Sunday, May 20, 2012

Mission critical, what if?

Toilets are flushing, VHF is assailing
Nav lights are bright, and wind is prevailing
Seas are all fine, and you're sailing on wings
These are a few of my favorite things

When heads won't flush
When frig isn't cold,
When I'm feeling sad
I simply remember my favorite things
And then I don't feel so bad

Refrigeration, basic interior lighting, navigation systems, navigation lights, toilets, water supply, VHF radio communications. These are some of my favorite things on a boat. These items, and others depending on your definition of mission critical elements need careful design consideration if you are contemplating a computerized power distribution system for your vessel.

Power distribution systems have many advantages, and from the outset generically there are no bad PDS's, but there can be poor system design, and implementation. This past week's efforts working in the environs of this type of system has given me some pause for thought, and notable donations of my DNA to the vessel.

I have spent many hours sitting in meetings with clients discussing robotic automation applications in very hazardous environment locations. The question, What If?", was always the center point of all of these conversations. This was because of life safety issues like the potential for deflagrations, and detonations. It will be the center point here also.

What if the PDS main processor fails? This is the big "What If?"  The question is, what would continue to run on the vessel? If the system was managing all electrically operated equipment the answer would be nothing at all. You couldn't start engines, no lighting, no communications, and no navigation systems.

Now add to this situation the thought that you're taking on water twenty miles from shore. I would be pretty disconcerted, to say the least. So it's evident to me that good system design needs to guarantee operation of our mission critical elements regardless of any PDS failure mode. This might be done with a manual override panel, or perhaps mission critical elements should not be included as controlled functions in the first places.

Now let's look at other single point failures that could be problematic. I'm putting these into two groups. The first group can have a substantial impact on vessel operation, and the second group is a minor impact. In the first group, you could have primary interface display failures that would prevent you from communicating with the system, and relay driven power transfer switches could fail. These might not totally disable the vessel, but could cause substantial operational difficulties.

In the second group, you can have things like module, and cabin based switch panel failures. These won't cripple the vessel but can cause inconveniences like no lights in a cabin, or toilets won't flush.

There is one last grouping, and that consists of subsystems such as inverters, generators, and other similar elements that are hanging onto the peripheries of the system.

The impetus for this discussion was an inverter system that was added to a vessel with a PDS. The builder removed the original 110VAC feeds to the PDS distribution panel and used it as the AC source to the inverter/charger. He then took the secondary 30 amp shore power feed off the system, and also connected it to the inverter as a secondary AC source. The 110 VAC output of the inverter was then sent to the PDS. The problem arose when the inverter failed, and there was now no 110 VAC on the boat.

The original PDS design had contemplated getting 110 VAC from three possible sources, The 220 VAC shore power connection (tapping a leg for 110 VAC), a secondary shore power connection for 110 VAC, or from the generators. In the end, the redundancy that had been designed into the system was removed, allowing a single point failure to effectively shut down half of the vessel.

Given the age of the massive battery bank and the costs and time involved with disconnecting the inverter, repairing it and re-installing it, the decision was made to remove it. The PDS was restored to its original factory configuration restoring the designed in power redundancy. The boat will be better off with it gone, and about and 1/2 ton lighter.

There is something very satisfying about this technology. With a single push of a button, you hear air conditioning systems doing staged startups to control amperage draws. Lights come on in the main salon, and galley. Heads and the water system fire up. Entertainment systems and ice makers come alive. When you leave a touch of the button shuts down systems in an orderly way, just leaving on a couple of night lights or anything else you desire on. They can monitor power and automatically shed power loads to keep other more important systems functioning. But if you're contemplating installing one of these systems, just don't forget to ask, what if? in the design phase.

Keep in mind that good documentation is critical for long term support of a PDS system, so don't stint on this, and demand that the builder supply all of it, in detail including software. If you're traveling to locales that may not have technical support easily available, work with your builder to determine what system spares should be carried on the vessel. A vessel with power is a happy vessel, with a happy owner. The inverse, not so much.

The photo of the toilet was taken by Wikipedia user Wrightbus.
Sorry about the lyric twisting Julie, I won't do it again. 

1 comment:

  1. I feel very involved in the topic so I feel compelled to come in again
    While it is true that every added device increases the risk of failure, there are other 2 conditions simultaneously present:
    The first, psychological, is that what people consider essential is growing exponentially
    The second, technical, is that the reliability of electronics is becoming increasingly higher.

    Many believe that the use of a old generation diesel engine w/o computerized management offers maximum safety for a boat use, probably forgetting that consumption and pollution are not even comparable, in exchange for an overestimated risks: the 1st cause of engine failure is the impeller, the second is the starter, both not involved in black box!

    I think the one real problem is the rapid obsolescence of any electronic equipment, and the solution is a sufficient low level documentation and the initial choice of already tested device.

    I, for a boat with PDS (very complicated), wrote a user guide that took into account all the what-if and their possible solution. Then what happened was not contemplated, and who still read the manuals?

    The typical problem posed by many boat owners to add new equipment is the strength of PDS: no new wires, no switches nothing strange passages, holes and more. Only a short connection to the nearest module.
    This applies to boat builders while wiring, but also for the boat owners adding or replacing things.

    You need access to a user-friendly software, but some builders even making it available, provide a version of 'read only', which actually prevents the use.
    In fact 'playing' with this sort of software could also be dangerous! And you have to know what you are doing!

    My conclusion is that it is very difficult to establish a general rule, but this is basically similar to that applied to the choice of replace/add equipment like a radar (valid for boat owners and buiders):
    choose a competent installer, capable of providing on-line assistance, not hard to do today!
    ... and hope that the chosen system still exists at the time of trouble.



Note: Only a member of this blog may post a comment.