Advanced Embedded Data Platforms for Distributed Power Management



Advanced Embedded Data Platforms  for Distributed Power Management


application/pdf Advanced Embedded Data Platforms for Distributed Power Management Jacques Gatard, Mirko Jakovljevic


227.06 Ko


Creative Commons Aucune (Tous droits réservés)





<resource  xmlns:xsi=""
        <identifier identifierType="DOI">10.23723/10638/19012</identifier><creators><creator><creatorName>Jacques Gatard</creatorName></creator><creator><creatorName>Mirko Jakovljevic</creatorName></creator></creators><titles>
            <title>Advanced Embedded Data Platforms  for Distributed Power Management</title></titles>
        <resourceType resourceTypeGeneral="Text">Text</resourceType><dates>
	    <date dateType="Created">Mon 20 Mar 2017</date>
	    <date dateType="Updated">Mon 20 Mar 2017</date>
            <date dateType="Submitted">Sun 10 Feb 2019</date>
	    <alternateIdentifier alternateIdentifierType="bitstream">652c4b668a23156aec8e69c6d6d2d6b2623accc4</alternateIdentifier>
            <description descriptionType="Abstract"></description>

Advanced Embedded Data Platforms for Distributed Power Management Jacques Gatard, Mirko Jakovljevic TTTech Computtertechnik AG Vienna, Austria Abstract— The power generation control and system load balancing shall satisfy both power-hungry system modes such as descent and landing, and less demanding standard cruising. Distributed power generation in modern airplane requires seamless coordination and deterministic communication and coordination between the individual power electronic modules and a supervising unit that will control the load assignments depending on the power demands of the individual aircraft systems and flight phases. Embedded platform shall simplify design tasks of integration for power controls and seamlessly detect and tolerate any faults in integrated electronic components and subsystems. Complex distributed power generation controls can integrate up to 100 computing modules or controllers and the systems can span the whole aircraft and wings. The experience with integration of distributed power systems for more electric aircraft such as Boeing 787 shows that the deterministic performance of embedded systems is essential for the alignment of distributed functions and system integration and maintenance effort reduction, and significantly influences system lifecycle costs. Similar design approach and methodology has been used in different types of critical systems – from flight controls to distributed power generation controls. With further development of distributed embedded platforms, special class of integrated architectures, as described in DO-297 (Distributed Integrated Modular Avionics (IMA)), can handle hard real-time performance in more complex Ethernet-based systems. Such systems can be can be architected as open generic system architectures, using a mix of standardized or hardened optical, PoE/PoC or copper physical layers. In addition IMA systems using ARINC664 can be updated with extensions described in SAE AS6802 to handle critical hard real- time-critical traffic, and integrate distributed power controls, together with health management and predictive maintenance functions. Due to specific properties of such integrated embedded platforms it is possible to gain new capabilities such as reconfigurability and higher availability/dispatchability in power systems, as planned for IMA 2G avionics. Furthermore, this approach allows the integration of hard RT distributed power controls into existing IMA infrastructure or enable design of separated Distributed Power IMA systems hosting solely power control and health management functions. Both distributed power and integrated avionics systems may take advantage from similar embedded components and rely on deterministic Ethernet networks for integration. As a consequence, future optimization in design of electronics integrated systems for more electric aircraft may be accomplished in line with OEMs requirements. Keywords- deterministic embedded platforms; Ethernet; distributed; real-time; controls; system integration I. DISTRIBUTED EMBEDDED PLATFORMS AND SYSTEM OPTIMIZATION Aircraft architectures integrated different electronics systems which represent a large portion of total aircraft R&D, certification and material costs. The optimization and reuse of such systems improves competitiveness and cost sharing among different platforms for OEMs. The part commonality, reduced number of connectors and simplification of integrated architectures lead also to size, weight and power (SWaP) optimization. In this paper we examine opportunities for further integration using appropriate embedded platform capabilities. Figure 1. Distributed Power Architecture in Boeing 787 [1] Complex distributed power generation controls can integrate up to 100 computing modules and the network can span the whole aircraft and wings, essentially playing the role of a power distribution control backbone. In more electric aircraft, the system operation relies on electric power for actuation and reduction of hydraulics/piping weight; it is one of the key critical aircraft systems. The experience with integration of distributed power systems for more electric aircraft such as Boeing 787 shows that the deterministic network performance is essential for the alignment of distributed functions and system integration effort reduction. The control of such system requires system-wide real-time performance, synchronization and Quality of Service (QoS) for the execution of fast control loops. As described in [2] for traditional approaches for aircraft power distribution, each load receives its power from a dedicated power module. To optimize the system usage, the following approach of sharing power modules between different loads is suggested: • Every power module is able to control any load. • Several power modules can control an unique load This new kind of architecture requires a high level of communication and coordination between the individual power electronic modules and a supervising unit that will control the load assignments depending on the power demands of the individual aircraft systems. Thus the system integration and distributed platform capabilities are required to host and align/synchronize tight control loops between power electronic modules operating at the same load. Furthermore the capabilities for system integration determine the system architecture and the openness for modifications, upgrades and reuse. Those capabilities are tied to the distributed embedded platform properties and networking features. II. INTEGRATED MODULAR ARCHITECTURES FOR DISTRIBUTED POWER Distributed embedded systems for power generation control and management in more complex electric aircraft, can be designed as separate stand-alone entities, and use many developments which are utilized in IMA systems. Distributed IMA approach enables integration of fast hard RT functions, health management and predictive maintenance and reuse of available IMA developments, methodologies and expertise. The system optimization can be conducted with multiple objectives knowing that the design space and flexibility of underlying platform can satisfy different system integration requirements. The optimization is simplified due to reduced number of constraints and limitations on integration of hard real-time, real-time and non-critical functions in one system. On such embedded platforms control functions can support system-wide hard RT performance with latencies below 100µs, fault-tolerant synchronization and µs-jitter, and quick system power-up. System-wide fault-tolerant synchronization jitter over Ethernet networks, with sufficient margin for robustness, could be in the order of 2-5µs. In smaller systems, it can be realistically reduced to µs-resolution. The integration of health management system is pretty simple due to robust partitioning among critical controls and health management systems hosted on one distributed embedded platform. At the same time, health management system can be designed to have full access to every sensor and actuator in the system. This is possible due to the high level of integration among embedded resources. Predictive maintenance systems can continuously collect data on loads and utilization of specific systems to predict the next optimum maintenance point and interval. As mentioned, all listed systems can be designed by reusing the majority of IMA developments and deterministic Ethernet networks, based on different wiring and physical layering, as the utilized embedded computing and networking systems can operate with different standard technologies and do not mandate a specific proprietary solution. III. EMBEDDED PLATFORM EXPERIENCES FOR SYNCHRONOUS IMA SYSTEMS WITH HARD-RT FUNCTIONS With fast development of semiconductor technology and mechanisms for time/space partitioning, first considerations on integrated modular architectures started in early 1980s, and the first commercial integrated (pre-IMA1G) architecture has been implemented in Boeing 777 in 1990s, as a significant innovation in avionics integration. With further development of network and semiconductor technology, different advanced variants of integrated modular architectures (IMA) follow in commercial programs: Airbus A380, A400M, A350 and Boeing 787 between 2005 and 2015. In other domains, the design of fully integrated and unified architectures (e.g. NASA Orion [3]) targets unprecedented levels of system integration and optimization. The idea of synchronous and hard RT design in integrated systems is not new, and has been applied in space, military and commercial avionics for over 40 years. The rationale behind integrated systems which can host hard RT functions with well-understood latency and minimum jitter and deterministic resource use, are simpler testability, reduction of the number of system states and integration effort reduction. As system integration influences all system lifecycle phases, there is a great cost optimization potential. Aerospace IMA systems can enable design of safety-critical and time-critical functions within a closed system, but do not support the integration of bulk Ethernet traffic (closed system!) and hard real-time functions due to: • statistical multiplexing of Ethernet networking resources • … and loose alignment of resource access for different integrated functions. Since late 1990s, with full-duplex Ethernet and its capabilities for high-bandwidth asynchronous packet-switching communication, the architectural design paradigms shifted toward asynchronous systems with an L-TTA [4] model of computation and communication. The major drawback is that such a model does not support the integration of hard real-time functions. Even in cases when this is viable, too many additional constraints plague the system, thus leading to high integration effort and workarounds in topology and architecture, which are later complex to upgrade or modify. Integrated systems which cannot not support system-level integration of hard RT functions due to the technology baseline, typically use a layered hierarchical topologies with gateways between layers. This slows down the RT performance and complicates upgrades and extensions, and creates a system which is rarely configurable and reusable. Distributed time-critical (hard RT) functions can be integrated in existing IMA systems within the following architectural boundaries: • spatial proximity of hard real-time SW functions to controlled objects (limitation on distribution of real-time functions and separation of I/O and computing resource) • domain-based, and/or hierarchical topology with gateways or RDCs • High effort of verification and validation for reconfiguration, modification and reuse among different platforms with many time-critical functions The interfacing challenge for real-time functions cannot be solved by simply throwing more computing/networking bandwidth on the problem. It is true that the resource sharing problem becomes simpler with overprovisioning, but unintended interactions are still possible if new functions are added. For every critical function, absolute guarantees for predictable performance and bounded timing must be supported by the embedded platform virtualization. All other “normal” functions can use resources when they are not utilized by critical functions. The improvements in distributed embedded virtualization with tight alignment of resource sharing are related to the control of jitter in both computing modules and network bandwidth use. Such improvements enable unambiguous definition of key system interfaces and interactions. The tight control of jitter and key system interfaces results in (Figure 2) true modularity, simplified integration, verification and viable incremental certification. In other words, this helps to build a less complex system with a reduced space of system states. JitterControl for Critical Functions UnambiguousKeySystem Interfaces Composability: New/ModifiedFunctions do notImpact ExistingOnes DeterministicResource Sharingand Slicing Reductionof SystemStates and Transitions LowerSystemComplexity TDMA / Synchronous Resource Access Figure 2. Jitter Control: Impact on Advanced Integrated Systems Ideally, the determinism of communication is defined as full control of jitter, constant message latency and repeatable message order. Obviously, Ethernet as a packet switched network was not designed with those requirements back in the early 1980s. Fortunately Ethernet is not a monolithic standard. Rather it is a family of frame-based networking LAN/MAN technologies and can be extended by additional Quality of Service (QoS) enhancements to satisfy different industry- specific requirements. By using those, otherwise transparent, network services, distributed applications can advance their real-time capability and deterministic operation. For application designers, the most important benefit is the capability to run strictly deterministic hard real-time loops in integrated systems with many other functions, while having full control of embedded system resource use and system partitioning. IV. DETERMINISTIC ETHERNET BACKBONE In commercial avionics, ARINC664-P7 [5] (Avionics Full Duplex Ethernet or AFDX) QoS enhancement has been added to standard Ethernet switches to enable redundant rate- constrained communication with defined maximum latency. AFDX networks are used in commercial programs such as Airbus A380 and Boeing 787 as a backbone network for integrated avionics, and in military avionics (Airbus A400M) and rotorcraft cockpits for display integration. With a known network traffic profile, virtual link prioritization, defined switch buffer dimensioning and decent network calculus and configuration tools, very deterministic operation with respect to maximum latency can be ensured for all end-to-end virtual links (VLs) in AFDX networks. VLs enable point-to-point communication among different functions in the switched network system. Configured VLs have guaranteed bandwidth use and periodicity with defined maximum latency. ARINC664-P7 standard describes traffic policing and shaping required to ensure planned AFDX network performance. While ARINC664 communication is very deterministic, it is asynchronous and relies on statistical bandwidth multiplexing. It offers very limited control of jitter and message order. As usual, jitter can be reduced by limiting the number of hops (number of switches on the path between two end systems) and maximum bandwidth use. In order to minimize communication jitter (in µs) and keep the latency constant, a different type of QoS enhancement with fault-tolerant synchronization capability is required: a strictly deterministic SAE AS6802. SAE AS6802 (TTEthernet) [6] QoS Layer 2 enhancements can provide synchronization, tight jitter/latency control and TDMA-style bandwidth partitioning for ARINC 664 networks. Distribute Quality of Services (QoS) enhancements which enable TDM communication in Ethernet networks (e.g. SAE AS6802 "Time-Triggered Ethernet" standard) guarantee minimized jitter known defined at design time, and high update frequencies for remote control units, and can operate in the context of an AFDX backbone network. This can be achieved either by selectively using robust fault-tolerant synchronization time base for alignment of applications, or by use of TDMA traffic class supported by SAE AS6802 emulating a perfect AFDX virtual links (VL) with µs-jitter and fixed latency [7]. From the perspective of the ARINC 664 network designer and integrator, time-triggered SAE AS6802 messages can be seen as AFDX messages with fixed latency and jitter, and the network design can be based on existing best practices for avionics network design associated with the ARINC 664 standard. In addition, SAE AS6802 supports design methodologies that enable design of novel system architectures, reduce system complexity and simplify integration of distributed software applications. Even at high communication speeds and with high bandwidth use, SAE AS6802 services do not require significant additional buffer memory, which significantly reduces costs of switch design for 1GBit/s (or higher) network infrastructure. Finally, SAE AS6802 services used in ARINC 664 networks enable use of Ethernet as a deterministic unified networking infrastructure in critical embedded systems. Figure 3. Distributed Platforms for Power Generation Control based on Distributed IMA (RTCA DO-297) V. INTEGRATED POWER CONTROLS AND IMA Theoretically, if an IMA system can support integration of hard RT controls (so called Distributed IMA), then the similar type of integrated modular architecture can be designed for distributed power systems. Such approach can further enhance part commonality, scalability and reuse for a wide range of aircraft systems, from the embedded control system perspective. Later there may be a certain level of integration among power distribution “IMA” and avionics IMA, assuming there is a confidence on system safety side. The complexity of distributed power control system reflects the number of distributed power sources and consumers. All listed systems can be integrated on one embedded platform which is separated from main avionics IMA systems. However, further optimization and convergence could be viable, taking into account all aircraft safety aspects and OEMs design philosophy for high-integrity systems. Several examples are provided in Figures 1-3. In Figure 1, we can see a power distribution system with integrated controls which interfaces with avionics IMA, and hosts all critical functions for power distribution and generation. The platform supports high levels of software abstraction, and functions have the impression they are hosted on a central computer even in cases where they are hosted on many processing modules. Every function can be setup to run in parallel on several computing resources and uses different data paths via the switched Ethernet netwok with ARINC664 and SAE AS6802 services. The Variant 1 in Figure 2 shows a system where some of the functions can be transferred to standard avionics IMA, and only the most critical functions are hosted on power systems IMA. Finally the integration of large parts of power system control functions can be integrated with other Distributed IMA and avionics functions, while only the minimum set of critical functions and backup is physically separated. The level of separation among power and other systems depends on future regulatory considerations, and best practices. Figure 4. Variant 1: Gradual integration of Power Generation Control functions with IMA Systems Figure 5. Variant 2: High integration of Power Generation Control functions with IMA Systems VI. REFERENCES [1] Mike Sinnett, “787 Program | Electrical System and Batteries”, 2013, [2] D. Riezler, D. Andrade Alfonseca, "Deterministic, High-Speed Ethernet - A Platform for Modular Power Distribution supporting the More Electric Aircraft”, International Conference on Recent Advances in Aerospace Actuation Systems and Components, Toulouse, France, 13- 14 June 2012 [3] Baggerman, C. “Avionics System Architecture for NASA Orion Vehicle”, TTA Group Open Forum, November 4th, 2010, Forth Worth, USA, 040865.pdf [4] A. Benveniste, A. Bouillard and P. Caspi. A unifying view of Loosely Time-Triggered Architectures, EMSOFT '10 Proceedings of the tenth ACM international conference on Embedded Software, Oct 2010, Arizona, USA [5] ARINC Specification 664P7-1, 664P7-1 Aircraft Data Network, Part 7, Avionics Full-Duplex Switched Ethernet Network, Sept. 2009 [6] SAE Standard AS6802 Time-Triggered Ethernet, Nov. 2011 [7] M. Jakovljevic, "Audio/Video and Hard Real-Time Capability for Advanced IMA Architectures," SAE Int. J. Aerosp. 4(2):1293-1300, 2011, doi:10.4271/2011-01-2699.