Redundant computer systems for critical control systems requiring a high degree of safety are known. Conventionally, two fully parallel controls are used. Each parallel control has a computer system with a power supply and signal paths. "Two out of three" systems are also known. These systems are parallel partial embodiments of systems having components which individually are more unreliable or high-grade parallel controls for installations to be controlled. The level of safety measures taken is generally dictated by the risk level and damage in case of uncontrolled failure of the system and by the applicable legal requirements.
Such computer systems control, for example, the burner of gas firing installations, aerial navigation systems, and similar systems. Control of an installation is effected through two parallel channels, so-called "two-channel systems", i.e., with two power pack units, two distribution voltage controls, two computers and two parallel signal paths. The failure of one of the systems can be recognized because the parallel computers constantly compare process data and computations with each other. If the data diverge, one of the systems has malfunctions or has failed, the controls put the operation of the control device in a safe static state. Thus, if a malfunction occurs, the computers detect it automatically and switch off the process. Some other technical safety action can also be exerted upon the control system. The control system can also be a regulating unit in the narrower sense.
This known solution is comparatively expensive since the entire control system must be duplicated and particularly expensive components such as power pack units, must be available twofold.