This invention relates to integrated control and monitoring systems for aircraft guidance and safety equipment at airports, and more particularly to an integrated system in which no single component or communications failure can adversely affect the functionality of the system.
Airports contain a wide variety of equipment which air traffic control personnel use to aid in the process of launching and recovering aircraft in a safe and efficient manner. Each user interface to this equipment is unique, because there is no common manufacturer and because each equipment performs a different function. It may be as simple as a panel of push buttons with incandescent lamps or as complex as a rack of switches and LEDs. In addition, the interfaces are typically located in different places such as the tower cab, scattered equipment cabinets, or field locations. Such equipment and interfaces may include runway lights, instrument landing systems (ILS), emergency generators, and other systems that ensure safe management of the aircraft.
It has previously been proposed, in a first-generation system, to connect all of these various interfaces to a common high-speed network of workstations known as an Integrated Control and Monitor System (ICMS) manufactured by the assignee of this application. The advantage of ICMS is that it allows all the interfaces to be displayed to a controller at a common location a in a graphical user interface (GUI) format that has a common xe2x80x9clook and feelxe2x80x9d. It also allows the controller to selectively control and monitor all the equipment from one or more locations. The ICMS further allows the provision of computer controlled interlocks to prevent human error. For example, each physical runway at an airport represents two virtual runways, one handling traffic in one direction, the other handling traffic in the opposite direction. Each of these virtual runways has its own set of equipment. It is therefore imperative that when the traffic direction on a physical runway is changed, ICMS refuses to turn on the equipment for the new virtual runway until the equipment (for example the localizer and the glide slope transmitters) of the previous virtual runway has shut down.
The first-generation ICMS was well accepted, but it had the drawback that certain component failures within ICMS could adversely affect the monitoring and control of not just one piece of equipment, but all of them simultaneously. It therefore became desirable to provide a second generation ICMS with no single point of failure, that is, a system such that no one component of the ICMS could fail and result in a complete ICMS failure.
The present invention provides such a no-single-point-of-failure (NSPF) configuration of an ICMS by adding an identical redundant component to any component that represents a single point of interface to the remote equipment. ICMS is comprised of a group of computers linked together over a high speed Ethernet local area network (LAN) utilizing the Transport Control Protocol over Internet Protocol (TCP/IP) architecture. These computers are of two different types.
One type of computer is a commercially off the shelf (COTS) IBM compatible computer which is classified as an ICMS Remote Workstation. The ICMS Remote Workstation provides a user interface to ICMS monitored equipment for the air traffic controller. There can be as many ICMS Remote Workstations as needed based on the number of user interfaces required. An ICMS Remote Workstation may be classified as either a Remote Master Workstation or Remote Slave Workstation. There may be only one Remote Master Workstation at any given time. The non Remote Master Workstations are classified as Remote Slave Workstations.
The other type of computer is also COTS industrial grade computer and is classified as an ICMS concentrator. Redundant pairs of concentrators share a common interface to the remote equipment. Each concentrator is connected to the Remote Workstations on its own LAN. The redundant pair of concentrators are connected to each other through a digital interface which is used to provide status signals to each other. One concentrator is active or primary at any given time. This means that it is providing the interface between the Remote Master Workstation and the remote equipment. The standby or secondary concentrator monitors the status of the remote equipment and the control status of the primary concentrator. If the primary concentrator experiences a communication failure with the Remote Master Workstation, it will relinquish its primary concentrator status to the secondary concentrator and allow operational status and control between the Remote Master Workstation and the remote equipment to continue without interruption. Once the failed concentrator reestablishes communications with the Remote Master Workstation, it becomes the inactive or secondary concentrator. This provides the concentrator with the ability to interface with the equipment in the case of the active primary concentrator, or in the case of the active secondary concentrator, the ability to monitor the status of the active primary concentrator interface and thus prevent the concentrator from representing a single point of failure for ICMS.
ICMS also provides another important feature of status and control archiving. Each of the concentrators maintains an archive file where it records all status changes received from, and controls sent to, the remote equipment. Each archive entry is time and date stamped which allows recreation of valuable remote equipment status changes and controller interaction with the remote equipment in the case of an accident.