When designing computer system for aerospace and aviation uses the technology must be very robust. Consider if you will lightning strikes to air traffic control radars, aircraft, and the freezing temperatures aircraft fly through at 36,000 feet. Okay so, let’s talk a little about the need for redundancy, back-up systems, and how to make such systems 100% reliable or Six Sigma + if you will meaning 99.999% safe and secure.
Not long ago, I was discussing all this with a fellow think tanker, Troy Laclaire from Northern Nevada. Specifically we were discussing the issue of upgrading and advancing the current air traffic control system, and all the aircraft automated systems to correspondence those upgrades, along with all the training which would be required. Troy stated; “unfortunately, you probably are not going to get 100% out of any one system, but instead need to have a layered system in place, and make sure that all pilots are familiar with all systems.” True enough and well said.
Well, I am computer system Validation training in hyderabad all for “responsible redundancy” – but not just redundancy for the sake of the “Ramans” in Arthur C Clarke’s novels, triple redundancy can save your ass, but it can also make you more accepting of failure of your core systems or allow you to not try to seek Six Sigma level uptime. Troy laughed and said; “ah the Ramans, great engineers (or were they?) but a bit on the secretive side. Really should have been made into a movie. Well, there does reach a point where you can have too much redundancy yes, but you need to be sure to train and practice as if that redundancy was not there.”
He is right isn’t he, you know it is sometimes I think that is one of the problems with NASA, and why they are always over budget, and to safety conscience. After all, at some point there are some risks which are acceptable, and you have to take those risks. And really here is the problem with relying on redundancy as Troy so wisely notes;
You also need to insure that you have 100% uptime of all systems, regardless of what type of redundancy you may have in place, however there is the mentality some people have of “eh, if it fails, there’s 2 more”.
Yes, that’s true too isn’t it, and I think that’s the difference between the way the Russians think with their engineering and how the Americans have come to think over the years. It’s a totally different mindset, both ways work, and in certain instances, they work better, and in some instances they don’t work as well.
Really this is just engineering philosophy, which is something they probably should be teaching when they teach new aerospace engineers, but I don’t know if they do or not. It’s definitely something I used to think about what we design new equipment for our mobile car washing rigs (before retirement I franchised mobile car wash units). There were always ways to ‘duct tape and bailing wire engineer” something to get you through the day until you could fix a piece of equipment which had broken on the job.