top - download
⟦9e0251f93⟧ Wang Wps File
Length: 26472 (0x6768)
Types: Wang Wps File
Notes: CAMPS SYS DES SPEC
Names: »0518A «
Derivation
└─⟦7c0ec4e20⟧ Bits:30006001 8" Wang WCS floppy, CR 0036A
└─ ⟦this⟧ »0518A «
WangText
:…05…9…09…9…86…1
…02…
…02…
…02…
…02…CPS/SDS/001
…02…
FH/810115…02……02…
CAMPS
SYSTEM
DESIGN
SPECIFICATION
…02……02…CAMPS
T̲A̲B̲L̲E̲ ̲O̲F̲ ̲C̲O̲N̲T̲E̲N̲T̲S̲
4.3 SYSTEM SUPERVISION ..................
4.3.1 CAMPS Modes of Operation ..........
4.3.1.1 On-Line Operation .............
4.3.1.2 Off-Line Operation ............
4.3.1.3 Watchdog Operation ............
4.3.1.4 Switch-Over ...................
4.3.1.4.1 Emergency Switch-Over .....
4.3.1.4.2 Ordered Switch-Over .......
4.3.1.5 Start-Up of CAMPS Modes .......
4.3.1.6 Load of Modified Software .....
4.3.1.7 Detailed Start-Up of On-Line
Operations ....................
4.3.1.8 Close Down of CAMPS Modes of
Operation .....................
4.3.2 Equipment Resource Handling .......
4.3.2.1 Disk Equipment ................
4.3.2.1.1 Modes of Operation ........
4.3.2.1.2 Hardware Control ..........
4.3.2.1.3 Software Control ..........
4.3.2.1.4 Reconfiguration ...........
4.3.2.2 TDX-Bus System ................
4.3.2.2.1 Modes of Operation ........
4.3.2.2.2 Hardware Control ..........
4.3.2.2.3 Software Control ..........
4.3.2.2.4 Reconfiguration ...........
4.3.2.3 LTU and Attached Lines ........
4.3.2.3.1 Modes of Operation ........
4.3.2.3.2 Hardware Control ..........
4.3.2.3.3 Software Control ..........
4.3.2.3.4 Re-configuration ..........
4.3.2.4 LTUX and Attached Terminal
Equipment .....................
4.3.2.4.1 Modes of Operation ........
4.3.2.4.2 Hardware Control ..........
4.3.2.4.3 Software Control ..........
4.3.2.4.4 Re-configuration ..........
4.3.3 Watchdog and Manual Supervision
Facilities ........................
4.3.3.1 Watchdog Control ..............
4.3.3.2 Watchdog Monitoring ...........
4.3.3.3 Manual Fallback ...............
4.3 S̲Y̲S̲T̲E̲M̲ ̲S̲U̲P̲E̲R̲V̲I̲S̲I̲O̲N̲
System supervision addresses the monitoring and control
of the CAMPS modes of operation.
The description is separated into three sections:
1) control of CAMPS modes of operation
2) control of peripheral equipment
3) watchdog and manual control and monitoring facilities.
4.3.1 C̲A̲M̲P̲S̲ ̲M̲o̲d̲e̲s̲ ̲o̲f̲ ̲O̲p̲e̲r̲a̲t̲i̲o̲n̲
The CAMPS system supports on-line and off-line operations.
The on-line modes of operation are:
- a dualized system consisting of an active and a
standby processor.
- a degraded system consisting of an active processor.
In the degraded system, the non-active processor is
used for off-line operations:
- software development and test (SD&T)
- maintenance and diagnostics (M&D)
The CAMPS modes of operations are controlled software-
and hardware-wise from the watchdog position, which
contains:
- the watchdog
- the operator VDU
- the operator printer
4.3.1.1 O̲n̲-̲L̲i̲n̲e̲ ̲O̲p̲e̲r̲a̲t̲i̲o̲n̲
CAMPS on-line operations are supported by either a
dualized PU configuration or by a single PU configuration.
The dualized configuration consists of an active PU,
which performs on-line functions and a standby PU,
which is ready to assume on-line functions, when a
switch-over is executed. On an event basis checkpoints
(defining e.g. terminal and traffic status) are transferred
to the standby processor to assure an acceptable level
of data continuity at the time of recovery and restart
during a switch-over. The active processor owns all
disks, terminals, and external channels, whereas the
standby PU has none. The dualized configuration is
depicted in figure 4.3.1-1 overleaf.
The single PU configuration consists of an active PU,
which operates as the active PU above, except for checkpoint
generation.
Fig. 4.3.1-1…01…D̲u̲a̲l̲i̲z̲e̲d̲ ̲O̲p̲e̲r̲a̲t̲i̲o̲n̲
4.3.1.2 O̲f̲f̲-̲L̲i̲n̲e̲ ̲O̲p̲e̲r̲a̲t̲i̲o̲n̲
In the M&D configuration (refer to figure 4.3.1-2),
the off-line processor may be assigned a number of
devices:
- the floppy disk or the off-line disk
- two LTUXs on the same DTM-X
- one LTU
- the off-line disk or an out of service mirrored
disk
The M&D test programs are operated from the operator
VDU, whereas test output is directed to the operator
printer. M&D programs are residing on the floppy disk
and on the off-line disk.
The SD&T configuration (refer figure 4.3.1-3) at the
development site (CSSI) is assigned an extra VDU and
LP on the IO BUS for control of operation and output
of results.
The SD&T programs are residing on the floppy disk or
on the off-line disk. Modified software are generated
at a floppy disk for transportation to CAMPS sites.
4.3.1.3 W̲a̲t̲c̲h̲d̲o̲g̲ ̲O̲p̲e̲r̲a̲t̲i̲o̲n̲
The watchdog is an independent processor, which:
- monitors and controls the CAMPS hardware as described
in section 4.3.3.
- determines switch-over, hereby authority conflicts
between the two processors are avoided.
- provides an operator command interface from the
operator VDU to both PUs, thereby enabling a software
control of all CAMPS modes of operation.
- monitors the active and standby PU by the periodic
reception of a "keep alive" message.
The operator VDU contains a display of the CAMPS system
status.
The operator printer provides a hard copy facility
for system status print-out (e.g error reports).
Fig. 4.3.1-2…01…D̲e̲g̲r̲a̲d̲e̲d̲ ̲O̲p̲e̲r̲a̲t̲i̲o̲n̲ ̲(̲M̲&̲D̲)̲
Fig. 4.3.1-3…01…D̲e̲g̲r̲a̲d̲e̲d̲ ̲O̲p̲e̲r̲a̲t̲i̲o̲n̲ ̲S̲D̲&̲T̲
4.3.1.4 S̲w̲i̲t̲c̲h̲-̲O̲v̲e̲r̲
During dualized operation, a switch-over to the standby
PU will take place:
- subsequent to a non-recoverable hardware or software
error in the active PU (emergency switch-over).
- subsequent to an operator switch-over command (ordered
switch-over).
The error detection is described in section 4.11.
A switch-over implies, that:
- the active PU is taken off-line by the watchdog.
- the watchdog directs the standby PU to capture
all peripherals and go into a recovery/restart
procedure to restore CAMPS on-line operations.
The active PU normally directs the watchdog to perform
a switch-over, however, the watchdog executes automatically
an emergency switch-over, if:
- no keep alive message is received from the active
PU.
- a non-recoverable hardware error (e.g. power down)
is detected via the crate configuration bus (refer
section 4.3.3).
4.3.1.4.1 E̲m̲e̲r̲g̲e̲n̲c̲y̲ ̲S̲w̲i̲t̲c̲h̲-̲O̲v̲e̲r̲
The active PU is physically disconnected from its peripherals
and the standby Pu is commanded to go active. The
standby PU captures all peripherals and loads and starts
the application software. The recovery actions based
upon received checkpoints are defined in section 4.7.
4.3.1.4.2 O̲r̲d̲e̲r̲e̲d̲ ̲S̲w̲i̲t̲c̲h̲-̲O̲v̲e̲r̲
All input/output to/from external lines are stopped,
when a complete message is received/transmitted.
Terminal operators are given a limited time to stop
input. Having completed a transaction (inclusive presentation)
the terminal position is signed off. All remaining
packages are commanded to stop processing and the standby
PU is notified to become active.
4.3.1.5 S̲t̲a̲r̲t̲-̲U̲p̲ ̲o̲f̲ ̲C̲A̲M̲P̲S̲ ̲M̲o̲d̲e̲s̲ ̲o̲f̲ ̲O̲p̲e̲r̲a̲t̲i̲o̲n̲
The operator starts all CAMPS modes of operation.
At first, the operator defines an initial hardware
configuration via operator commands directly to the
watchdog:
- enable Pu
- set PU in normal mode
- connect disk to the PU in question
- issue master clear
(Refer to section 4.3.3 for a detailed description
of these signals).
Hereby a dialogue to a MIA PROM program executed by
a CPU is set-up and the PU has access to a disk.
The operator specifies a disk drive and the above program
loads a number of segments into RAM and starts execution.
The loaded program performs further loading, which
may be:
- start-up active PU
- start-up standby PU
- start-up M&D in off-line PU
- start-up SD&T in off-line PU
Overleaf in figure 4.3.1.5-1, the start-up modes of
on-line operations are illustrated. As an option during
start-up, a memory dump can be performed to the disk
drive used for start-up. Via M&D software, it can
later be disassembled and printed at the operator printer.
Fig. 4.3.1.5-1…01…S̲t̲a̲r̲t̲-̲U̲p̲ ̲o̲f̲ ̲O̲n̲-̲L̲i̲n̲e̲ ̲O̲p̲e̲r̲a̲t̲i̲o̲n̲s̲
4.3.1.6 L̲o̲a̲d̲ ̲o̲f̲ ̲M̲o̲d̲i̲f̲i̲e̲d̲ ̲S̲o̲f̲t̲w̲a̲r̲e̲
At the CSSI site new application software is developed
and tested. On floppy disk packs, the modified application
software is transported to CAMPS sites, where it is
copied to the mirrored disks or the off-line disk.
At a subsequent switch-over or a start-up subsequent
to an ordered close down, the modified application
software can be brought into operation.
4.3.1.7 D̲e̲t̲a̲i̲l̲e̲d̲ ̲S̲t̲a̲r̲t̲-̲U̲p̲ ̲o̲f̲ ̲O̲n̲-̲L̲i̲n̲e̲ ̲O̲p̲e̲r̲a̲t̲i̲o̲n̲s̲
During start-up of on-line operations the CAMPS operating
system (COPSY) is loaded and started at first. COPSY
is the parent of all processes and assigns resources
(e.g. memory, CPU, lines, access, and security rights)
to its children based on a system status table. LTU
and LTUX lines are assigned/deassigned by COPSY, whereas
THP(LTU-lines), TEP (LTUX terminal lines), and THP
(LTUX-TRC lines) opens/closes the lines. During assignment,
the watchdog is commanded to execute physical connection
as described in section 4.3.3.
Processes and procedures are given start-up information,
which defines the type of start-up. So initialization
and recovery actions are performed decentralized.
The mapping of recovery requirements to packages are
defined in section 4.7.
A description of disk start-up information is given
in section 5.10.1.2.1.1.
4.3.1.8 C̲l̲o̲s̲e̲-̲D̲o̲w̲n̲ ̲o̲f̲ ̲C̲A̲M̲P̲S̲ ̲M̲o̲d̲e̲s̲ ̲o̲f̲ ̲O̲p̲e̲r̲a̲t̲i̲o̲n̲
The operator can close all CAMPS modes of operation
either ordered or non-ordered.
During a non-ordered close down, the PU in question
is physically isolated (the PU is disabled as described
in section 3.3.3). If the active PU is closed non-ordered
an emergency switch-over will take place.
During an ordered close down the concerned PU is commanded
to stop execution. Having done so, the PU is disabled.
For the active PU two types of ordered close-down
are handled:
a) C̲l̲o̲s̲e̲-̲d̲o̲w̲n̲ ̲a̲n̲d̲ ̲D̲i̲e̲-̲o̲u̲t̲
All input from external lines are stopped, when
a complete message is received (Handled by THP).
All input from terminals are stopped after a limited
time (Handled by TEP).
Hereafter, the system will slowly die out. When
all queues are empty, all processing will be terminated
and the PU disabled.
b) C̲l̲o̲s̲e̲-̲d̲o̲w̲n̲ ̲a̲n̲d̲ ̲S̲a̲v̲e̲ ̲Q̲u̲e̲u̲e̲ ̲I̲n̲f̲o̲r̲m̲a̲t̲i̲o̲n̲
All input/output to/from external lines are stopped,
when a complete message is received/transmitted
(handled by THP). Terminal operators are given
a limited time to stop all input. Having completed
a transaction (incl. presentation) the terminal
position is signed off. (TEP and SSC actions).
All remaining packages are commanded to stop execution
and the current queue content are saved on disk
by the CAMPS system function (CSF) package.
4.3.2 E̲q̲u̲i̲p̲m̲e̲n̲t̲ ̲R̲e̲s̲o̲u̲r̲c̲e̲ ̲H̲a̲n̲d̲l̲i̲n̲g̲
This section defines the:
- modes of operation
- hardware and software control
- reconfiguration possibilities
for DISK, TDX-BUS system, LTU and LTUX equipment.
The Configuration Table contains a description of all
CAMPS equipment. The SSC in the active PU updates
this table, when:
- operator commands or
- error fix-up procedures
are executed.
Device control is implemented via hardware and software.
The hardware control connects a device to either of
the PUs. Also it ensures that active PU activities
will not interfere with off-line PU activities. The
hardware control is implemented by the SSC, but executed
by the watchdog as described in section 4.3.3.
The software control is handled by the SSC, which defines
access and security rights for the users of the devices.
4.3.2.1 D̲i̲s̲k̲ ̲E̲q̲u̲i̲p̲m̲e̲n̲t̲
4.3.2.1.1 M̲o̲d̲e̲s̲ ̲o̲f̲ ̲O̲p̲e̲r̲a̲t̲i̲o̲n̲
A CAMPS site configuration contains:
- two mirrored disk drives
- one off-line disk drive
- one floppy disk drive
The mirrored disk drives are always assigned to the
active PU, except when a drive is erroneous.
The off-line disk drive may be assigned to either the
active or the off-line PU.
The off-line disk is used in performing the following
active PU functions:
- retrieval of off-loaded messages
- start-up of active operation
- back-up of the system parameter file
- off-loading of messages
- memory dump and trace information storage
- loading of modified application software
and for the following standby PU function:
- start-up of standby operation
and for the following off-line PU functions:
- start-up of off-line operation
- source for memory dump and trace information print-out
The mirrored and off-line disks are permanently defined
at start-up time i.e. no interchange between mirrored
and off-line disk drives takes place.
The floppy disk is used as storage for:
- modified application software, which are generated
at the CSSI and loaded at CAMPS sites.
- M&D programs.
4.3.2.1.2 H̲a̲r̲d̲w̲a̲r̲e̲ ̲C̲o̲n̲t̲r̲o̲l̲
The SSC controls via the watchdog whether all DISKs
in common can be accessed from either IO BUS-A or B,
or from both A and B, or from none. Via manual switches
in the IO-crate, it is possible to override this decision
and enable/disable a specific device to be accessed
via either of the IO BUSes.
The use of the manual facility makes it possible to
assign peripherals to the off-line PU and totally shield
the off-line operations from those of the active PU.
In table 4.3.2.1.2-1 below, the co-operation of the
above facilities are defined.
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
Start-up of Start-up of Dualized Off-Line
Active PU Standby PU Operation Operation
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
IO BUS A enable IO BUS A enable IO BUS A enable IO
BUS
A
enable
IO BUS B disable IO BUS B enable IO BUS B disable IO
BUS
B
disable
Manual enable of:
- floppy disk
- off-line disk
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
Assumption: IO Bus A is connected to the active PU…01……01…Table 4.3.2.1.2-1…01…I̲O̲
̲B̲U̲S̲ ̲H̲a̲r̲d̲w̲a̲r̲e̲ ̲C̲o̲n̲n̲e̲c̲t̲i̲o̲n̲s̲
During power-up built-in self test programs are initiated.
The result is indicated via a LED on the DISK CTR
or via a watchdog monitoring signal. (Refer section
4.3.3.2).
4.3.2.1.3 S̲o̲f̲t̲w̲a̲r̲e̲ ̲C̲o̲n̲t̲r̲o̲l̲
During on-line operation, the assignment/deassignment
of disk drives are performed by the SSC, whereas the
volume handling is split:
- the mirrored and the floppy disk volumes are controlled
by the SSC via operator commands.
- the off-line disk volumes are controlled by the
TEP (via supervisor commands).
However, during start-up, the PU in question performs
assignment and volume handling.
During off-line operation, the off-line PU performs
assign/deassign and mount/dismount.
4.3.2.1.4 R̲e̲c̲o̲n̲f̲i̲g̲u̲r̲a̲t̲i̲o̲n̲
Any erroneous disk drive is removed and may be connected
to the off-line PU. A repaired disk drive can be reinserted.
The off-line and the floppy disk may be connected
to either the active or the off-line PU. Reconfigurations
will affect the packages described during software
control.
4.3.2.2 TD̲X̲-̲B̲U̲S̲ ̲S̲y̲s̲t̲e̲m̲
4.3.2.2.1 M̲o̲d̲e̲s̲ ̲o̲f̲ ̲O̲p̲e̲r̲a̲t̲i̲o̲n̲ ̲(̲P̲U̲-̲A̲s̲s̲i̲g̲n̲m̲e̲n̲t̲)̲
The TDX-BUS system contains two TDX-BUSes each equipped
with a TDX-CTR, a TDX-I/F, and a number of BSM-Xs.
Except for M&D degraded operation, the active PU runs
the TDX-BUS systems in active standby mode. A switch
to the standby TDX-BUS is supported softwarewise by
the THS in the IOC. Prior to a switch, the SSC will
command the watchdog to switch LTUXs at the active
TDX-BUS to the standby TDX-BUS.
In M&D operation, the standby TDX-BUS is used by the
off-line PU during TDX Bus system test; during a LTUX
test, the dualized TDX-BUS operation can continue and
the off-line PU can access a specified LTUX.
4.3.2.2.2 H̲a̲r̲d̲w̲a̲r̲e̲ ̲C̲o̲n̲t̲r̲o̲l̲
The SSC controls via the watchdog, whether a PU has
access to the TDX-BUS systems or not. (Refer to section
4.3.3 for a description of PU control).
During power-up a TDX-CTR built-in self test program
is executed. The result is indicated via a LED on
the TDX-CTR and via a watchdog monitoring signal.
(Refer section 4.3.3.2).
4.3.2.2.3 S̲o̲f̲t̲w̲a̲r̲e̲ ̲C̲o̲n̲t̲r̲o̲l̲
The TDX-BUS system is in the active PU controlled by
the SSC and the THS (in the IOC), which:
- loads the TDX-BUS system
- switches between TDX-BUS systems
- removes a TDX-BUS system
- inserts a TDX-BUS system
- switches a BSM to TDX BUS 1, 2, or none
4.3.2.2.4 R̲e̲c̲o̲n̲f̲i̲g̲u̲r̲a̲t̲i̲o̲n̲
An erroneous TDX-BUS system is removed and may be tested
by the off-line PU. A repaired TDX-Bus system can
be re-inserted. It is possible to switch between the
TDX-BUS systems.
4.3.2.3 L̲T̲U̲ ̲a̲n̲d̲ ̲A̲t̲t̲a̲c̲h̲e̲d̲ ̲L̲i̲n̲e̲s̲
4.3.2.3.1 M̲o̲d̲e̲s̲ ̲o̲f̲ ̲O̲p̲e̲r̲a̲t̲i̲o̲n̲
During M&D operation in the off-line PU, an erroneous
LTU can be connected to the off-line PU.
During SD&T operation in the off-line PU at the CSSI
site an extra LTU equipped with VDU and printer is
connected to the offline PU.
The remaining LTUs are connected to the active PU.
4.3.2.3.2 H̲a̲r̲d̲w̲a̲r̲e̲ ̲C̲o̲n̲t̲r̲o̲l̲
The LTU control is similar to disk control described
in section 4.3.2.1.2.
In table 4.3.2.3.2-1, the co-operation of control facilities
are defined.
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
Dualized Operation M&D SD&T
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
IO BUS A enable IO BUS A enable IO BUS A enable
IO BUS B disable IO BUS B disable IO BUS B disable
Manual enable of Manual enable of
- erroneous LTU - SD&T LTU
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
Assumption: IO BUS-A is connected to the active PU.
Table 4.3.2.3.2-1…01…I̲O̲ ̲B̲U̲S̲ ̲H̲a̲r̲d̲w̲a̲r̲e̲ ̲C̲o̲n̲n̲e̲c̲t̲i̲o̲n̲s̲
During power-up built-in self test programs in the
LTUs are executed. The result is available through
a LED on the LTU front panel or through a watchdog
monitoring signal (refer section 4.3.3.2).
4.3.2.3.3 S̲o̲f̲t̲w̲a̲r̲e̲ ̲C̲o̲n̲t̲r̲o̲l̲
The SSC supports downline load of LTU programs. The
SSC controls assign/deassign of LTU/LTU-lines, whereas
the THP handles open/close.
Assign/deassign includes the "take ownership" command.
During SD&T off-line operation, the LTU and LTU equipment
are entirely handled by the SSP.
4.3.2.3.4 R̲e̲c̲o̲n̲f̲i̲g̲u̲r̲a̲t̲i̲o̲n̲
An erroneous LTU can be connected to the off-line PU.
It is possible to remove/insert an LTU/LTU-line.
4.3.2.4 L̲T̲U̲X̲ ̲a̲n̲d̲ ̲A̲t̲t̲a̲c̲h̲e̲d̲ ̲T̲e̲r̲m̲i̲n̲a̲l̲ ̲E̲q̲u̲i̲p̲m̲e̲n̲t̲
4.3.2.4.1 M̲o̲d̲e̲s̲ ̲o̲f̲ ̲O̲p̲e̲r̲a̲t̲i̲o̲n̲
During M&D operation in the off-line PU an erroneous
LTUX can be connected to the off-line PU in two ways:
1) The standby TDX-BUS is taken off-line and the LTUX
and its neighbour LTUX in the crate is switched
to the off-line TDX-BUS. This facility is used,
when either the TDX-BUS system or the LTUX is erroneous.
2) The LTUX is directly accessed from the off-line
PU.
This facility is used, when exercising LTUX and
LTUX line equipment.
The remaining LTUXs are connected to the active TDX-BUS.
4.3.2.4.2 H̲a̲r̲d̲w̲a̲r̲e̲ ̲C̲o̲n̲t̲r̲o̲l̲
The SSC controls via the watchdog, if two LTUXs in
the same crate are connected to TDX-BUS 1 or 2 or none.
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
Dualized Operation or M&D
Type
1
M&D Type 2
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
All LTUXs connected to An
erroneous
LTUX
and
the
neighbour
TDX-BUS 1 LTUX
is
connected
to
TDX-BUS
2.
Remaining LTUXs are connected
to TDX-BUS 1
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
Assumption: TDX-BUS 1 is active.
Table 4.3.2.4.2-1…01…L̲T̲U̲X̲ ̲C̲o̲n̲n̲e̲c̲t̲i̲o̲n̲
During power-up built-in self test programs are executed.
The result is given on a LED on the LTUX front panel
and via a watchdog monitoring signal.
4.3.2.4.3 S̲o̲f̲t̲w̲a̲r̲e̲ ̲C̲o̲n̲t̲r̲o̲l̲
The SSC controls assignment/deassignment, whereas the
TEP handles open/close of LTUX-lines to terminal equipment
and the THP handles open/close of LTUX-lines to TRC.
The SSC controls reconfiguration, where the assignments
to one LTUX is to be switched to a spare LTUX.
4.3.2.4.4 R̲e̲c̲o̲n̲f̲i̲g̲u̲r̲a̲t̲i̲o̲n̲
A spare LTUX exists to enable a hardware patch of line
equipment if an LTUX fails. Also removal/insertion
of LTUX/LTUX-lines are supported.
4.3.3 W̲a̲t̲c̲h̲d̲o̲g̲ ̲a̲n̲d̲ ̲M̲a̲n̲u̲a̲l̲ ̲S̲u̲p̲e̲r̲v̲i̲s̲i̲o̲n̲ ̲F̲a̲c̲i̲l̲i̲t̲i̲e̲s̲
The watchdog monitors and controls the CAMPS hardware
via a serial crate configuration bus (CCB), which is
connected to adapters in each crate.
If the watchdog fails a back up is provided via manual
switches in the crates.
4.3.3.1 W̲a̲t̲c̲h̲d̲o̲g̲ ̲C̲o̲n̲t̲r̲o̲l̲
The watchdog control of an IO-crate is defined in section
4.3.2.1.2 and 4.3.2.3.2.
The watchdog control of a TDX-crate is defined in section
4.3.2.2.2 and 4.3.2.4.2.
The watchdog control of a PU crate is defined below.
The watchdog has three PU control signals:
- Enable/disable PU
- Set normal mode/maintenance mode
- Issue master clear
a) P̲U̲ ̲e̲n̲a̲b̲l̲e̲/̲d̲i̲s̲a̲b̲l̲e̲
This signal connects/disconnects a PU to/from the
IO BUS and TDX-BUSes in the MIA/TIAs.
b) N̲o̲r̲m̲a̲l̲/̲m̲a̲i̲n̲t̲e̲n̲a̲n̲c̲e̲ ̲M̲o̲d̲e̲
In maintenance mode, the watchdog communicates
directly with the MAP microprocessor. The PU is
disabled and the MAP is able to execute a set of
low level M&D commands. No CPU operation takes
place.
In normal mode, the watchdog communicates with
a CPU, which executes a PROM program in the MIA.
This program requests the operator to define a
disk drive, from which a number of segments is
loaded into normal RAM. The loaded program is
started and communicates with the operator for
determination of the further start-up.
c) M̲a̲s̲t̲e̲r̲ ̲C̲l̲e̲a̲r̲
The setting of master clear starts execution of
built-in tests in the CPUs and in the MAP and initiates
the normal mode or maintenance mode operation.
Power-up of a PU implies the issuing of a master
clear signal.
In figure 4.3.3.1-1 the cooperation of the above
signals in controlling the CAMPS modes of operation,
are defined.
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
MODE PU PU NORMAL MAINTENANCE
ENABLE DISABLE MODE MODE
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
Active and Standby PU X X
M&D initial X X
M&D extended PU test X X
M&D load of test
programs and execution
of peripheral tests X X
SD&T X X
̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲ ̲
Fig. 4.3.3.1-1…01…W̲a̲t̲c̲h̲d̲o̲g̲ ̲C̲o̲n̲t̲r̲o̲l̲ ̲o̲f̲ ̲P̲U̲ ̲O̲p̲e̲r̲a̲t̲i̲o̲n̲
4.3.3.2 W̲a̲t̲c̲h̲d̲o̲g̲ ̲M̲o̲n̲i̲t̲o̲r̲i̲n̲g̲
The watchdog monitors the PU signals:
1) power
2) whether the PU is manually or automatically controlled
3) the result of self test routines
The watchdog monitors the IO-crate signals:
1) power
2) whether at least one switch is in manual or all
in auto
3) the result of self test routines
The watchdog monitors the TDX-crate signals:
1) power
2) setting of auto/manual switch
3) the result of self test routines
4) the status of the TDX-CTR
If a power-down is detected in the active PU, an emergency
switch-over is initiated automatically.
If a power-down is detected in the non-active PU, then
the PU is disabled.
The IO-crate contains two power-supplies:
- one supply for IO-BUS
- dualized supply per IO-BUS device
A single power-down has effects identical to a PU power
down. A dualized power down implies a total system
failure.
A power down in the watchdog inplies that the watchdog
is taken out of service (refer to section 4.3.3.3).
A power down in a TDX-crate implies, that the 2 LTUXs
in the crate are taken out of service.
The setting of the auto/manual switch is displayed
at the operator VDU.
The result of self test routines are displayed on the
operator VDU.
If the TDX-CTR status indicates an error, the SSC in
the active PU is notified and a TDX-BUS switch-over
will take place.
4.3.3.3 M̲a̲n̲u̲a̲l̲ ̲F̲a̲l̲l̲-̲B̲a̲c̲k̲
If the watchdog fails, it is automatically taken out
of service and the objects controlled by the watchdog
will remain unchanged. The operator VDU can be directly
connected to one of the PUs. This enables continued
operator control. However, the watchdog monitoring
and control via the configuration bus, is not possible.
Monitoring is provided by means of LEDs on the crates.
Control is provided via manual switches in the crates,
which perform the same facilities as those provided
via the configuration bus.
Also, during installation the manual switches can be
used.
