High Integrity Solutions

Dave HarperSystems Engineer4th February 2015

Introduction

• Implementation of a High Integrity NTP system for Air Traffic Control– Air Traffic Control– Supporting Systems– Safety Requirements– Failure Modes– Solution to provide NTP service– Conclusion

Air Traffic Control System

Controller Screen: Heathrow Approach

Safety Requirements

• Depends on criticality of service– Voice Comms– Surveillance

• Probability of Failure <1 in 10,000,000 hours• No undesirable failure modes• Safety Management System• Rarely achieved by COTS products

Reliability

• Electronic hardware – random– Typical equipment MTBF 50k-100k hours

• Software – systematic– For commercial software limit is 10k hours

• How do we meet the Safety Requirements?– Bespoke– Innovative use of commercially available

equipment.

Time Distribution

• Time data by serial interface• Originally bespoke• Network Time Protocol• Improved performance at less cost

NTP Clock Strata

NTP Time Distribution Solution

NTP Servers

SwitchesRouters with firewall

NTP clients

A B C

Aircraft Reliability

Conclusions

• NTP service for ATC– Meets safety requirements using COTS equipment.– Better performance– Less cost

• Sometimes only a bespoke solution will do.

Contact Details

• Email: d53harper@gmail.com• Tel: 07771 805969