Решения для авиации

Решения для авиации
Ready for Take-Off
Reliable Solutions for Mission-Critical Aerospace Applications
About MEN
Customer References
“ Founded in 1982, MEN Mikro Elektronik
develops, produces and qualifies computers
for extreme environments – where ruggedness
and reliability count.
Our electronic systems are embedded in vehicle and
wayside control, supervision and communication,
infotainment and security, wireless and wired
network solutions in today’s IoT world.”
“ Our expertise makes us successful in several
markets: railway and public transportation,
aerospace, shipbuilding, commercial vehicles,
agricultural and construction machines.
Close to 300 highly motivated employees, located
in Germany, France, the USA and China, are
looking forward to partnering with you worldwide.”
Manfred Schmitz
Bernd Härtlein
Chief Executive Officer
MEN Mikro Elektronik
Headquarters Nuremberg, Germany
Chief Operating Officer
MEN Mikro Elektronik
Headquarters Nuremberg, Germany
The Right Partner for Aerospace Systems
Understanding and Mastering the Market Requirements
Since 2008 MEN has been certified to the EN 9100 aerospace
standard giving us long experience in the special design
requirements. MEN’s avionic designs benefit from our core
competencies such as modular concepts, flexible FPGA
architectures and robust designs.
To fulfill the aerospace-specific standards MEN works with
different kinds of airborne proven components and technologies. Our custom airborne solutions and many of our COTS
products have already been successfully implemented and
are in use in different avionic applications – partly with
certification up to DAL-B.
ARINC 664
Designing
the System
EN/AS 9100
Design Assurance Levels / DAL
GRESS / ABD
Integrating
the System
DO-254
Finishing the
Design Details
DO-160
DO-178C / EUROCAE ED-12B
Realizing the System
Elements
Quality from the Beginning
Quality in design is a deciding factor for the reliability of the
electronics for in-vehicle operation or during the flight, for
example. During the design process, the reliability of the
electronics has to be defined under given environmental
impacts and for a desired period of time.
MEN works according to the V-model and the RAMS method
(Reliability, Availability, Maintainability and Safety) to ensure
4
Shipping
the Product
Realization and Integration
ARINC 717
Specifying
the System
Requirements and
Standards in Avionics
ARINC 429
Accepting
the Product
We are in close collaboration with software suppliers and
achieve EASA license part 21 and 145 through certified
partners.
ARINC 653
ARINC 600
Defining
Requirements
Specification and Breakdown
A number of innovations and changes deliver new capabilities
to aircraft operations. Modern aircraft are equipped with a
multitude of electronic components. There is also a multitude
of standards that must be fulfilled when designing an avionics
hardware solution.
Verification and Validation
that systems are defined, hazard and safety analyses are
carried out, hazard rates are determined and detailed checks
as well as safety verifications are made.
Hazard and safety analysis methods range from the wellknown MTBF and MTBR calculations to FMEA (Failure Mode
and Effects Analysis) and BITE identification as well as Fault
Tree Analysis, which are all used to achieve the RAMS goals.
5
Long-Term Availability
Certification
The combination of modular and scalable hardware platforms –
with form-fit-function successor boards, a comprehensive
obsolescence management and in-house production – guarantees that a perfectly reliable product can be delivered for an
operation period of up to 30 years.
Due to our experience in safety-critical avionic applications we
support customers in their end-system certification process.
Some of our COTS products are already prepared for certification up to DAL-A reducing development and certification costs
with a fast time-to-market.
Functional Safety
It is one thing to make a system safe, but another to make
it safe and cost-effective. MEN has gathered vast experience
with various architectures, which are used for implementing
functional safety. It has become our goal to make safe computers modular and available “off the shelf”– and to make
them certifiable “off the shelf”.
One of the key design elements of a safety-critical system
is redundancy. The complex architecture of such systems
requires the skills and the experience to find cost-optimized
solutions that are also safe.
Cosmic radiation is one example for a hazard impacting the architecture, as it can cause memory errors in airborne applications.
Special, well-known design techniques can prevent effects like
Single Event Upsets (SEU) in FPGA and memory components. In
order to automatically detect and correct single bit errors Triple
Modular Redundancy (TMR) can be employed.
D
data
D
FF
Q
data
TMR Tool
clk
D
6
FF
Q
A
Q
B
MAJ
Y
Q
C
clk
D
A safe system architecture, both in hardware and in software,
can have different structures of redundant sub-units, enhanced by diversity, and considering the relation between safety,
availability and cost. Other considerations to achieve functional
safety include supervisors, determinism and event logging.
FF
FF
Robustness
Q
Safe computers from MEN operate with different kinds of
onboard redundancy according to their needs in hardware and
in software resulting in fail-safe, fail-silent or fail-operational
solutions. They help customers shorten their time to market
by providing market-specific certification support packages in
combination with safe real-time operating system support.
MEN‘s rugged and reliable embedded computers withstand
harsh environments with extreme temperatures, shock,
vibration, dust, humidity and chemical influence. MEN‘s
electronics are designed for –40 °C to +85 °C and dissipate
heat by convection or conduction cooling. The latter makes
the enclosure itself a heat radiator and lowers maintenance efforts as well as protects the electronics from dust and
water.
Our own environmental test laboratory helps us monitor
and prove the quality of the products, among others using
HALT and HASS. To achieve the highest quality, the fully
automated production is done in-house and includes
traceability.
7
Time-to-Market with Building Blocks
For modern airborne systems it is important to provide the
ability for upgrades and modifications with minimized cost
during long product life-cycles. This is why our systems are
based on modular concepts.
Many of the building blocks, like a DDR memory voter,
CPU voter, PCI master and slave, are already flight-proven
at DAL-B. Some of them, like ARINC 664P7, are prepared
for DAL-D.
MEN’s COTS components are based on open standards in
software and hardware. Due to the extensive use of FPGA
designs and our own IP core library complex and customizable architectures are possible.
On board level we often follow a family concept with
scalable processor platforms, individual I/O configurations
and form-fit-function-compliant successor boards again
providing long-term availability.
DDR Memory Voter
in FPGA
PCI Master and Slave
as IP Core
Building Blocks
Long-Term Availability with COTS Products
With modular products based on open standards, MEN
supports the effort of the aerospace industry to migrate
from the federated architecture based on black boxes –
so-called LRUs (Line Replaceable Units) – to IMA, the
Integrated Modular Avionics concept.
The new IMA system architecture uses general purpose
avionics or aerospace computers that are defined as a platform. Similar to an industrial PC, the platform itself does
not perform any aircraft function, but provides communication, computing and storage resources to the airborne
applications.
Software Support
CPU Voter in FPGA
Software for avionics is also subject to many standards
like ARINC 653 and DO-178C. MEN components can be or
are supported by BSPs developed accordingly for the most
important real-time operating systems.
For safety-related platforms Sysgo’s PikeOS and various
flavors of Wind River’s VxWorks as well as Green Hills
Integrity are available.
I2C as IP Core
PikeOS
CAN Bus as IP Core
Graphics Frame Buffer
as IP Core
ARINC 429 / 664 / 717
as IP Core
Software Support
VxWorks 653
8
Windows
Integrity
VxWorks 7 + Safety Profile
9
COTS Products
Control and Vital Functions
MP70S – ARINC 600 4 MCU
Aircraft Network Server
»
»
»
»
»
»
16-port managed Gigabit Ethernet Switch
2 hot-pluggable HDD/SSD shuttles
WiFi and/or 3G/4G cellular interfaces
Display port, USB 3.0, GB Ethernet
SIM card slots on front
Qualified according to DO-160G
A602 / D602 – 6U Power PC
Safe Computer
»
»
»
»
VMEbus or CompactPCI
Triple-redundant PowerPC 750 CPU
Fail-safe, SEU-resistant, CCA frame possible
Certifiable up to DAL-A
CS1 – AFDX / ARINC-664
Controller
»
»
»
»
AFDX integrated in a Flash based FPGA
SEU immune configuration
Interoperable with Airbus and Boeing
DAL-D certifiable/prepared for DAL-A
P522 – AFDX / ARINC-664
Interface PMC
»
»
»
»
PMC module with onboard CS1
Two full duplex AFDX networks
Onboard CPU for SNMP and ICMP traffic
–40 °C to +85 °C with qualified components
Convenience and Non-Vital Functions
10
11
12
CB30C – Safe Rugged
COM Express Module
»
»
»
»
QorIQ P1022 CPU
2 GB ECC SDRAM, soldered
Fail-safe, safe supervisor, event logging
Conduction cooled
G23 – cPCI Serial SBC
with Intel Core i7
»
»
»
»
Up to 32 GB ECC DRAM, soldered
mSATA and microSD card slots
Front I/O: 2 DisplayPorts, 2 Gb Eth., 2 USB 3.0
Intel Turbo Boost, Hyper-Threading, AMT 9.0
CB70C – Rugged COM Express
with Intel Core i7
»
»
»
»
Up to 16 GB ECC DRAM, soldered
Open CL 1.1 support
–40 °C to +85 °C Tcase screened
Conduction cooling
G25A – cPCI Serial Intel XEON D
SBC
»
»
»
»
Multicore server grade virtualization platform
Up to 16 cores, up to 32 GB ECC DDR4 DRAM, soldered
10 Gb Ethernet, PCIe 2.0/3.0 bandwidth
Security with TPM (Trusted Platform Module)
XM51 – QorIQ Multi-Core
COM Module
»
»
»
»
QorIQ P4080, P4040 or P3041
Up to 8 cores, up to 1.5 GHz
Up to 16 GB ECC SDRAM, 1 or 2 controllers
–50 °C to +85 °C Tcase, qualified components
G52A – cPCI Serial QorIQ
Enhanced Network SBC
» Multicore server grade virtualization platform
» Up to 12 cores
» Up to 12 GB ECC DDR3 DRAM, soldered
» 10 Gb Ethernet, PCIe 2.0/3.0 bandwidth
CC10S – Multi-Display Controller
SBC
»
»
»
»
ARM i.MX 6 Series
Dual-channel LVDS or two single channels
Multi-stream-capable HD video engine, OpenCL support
For LCD TFT panels from 7“ to 15“, full HD, 1920 × 1200
G101 – Managed Industrial
Ethernet Switch
»
»
»
»
Up to 25 Gigabit Ethernet ports on rear I/O
Or 3 ports on front and up to 22 ports on rear
29 Gbit/s carrier grade switch matrix
–40 °C to +85 °C with qualified components
G214 – cPCI Serial
Multi-Display Controller
»
»
»
»
AMD Radeon E6760 GPU, 600 MHz
6 SIMD engines, 480 shaders
1 GB integrated graphics RAM
For visualization or as a co-processor
G302 – Managed 16-Port
Industrial Ethernet Switch
»
»
»
»
Up to 16 Gigabit Ethernet ports on rear I/O
Or 3 ports on front and up to 13 ports on rear
Configuration via Telnet CLI, SNMP or ext. dongle
Service interface via M12
13
Application Examples
Cargo Load Control
In-Flight Entertainment Server
The cargo load system on board the A400M freight
plane is used for air dropping paratroops and equipment via parachute or gravity extraction. The mission-critical control computer is designed as a 2oo3
architecture for high operational safety.
The ARINC 600-compliant IFE-server is used for
media streaming within commercial aircrafts. The
two HDD shuttles provide hot-plug-functionality,
which allows to change content also during flight.
To connect to legacy aircraft equipment, a ARINC 429
and ARINC 717, as well as a discrete I/O interface is
provided. Two antenna interfaces enable WiFi- or
3G/4G-based data transmission to the passengers
mobile devices.
The onboard triple redundancy of the conduction
cooled CPU board includes the three PowerPC 750
processors, the dynamic working memory and the
internal structure of the SEU-tolerant FPGA.
Flight Display Control
Collision Avoidance System
The custom-specific SBC is used for control of
various types of displays for new and retrofit projects
in small and medium-sized commercial aircraft.
This CompactPCI-Serial-based system uses four
standard CPU cards for collecting and transmitting
camera data made out from UAVs.
It is based on a PowerPC QorIQ processor with four
cores providing a sophisticated power control and
thermal management via a conductive cooling frame.
It also has an FPGA for customized safety functions.
While three CPU cards control one camera each,
a fourth CPU card coordinates the communication
between them all, making use of the full-mesh
technology of CompactPCI Serial.
Passenger Dial Unit
This convenient multi-touch controller allows airline
passengers to adjust various settings for multimedia
functions from their seats.
An FPGA chip is installed in the underlying system
which combines state-of-the-art technology and the
high-quality design.
14
Multiport Gigabit Switch
for Entertainment Server
The G101 standard managed switch card is used in an
in-flight entertainment server. The components used
in the server are from different suppliers and based
on standard protocols to provide interoperability.
They are connected in a network ring topology increasing reliability. The G101 comes with a 29 Gbit/s switch
matrix and provides an extended temperature range
of –40 °C to +85 °C.
15
In-Flight Experience with A400M
AFDX-based Ethernet Communication
The cargo load system on board the A400M freight plane is used for air dropping paratroops
and equipment via parachute or gravity extraction. The mission-critical control computer of the
system, called Loadmaster Controls (LMC), is built with double Eurocard boards based on safe
CPU boards including I/O boards for digital input/output, CAN and UART and reliable power
supplies from MEN. Additionally, MEN has provided the interface electronics for the LMC control
panels, which are distributed across the aircraft.
All these components, including FPGA designs with several MEN IP cores, are designed, tested,
verified and produced in accordance with DO-254 level B and DO-178 level B, based on the EN
9100 quality management system and the additional GRESS requirements from Airbus.
The CPU boards inside the system are designed as 2oo3 architecture for high operational safety.
Onboard triple redundancy includes the three PowerPC 750 processors, the dynamic main
memory and the internal structure of the SEU-tolerant FPGAs. Dual redundancy applies to
the local PSUs and the Flash memory. All critical I/O functions – including the voter for the
2oo3 architecture – are implemented in the FPGAs. In addition, two PMC slots can accommodate
further I/O functions.
To guarantee the level of safe operation the electronics
» have extensive BITE (built-in test equipment) features,
» are designed to facilitate worst case execution time analysis,
» work without interrupts and DMA for strictly deterministic behavior,
» and support a very fast boot time of less than one second.
Avionic
Full Duplex Switched
Communication
backbone of modem
Virtual link
Based on
IEEE 802.3 standards
Deterministic timing
Guaranteed bandwidth
Standardized as
ARINC 664, Part7
Physical redundancy
The Need for AFDX
As computing needs have increased, AFDX was established
to provide a commercially proven hardware technology that
applies a protocol to enable reliable transport, delivery and
timing of data packets between subsystems. AFDX also adds
quality of service functions and physical redundancy and is
standardized in ARINC 664, part 7.
Implementation of AFDX made Simple
While most aircraft end systems in avionic applications have
traditionally used ASICs to implement AFDX-based communication, the FPGA-based CS1 AFDX controller from MEN is
a flexible alternative. It offers the same performance and
capacity level as traditional ASICs and is also far more flexible
when implementing additional functionality.
Exposed to harsh environmental influence, the boards are designed for
extended operating temperature in a conductive cooling system, with all
components conformally coated against humidity and soldered against
vibration.
The CS1 can be installed directly on the boards of an end system
that enables customized AFDX-based communication systems
independent of a form factor. Developed according to ARINC
664P7-1 to meet the demands of safety-critical avionic applications, the CS1 FPGA chip is SEU-resistant, DO-254-compliant
and is prepared to meet the requirements for DAL-A.
CS1
The loadmaster workstation is certified to DAL-B and has proven its
airworthiness in the A400M for several years.
16
17
CompactPCI Serial Reaches out into Space
Why MEN?
Being significantly involved in the standard specifications of CompactPCI, CompactPCI PlusIO
and CompactPCI Serial, MEN, together with PICMG, will now also coordinate a new working group
to extend the current CompactPCI Serial specification by a sub-standard covering the specific
requirements for space applications.
Development and production of rugged and reliable products
Topics will include additional serial interconnections common in aerospace and provisions for high
availability, fault detection and environmental requirements.
Our boards and systems are developed to meet requirements such as temperature ranges between
−40 and +85°C through convection or conduction cooling, shock, vibration, chemical influence or the option
of coating against humidity right from the start.
Development based on quality management systems of our markets
We are certified according to ISO 9001 and ISO 14001, plus EN/AS 9100 (aerospace) and IRIS (railways)
and provide systems according to ISO 7637-2 (road traffic) requirements. We develop according to the GRESS
requirements by Airbus and are preparing for EFQM (European Foundation for Quality Management).
Development based on relevant standards know-how for our markets
Preparing products for environmental qualification according to vertical market standards is one of our
key services, for example EN 50155 (railways), DO-160G (airborne), German Lloyd (ships) or ISO 7637-2
(automotive E-Mark).
Fully automated, high-quality in-house production
To achieve the highest product quality, our manufacturing and test process is fully automated. Vaporphase soldering assures smooth processing of the components. Traceability is guaranteed by time stamps
throughout the whole process.
All relevant environmental tests in-house
We carry out the preliminary qualifications in our own environmental test lab (temperature, shock,
vibration, humidity), high-voltage and EMC chambers. Further calculations and analyses include MTBF,
FMEA, Hazard Tree, HASS or HALT.
FPGA technology expertise
FPGAs allow us to customize our hardware without touching the board layout while keeping costs low,
even in small quantities. FPGA-based solutions are flexible, offer long-term availability and support extended
temperature operation.
Custom design of computer boards and systems
Often the most cost-effective solution results in a custom design – while using as many standard components
as possible. Synergy effects emerge through the mutual development of standard and custom boards and
systems, completed by the built-to-order approach of MEN’s box PCs and 19"-based application-ready and
turnkey systems.
Complete system solutions based on in-house mechanical design
Whether a 19" system, wall-mount, standalone or DIN-rail is needed, we guarantee overall operability of
each system, minimizing the integration effort and the handling cost on the customer’s side. The quality of
our systems is assured by applying traceability through the V-model.
Customer assistance in configuration of mission-critical systems
Computer architectures with safety-critical requirements are very complex. Considerations include safetycritical characteristics and levels (SIL, DAL), reliability questions, error behavior modes and the major IEC and
EN standards – backed by a professional safety and risk management.
18
19
www.men.de
www.men-france.fr
www.menmicro.com
www.men-china.cn
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement