between
packages) provided by the CAMPS on-line system.
