In safe hands

Since its foundation in 1982, MEN Mikro Elektronik has been designing and manufacturing failsafe computer boards and systems for extreme environmental conditions in industrial and safety-critical embedded applications.

The company's products are used worldwide as control, measuring and test or simulation computers in all kinds of embedded applications. These are extremely safety-critical mobile markets where computer systems in such applications are in operation for up to 24 hours every day and often need to be available for 10 years and longer. Ideally, no failures must occur to avoid costly downtime or danger to human life.

MEN's standard product range includes more than 100 different computer boards with Intel and PowerPC and includes the corresponding BIOS, board support packages (BSP) and driver software, manifold I/O boards and completely configured systems based on ESMexpress, ESMini and ESM computer on modules; 3U and 6U CompactPCI, CompactPCI PlusIO, CompactPCI Serial and VMEbus; PMC, XMC and M-Modules as system-independent mezzanine I/O standards; rugged Ethernet switches; box and display computers.

Mastering the load for the A400M

Dedicated to the in-flight equipment used on the Airbus A400M military transport aircraft, MEN has launched a triple-redundant 6U CompactPCI single board computer (SBC) in lock-step architecture for building failsafe computer systems. By building lock-step architecture, software overheads are minimised because virtually all the hardware components are visible only once for programming.

Wind River provides support with BSPs for its safety certification operating systems, VxWorks DO-178B and VxWorks 61508. Additionally, Sysgo has ported its safety platform, PikeOS.
The triple-redundant SBC (D602) is designed to control the freight load system on board the Airbus A400M, MEN's loadmaster workstation electronics unit is based on double Eurocard boards and requires design, test, verification and production in accordance with DO-254 level B and DO-178B level B. The D602 is also available as COTS hardware for CompactPCI systems and can be used in safety-critical applications in aircraft up to DAL-A.

D602 provides complete triple redundancy of the hardware components on a single board for the safe operation of critical systems as well as providing time high availability. Both the 900MHz PowerPC 750 and the main memory with three times 512MB are built up to be redundant.

Critical functions like voters are implemented as IP cores in the FPGA which also has a triple-redundant structure. Using voters ensures that at least two of the three redundant components provide the same result in order to guarantee safety. The system remains completely operational - even if one of the three redundant components fails, providing the required availability.
The redundancy of further components like Flash banks, PSUs and clock oscillators, as well as the additional ECC protection for the Flash and FRAM help to increase availability.

D602 has been developed in accordance with DO-254 and is airworthy in a safety-critical environment up to DAL-A. Additional diagnosis mechanisms such as extensive built-in test equipment (BITE) self tests help detect latent errors before they lead to a system error, increasing safety and availability. For the same purpose, the design is oriented towards strictly deterministic operation, avoiding interrupts and DMA.

PikeOS from Sysgo and several VxWorks operating systems platforms targeting safety-critical deployments are now available. In addition to the general purpose real-time operating system (RTOS) VxWorks 6.6, Wind River also supplies VxWorks platforms that support safety certifications up to DO-178B and EUROCAE ED-12B Level A and to DAL-A or IEC 61508 SIL 4.
Besides the A400M loadmaster workstation electronics unit, MEN also provides a customised board used in the A400M loadmaster control panels which are distributed across the aircraft.

www.men.de