top - download
⟦4bea4a865⟧ Wang Wps File
Length: 27232 (0x6a60)
Types: Wang Wps File
Notes: CPS/SDS/001
Names: »1355A «
Derivation
└─⟦e53c2fc59⟧ Bits:30006055 8" Wang WCS floppy, CR 0087A
└─ ⟦this⟧ »1355A «
WangText
T̲A̲B̲L̲E̲ ̲O̲F̲ ̲C̲O̲N̲T̲E̲N̲T̲S̲
4.3 SYSTEM SUPERVISION .................. 157
4.3.1 CAMPS Modes of Operation .......... 157
4.3.1.1 On-Line Operation ............. 158
4.3.1.2 Off-Line Operation ............ 160
4.3.1.3 Watchdog Operation ............ 160
4.3.1.4 Switch-Over ................... 164
4.3.1.4.1 Emergency Switch-Over ..... 164
4.3.1.4.2 Ordered Switch-Over ....... 165
4.3.1.5 Start-Up of CAMPS Modes ....... 165
4.3.1.6 Load of Modified Software ..... 167
4.3.1.6.1 Load of Modified Applica-
tion Software Prepared at
the CSSI .................. 167
4.3.1.7 Detailed Start-Up of On-Line
Operations .................... 168
4.3.1.8 Close Down of CAMPS Modes of
Operation ..................... 168
4.3.2 Equipment Resource Handling ....... 169
4.3.2.1 Disk Equipment ................ 170
4.3.2.1.1 Modes of Operation ........ 170
4.3.2.1.2 Hardware Control .......... 171
4.3.2.1.3 Software Control .......... 173
4.3.2.1.4 Reconfiguration ........... 173
4.3.2.2 TDX-Bus System ................ 173
4.3.2.2.1 Modes of Operation ........ 173
4.3.2.2.2 Hardware Control .......... 174
4.3.2.2.3 Software Control .......... 174
4.3.2.2.4 Reconfiguration ........... 174
4.3.2.3 LTU and Attached Lines ........ 174
4.3.2.3.1 Modes of Operation ........ 174
4.3.2.3.2 Hardware Control .......... 175
4.3.2.3.3 Software Control .......... 176
4.3.2.3.4 Re-configuration .......... 176
4.3.2.4 LTUX and Attached Terminal
Equipment ..................... 176
4.3.2.4.1 Modes of Operation ........ 176
4.3.2.4.2 Hardware Control .......... 176
4.3.2.4.3 Software Control .......... 177
4.3.2.4.4 Re-configuration .......... 177
4.3.3 Watchdog and Manual Supervision
Facilities ........................ 178
4.3.3.1 Watchdog Control .............. 178
4.3.3.2 Watchdog Monitoring ........... 180
4.3.3.3 Manual Fallback ............... 182
4.3 S̲Y̲S̲T̲E̲M̲ ̲S̲U̲P̲E̲R̲V̲I̲S̲I̲O̲N̲
System supervision addresses the monitoring and control
of the CAMPS modes of operation.
The description is separated into three sections:
1) control of CAMPS modes of operation
2) control of peripheral equipment
3) watchdog and manual control and monitoring facilities.
4.3.1 C̲A̲M̲P̲S̲ ̲M̲o̲d̲e̲s̲ ̲o̲f̲ ̲O̲p̲e̲r̲a̲t̲i̲o̲n̲
The CAMPS system supports on-line and off-line operations.
The on-line modes of operation are:
- a dualized mode consisting of an active and a standby
processor.
- a degraded mode consisting of an active processor
unit (PU).
In the degraded mode, the non-active processor is used
for off-line operations:
- software development and test (SD&T) at CSSI site
- table generation (TG) at CSSI site
- maintenance and diagnostics (M&D) at all sites
- off-line utilities (OU) at all sites
- print memory dump
- print trace records
The CAMPS modes of operations are controlled software-
and hardware-wise from the watchdog position, which
contains:
- the watchdog (WPD)
- the operator VDU
- the operator printer
4.3.1.1 O̲n̲-̲L̲i̲n̲e̲ ̲O̲p̲e̲r̲a̲t̲i̲o̲n̲
CAMPS on-line operations are supported by either a
dualized PU configuration or by a single PU configuration.
The dualized configuration consists of an active PU,
which performs on-line functions and a standby PU,
which is ready to assume on-line functions, when a
switch-over is executed. On an event basis checkpoints
(defining e.g. terminal and traffic status) are transferred
to the standby processor to assure an acceptable level
of data continuity at the time of recovery and restart
during a switch-over. The active processor owns all
disks, terminals, and external channels, whereas the
standby PU has none. The dualized configuration is
depicted in figure 4.3.1-1 overleaf.
The single PU configuration consists of an active PU,
which operates as the active PU above, except for checkpoint
generation.
Fig. 4.3.1-1…01…D̲u̲a̲l̲i̲z̲e̲d̲ ̲O̲p̲e̲r̲a̲t̲i̲o̲n̲
4.3.1.2 O̲f̲f̲-̲L̲i̲n̲e̲ ̲O̲p̲e̲r̲a̲t̲i̲o̲n̲
In the M&D configuration (refer to figure 4.3.1-2),
the off-line processor may be assigned a number of
devices:
- the off-line disk or the floppy disk for load of
M&D SW
- two LTUXs on the same DTM-X
- one LTU
- the off-line disk or an out of service mirrored
disk
The M&D test programs are operated from the operator
VDU, whereas test output is directed to the operator
printer. M&D programs are residing on the off-line
disk and on the floppy disk.
The OU configuration is assigned the floppy disk or
the off-line disk. OU programs are operated like M&D
Programs.
The SD&T and TG configuration (refer figure 4.3.1-3)
at the development site (CSSI) is assigned VDU and
printer on the IO BUS for control of operation and
output of results.
The SD&T and TG programs are residing on the floppy
disk or on the off-line disk. Modified software (incl.
M&D software) are generated at a floppy disk for transportation
to CAMPS sites.
4.3.1.3 W̲a̲t̲c̲h̲d̲o̲g̲ ̲O̲p̲e̲r̲a̲t̲i̲o̲n̲
The watchdog is an independent processor, which:
- monitors and controls the CAMPS hardware as described
in section 4.3.3.
- determines and executes switch-over, thereby authority
conflicts between the two processors are avoided.
- provides an operator command interface from the
operator VDU to both PUs, thereby enabling a software
control of all CAMPS modes of operation.
- monitors the active and standby PU by the periodic
reception of a "keep alive" message.
The operator VDU contains a display of the CAMPS system
status.
The operator printer provides a hard copy facility
for system status print-out (e.g error reports).
Fig. 4.3.1-2…01…D̲e̲g̲r̲a̲d̲e̲d̲ ̲O̲p̲e̲r̲a̲t̲i̲o̲n̲ ̲(̲M̲&̲D̲)̲
Fig. 4.3.1-3…01…D̲e̲g̲r̲a̲d̲e̲d̲ ̲O̲p̲e̲r̲a̲t̲i̲o̲n̲ ̲S̲D̲&̲T̲
4.3.1.4 S̲w̲i̲t̲c̲h̲-̲O̲v̲e̲r̲
During dualized operation, a switch-over to the standby
PU will take place:
- subsequent to a non-recoverable hardware or software
error in the active PU (emergency switch-over).
- subsequent to an operator switch-over command (ordered
switch-over).
The error detection is described in section 4.11.
A switch-over implies, that:
- the active PU is taken off-line by the watchdog.
- the watchdog directs the standby PU to capture
all peripherals and go into a recovery/restart
procedure to restore CAMPS on-line operations.
The active PU normally directs the watchdog to perform
a switch-over, however, the watchdog executes automatically
an emergency switch-over, if:
- no keep alive message is received from the active
PU.
- a non-recoverable hardware error (e.g. power down)
is detected via the configuration control bus (refer
section 4.3.3).
4.3.1.4.1 E̲m̲e̲r̲g̲e̲n̲c̲y̲ ̲S̲w̲i̲t̲c̲h̲-̲O̲v̲e̲r̲
The faulty active PU is electrically disconnected from
its peripherals and the standby PU is commanded to
go active. The standby PU captures all peripherals
and loads and starts the application software. The
recovery actions based upon received checkpoints are
defined in section 4.7.
4.3.1.4.2 O̲r̲d̲e̲r̲e̲d̲ ̲S̲w̲i̲t̲c̲h̲-̲O̲v̲e̲r̲
All input/output to/from external lines are stopped,
when a complete message is received/transmitted.
Terminal operators are given a limited time to stop
input. Having completed a transaction (inclusive presentation)
the terminal position is signed off. All remaining
packages are commanded to stop processing and the standby
PU is notified to become active.
4.3.1.5 S̲t̲a̲r̲t̲-̲U̲p̲ ̲o̲f̲ ̲C̲A̲M̲P̲S̲ ̲M̲o̲d̲e̲s̲ ̲o̲f̲ ̲O̲p̲e̲r̲a̲t̲i̲o̲n̲
The operator starts all CAMPS modes of operation.
At first, the operator defines an initial hardware
configuration via operator commands directly to the
watchdog:
- enable Pu
- set PU in normal mode
- connect disk to the PU in question
- issue master clear
(Refer to section 4.3.3 for a detailed description
of these signals).
Hereby a dialogue to a MIA PROM program executed by
a CPU is set-up and the PU has access to a disk.
The operator specifies a disk drive and the above program
loads a number of segments into RAM and starts execution.
The loaded program performs further loading, which
may be:
- start-up active PU
- start-up standby PU
- start-up M&D in off-line PU
- start-up OU in off-line PU
- start-up SD&T in off-line PU
- start-up TG in off-line PU
Overleaf in figure 4.3.1.5-1, the start-up modes of
on-line operations are illustrated. Prior to a start-up,
a memory dump can be performed to the floppy disk or
the off-line disk. Via OU software, it can later be
disassembled and printed at the operator printer.
Fig. 4.3.1.5-1…01…S̲t̲a̲r̲t̲-̲U̲p̲ ̲o̲f̲ ̲O̲n̲-̲L̲i̲n̲e̲ ̲O̲p̲e̲r̲a̲t̲i̲o̲n̲s̲
4.3.1.6 L̲o̲a̲d̲ ̲o̲f̲ ̲M̲o̲d̲i̲f̲i̲e̲d̲ ̲S̲o̲f̲t̲w̲a̲r̲e̲
4.3.1.6.1 L̲o̲a̲d̲ ̲o̲f̲ ̲M̲o̲d̲i̲f̲i̲e̲d̲ ̲A̲p̲p̲l̲i̲c̲a̲t̲i̲o̲n̲ ̲S̲o̲f̲t̲w̲a̲r̲e̲ ̲P̲r̲e̲p̲a̲r̲e̲d̲
̲a̲t̲ ̲t̲h̲e̲ ̲C̲S̲S̲I̲
At the CSSI site new application software is developed
and tested. On floppy disk packs, the modified application
software is transported to CAMPS sites, where it is
copied to the mirrored disks or the off-line disk.
At a subsequent switch-over or a start-up subsequent
to an ordered close down, the modified application
software can be brought into operation.
4.3.1.7 D̲e̲t̲a̲i̲l̲e̲d̲ ̲S̲t̲a̲r̲t̲-̲U̲p̲ ̲o̲f̲ ̲O̲n̲-̲L̲i̲n̲e̲ ̲O̲p̲e̲r̲a̲t̲i̲o̲n̲s̲
During start-up of on-line operations the CAMPS operating
system (COPSY) is loaded and started at first. COPSY
is the parent of all processes and assigns resources
(e.g. memory, CPU, lines, access, and security rights)
to its children based on a system status table. LTU
and LTUX lines are assigned/deassigned by COPSY, whereas
THP(LTU-lines), TEP (LTUX terminal lines), and THP
(LTUX-TRC lines) opens/closes the lines. During assignment,
the watchdog is commanded to execute physical connection
as described in section 4.3.3.
Processes and procedures are given start-up information,
which defines the type of start-up. So initialization
and recovery actions are performed decentralized.
The mapping of recovery requirements to packages are
defined in section 4.7.
A description of disk start-up information is given
in section 5.10.1.2.1.1.
4.3.1.8 C̲l̲o̲s̲e̲-̲D̲o̲w̲n̲ ̲o̲f̲ ̲C̲A̲M̲P̲S̲ ̲M̲o̲d̲e̲s̲ ̲o̲f̲ ̲O̲p̲e̲r̲a̲t̲i̲o̲n̲
The operator can close all CAMPS modes of operation
either ordered or non-ordered.
During a non-ordered close down, the PU in question
is physically isolated (the PU is disabled as described
in section 4.3.3). If the active PU is closed non-ordered
an emergency switch-over will take place.
During an ordered close down the concerned PU is commanded
to stop execution. Having done so, the PU is disabled.
For the active PU two types of ordered close-down
are handled:
a) C̲l̲o̲s̲e̲-̲d̲o̲w̲n̲ ̲a̲n̲d̲ ̲D̲i̲e̲-̲o̲u̲t̲
All input from external lines are stopped, when
a complete message is received (Handled by THP).
All input from terminals are stopped after a limited
time (Handled by TEP).
Hereafter, the system will slowly die out. When
all queues are empty, all processing will be terminated
and the PU disabled.
b) C̲l̲o̲s̲e̲-̲d̲o̲w̲n̲ ̲a̲n̲d̲ ̲S̲a̲v̲e̲ ̲Q̲u̲e̲u̲e̲ ̲I̲n̲f̲o̲r̲m̲a̲t̲i̲o̲n̲
All input/output to/from external lines are stopped,
when a complete message is received/transmitted
(handled by THP). Terminal operators are given
a limited time to stop all input. Having completed
a transaction (incl. presentation) the terminal
position is signed off. (TEP and SSC actions).
All remaining packages are commanded to stop execution
and the current queue content are saved on disk
by the CAMPS system function (CSF) package.
4.3.2 E̲q̲u̲i̲p̲m̲e̲n̲t̲ ̲R̲e̲s̲o̲u̲r̲c̲e̲ ̲H̲a̲n̲d̲l̲i̲n̲g̲
This section defines the:
- modes of operation
- hardware and software control
- reconfiguration possibilities
for DISK, TDX-bus system, LTU and LTUX equipment.
The Configuration Table contains a description of all
CAMPS equipment. The SSC in the active PU updates
this table, when:
- operator commands or
- error fix-up procedures
are executed.
Device control is implemented via hardware and software.
The hardware control connects a device to either of
the PUs. Also it ensures that active PU activities
will not interfere with off-line PU activities. The
hardware control is implemented by the SSC, but executed
by the watchdog as described in section 4.3.3.
The software control is handled by the SSC, which defines
access and security rights for the users of the devices.
4.3.2.1 D̲i̲s̲k̲ ̲E̲q̲u̲i̲p̲m̲e̲n̲t̲
4.3.2.1.1 M̲o̲d̲e̲s̲ ̲o̲f̲ ̲O̲p̲e̲r̲a̲t̲i̲o̲n̲
A CAMPS site configuration contains:
- two mirrored disk drives
- one off-line disk drive
- one floppy disk drive
The mirrored disk drives are always assigned to the
active PU, except when a drive is erroneous.
The off-line disk drive may be assigned to either the
active or the off-line PU.
The off-line disk is used in performing the following
active PU functions:
- retrieval of off-loaded messages
- start-up of active operation
- back-up of the system parameter file
- off-loading of messages
- memory dump and trace information storage
- loading of modified application software
and for the following standby PU function:
- start-up of standby operation
and for the following off-line PU functions:
- start-up of off-line operation
- source for memory dump and trace information print-out
- source for load of M&D SW
The mirrored and off-line disks are permanently defined
at start-up time i.e. no interchange between mirrored
and off-line disk drives takes place.
The floppy disk is used as storage for:
- modified application software, which are generated
at the CSSI and loaded at CAMPS sites.
- M&D and OU programs.
- memory dump and trace information
4.3.2.1.2 H̲a̲r̲d̲w̲a̲r̲e̲ ̲C̲o̲n̲t̲r̲o̲l̲
The SSC controls via the watchdog whether all DISKs
in common can be accessed from either IO BUS-A or B,
or from both A and B, or from none. Access means that
the PU "take ownership", i.e. executes an IO instruction,
which connects an IO BUS device to the PU issuing the
command. The command has only effect if the IO BUS
in question is not disabled by the watchdog. Via manual
switches in the Channel Unit, it is possible to override
this decision and enable a specific device to be accessed
via either of the IO BUSes.
The use of the manual facility makes it possible to
assign peripherals to the off-line PU and totally shield
the off-line operations from those of the active PU.
In table 4.3.2.1.2-1 below, the co-operation of the
above facilities are defined.
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
Start-up of Start-up of Dualized Off-Line
Active PU Standby PU Operation Operation
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
IO BUS A enable IO BUS A enable IO BUS A enable IO
BUS
A
enable
IO BUS B disable IO BUS B enable IO BUS B disable IO
BUS
B
disable
Manual enable of:
- floppy disk
- off-line disk
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
Assumption: IO Bus A is connected to the active PU
…01…Table 4.3.2.1.2-1…01…I̲O̲ ̲B̲U̲S̲ ̲H̲a̲r̲d̲w̲a̲r̲e̲ ̲C̲o̲n̲n̲e̲c̲t̲i̲o̲n̲s̲
4.3.2.1.3 S̲o̲f̲t̲w̲a̲r̲e̲ ̲C̲o̲n̲t̲r̲o̲l̲
During on-line operation, the assignment/deassignment
of disk drives are performed by the SSC, whereas the
volume handling is split:
- the mirrored and the floppy disk volumes are controlled
by the SSC via operator commands.
- the off-line disk volumes are controlled by the
TEP (via supervisor commands).
However, during start-up, the PU in question performs
assignment and volume handling.
During off-line operation, the off-line PU performs
assign/deassign and mount/dismount.
4.3.2.1.4 R̲e̲c̲o̲n̲f̲i̲g̲u̲r̲a̲t̲i̲o̲n̲
A suspected erroneous disk drive may be connected to
the off-line PU. A repaired disk drive can be connected
to the active PU. The off-line and the floppy disk
may be connected to either the active or the off-line
PU. Reconfigurations will affect the packages described
during software control.
4.3.2.2 T̲D̲X̲-̲B̲U̲S̲ ̲S̲y̲s̲t̲e̲m̲
4.3.2.2.1 M̲o̲d̲e̲s̲ ̲o̲f̲ ̲O̲p̲e̲r̲a̲t̲i̲o̲n̲ ̲(̲P̲U̲-̲A̲s̲s̲i̲g̲n̲m̲e̲n̲t̲)̲
The TDX-bus system contains two TDX-buses each equipped
with a TDX-CTR, and a number of TDX crates connected
to the TDX-bus by BSM-Xs.
Except for M&D degraded operation, the active PU runs
the TDX-bus systems in active/standby mode. A switch
to the standby TDX-bus is supported softwarewise by
the THS in the IOC.
In M&D operation, the standby TDX-bus is used by the
off-line PU during TDX Bus system test.
4.3.2.2.2 H̲a̲r̲d̲w̲a̲r̲e̲ ̲C̲o̲n̲t̲r̲o̲l̲
The SSC controls via the watchdog, whether a PU has
access to the TDX-bus systems or not. (Refer to section
4.3.3 for a description of PU control). Prior to a
switch, the SSC will command the watchdog to switch
LTUXs at the active TDX-bus to the standby TDX-bus.
During power-up a TDX-CTR built-in self test program
is executed. The result is indicated via a LED on
the TDX-CTR and via a watchdog monitoring signal.
(Refer section 4.3.3.2).
4.3.2.2.3 S̲o̲f̲t̲w̲a̲r̲e̲ ̲C̲o̲n̲t̲r̲o̲l̲
The TDX-bus system is in the active PU controlled by
the SSC and the THS (in the IOC), which:
- defines the TDX-bus communication
- switches between TDX-bus systems
- connects a TDX-bus system to the off-line PU
- inserts a TDX-bus system as standby
- switches a BSM-X to TDX-bus 1 or 2
4.3.2.2.4 R̲e̲c̲o̲n̲f̲i̲g̲u̲r̲a̲t̲i̲o̲n̲
An erroneous TDX-bus system is taken out of on-line
operation and may be tested by the off-line PU. A
repaired TDX-Bus system can be re-inserted. It is
possible to switch between the TDX-bus systems.
4.3.2.3 L̲T̲U̲ ̲a̲n̲d̲ ̲A̲t̲t̲a̲c̲h̲e̲d̲ ̲L̲i̲n̲e̲s̲
4.3.2.3.1 M̲o̲d̲e̲s̲ ̲o̲f̲ ̲O̲p̲e̲r̲a̲t̲i̲o̲n̲
During M&D operation in the off-line PU, a suspected
erroneous LTU can be connected to the off-line PU.
During SD&T or TG operation in the off-line PU at the
CSSI site an LTU equipped with VDU and printer is connected
to the offline PU.
The remaining LTUs are connected to the active PU.
4.3.2.3.2 H̲a̲r̲d̲w̲a̲r̲e̲ ̲C̲o̲n̲t̲r̲o̲l̲
The LTU control is similar to the disk control described
in section 4.3.2.1.2.
In table 4.3.2.3.2-1, the co-operation of control facilities
are defined.
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
Dualized Operation M&D SD&T and TG
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
IO BUS A enable IO BUS A enable IO BUS A enable
IO BUS B disable IO BUS B disable IO BUS B disable
Manual enable of Manual enable of
- erroneous LTU - SD&T or TG LTU
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
Assumption: IO BUS-A is connected to the active PU.
Table 4.3.2.3.2-1…01…I̲O̲ ̲B̲U̲S̲ ̲H̲a̲r̲d̲w̲a̲r̲e̲ ̲C̲o̲n̲n̲e̲c̲t̲i̲o̲n̲s̲
During power-up, module built-in self test programs
in the LTUs are executed. The result is available
through a LED on the LTU front panel (refer section
4.3.3.2).
Also, the module built-in selt test programs can be
executed via an I/O instruction. If the built-in testprogram
detects an error the result is given on a LED and the
device is not accessable.
4.3.2.3.3 S̲o̲f̲t̲w̲a̲r̲e̲ ̲C̲o̲n̲t̲r̲o̲l̲
The SSC supports downline load of LTU programs. The
SSC controls assign/deassign of LTU/LTU-lines, whereas
the THP handles open/close.
Assign/deassign includes the "take ownership" command.
During SD&T and TG off-line operation, the LTU and
LTU equipment are entirely handled by the SSP or the
OLP.
4.3.2.3.4 R̲e̲c̲o̲n̲f̲i̲g̲u̲r̲a̲t̲i̲o̲n̲
A suspected erroneous LTU can be connected to the off-line
PU. Also, an LTU can be taken out of service. It is
possible to connect an LTU to the active PU and to
enable/disable the operational use of an LTU line.
It is possible to specify channel designator to LTU-line
connection.
4.3.2.4 L̲T̲U̲X̲ ̲a̲n̲d̲ ̲A̲t̲t̲a̲c̲h̲e̲d̲ ̲T̲e̲r̲m̲i̲n̲a̲l̲ ̲E̲q̲u̲i̲p̲m̲e̲n̲t̲
4.3.2.4.1 M̲o̲d̲e̲s̲ ̲o̲f̲ ̲O̲p̲e̲r̲a̲t̲i̲o̲n̲
During M&D operation in the off-line PU a suspected
erroneous LTUX can be connected to the off-line PU
in this way:
The standby TDX-bus is taken off-line and the LTUX
and its neighbour LTUX in the crate is switched to
the off-line TDX-bus. This facility is used, when
either the TDX-bus system or the LTUX is erroneous.
The remaining LTUXs are connected to the active TDX-bus.
4.3.2.4.2 H̲a̲r̲d̲w̲a̲r̲e̲ ̲C̲o̲n̲t̲r̲o̲l̲
The SSC controls via the watchdog, if two LTUXs in
a TDX crate are connected to TDX-bus 1 or 2.
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
Dualized Operation or M&D
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
All LTUXs connected to An
erroneous
LTUX
and
the
neighbour
TDX-BUS 1 LTUX
is
connected
to
TDX-bus
2.
Remaining LTUXs are connected
to TDX-bus 1
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
Assumption: TDX-bus 1 is active.
Table 4.3.2.4.2-1…01…L̲T̲U̲X̲ ̲C̲o̲n̲n̲e̲c̲t̲i̲o̲n̲
During power-up, module built-in self test programs
are executed. The result is given on a LED on the
LTUX front panel.
4.3.2.4.3 S̲o̲f̲t̲w̲a̲r̲e̲ ̲C̲o̲n̲t̲r̲o̲l̲
The SSC controls assignment/deassignment, whereas the
TEP handles open/close of LTUX-lines to terminal equipment
and the THP handles open/close of LTUX-lines to TRC.
4.3.2.4.4 R̲e̲c̲o̲n̲f̲i̲g̲u̲r̲a̲t̲i̲o̲n̲
An LTUX can be connected to the active or the off-line
TDX-bus.
An LTUX can be taken out of service. It is possible
to specify that an LTUX-line is enabled/disabled for
active operational use. It is possible to specify the
terminal/device designator to LTUX-line connection.
4.3.3 W̲a̲t̲c̲h̲d̲o̲g̲ ̲a̲n̲d̲ ̲M̲a̲n̲u̲a̲l̲ ̲S̲u̲p̲e̲r̲v̲i̲s̲i̲o̲n̲ ̲F̲a̲c̲i̲l̲i̲t̲i̲e̲s̲
The watchdog monitors and controls the CAMPS hardware
via a serial configuration control bus (CCB), which
is connected to adapters in each crate.
If the watchdog fails a back up is provided via manual
switches in the crates.
4.3.3.1 W̲a̲t̲c̲h̲d̲o̲g̲ ̲C̲o̲n̲t̲r̲o̲l̲
Overleaf in figure 4.3.3.1-1 a summary of the watchdog
control facilities is given.
The watchdog control of a channel unit is defined in
section 4.3.2.1.2 and 4.3.2.3.2.
The watchdog control of a TDX-crate is defined in section
4.3.2.2.2 and 4.3.2.4.2.
The watchdog control of a PU crate is defined below.
The watchdog has three PU control signals:
- Enable/disable PU
- Set normal mode/maintenance mode
- Issue master clear
a) P̲U̲ ̲e̲n̲a̲b̲l̲e̲/̲d̲i̲s̲a̲b̲l̲e̲
This signal connects/disconnects a PU to/from the
Data Channel and TDX-buses in the MIA/TIAs.
b) N̲o̲r̲m̲a̲l̲/̲m̲a̲i̲n̲t̲e̲n̲a̲n̲c̲e̲ ̲M̲o̲d̲e̲
In maintenance mode, the watchdog communicates
directly with the MAP microprocessor. The PU is
disabled and the MAP is able to execute a set of
low level M&D commands.
In normal mode, the watchdog communicates with
a CPU, which executes a PROM program in the MIA.
This program requests the operator to define a
disk drive, from which a number of segments is
loaded into normal RAM. The loaded program is
started and communicates with the operator for
determination of the further start-up.
FIGURE 4.3.3.1-1
c) M̲a̲s̲t̲e̲r̲ ̲C̲l̲e̲a̲r̲
The setting of master clear starts execution of
built-in tests in the CPUs and in the MAP and in
appropriate modules and initiates the normal mode
or maintenance mode operation. Power-up of a PU
implies the issuing of a master clear signal.
In figure 4.3.3.1-1 the used combination of the
above signals in controlling the CAMPS modes of
operation, are defined.
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
MODE PU PU NORMAL MAINTENANCE
ENABLE DISABLE MODE MODE
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
Active and Standby PU X X
M&D initial X X
M&D extended PU test X X
M&D load of test
programs and execution
of peripheral tests X X
SD&T, TG ad OU X X
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
Fig. 4.3.3.1-1…01…W̲a̲t̲c̲h̲d̲o̲g̲ ̲C̲o̲n̲t̲r̲o̲l̲ ̲o̲f̲ ̲P̲U̲ ̲O̲p̲e̲r̲a̲t̲i̲o̲n̲
4.3.3.2 W̲a̲t̲c̲h̲d̲o̲g̲ ̲M̲o̲n̲i̲t̲o̲r̲i̲n̲g̲
The watchdog monitors the PU signals:
1) power
2) whether the PU is manually or automatically controlled
The watchdog monitors the IO-crate signals:
1) power
The watchdog monitors the TDX-crate signals:
1) power
2) setting of auto/manual switch
3) the result of self test routines
4) the status of the TDX-CTR
If a power-down is detected in the active PU, an emergency
switch-over is initiated automatically.
If a power-down is detected in the non-active PU, then
the PU is disabled.
The Channel unit contains two power-supplies:
- one supply for each CIA
- dualized supply per IO-BUS device
A single power-down has effects identical to a PU power
down. A dualized power down implies a total system
failure.
A power down in the watchdog inplies that the watchdog
is taken out of service (refer to section 4.3.3.3).
A power down in a TDX-crate implies, that the 2 LTUXs
in the crate are taken out of service.
The setting of the auto/manual switch is displayed
at the operator VDU.
If the TDX-CTR status indicates an error, the SSC in
the active PU is notified and a TDX-bus switch-over
will take place.
4.3.3.3 M̲a̲n̲u̲a̲l̲ ̲F̲a̲l̲l̲-̲B̲a̲c̲k̲
If the watchdog fails, it is automatically taken out
of service and the objects controlled by the watchdog
will remain unchanged. However, the watchdog monitoring
and control via the configuration control bus, is not
possible.
Monitoring is provided by means of LEDs on the crates.
