The D602 is a 6U CompactPCI® COTS computer with onboard functional safety that realizes triple redundancy on a single board to achieve fail-operational, fault-tolerant behavior. The board can also act as a fail-silent subsystem, i.e. it can shut down in case of a fatal fault. Its complex FPGA-based design helps dramatically lower software development costs as it automatically manages the system's triple-redundant processors and memory. The result: The system's redundant architecture is fully taken advantage of by software designed for a standard single-CPU card.
The D602 is designed for deterministic operation and offers extensive BITE features (e.g., ECC error counters for all types of memory, monitoring of all internal voltages), internal buses with error correction and fault-tolerant (fail-operational) implementation. Its three processors run in lockstep mode with 2-out-of-3 (2oo3) voting implemented in FPGA and software-assisted resynchronization, while its triple redundant dynamic memory automatically corrects upsets caused by cosmic radiation (SEU) and hardware faults. The system is powered by redundant local power supplies with separate power supplies for the three CPUs and the three main memory ranks.
The D602 has been developed according to DO-254, compliant to DO-160 and certifiable up to DAL-A in avionics applications. Additionally, the product meets the requirements of EN50128/EN50129 and can be deployed in signalling and rolling stock applications up to SIL 4. All I/O is realized in SEU-resistant FPGAs and available on the system's rear connectors. Additionally, the D602 offers two PMC slots (product revisions -02 and later with rear I/O for PMC1). As an option, the second PMC slot can be customized for an AFDX® PMC (rear I/O only). A second D602 can be connected to build a high reliability/availability cluster. The two D602s exchange data via a sextuple UART connection and a BMCX link.