top - download
⟦b6b479513⟧ Wang Wps File
Length: 7806 (0x1e7e)
Types: Wang Wps File
Notes: CPS/SDS/001
Names: »0519A «
Derivation
└─⟦7c0ec4e20⟧ Bits:30006001 8" Wang WCS floppy, CR 0036A
└─ ⟦this⟧ »0519A «
WangText
…02…CPS/SDS/001
…02… FH/810115…02……02…
CAMPS SYSTEM DESIGN SPECIFICATION
…02……02…CAMPS
T̲A̲B̲L̲E̲ ̲O̲F̲ ̲C̲O̲N̲T̲E̲N̲T̲S̲
4.10 AVAILABILITY, MAINTAINABILITY AND INTEGRITY
OF OPERATION ..............................
4.10.1 Availability ........................
4.10.1.1 Definitions .....................
4.10.1.2 Requirements and Verification ...
4.10.1.3 Unavailability and Switch-over
Time ............................
4.10.2 Maintainability .....................
4.10.2.1 Definitions .....................
4.10.2.2 Requirements and Verification ...
4.10.3 Integrity of Operation ..............
4.10.3.1 Definitions .....................
4.10.3.2 Requirements ....................
4.10.3.3 Verification ....................
4.10.1 A̲v̲a̲i̲l̲a̲b̲i̲l̲i̲t̲y̲
4.10.1.1 A̲v̲a̲i̲l̲a̲b̲i̲l̲i̲t̲y̲ ̲D̲e̲f̲i̲n̲i̲t̲i̲o̲n̲s̲
a) A̲v̲a̲i̲l̲a̲b̲i̲l̲i̲t̲y̲.̲ The probability of finding an item
in a functioning condition at a given time.
b) M̲e̲a̲n̲ ̲t̲i̲m̲e̲ ̲b̲e̲t̲w̲e̲e̲n̲ ̲F̲a̲i̲l̲u̲r̲e̲ ̲(̲M̲T̲B̲F̲)̲.̲ The statistical
mean of the functioning time between failures.
For a given interval, the total measured functioning
time of the item divided by the total number of
failures of that item during the interval. Agreed
scheduled preventive maintenance of modules of
the equipment shall not be counted, when estimating
MTBF.
c) M̲e̲a̲n̲ ̲t̲i̲m̲e̲ ̲t̲o̲ ̲R̲e̲p̲a̲i̲r̲ ̲(̲M̲T̲T̲R̲)̲.̲ The statistical mean
of distribution of times to repair. The summation
of active repair times during a given period of
time divided by the total number of malfunctions
during the same time interval. This repair time
shall include all actions required to detect, locate
and repair the fault.
4.10.1.2 A̲v̲a̲i̲l̲a̲b̲i̲l̲i̲t̲y̲ ̲R̲e̲q̲u̲i̲r̲e̲m̲e̲n̲t̲s̲ ̲a̲n̲d̲ ̲V̲e̲r̲i̲f̲i̲c̲a̲t̲i̲o̲n̲
The detailed hardware requirements are defined in CPS/210/SYS/0001
section 3.4.4.4.
Verification that the CAMPS system fulfils the requirements
is given in the R&M Program Plan, CPS/PLN/004.
The CAMPS on-line operations affect the MTTR of equipment
by providing detailed error reports upon detection
of an error. A description of these facilities is given
in section 4.11.
The availability requirements are partitioned into
6 major requirements:
1- Service to individual user connecting points
2- Service to individual external channels
3- Service to groups of user connecting points
4- Service to groups of external channels
5- Service to 75% of user connecting points
6 Service to all circuits, channels and user connecting
points
Overleaf 6 figures are depicted to summarize the availability
requirements.
The figures also indicate the hardware involved (shaded
areas).
C̲o̲m̲m̲e̲n̲t̲s̲ ̲t̲o̲ ̲t̲h̲e̲ ̲F̲i̲g̲u̲r̲e̲ ̲C̲o̲n̲f̲i̲g̲u̲r̲a̲t̲i̲o̲n̲s̲
The following information is given:
- A = availability (fraction)
- MTTR = standard
- MTBF = standard
a) L̲T̲U̲X̲
One of the spare LTUX's is inserted in the TDX
crate to enable a patching in case of a LTUX error.
b) D̲I̲S̲K̲
The configuration contains 2 mirrored disks. The
third disk is a stand alone disk (used for e.g.
off line retrieval) and is not included in the
availability verification.
6 stk. tegninger inds`ttes 2 p> hver side
4.10.1.3 U̲n̲a̲v̲a̲i̲l̲a̲b̲i̲l̲i̲t̲y̲ ̲a̲n̲d̲ ̲S̲w̲i̲t̲c̲h̲-̲o̲v̲e̲r̲ ̲T̲i̲m̲e̲
This section defines the sources, which gives unavailability
for the total CAMPS system:
- unavailability of a PU and attached IO-BUS
- unavailability of the redundant DISK system
- unavailability of the redundant TDX system
- unavailability of the watchdog
- switch-over time
This gives the following equation:
SWT…0f…*…0e… PU ̲IOBUS ̲ERRORS =
MAX ̲U - U ̲WD - U ̲PU ̲IOBUS - U ̲DISK ̲CTR
where
SWT = switch-over time in minutes
MAX ̲U max allowed unavailability = 26.28 minutes per
year
U ̲WD = watchdog unavailability = 4.73 minutes per
year
U ̲DISK ̲TDX = redundant DISK + TDX system unavailability
= 2.10 minutes per year
U ̲PU ̲IOBUS = redundant PU + IOBUS
unavailability = 0,37 minutes per
year
PU ̲ IOBUS ̲ERRORS = no of errors in nonredundant
PU + IOBUS equipment = 7,35
This gives SWT = 156 seconds
The above calculation is based on the following figures
taken from the R&M plan:
1- system availability required = 0.99995
2- TDX + DISK system availability provided = 0.999996
3- watchdog: 9 errors per million hours
4- PU: 816 errors per million hours
5- IO BUS: 23 errors per million hours
6- MTTR = 1 hour
To provide a reasonable safety factor, a design value
for the switch-over time on 60 seconds is selected.
4.10.2 M̲a̲i̲n̲t̲a̲i̲n̲a̲b̲i̲l̲i̲t̲y̲
4.10.2.1 M̲A̲I̲N̲T̲A̲I̲N̲A̲B̲I̲L̲I̲T̲Y̲ ̲D̲E̲F̲I̲N̲I̲T̲I̲O̲N̲S̲
a) C̲o̲r̲r̲e̲c̲t̲i̲v̲e̲ ̲m̲a̲i̲n̲t̲e̲n̲a̲n̲c̲e̲.̲ The maintenance undertaken
to restore an item to a specified condition after
a failure has occurred (the corrective maintenance
aims at reducing the MTTR).
b) P̲r̲e̲v̲e̲n̲t̲i̲v̲e̲ ̲m̲a̲i̲n̲t̲e̲n̲a̲n̲c̲e̲.̲ The maintenance undertaken
systematically with the intention of keeping an
item in a specified condition, reducing the occurence
of failures, and prolonging the useful life of
the equipment (the effective MTBF is increased).
c) O̲f̲f̲l̲i̲n̲e̲ ̲m̲a̲i̲n̲t̲e̲n̲a̲n̲c̲e̲ ̲a̲n̲d̲ ̲d̲i̲a̲g̲n̲o̲s̲t̲i̲c̲s̲ ̲(̲M̲&̲D̲)̲.̲ The
M&D software contains a set of hardware testprograms,
which provides error detection down to module level.
The command interpreter software in the diagnostics
package enables the operator to execute the diagnostic
tests.
The testprograms are either residing on floppy
disk or on the offline disk.
Test results are printed at the operator printer.
4.10.2.2 R̲e̲q̲u̲i̲r̲e̲m̲e̲n̲t̲s̲ ̲a̲n̲d̲ ̲V̲e̲r̲i̲f̲i̲c̲a̲t̲i̲o̲n̲ ̲o̲f̲ ̲t̲h̲e̲s̲e̲
Requirements to preventive and corrective maintenance
and verification of these are given in:
Maintenance Plan: CPS/PLN/006
Generally the corrective maintenance aims at a detection
of a faulty module by means of
- on-line generated error reports or
- direct operator observation or
- execution of M&D software
and subsequent
- replacement of faulty module or
- patching to a spare module
The M&D software is defined in:
Maintenance and diagnostics software, CPS/SDS/016
On-line error reporting is described in section 4.11.
4.10.3 I̲n̲t̲e̲g̲r̲i̲t̲y̲ ̲o̲f̲ ̲O̲p̲e̲r̲a̲t̲i̲o̲n̲
4.10.3.1 D̲e̲f̲i̲n̲i̲t̲i̲o̲n̲
Integrity of operation defines the means to limit the
effect of an error through
- timely detection of an error
- error reporting
- corrective actions
Violation of integrity of operation can occur if
- an error is not detected
- an error is not detected in proper time
- an error is not reported
- actions subsequent to an error can not remedy the
situation.
4.10.3.2 R̲e̲q̲u̲i̲r̲e̲m̲e̲n̲t̲s̲
The probability that a message or internal transaction
is:
- lost wholly or in part or
- misdirected, or
- corrupted
as a result of an equipment error shall be less than
1 in 10…0e…7…0f….
This requirement is interpreted as:
The probability, that a message or comment is misdirected
or corrupted as a result of a hardware error shall
be less than 1 in 10…0e…7…0f….
4.10.3.3 V̲e̲r̲i̲f̲i̲c̲a̲t̲i̲o̲n̲
Section 4.11 defines the CAMPS on-line facilities for
error detection, error reporting and corrective actions.
This section also includes a description of defensive
mechanisms (e.g. validation of data passed between
packages) provided by the CAMPS on-line system.
