Modular Train Control System menTCS
•Download as PPTX, PDF•
0 likes•41 views
The document describes the Modular Train Control System (menTCS), an open and flexible computer platform for safe train control. It consists of remote I/O boxes connected via real-time Ethernet to a central controller unit. The system architecture separates safe and non-vital parts, with the safe application running on a certified safe operating system. Communication between components is protected via protocols like Safety over EtherCAT to ensure safety up to level SIL 4.
Recommended
Recommended
More Related Content
Similar to Modular Train Control System menTCS
Similar to Modular Train Control System menTCS (20)
More from MEN Micro
More from MEN Micro (20)
Recently uploaded
Recently uploaded (20)
Modular Train Control System menTCS
- 1. Textmasterformat bearbeiten Zweite Ebene Dritte Ebene – Vierte Ebene Fünfte Ebene Modular Train Control System menTCS Open and Flexible Computer Platform for Safe Train Control
- 2. 2 Open Standards – Flexibly Configurable Separated hardware and application software Open and application-ready system platform Certifiable up to SIL 4 (with certification packages from TÜV SÜD) menTCS consists of: Remote I/O boxes with up to 4, 6, or 8 certifiable safe I/O boards Controller Unit MH50C, based on dual-redundant CPU board F75P Safe I/O cards for binary input/output
- 3. 3 menTCS System Architecture Separation of safe and non-vital parts Non-vital runs on Linux Safe application on safe QNX real-time operating system
- 4. 4 Safe Domain and I/O Domain Safe communication through black channel Limits the effort of safe application programming Accelerates software development Fail-silent architecture
- 5. Safe I/O Framework PACY 5
- 6. 6 Communication via Real-Time Ethernet No Ethernet switches needed High availability with little cabling effort All I/Os (control unit and remote I/O boxes) are connected via real-time Ethernet ”EtherCAT“ Communication protected via Safety over EtherCAT (FSOE) protocol Connected in a ring topology Tolerates single failures like broken cables Safe and fast I/O through Safety over EtherCat Remote IO reduces cabling effort / better signal integrity
- 7. 7 menTCS – Feature Summary Certified safe CPU board with 3 CPUs Certified safe I/O boards QNX safe operating system available Compliant with EN 50155 and EN 5012x Certification packages (up to SIL 4) for hardware and software available Extensible by distributed safe I/O boxes connected via real-time Ethernet Optional MVB interface, RS232, RS422, RS485, CAN, GPS
Editor's Notes
- menTCS is an open and modular railway computer platform based exclusively on standard hardware and software.
- menTCS is the first computer system ever in the history of the railway industry that separates the control electronics – i.e. the computer hardware – from the real control function – the application software. It is based on defined open standards for hardware, software and communication. Its modularity makes it configurable for every control function inside and outside the train. It is certifiable up to SIL 4 in all its single parts and complies completely with the EN 50155 railway standard. Based on COTS products, the heart of the system is the menTCS controller, based on the dual-redundant and SIL 4-certified CompactPCI PlusIO board F75P. The controller can be used stand-alone or can be extended by up to 63 remote I/O boxes with safe I/O cards for binary in- and output.
- menTCS separates the safe parts of the application from the non-vital parts, thus reducing the software certification effort. The non-vital communication and service functions run on standard Linux, guaranteeing that the system is open towards the external world. The safe application runs in a safe kernel of the QNX real-time operating system and can either be directly programmed with standard "C" language, offering POSIX compliant APIs or optionally a safe PLC.
- The menTCS software distinguishes between the safe and the non-vital domain in order to save cost and time for application development and certification. This separation allows the development of non-vital relevant applications separately from safe applications. Non-vital applications cannot influence safe applications because they are executed on a separate processor running a standard Linux operating system. The loss of the I/O processor is not dangerous. Via the FSoE protocol (Fail Safe over EtherCAT) appropriate communication between the safe controller and the safe I/O functions is guaranteed. This method to transport safe data over untrusted communication - called “black channel” – is defined in the EN 50159 standard and ensures end-to-end protection of transmission.
- PACY is a process data application framework that makes the menTCS hardware transparent for the application. It handles the communication between the CPU together with custom-specific application software and the safe I/O cards. Being a transparent abstraction layer PACY takes care of the execution of the application’s commands, providing an API for "C" language programming. Developers can control the I/O through "C" language variables independently of the kind of I/Os that need to be controlled. As a module-based framework PACY opens up all interfaces from the application to the hardware. This allows a flexible extension by individual, custom-specific modules. A SIL 4 certification according to EN 50128 will also be available for PACY, including the corresponding documents PACY is configured by a configuration tool allowing to run the same application, using different menTCS I/O boards.
- The complete menTCS I/O – no matter whether it is part of the MH50C controller or located in the remote I/O boxes – is connected via real-time Ethernet, so that the application can treat all I/O functions in the same way. All remote I/O boxes are connected to the controller in a ring topology, which tolerates single failures. For example, in case of a broken cable, the system is still fully operational, as all I/O boxes can still be reached from the other end of the ring. The data transfer of the inputs and outputs is realized via safe real-time Ethernet. Based again on an industry standard, also the safety of the I/O communication is proven by TÜV SÜD.
- Being a totally open platform concerning software and hardware, menTCS is the first and only railway computer that offers a separation of the rail service from the electronic control system behind. This unique feature allows railway system suppliers to concentrate on their core business. menTCS is well suited for use in new train models as well as for refurbished trains. menTCS is also well suited for use in new interlocking systems or for a soft modernization and automation of older relay interlockings. The guaranteed long-term availability of all parts of the menTCS for a minimum period of 10 years makes it a future-safe, robust and cost-effective solution.