A Failure-Tolerant CANopen System for Marine Automation Systems

CANopen-based communication also becomes popular for failuretolerant systems. A typical application of that type is the area of marine automation systems, e.g. ship alarm, monitoring and control systems in any kind of ships like product carriers, container ships, passenger vessels, ferries and cargo ships. The main rule to be met in that type of application is, that the system must tolerate at least one arbitrary single component failure. This implies that a general redundant system configuration, including the communication system, has to be provided to fulfill the requirements of a failure-tolerant system. This article describes a CANopen-based communication system that fulfills the requirements of a failuretolerant system. It was developed by IXXAT Automation for the Norwegian ship automation systems supplier Kongsberg Norcontrol. The system already operates very successfully in many applications. The implemented system concept is now established as the basis for a CANopen-based standard in ship automation (CiA SIG Maritime Electronics). Introduction Today, modern ships are multifunctional plants with a number of process segments like power management, engines and generators, cargo pumps and valves, ballast, bunker and cargo tanks. This requires the access of up to thousands of I/O-points per process segment. Large scale systems may comprise up to 20.000 I/O-points. The large amount of data and various system functions makes it necessary to implement this type of system in form of a hierarchical and modular structured architecture with decentralized intelligence. To facilitate data collection, similarly to other fields of automation, an appropriate data communication system is required. In addition to common requirements such as reasonable costs, ship automation systems must also satisfy increased safety conditions as claimed by the registration procedures of the different classification societies. Since the data communication model of modern automation systems takes a major part of such systems, they need to meet the safety requirements as well.