How to select fault-tolerant power systems

How to select fault-tolerant power systems

Ideally, a system should include hardware redundancy, an uninterruptible
power supply, and battery backup

BY PATRICK HUNTER Unipower Corp. Pompano Beach, FL

Today's computer-based fault-tolerant electronic systems require power
supplies that are fault-tolerant as well. A fault-tolerant power supply
must provide uninterrupted power output even when the power supply itself
fails. The designer must consider time, cost, and performance before
choosing a fault-tolerant supply to configure or to have a manufacturer
configure. A fault-tolerant power system (see Fig. 1) should incorporate
the following elements to protect against a variety of adverse
conditions: * A wide input voltage range, an input filter, surge
suppressors, and enough holdup time to protect the computer system from
voltage sags, surges, spikes, noise, and short transient outages. * A
battery-backup system that couples directly into the dc bus of the
switching power supply to protect against power outages. * N + 1
redundancy to protect against a single power supply failure. The table
summarizes the solutions available for fault-tolerant power supplies. Some
solutions, such as adding line filters or suppression devices to cure
minor faults and fuel-driven generators to handle major outages, are
well-known and need little explanation. Other solutions require more
foresight on part of the user and are discussed in depth here.

Obtaining uninterrupted power
The designer can reduce the likelihood of power supply failure in several
ways: * Increase mean time between failure (MTBF) by using
high-reliability components or specially screened parts. * Design in
additional derating of the components. * Operate the power supply below
its rated output. * Employ hardware redundancy. The first three methods
will certainly reduce the probability of failure, but not by a large
amount. When the probability of failure must be reduced by orders of
magnitude, hardware redundancy is the most practical choice for the user.
Redundant power systems have the supplies coupled directly in parallel to
ensure that if one unit fails, the other units can maintain uninterrupted
power to the load. Figure 2 shows the common n + 1 redundancy
configuration where series-connected diodes are employed at the outputs to
prevent an output fault in one power supply from pulling down the outputs
of the others. (Do not confuse n + 1 redundancy with 100% redundancy–see
box, “Dual-redundant power supplies.”) N + 1 redundancy means that one
more power supply than actually needed is used to supply the load. Thus,
two identical power supplies connected in parallel are used to handle the
load on a 50/50 basis, a third power supply is added for redundancy.
During normal operation, each power supply carries one-third of the load.
This method provides redundancy for a single power supply failure. For
double redundancy, an n + 2 configuration is used with two extra power
supplies in parallel. The time required to replace a failed unit must be
considered in redundancy. If a long time is involved with an n + 1 system,
then an n + 2 system might be needed. The user should employ load sharing
and manage transient disturbances in redundant power systems. Load sharing
is usually accomplished with a single-wire interconnect between the power
supplies. Equalizing the load between units reduces worst-case stress,
both under normal operation and when one of the supplies fails. Such
load-sharing circuits are beneficial, but some circuits can also have
failure modes that interact with other power supplies through the
single-wire interconnect. The user should also guard against possible
transient disturbances. These disturbances can occur when the load is
transferred from a failed unit to the other good units, particularly where
a hard short circuit occurs in the output circuit of the failed unit. The
output current of the failed unit drops fast and requires that the good
units pick up the system load quickly. The resultant transient disturbance
may depend on the output transient response of the power supply, the
output filter design, and the impedance of the distribution to the sense
point.

Uninterruptible power supplies Although hardware redundancy is the
prime choice in fault-tolerant systems, uninterruptible power supplies and
battery backup are good ways to provide continuous service. A UPS is added
in front of electronic equipment to provide a protected ac store. Figure 3
shows two types of UPS. The first (Fig. 3a) uses an ac/dc rectifier and
filter followed by a dc/ac inverter that generates a filtered ac output. A
battery is coupled to the intermediate dc stage to provide an
uninterruptible dc source for the inverter. A battery-charging circuit
restores the charge on the battery after utility ac power is restored.
The second type (see Fig. 3b) uses a dual-input transformer and filter
circuit, where ac power normally flows directly from the ac source through
the transformer to the load. When the ac source fails, power is
automatically transferred to a dc/ac inverter that is powered by a
battery. This approach has higher efficiency than the first because the
inverter only operates to supply the load during an ac power failure,
while the first method provides power from the inverter continuously.
Uninterruptible power supplies are most useful in multi-kilowatt
applications where multiple equipment loads are connected or where the
user already has equipment installed without internal battery-backup
capability. These higher-power UPS systems are typically large, heavy, and
costly. The user must be aware of some critical performance limitations.
The ac waveform can be significantly affected by nonlinear loads such as
those from switching power supplies having a low power factor and a high
level of harmonic distortion. Uninterruptible power supplies are
electronically current limited. Alternatively, they are limited by passive
or tuned filter circuits and cannot provide the high peak currents that a
utility source can provide. These characteristics also limit the ability of
a UPS to provide the high peak currents for load surges, start-up loads,
and fault clearing when loads fail.

Battery-backup power supply The evolution of the high-frequency
switching power supply has made a second method of external power backup,
battery backup, both practical and cost effective for fault-tolerant power
systems. These supplies employ an intermediate dc power bus from which
dc/dc converters operate to supply the required output voltages. This
circuit topology makes it easy to implement battery backup by integrating
the battery circuit directly with the switching circuit. A battery-backup
system has the following advantages over a UPS: * It is a more
cost-effective solution for many low-to-medium power applications. * It
requires less space and weight. * It can be customized and optimized for
the specific requirements of the load. * It can be modular and expanded
as the system grows, by adding more power supplies. * It provides a
smooth transfer from ac to battery. * It is downstream from the ac input,
eliminating the interactive effects between power supplies and other loads
in the local environment. Figure 4 shows a common battery-backup
technique. Here, a high-frequency dc/ac boost converter transforms the
battery voltage to the higher voltage on the dc power bus of the switching
power supply. Power from the ac source to the load is processed through
the conventional rectifier, filter, and high-frequency dc/dc converters
found in most switching power supplies. A boost converter operates only when
the ac input voltage falls below specification. It also holds the dc power
bus voltages to an acceptable level, thus allowing the output of dc/dc
converters to continue to operate. The boost converter output couples
directly to the energy storage capacitors on the dc power bus. Therefore a
smooth transition occurs from ac power to battery-backup power, minimizing
transient disturbances at the output. Many factors enter into choosing
the right battery-backup system, including power level, size, efficiency,
reliability, cost, battery holdup time, and recharge time. These include:
* A way to convert power from a battery source to conditioned output power
when the ac source fails. * A rechargeable battery source with a charging
circuit. * A way to transfer power from the ac source to the battery
source while maintaining the outputs within acceptable specification
limits during the transfer. * Other important elements, such as
supervision, control, and protection circuits to ensure that the battery
is properly recharged, protected, and available for backup when needed.

CAPTIONS:

Fig. 1. A fault-tolerant power maintains its output to the load in spite
of transients, surges, and possible loss of power.

Fig. 2. One type of UPS (a) uses an ac/dc rectifier and filter followed
by a dc/ac inverter that generates a filtered ac output. The other type
(b) uses a dual input transformer and filter circuit to feed ac power
directly from the source to the load.

Fig. 3. In the n + 1 redundant configuration, series-connected diodes at
the outputs prevent an output fault in one power supply from pulling down
the outputs of the others.

Fig. 4. This battery-backup unit uses a dc/dc boost converter to
transform the battery voltage to the higher voltage on the switching power
supply's dc bus.

BOX:

Dual-redundant power supplies

BY THOMAS SKOPAL Acopian Easton, PA

While n + 1 redundant power supplies have received a lot of publicity, a
100% or dual-redundant configuration also provides fault tolerance. In a
100% redundant configuration, the output of one supply is usually set
slightly higher than the other. The voltage across the backup supply's
diode is then not enough for it to conduct, so all output comes from the
primary supply. If the output supply should start to drop, the backup
supply picks up the load. The diagram shows the configuration of a 100%
redundant supply. The main difference between the 100% redundant
configuration and an n + 1 redundant configuration is that in the latter,
the inputs of the supplies cannot be evenly divided between two
alternative sources of input power. This is because the fundamental
concept of input power requires that more than half the total number of
supplies be operating at all times. Moreover, the extra interconnections
required between the supplies increases circuit complexity as well as
installation labor and wiring. Regardless which configuration is used,
the isolation diode must be connected in series with the output of each
power supply. Otherwise, fault conditions such as a shorted output
capacitor can affect operation of the other supplies. Simply using a
supply capable of parallel operation does not by itself ensure that
failure of one will not affect the others.