Triple Channel Fault Tolerant System - "No Two Faults"

In the triple channel fault tolerant system the power supplies, CPUs, instrumentation and field wiring to the final control device / devices are triplicated. Co-ordination of the three CPUs is ensured by multiple communication links. Three independent command paths lead to/from each item of equipment in the field, making the overall system extremely reliable.

In the event of a fault, the continuation of the control task is achieved by switching to an alternative control channel which will automatically take command. The alternative control channel will effectively side step the fault and roll the control sequence forward or adopt an alternative control strategy.

Even if a major field item has failed or is unavailable, the system will eliminate the alternative effected strategies and pursue another strategic solution.

The graphic to the left illustrates how the system works past two different unrelated faults in stages 3 and 5 by switching to an alternative channel equipped with a set of independent control equipment.

Designed so that "no two faults" can prevent completion of the task the worst case survivable scenario is demonstrated in stage 7 in our graphic where two unrelated failures occur that effect the same stage in different channels. The system works around these 2 failures by using the third channel to complete the task.