Redundancy (engineering)

Redundancy (from the Latin redundare, overflow ',' pour abundant ') is the additional presence of functionally identical or similar resources of a technical system, if they are not needed for a stable operation in a normal case. Resources can be as redundant information, engines, assemblies, complete instrument, control cables and power reserves. In general, these additional resources to increase failure, function and reliability serve.

There are different types of redundancy: Functional redundancy aims, safety systems multiple parallel so that the failure of a component the others ensure the service. In addition, we tried to separate redundant systems from each other spatially. This results in minimizing the risk that they are subject to a common disorder. Finally, components manufacturers are sometimes used to avoid that a systematic error can turn out all redundant systems ( diverse redundancy). The software of redundant systems should differ in the following aspects: specification ( different teams), specification language, programming ( different teams), programming language, compiler.

Breakdown of the redundancy interpretation

  • Hot redundancy (german hot spare ) means that the system run multiple systems function in parallel. A voter shall evaluate the results based on the majority Entscheides (min. 3 parallel systems ). It must be ensured that the probability of the simultaneous failure of two devices tends to 0.
  • Cold redundancy means that several functions are parallel in the system, but only one works. The active function is evaluated and switched in the event of an error by a switch on the parallel existing function. It must be added that for the overall task, the switching time is allowed and the system works with predictable tasks. The reliability of the switch must be much greater than that of the function elements.
  • Standby redundancy (passive redundancy) Additional funds are turned on / provided, but are involved only in case of failure or fault in the execution of the intended task.
  • N 1 redundancy means that a system of n -functioning units which are active at a time and a passive stand-by unit is. If one active unit, the standby unit takes over the function of the failed unit. In a further failure of an active unit, the system is no longer fully available and is generally regarded as having failed.

When setting up a redundant system working, one can distinguish two types of similar components as it is used for example in the context of IEC 61508:

  • In a homogeneous redundancy identical components working in parallel. This interpretation allows the development effort by identical components reduce the design safeguards but only against random failures, eg Aging, wear or Bitkipper in RAM by noise.
  • When diversitary redundancy different components from different vendors to work together. This is a good prospect that systematic failures ( design flaws ) are detected during operation. Since the development is correspondingly more complex ( possible reasons: compensate for different computation times, integrate different controllers, more tests ) is the cost higher.

For example, the Pentium FDIV bug would not be seen with homogeneous redundancy. When the system is diversified, redundant, for example, an Intel and an AMD processor, a voter could recognize different calculation results as errors.

Failure behavior of redundant systems

Compete in redundant equipment fails, so this failure behavior, the following terms have been assigned:

Industrial Applications

In the complex technology, a distinction between two cases:

  • Fail-stop/Shutdown. The fastest possible shutdown of the plant in case of error: Operation Safety
  • Fail -operate. Maintenance of production in case of failure: failure safety.
Functional Safety Hot-Spare Single Point of Failure Mission critical
89958
de