ControlSafe Compact Carbone Platform  Compact SIL4 COTS Fail-Safe and Fault-Tolerant System for Train Control and Rail Signaling

 


 



ControlSafe Compact Carbone Platform provides 15 years product life and 25 years of service

 



ControlSafe Compact Carbone Platform Front View

 



ControlSafe Compact Carbone Platform Rear View

 



ControlSafe Compact Carbone Platform Fan Tray

 



ControlSafe Compact Carbone Platform with Fan Tray Installation Bay

 



ControlSafe Compact Carbone Platform Dimensions

Modular, scalable solution with best-in-class availability of 99.9999%
The ARTESYN Embedded Technologies ControlSafe Compact Carbone Platform was certified to the highest safety level – SIL4 – by TÜV SÜD, one of the most trusted certification bodies worldwide. By leveraging the same safety architecture and technologies as the ControlSafe Platform, the cornerstone platform in the portfolio. The ControlSafe Compact Carborne Platform is a highly integrated and cost-effective solution mainly targeting onboard applications such as Automatic Train Protection (ATP), Automatic Train Operation (ATO), and Positive Train Control (PTC) with its design of a compact 4U chassis, front access I/O and DC power supply. The ControlSafe Compact Carborne Platform provides a cost-effective and application-ready safety platform for implementation in a SIL4 application environment which is fully certified to EN 50126 for reliability, availability, maintainability and safety (RAMS) processes, EN 50128 for safety-related software and EN50129 for safety-related electronic systems.

The ControlSafe Compact Carbone Platform consists of two redundant ControlSafe Compact Carbone Computers (C-CCCs), each of which delivers fail-safe operations and together provide a highly available platform. They are linked by a Direct Connect Algorithm (DCA) that monitors the health of the two C-CCCs, designates one of the as "active" and the other as "standby", and controls fail-over operation between the two C-CCCs to deliver a high available fail-safe computing system. The "active" C-CCC controls the up to 12 I/O modules via a customer application, while the "standby" C-CCC runs the same applications but has no ability to drive any safety-relevant output.

The two identical CPU boards of each C-CCC run in data lock-step mode and implement a two-out-of-two (2oo2) voting mechanism. The field proven VxWorks 653 operating system from Wind River provides safe partitions for customers applications.

Any discrepancy between these two CPUs causes the active C-CCC to declare itself unhealthy and the standby C-CCC become active. The unhealthy C-CCC is taken out of operation and, once it has been repaired, can be brought back into service. This health-and-safety architecture guarantees that there is no possibility of an incorrect output being driven to external equipment.

The ControlSafe Compact Carbone Platform is designed to deliver best-in-class system availability as high as 99.9999% which means that system downtime is limited to a few seconds a year.

Application processing is carried out on a modern Freescale QorIQ processor, delivering high performance, energy-efficient processing and supporting the extended life required by rail equipment.

The C-CCC's data lock-step architecture, which supports high performance modern processors, makes it possible to upgrade processors over time while retaining the same I/O.

Having implemented the 2oo2 voting facilities in hardware allows applications developers to migrate existing application software with minimal modifications. An extensive set of well documented application programming interfaces (API)s that provide access to system parameters and management facilities make it easy for application developers and system integrators to monitor and control the system.

The ControlSafe Compact Carbone Platform includes I/O modules that provide interface to a range of communication protocols such as CAN, Ethernet, Ethernet Ring, MVB, GPS/Wireless, UART, digital and analog to easy handle a wide spectrum of developments. All intelligent I/O modules are accessed over Ethernet and support remote on-line software and firmware upgrade without risk of rendering a system inoperable. All I/O ports are user programmable as safety-relevant or non-safety relevant. In addition the Switch Module provides four 10/100/1000BASE-T ports with rugged M12 connectors via its rear transition module (RTM) for direct Ethernet/IP access to other processing nodes in the application's network or to the peer C-CCC.

Product Specification

Compact SIL4 COTS Fail-Safe System

Processor module

 

Freescale P2020 1 GHz

 

1 GB (opt. 4 GB) DDR3-800 ECC SDRAM

 

Two 128 MB Flash

 

Two 2 MB MRAM

Switch module and CAN IOU module

 

Freescale P10110 800 MHz

 

512 MB (opt. 2 GB) DDR3-667 ECC SDRAM

 

Two 64 MB Flash

 

2 MB MRAM

UART and Digital IOU module

 

Altera Cyclone V SoC and FPGAs

 

512 MB DDR3-800 ECC SDRAM

 

Two 64 MB Flash

 

512 KB MRAM

Certified to SIL4 (EN50126, EN50128, EN50129) and SIL3 (IEC61508) safety standards, issued by TÜV SÜD

Voltage and temperature sensors

4 GbE fabric links

1 front I/O slot

One 10/100/1000BASE-T and RS-232 maintenance port per CPU module and one 10/100/1000BASE-T and RS-232 maintenance port per switch module and CAN IOU module

Standard four 10/100/1000BASE-T ports

Opt. 4 CANbus ports per CAN IOU

Opt. 8 serial ports per UART IOU

Opt. 16 digital inputs per digital input IOU

Opt. 8 digital outputs per digital IOU

Vibration compliant with EN61373 cat. 1, class B (EN 50155 12.2.11)

Shock compliant with EN61373 cat. 1, class B (IEC 60068-2-27)

Compliant with EN50121, EN50124, EN50155, EN50126, EN50128, EN50129, EN55024, EN60529, EN60571, IEC61508

24V DC PSU

-40°C .. +70°C operating temperature range in closed rack installation with required airflow or -40°C .. +50°C in open rack environment

VxWorks 653

2 years warranty

 

 

Ordering Information

CSP-C-CCC-CORE-DC-01

SIL4 ControlSafe Compact Carbone Computer 4U System with one DC PSU, two CPUs, one Switch module

CSP-C-CCC-CORE-DC-02

SIL4 ControlSafe Compact Carbone Computer 4U System with one DC PSU, two CPUs, one Switch module, one 1U budget fan cooling system

CSP-C-CCC-CORE-DC-03

SIL4 ControlSafe Compact Carbone Computer 4U System with one DC PSU, two CPUs, one Switch module, one 1U premium fan cooling system

 

CSP-C-CCC-CAN-01

4 Port CAN I/O Module

 

CSP-C-CCC-UART-01

8 Port UART I/O Module

 

CSP-C-CCC-DI-01

16 Channel Digital Input Module

 

CSP-C-CCC-DO-01

8 Channel Digital Output Module

 

CSP-C-CCC-CHAS-FAN-02

Budget Replacement Fan Tray FRU

 

CSP-C-CCC-CHAS-FAN-03

Premium Replacement Fan Tray FRU

 

CSP-C-CCC-FAN-BAY-01

1U Bay Installation Kit for Fan Tray

 

CSP-C-CCC-FILL-01

4HP Filler Panel

 

CSP-C-CCC-BAY-FILL-01

Filler Panel for bay installation kit

 

CSP-CSC-SRB-01

Safety Relay Box

 

CSP-CSC-SRB-FRU-01

Replacement Module for Safety Relay Box

 

CSP-CBL-DIRECT-01

2 cables for direct connect (DCA) operation

 

SERIAL-MINI-D2

Serial cable - micro D-Sub connector to standard DE9