Hot Stand-By Disaster Recovery Solutions for Ensuring the Resilience of Railway Control Systems
9
1 Finmeccanica is Italy’s leading manufacturer in the high technology sector. Finmeccanica is the largest shareholder in Ansaldo STS with a 40% stake. About us: Finmeccanica Hot Stand-By Disaster Recovery Solutions for Ensuring the Resilience of Railway Control Systems Paris, September 2015 Bozzaotre M.
-
Upload
sereneworkshop -
Category
Engineering
-
view
384 -
download
2
Transcript of Hot Stand-By Disaster Recovery Solutions for Ensuring the Resilience of Railway Control Systems
1
Finmeccanica is Italy’s leading manufacturer in the high technology sector.
Finmeccanica is the largest shareholder in Ansaldo STS with a 40% stake.
About us: Finmeccanica
Hot Stand-By Disaster Recovery Solutions for Ensuring the Resilience of Railway Control Systems
Paris, September 2015Bozzaotre M.
Text
Introduction
•Disaster recovery in modern railway control systems•Ansaldo STS systems are based on a centralized architecture•Clients ask to guarantee the availability of service in case of disasters involving the control room (fire, flooding…)•Hot-standby solution developed by Ansaldo STS
3
Text
Wayside Subsystem Overview
• Safety Nucleus (SN) performs the vital processing• HMI: it allows to control the whole railway system• Peripheral Place (PP) is the analogue interface the field devices• Communication to the trains via radio
PP1
PP2
PP3
PP4 PP6
PP5
SN
WAN
Train SupervisorHMI
CONTROL ROOM
Radio
4
Text
Safety Nucleus Overview
CPU1 CPU2 WD
SECTION1
CPU1 CPU2 WD
SECTION2
Ethernet RS485 Radio
INTERFACES
Main feautures• High Scalability• CENELEC SIL4 certified• Real Time processing• Fault Tolerance through spatial redundancy• Different and hetherogenous interfaces
5
Text
COLD-STANDBY solution
* SN Backup in the same control room and not connected to the interfaces* Human action required for switchover
WDSECTION 1
SECTION 2
SN NORMAL
SECTION 1
SECTION 2
SN BACKUP
Ethernet RS485
CONTROL ROOM
INTERFACES
Radio
Active Inactive
6
HOT STANDBY solution
WDSECTION 1
SECTION 2
SN NORMAL
SECTION 1
SECTION 2
SN BACKUP
MAIN CONTROL ROOM
Active Inactive
BACKUP CONTROL ROOM
• SN Normal and Backup in 2 different control rooms, connected by a network• Only one section active for SN in each room• Switchover automatically performed in case of fault/disaster, with non loss of
service• With one only control room available, the second section can be activated by an
human action
7
HOT STANDBY: specific issues
• Real time nature of the system• Section alignment• Amount of data
• Continuity of service• Switchover time• Multiple interfaces
• Split Brain• Preserve the safety, whitout affecting the availability• Reliability of the network
WDSECTION 1
SECTION 2
SN NORMAL
SECTION 1
SECTION 2
SN BACKUP
MAIN CONTROL ROOM
Active Inactive
BACKUP CONTROL ROOM
8
HMI – SCADA
•Monitoring all the components•Accurate information and data analysis, in order to quickly figure out the faults and perform repair actions•Suitable for mobile devices
9
Text
Thanks for your attention!
