07-04-2016 12:58 PM
we registered again a team from the class "Lpro Systèmes embarqués" UJF Grenoble in the Xilinx University Contest, OpenHardware 2016 (http://www.openhw.eu/)
try it ! download files :
Tango is a free, open source, scalable, efficient SCADA framework : a set of tools and API to monitor industrial appliance of any kinds...
Tango Control System is a 100 man/years middleware, which aims at the monitoring 24/7 of more than 200 000 sensors & actuators in the facility. It features among other usage : logging, events driven communication, seamless integration to NI Labview, Matlab, Igor scientific toolboxes or OPC-UA plc, EPICS bus, ...
07-05-2016 07:13 AM
Impressive. How do you deal with hardware failure? Single points of failure? Do you have a way to shut down safely? In my discussions with other accelerator facilities, meeting the new IEC 61508 safety standard is a requirement going forward.
07-06-2016 11:05 AM
thank for your interest in our work and your your support.
could you elaborate your questions ? are you inquiring on Tango DCS redundancy features or are your questions more zynq specific ?
in short :
it is up to you to deal with hardware failure , but due to its decentralized paradigm, there is no need for a central/supervisor node, so you could duplicate where there is a need for and choose a convenient arbitration algorithm
to shutdown gracefully, Tango implements several runlevel
feel free to ask more info
07-06-2016 11:11 AM
That is what I was looking for (how you deal with failures). A distributed system should be able to meet all the requirements. The devil is in the details. I like to be able to suggest solutions to those with similar problems, so I keep track of who is doing what.
07-06-2016 12:39 PM
actually Tango does not target nuclear power plant neither chemical facilities Control Systems with their specific, normative, requirements. The tango software itself has not (yet) been certified by any authority of any kind...
Tango is an alternative to closed systems, for very large, or small (fit in a raspberry) facility, where customization, heterogeneity either of the hardware, OS, netwoks, or programming language, long term sustainability, open source, independence from vendors, do matter....
FYI, the ESRF has more than 250000 sensors/actuators monitored from control room, has been running 7/24, starting 20 years ago without any failure caused by the CS... there are more than 15 synchrotrons, laser using it nowadays and we are committed to put this framework out of big science, in other industry...
07-06-2016 01:06 PM
Understood. But the standards do recognize history, and a successful history is accepted for certification as it demonstrates one aspect of a good, safe, system (it works!).
Combined with a fault tree analysis, examination of single points of failure, and the enumeration of the safe failure fraction (the number of safe failures divided by all failures needs to be 99.999...% - probability of an unsafe failure is extremely low), you are that much closer to certification.