1. Field of the Invention
The invention relates generally to power supplies, and more particularly provides a power supply redundancy circuit for managing a failed power supply in a computer system.
2. Description of the Background Art
Originally, a single power supply powered an entire system such as a computer, and a failure in the power supply inevitably compromised the entire system. To address this problem, engineers have designed systems to reduce the losses caused by a power failure. For example, a first system provides multiple power supplies to the various components of a system, so that upon failure of one power supply only the corresponding component is compromised. A second example system provides full backup power to the system upon failure of the primary power supply.
FIG. 1 is a block diagram illustrating an example prior art fault-intolerant power supply system 100, which includes a first power supply A (110) powering a first disk drive A (130) and a second power supply B (140) powering a second disk drive B (160). The system 100 further includes a first motherboard A (120) being powered by the first power supply A (110), and a second motherboard B (150) being powered by the second power supply B (140). As illustrated by the dotted lines, data may be sent between the first motherboard A (120) and the first disk drive A (130), between the second motherboard B (150) and the second disk drive B (160), and between the first motherboard A (120) and the second motherboard B (150). Disadvantageously, if one of the power supplies A (110) or B (140) fails, then the corresponding disk drive A (130) and motherboard A (120) or disk drive B (160) and motherboard B (150) also fail. Thus, prior art system 100 is power supply fault intolerant. Failure in the power supply will interrupt service, reduce system efficiency, and waste time and money.
FIG. 2 is a block diagram illustrating a second example prior art fault-intolerant power supply system 200. System 200 includes a first power supply A (205) coupled via a first power bus 207 to a first disk drive A (210), and a second power supply B (215) coupled via a second power bus 217 to a second disk drive B (220). A first diode 225 couples the first power bus 207 to the second power bus 217, and a second diode 230 couples the second power bus 217 to the first power bus 207. The first power supply A (205) includes a first xe2x80x9cor-ingxe2x80x9d diode 235 and the second power supply B (215) includes a second xe2x80x9cor-ingxe2x80x9d diode (240). The xe2x80x9cor-ingxe2x80x9d diodes 235 and 240 prevent current from flowing back into the power supplies A. (205) and B (215) if either power supply A (205) or B (215) shorts.
Upon a failure in power supply A (205), the second power supply B (215) is expected to power the disk drive A (210) via the second diode 230. Similarly, upon a failure in power supply B (215), the first power supply A (205) is expected to power the disk drive B (220) via the first diode 225. However, because the power supplies A (205) and B (215) are not isolated, a failure in one power supply can cause a failure in the entire system 200.
FIG. 3 is a block diagram illustrating a third example prior art fault-intolerant power supply system 300. Prior art system 300 includes a first power supply A (305), a second power supply B (315), a first disk drive A (310) and a second disk drive B (320), each coupled together by a common bus 325. Similar to the system 200 illustrated in FIG. 2, the system 300 does not. have isolated power supplies A (305) and B (315), and does not have isolated disk drives A (310) and B (320), and thus a failure in any of the components can cause a failure in the entire system 300. Further, because of the method of interconnection, the system 300 provides poor current sharing. That is, if the power supplies A (305) and B (315) provide different voltages, one power supply A (305) or B (315) may provide all the current for driving both disk drives A (310) and B (320). Thus, because the power supplies A (305) and B (315) do not have dedicated loads, the mean time before failure is disadvantageously reduced.
The present invention provides a power supply redundancy circuit that switches loads between power supplies upon a power supply failure. The circuit isolates a failed power supply or a failed load, e.g., a failed disk drive, to avoid further component failure. The circuit includes a first power supply coupled to a power supply sensor, which is in turn coupled to a first switch and to a third switch. A second power supply is coupled to a second power supply sensor, which is in turn coupled to a second switch and a fourth switch. A first disk drive sensor couples the first and second switches to a first disk drive. A second disk drive sensor couples the third and fourth switches to a second disk drive. One skilled in the art will recognize that other load devices may alternatively or additionally be used.
In operation, the first power supply sensor examines the first power supply to recognize when a failure occurs. While the first power supply is functioning, the first power supply sensor drives the first switch to remain closed and drives the second switch to remain open. Accordingly, the first power supply powers the first disk drive. Upon recognition of a failure, the first power supply sensor drives the first switch to open and the second switch to close. The second power supply then powers the first disk drive and the second disk drive. Similarly, the second power supply sensor examines the second power supply to recognize when a failure occurs. While the second power supply is functioning, the second power supply sensor drives the fourth switch to remain closed and drives the third switch to remain open. Accordingly, the second power supply powers the first disk drive and the second disk drive. Upon recognition of a failure, the second power supply sensor drives the fourth switch to open and the third switch to close. Thus, the first power supply powers the second disk drive.
The first disk drive sensor examines the first disk drive to recognize if a failure occurs. Upon recognition of a failure, the first disk drive sensor drives the first and second switches to remain open, thereby isolating the first disk drive from the first power supply and the second power supply. Thus, no short circuit occurs to the first or second power supply, which otherwise could cause total system failure. Similarly, the second disk drive sensor examines the second disk drive to recognize if the second disk drive fails. Upon recognition of a failure, the second disk drive sensor drives the third and fourth switches to remain open, thereby isolating the second disk drive from the first and second power supplies. Thus, no short circuit can occur to the first or second power supply, which also could cause total system failure.
In an alternative embodiment, the system includes a first switch for coupling a first power supply to a first load when said first power supply is functioning, a second switch for coupling a second power supply to a second load when said second switch is functioning, and a third switch for coupling the second power supply to the first load when the first power supply fails. The system may further include a fourth switch for coupling the first power supply to the second load when the second power supply fails. The system uses a glitch protector, e.g., a capacitor, for maintaining power to the first load during the transition of the power supplies. The first switch isolates the first power supply from the first load when the first power supply fails. The second switch isolates the second power supply from the second load when the second power supply fails. The system includes a comparator that compares the voltage generated by the power supply against a reference voltage to determine whether the power supply has failed. The comparator controls the corresponding switches.
The present invention further provides a method for providing power supply redundancy. The method includes the steps of coupling a first power supply to a first load when said first power supply is functioning, coupling a second power supply to a second load when said second switch is functioning, and coupling the second power supply to the first load when the first power supply fails. The method may further include the step of coupling the first power supply to the second load when the second power supply fails.
The system and method advantageously may provide automatic toggling from a failed power supply to an operational power supply, isolation of a failed load upon power supply failure, and automatic recovery of the system upon replacement of the failed power supply. Although the system and method shown manages two components, one skilled in the art will recognize that the system may be applied to additional components. Because the loads are separated, neither power supply is overloaded during normal operation.