Blogs

Moderator

Triple redundancy autopilot three boards two GPS launched by Micropilot

Posted by Gary Mortimer on February 16, 2011 at 11:30pm

micropilotautopilot.jpg

MicroPilot 21283X

How long before this becomes a standard required by authorities??

 

The MP21283X, MicroPilot’s triple-redundancy (3X) autopilot, is now available. Although 3X technology is established within the aviation industry, 3X autopilots are a new addition to unmanned aerial vehicles (UAVs). The MP21283x contains three robust autopilots to overcome a multitude of hardware failures. If any one of the three autopilots should fail, the remaining two take over. An additional mechanism oversees these three systems.

 

http://www.suasnews.com/2011/02/3797/micropilot-launches-the-first-commercially-available-triple-redundancy-uav-autopilot/

E-mail me when people leave their comments –
Follow

You need to be a member of diydrones to add comments!

Join diydrones

Comments

  • DaveyWaveyBunsenBurner February 17, 2011 at 5:43am

    The RC boys have been flying with redundant systems for years. Including servos. The wings? Maybe not but that structural and we are talking flight control systems.

    Having an Autopilot backup may come down to simple finances. Imagine you have a research UAV with a $10,000 sensor on board. For the price of an additional APM and IMU, taking that single point of failure may well be worth it.

  • Ersin Acar February 17, 2011 at 5:15am
    @HappyKillmore; that's what i talked about at the start ^^ but when other guys started make fantacies, i couldnt keep me out of it xD Brainstorm is good :)
  • Paul Mather February 17, 2011 at 5:05am

    So what kind of platform would call for this? A space shuttle perhaps? A UAV being used as a transport for humans? Anything less this seems like complete over-kill. Are there redundant wings on the plane? How about elevator servos? Redundant motors?

     

    It makes more sense to be to built a more robust auto pilot instead of planning for it's failure.

  • DaveyWaveyBunsenBurner February 17, 2011 at 4:59am

    @ Mike

     

    I see your point, but I've only been considering system outage/failure scenarios really. These seem to be the most likely type of failure.

     

    Regards

    D

     

  • robert bouwens February 17, 2011 at 4:33am
    @mike
    i see no problem - write a mockup for those not online/active and you are done.
    :)
    nails the problem down to who has access to the hw.
  • Ersin Acar February 17, 2011 at 4:04am
    maybe your control hardware is working well but there is a problem at servo cables of servo driver hardware or ESC. these can be happen too.

    I'll put chute (http://diydrones.com/forum/topics/dronechute-1) to my airframe it will be connected on ardupilot's failsafe system. also i will put some sensor for backup if there is a problem on motor or servos, death man's switch will run and open the chute. so i can save my airframe and other stuff :)
  • Mike Bakula February 17, 2011 at 3:45am
    Where single redundant systems work well is where there is some external judge of whether a unit has failed.  (For example, in a redundant power supply, there's another part, a voltage monitor that tells when a PSU is giving an undesired voltage.)  With our autopilots, when one fails in some way, you'll get a disagreement between their outputs.  How do you know which one's right? (Each autopilot thinks it is right, of course.)  Since a system to decide between them would effectively have to be another autopilot, that what we use.  This is dual redundancy.  Ther are a number of strategies for how to configure dual-redundant systems, bit that's another post.
  • DaveyWaveyBunsenBurner February 17, 2011 at 2:44am

    @ MartinT

     

    I'll PM you!

  • Distributor
    Martint BuildYourOwnDrone.co.uk February 17, 2011 at 2:40am

    @Davey

     

    Hi Dave,

    I agree with watching the outputs, if they both are providing information within a set of defined parameters then all is seen to be good at the stage of the signal monitoring, if there is a hardware or power failure then the output would fall to zero and allow the "good" board to take over the running of the UAV, however what would happen if there was a mid air reset where there was still a stream of data coming from board "A" and "B" but board "A" was sending out information which is of no use? Would you be able to tell the system watching the data that this is not "good" data and to switch to the good "board"?

    My thoughts were if "A", "B" & "C" boards where sending data and one suffered a reset, the system would then still have a full set of data to compare to?

    I might be over complicating this :)    

     

    www.buildyourowndrone.co.uk

  • DaveyWaveyBunsenBurner February 17, 2011 at 2:20am

    @MartinT

     

    Hi Martin,

    Well generally, computers, networking etc seems to work ok on a two system backup, so I can't see why this wouldn't. I would imagine that the vast vast majority of APM failures would result in a total failure, as opposed to a partial failure, so monitoring the outputs would be a start?

This reply was deleted.