RU2646769C2 - Method of automatic control of non-uniform redundancy of the equipment complex and device for its implementation - Google Patents

Abstract

FIELD: information technology.

SUBSTANCE: complex of equipment consists of heterogeneous components, from which more than one configuration can be created, which ensures the use of the object of control for its intended purpose. Each configuration is supported by a specially designed configuration supervisor. Based on results of pairwise hierarchical arbitration that takes into account the results of monitoring the integrity of components and performance indicators of the complex, one of the supervisors implements its configuration and synchronizes the operation of the entire system.

EFFECT: increase in reliability, reliability and safety of functioning of complex equipment complexes of technical objects.

5 cl, 1 dwg

Description

The invention relates to the field of instrumentation and computer technology and can be used to control (dispatch) the workable elements of a complex of equipment in order to maintain its functional integrity and counter the failure of components of various nature.

According to the generally accepted definition [1], the redundancy of a technical product is the presence of capabilities in it beyond those that could ensure its normal functioning. Such redundancy, depending on the purpose of the product, the nature of the problem being solved, and other circumstances, can be used either to increase its overall performance (by performing the appropriate functions in parallel) or to provide the necessary level of failure-free (by organizing hot or cold redundancy of various multiplicities).

As a technical product, a complex of equipment (KO) of a technical object is considered, in particular, for mobile objects - a complex of on-board equipment (BWC), generally heterogeneous in the sense that it can contain various devices (components) intended for performing both various functions in the composition of the BO, and similar functions based on various physical principles. The redundancy of such an inhomogeneous BWC is that the number of components included in the complex obviously exceeds the minimum necessary level, due to the purpose and conditions of use of the complex.

Often the process of changing the composition and structure of the complex associated with maintaining its operability in real time or adapting to changing conditions is called reconfiguration [2].

A known system and method for managing redundancy [3] related to speech coding methods. The technical result of this invention is to provide error tolerance when transmitting voice over a packet-switched network. Moreover, despite the coincidence of terms in the names of the invention and this application contain various technical solutions related to various fields of technology. The described invention cannot be taken as a prototype.

Known methods for ensuring the fault tolerance of distributed control systems of technical systems [4] using the features of these systems, functioning algorithms, hardware and software. The specified source outlines the physical reservation of subsystems and devices, ensuring the uninterrupted transmission and reception of information, data aggregation, the use of robust control algorithms, appropriate measures at the design stage, etc. All the described methods are based on the redundancy of the corresponding technical and information resources to achieve the necessary results. Moreover, the following methods are characteristic of the following:

- all of them are focused solely on ensuring the trouble-free functioning of the control object in various conditions;

- the effect achieved is “local” in the sense that it is provided in various subsystems (information channels, sensors, actuators, etc.) or “slices” of the operation of the control object (application algorithms, exchange protocols, process synchronization, etc.). )

Known methods for ensuring the fault tolerance of radio systems [5] are closely related to the physical properties of specific systems and are difficult to extend to integrated systems like KO.

Known methods for ensuring the fault tolerance of computer systems and networks [6], which are reduced to various types of replication of hardware and software, as well as stored and transmitted information (disk mirroring, backup and recovery, database replication, etc.). All these methods have characteristic specificity, due to the subject area, and only in some part can be used in the interests of fault tolerance.

There is a method of providing fault tolerance of scalable network on-board computer systems [7], built on the basis of a consolidated decision algorithm (AIC). The algorithm is based on the “parliamentary” method of forming the final decision on isolating the failed part of the system, based on the exchange of “opinions” on the state of the system between nodes on each system cycle. This method, as well as other methods for computing systems [8], are applicable to a limited number of components of QoS. This technical solution is selected as a prototype.

The aim of the present invention is to improve the technical and operational characteristics of the equipment complex (KO) by, first, selecting the preferred configuration of the KO in the sense of either minimizing its functional degradation in the event of failure or damage to components, or achieving the required level of its technical characteristics for more efficient use of the object equipped with this QO, and secondly, the formation in real time (or with minimal delays) of a workable QO configuration against the background of cash splendens failure, malfunction or failure of its diverse functions and the principles of implementation of the components.

This goal is achieved by the fact that in the method for automatically controlling the heterogeneous redundancy of QoS, containing an excessive set of components that are heterogeneous both in terms of the functions performed and the physical principles used, some number Ν of variants of competitive QoS configurations (switching connection in the sense of transfer and the distribution of energy and information, as well as the settings of the components of the QA), the number of which provides for hardware or software modules and called configuration supervisors (SCs).

The IC is responsible for the formation, storage, updating and, if necessary, the use of information about each competitive configuration of QoS. All N SC independently, within the framework of the configurations assigned to them, periodically monitor the technical condition (serviceability, correct functioning, etc.) of the components of the QoS by polling the means of the built-in control of each component, if any, and devices for localizing failures of technical systems by type, for example, [3, 9]. Based on the analysis of the collected information, each SC generates a readiness index (IS), which can take two values: positive - this configuration is feasible, and negative - this configuration cannot be implemented for any reason (the presence of failures, lack of confirmation of operability or proper functioning components or communication channels).

All SCs periodically enter into pairwise (using any rule of pairing) hierarchical arbitration (the SC becomes the winner with a positive IG value or by any discriminating rule with a positive IG of both SCs in a pair), the winner in each lower level pair participates in arbitration the next level) for the right to implement your QoS configuration. The winner of the highest level arbitration declares himself the dominant configuration supervisor (DSC) and, until the next hierarchical arbitration results are obtained, synchronizes the work of all other SCs and, by controlling the switching system (CS), implements (commutes, configures, monitors, informs personnel, etc.) appropriate QoS configuration.

Additionally, each SC can form a functional efficiency indicator (PFE) of its configuration by type, for example, [11], attracting or not involving special assessment systems (SO) for this. PFE is understood as a scalar indicator that integrally characterizes the level of possibly achievable technical characteristics of KOs (optimality, rationality, accuracy, efficiency, effectiveness, etc.). In this case, PFE is used during the arbitration in order to identify the configuration not only with a positive readiness index, but also with the preferred technical characteristics.

In addition, in order to ensure a smooth (conflict-free) transition from one QoS configuration to another (docking of configurations), additional QoS buffer configurations can be used, which have lower requirements for the quality of the facility as a whole, but increased requirements to minimize configuration delays and prevent invalid processes when enabling and disabling basic configurations.

The invention and its features are illustrated using the drawing:

Figure 1 depicts a functional diagram of KO according to the present invention, where:

1 - The set of heterogeneous components of the TO (sensors, calculators, actuators, communication channels, power circuits, etc.);

2 - Components of QoS, which are separate devices, indivisible in the composition of QoS, with sets of necessary interfaces (solid arrows);

3 - Means of integrated control (ICS) of individual components with their own interfaces (dashed arrows);

4 - Switching system (CC), possibly redundant, with interfaces for components (solid arrows) and configuration supervisors (dashed and solid arrows with a white spot);

5 - Configuration Supervisors (SC) from SK-1 to CK-N with interfaces for the switching system (dashed and solid with a white spot arrows), evaluation systems (solid arrows) and communication channels between supervisors (thick multidirectional arrow);

6 - Assessment systems (CO), possibly duplicated, of the health of components and functional efficiency indicators (PFE) of configurations with interfaces for configuration supervisors (solid arrows) and components (dash-dot arrow).

Since the method is implemented using the operation of the device (Figure 1), its full description is given in the section explaining the operation of this device.

The complex of equipment with redundancy management (KOUI) contains a combination of 1 heterogeneous redundant or non-redundant components 2, including various sensors (primary meters), computer-converting devices, information transmission channels, actuators, power circuits, recording devices, information display devices, etc. In addition to Moreover, some components may contain built-in controls (ICS) 3. Of the components of this entire set or some part of it, using possibly a controlled switching system (CS) 4 can be by connecting and tuning formed (configured) options (more than one) of a set of equipment that meet the purpose of the facility as a whole. For this, controllable communications of the SC with each component of the TO are provided. According to the number N of the configuration options provided, the QoS contains configuration supervisors (SC) 5, which are connected to receive information both with the built-in control (ICS) 3 of components 2 and with a possibly redundant system for assessing (CO) the health of the components and the functional efficiency of the corresponding configurations 6 All SC 5 are interconnected by bilateral channels of information transfer for the organization of pairwise arbitration and for synchronization of work. All SK 5 have a connection with KS 4 to manage the latter, but at any time only one of KK 5, which has won arbitration and has become the dominant SK (DSC), interacts with KS 4, which is shown in the drawing by a special arrow with a white spot.

The device operates (Figure 1) as follows.

The device operates cyclically under the control of synchronization signals (SS) generated by one of the SCs having the dominant status (DSC) and marked by a solid arrow with a white spot in the drawing, in steps:

SS-1 initiates the first step of the cycle, where each SC 5, including DSC, erases the previous value of its readiness index (IS) and, upon special requests or without them, collects information about the technical condition of components 2 included in the configuration associated with this particular SK . It is understood that all components of the complex are either in the hot standby mode or in another mode that allows real-time or early determination of its performance, proper functioning, absence of failures, failures, etc. In addition, each SC 5 receives information about these components from assessment systems (CO) 6, which in the simplest case confirm (specify) the performance of components based on processing a priori data, the results of their functioning or test control in the complex or offline. In a more complex case, CO 6 is formed and transmitted to the appropriate SC 5 an estimate of a numerical indicator of functional efficiency (PFE) characterizing the achievable effect when implementing the corresponding configuration. Based on the collected information, each SC 5 forms a new value of its own IG: positive when confirming the health and readiness of all components of a specific configuration to enter operation and negative if there is no such readiness. In a more complex case, the IG is supplemented by the PFE configuration.

SS-2 initiates the second step of the cycle, in which all SCs, by some rule, are divided into pairs and enter into pairwise arbitration. The winner is the UK with a positive IG and, if provided, with a higher PFE. Under equal conditions, some kind of discriminatory rule is used, such as giving preference to a supervisor with a lower serial number. Then, according to DSC teams, a similar arbitration is conducted between the winners of the arbitration of the first, second, etc. levels. This is a pairwise hierarchical arbitration is carried out until the final winner is identified.

SS-3 initiates the third step of the cycle, at which the IC, which won the arbitration, declares itself dominant, i.e. becomes a DSC, begins to form a SS for the remaining SCs and proceeds to control CS 4, thereby realizing its configuration of QoS. In this case, it is possible to use the data obtained by previous QoS configurations, as well as the buffer configuration to smooth transients between the main (competing) configurations.

SS-4 initiates the fourth step of the cycle, in which the newly created configuration of the QoS operates in accordance with the purpose of the object.

After a certain period of time, DSC forms SS-1 to start a new cycle.

In order to increase the efficiency of the system, the fourth step of the cycle can be combined in time with the first three steps in various combinations, and partially asynchronous actions of various SCs are also possible.

If a failure or malfunctioning of the components involved in the operation of the current QoS configuration is detected, the DSC initiates an extraordinary SS-1. In addition, all SCs use a timer to track the rhythm of the system. The delay in receiving the next SS from the DSC, exceeding a certain predetermined level, is interpreted as a failure or malfunction of the DSC, and the first SC that detects the delay takes over the DSC functions and generates SS-1.

The effect of failures and / or improper functioning of the components of the QoS is as follows. Malfunctions of components not used in the current configuration do not affect the operation of the complex and the functioning of the object as a whole. Their presence only leads to a reduction in the number of potential winners of the arbitration. In case of malfunctions of the components of the current configuration, the recovery time does not exceed the period of cyclic operation of the redundancy management system. Moreover, if among the possible configurations of the QoS there is at least one with a positive IG, then it will be implemented, and the Qo as a whole will remain operational. Thus, malfunctions of the components of the QoS during the operation of the object will accumulate until the disappearance of its last operational configuration.

Industrial applicability The most successfully declared method for the automatic control of heterogeneous redundancy of a complex of equipment and a device for its implementation are industrially applicable in control and measuring and control complexes of a wide range of applications and can be used to create promising fault-tolerant integrated complexes of on-board equipment of moving objects and complexes of automated control of the functioning of production and energy facilities in order to ensure and x reliability and safety of operation.

Information sources

1. GOST Ρ ISO / IEC 19762-1-2011. Information Technology. Technologies of automatic identification and data collection (AISD). Harmonized Dictionary. Part 1. General terms in the field of AISD. - enter 2011 - 05 - 30. - M .: Standartinform, 2012. -36 p.

2. Tarasov A.A. Functional reconfiguration of fault tolerant systems. - M .: Logos, 2012, ISBN: 978-5-98704-654-8.

3. Oyala P., Lakaniemi A. System and method for managing redundancy, patent RU 2415482 C2, Bull. No 9 on 03/27/2011.

4. Klepikov V.I. Fault tolerance of distributed control systems. - M.: Publishing. Golden ratio, 2014.

5. Kulik A.S., Gavrilenko O.I. Ensuring fault tolerance of control systems for statically unstable dynamic objects // Successes in modern radio electronics. - M .: Radio engineering. 2004. No2.

6. Providing fault tolerance, http://www.bezzhd.ru/927_analiz_zaschischennosti/obespechenie_otkazoustojchivosti

7. Firsov G.V. Method for ensuring fault tolerance of scalable network on-board computer systems calculations // Journal of MAI Transactions, Issue. 25.

8. Belousov Yu.A. Fail-safe on-board computing systems. Classification and evaluation of technical characteristics // Aerospace Instrumentation. 2004. No. 11. S. 17-24.

9. Averyanov I.N., Bukov V.N., Bronnikov A.M., Kushnir A.L., Selvesyuk N.I. A cyclic method for localizing uncontrolled multiple failures of technical systems in the process of their functioning and a device for its implementation. Patent RU 2557441 C2, Bull. No. 20 dated 07/20/2015.

10. Boldyrev S., Chernyshov V., Nickolaev D., Ksenofontov V., Antonets C. Determination of functional efficiency of an airborne integrated navigation system for the purpose of reconfiguration of it in flight // Proc. of The 4th European conference for aero-space sciences, Saint Petersburg, Russia, Report 818-1245-1-RV, 2011.

Claims (5)

1. A method for automatically controlling the heterogeneous redundancy of a complex of equipment (QoS), including monitoring the technical condition of the QoS and the operational selection of its workable components, characterized in that in the QoS, according to the number N of pre-defined competitive configurations, using special hardware or software modules called supervisors configuration, carry out periodic monitoring of the technical condition of the components of the TO by interviewing the means of built-in control of each component, if any, and devices for localizing failures of technical systems, based on the analysis of the information collected, the supervisors form a readiness index that can take two values: positive - this configuration is realizable, and negative - this configuration cannot be implemented, based on readiness indices, supervisors arbitrate QoS configurations for the right to implement, the supervisor who won by the results of the arbitration will implement his QoS configuration before the end of the cycle. 2. The method according to p. 1, characterized in that in order to identify the configuration not only with a positive availability index, but also with the preferred technical and economic characteristics, in addition to the availability indices, configuration supervisors form and use functional efficiency indicators (PFE) for each arbitration KO configurations. 3. The method according to p. 1, characterized in that to ensure a conflict-free transition from one QoS configuration to another, additional buffer QoS configurations are used. 4. A device for implementing a method for automatically controlling the heterogeneous redundancy of a complex of equipment according to claim 1, comprising a plurality of heterogeneous components, some of which may contain built-in controls and possibly a redundant switching system, characterized in that special hardware or software modules are additionally introduced into it, called configuration supervisors. 5. The device according to p. 4, characterized in that it contains a possibly redundant system for assessing the health of components and the functional effectiveness of the respective configurations.

Images