September 18, 2007
The effectiveness of having a fault tolerant power strategy was demonstrated after hurricane Katrina hit the Gulf Coast in 2005. A financial news television station interviewed the heads of two telecom carriers to find out when their telephone services would be operational again. The interview was very short – “we never lost service,” they replied.
The telephone systems we take for granted have expensive and complex back up systems. Fault tolerant power supplies are supported by battery banks, generators and uninterruptible power supplies. Large Industrial complexes have also implemented similar systems - having an oil refinery stop production can result in enormous sums of money being lost!
For those with less extensive budgets, this brief article will explain the benefits, terminology and tips on how to implement a relatively low cost, but effective system.
Why have redundant power supplies?
Imagine a 24VDC 10A power supply driving motors and sensors on a conveyor based production line. For two or three years, everything works fine, then one Friday (always at the end of the month), the power supply fails causing the conveyor to stop. Even if a spare part is in stock, it could still result in 30 minutes of expensive lost production.
If two identical power supplies had been installed in a fault tolerant, redundant mode, the remaining (good) unit would have continued to power the production line. The failed power supply could then be replaced at a more convenient time during routine maintenance.
Frequently Used Terminology
An expression where N is the number of power supplies needed to run the system. The simple two power supply system mentioned above would be considered 1+1. A triple redundant system (where two failures would have to occur to shut the system down) would be designated 1+2.
Some equipment is operated 24 hours a day, 7 days a week, allowing no time to bring the system down for maintenance. In this case the failed power supply must be “swapped” out and a new one inserted without disruption to equipment operation.
In the rare event of a power supply failing with a shorted output, low voltage-drop ORing diodes block that short from bringing down the system power.
Some power systems employ a method of balancing the current between the power supplies to increase field life. This can be an electronic signal wire that links the power supplies together or a switch* on the power supply that initiates a slight drop in the output voltage as more current is drawn. (*Common on high power DIN rail units)
Two Ways of Implementing Fault Tolerance
DIN Rail mount
For the example listed above, the simplest off-the-shelf solution is to use a diode “ORing” module and two power supplies. Here we are using Lambda’s DIN rail mount DLP-PU module and two 24V 10A DLP-240-24-1/E power supplies.
Tip: When wiring the system, ensure that the cable lengths from the output of the power supplies to the ORing module are equal. This will help optimize the performance and life of the power supplies.
Inside the diode ORing module are two diodes and two alarm relays. Even in the event of one power supply failing with an internal short circuit, the remaining unit will continue to deliver power. See below.
Tip: It is important to identify power supply failure using the relay alarms to flag the need for maintenance. Engineers sometimes overlook this which can result in a second failure unexpectedly bringing the system down!
System Engineers requiring more power are turning to the communications style racks. These sophisticated low cost systems allow power supplies to be hot-swapped and come completely self contained. An example of such a product is Lambda’s FPS series.
Advantages of this solution include:
Finally, one important note
A company wanted to ensure that in the event of a power supply failure their system would continue to operate. A battery was installed across the power supply output to give 24 hours uptime in the event of a power supply failure.
Unfortunately no thought was given to how anyone would know that the system needed maintenance! The power supply did eventually fail and the battery kept the system up for 24 hours before it discharged resulting in a system shutdown. A simple alarm circuit could have prevented that.
If you take Lambda’s recommendation to invest a little extra money up front to make your power system more secure, test your system to make sure you have it right!