The subject of the invention is a device for managing configuration and for managing maintenance apparatus.
Such configuration management and maintenance apparatus is identified by a configuration which is a reference describing the type to which the apparatus belongs, the serial number of the apparatus as well as a version of a piece of software contained by the apparatus. The configuration of an apparatus is able to evolve over time such as for example, subsequent to an upgrade to a piece of software of the apparatus. The creation of a configuration for an apparatus and the updating of the configuration so as to follow the upgrade of the apparatus is called “configuration management”.
Moreover, maintenance teams are responsible for keeping systems operational based on messages originating from test devices built into the apparatus or on observations from system users so as to construct failure diagnostics, identify and/or locate failures and, if required, replace an apparatus that has failed in part or entirely. The gathering of the messages and observations serving to track down apparatus failures is called maintenance management.
The invention also relates to a method of managing apparatus configuration and a method of managing apparatus maintenance.
The architecture of complex systems is generally based on transfers of information cues between electronic apparatus linked together by a communication network. The location of the apparatus in the system sometimes meets severe dimensional specifications, the apparatus may be from about ten centimeters to several hundred meters away and be difficult to access. Such is the case for aeronautical systems mounted aboard aircraft (for example an avionics suite for broadcasting multimedia contents, known as “In-flight Entertainment” or by the acronym IFE) as well as industrial installations. The electronic apparatus integrated into a system generally possess a configuration which perfectly identifies the main components, software and hardware that they comprise to the constructor of the apparatus and to the system. The configuration takes the form of one or more identifiers which may be fixed on the apparatus, such as for example inscriptions on a tag stuck on the external surface of a wall of a housing protecting the apparatus. The configuration of an apparatus allows a maintenance team to replace a failed apparatus with a new apparatus comprising the same configuration or a configuration for which the constructor of the apparatus can guarantee that operation of the apparatus bearing it is compatible with the failed apparatus. The configuration also makes it possible to alert an apparatus constructor about a chronic failure of one of its items of apparatus. When the constructor is informed of all the failures encountered by his apparatus in operation, he may find that a frequency of a failure exceeds a certain threshold. Thus, he highlights a weakness of his apparatus and proposes a corrective measure common to all the apparatus of the same configuration and which are presumed to suffer from the same weakness.
An applicable configuration of a system is a list consisting of configurations of the various apparatus integrated into the system. The configuration of the apparatus can evolve over time, and one then speaks of system configuration management which is based on apparatus configuration management.
For systems designed before the 1970s, apparatus configuration management could generally be described as “static”, that is to say the applicable configuration of a system reduced to a system configuration register, for example a document in paper form, which contained all the configurations of the apparatus integrated into the system. Any evolutionary upgrade of a configuration of one of the apparatus integrated into the system was logged manually in the configuration register.
The static character of this type of configuration management exhibits the drawback of making it very irksome to ultimate verify compatibility between the configuration of the apparatus integrated into a system and the applicable configuration of the system. It can be verified for example when turning on the system, and serves in this case to cover the risk constituted by erroneous replacement of a failed apparatus with an apparatus whose configuration is not in accordance with that logged in the configurations register. The erroneous replacement takes place between two power-ups of the system and must be detected as early as possible.
More recent design systems generally integrate configuration management and maintenance management that are termed “intelligent”; one also speaks of “intelligent systems”.
“Intelligent” configuration management consists in storing the configuration of an apparatus in a memory internal to the apparatus. The configuration of the apparatus is transmitted while the system is powered up, before anything else, to a main computer of the system, by means of a communication network linking, for example in a star layout, the main computer and the apparatus of the system. The main computer verifies that the configurations that the items of apparatus transmit to it are compatible with the applicable configuration of the system which is previously stored in one of its internal memories.
In general, the apparatus of the “intelligent systems” comprise, furthermore, a built-in test device (known by the acronym BITE standing for built-in test apparatus). The built-in test device delivers messages containing information cues about the operation of the apparatus into which it is integrated through the communication network, destined for the main computer. “Intelligent” maintenance management consists in centralizing, in the main computer, reports about operating anomalies of the apparatus integrated into the system and in producing, on each shutdown of the system, a report which summarizes these anomalies and which may be usefully consulted by a maintenance team.
Nevertheless, “intelligent” configuration management and the management of “intelligent” apparatus maintenance each suffer from a drawback.
The configuration of the apparatus is stored in a memory internal to the apparatus, it can be known outside the apparatus only when the apparatus is powered and is linked to a communication network. Hence, when an apparatus has been removed from the system by a maintenance team, either because it has been identified as having failed, or when the apparatus is integrated into a system which is not powered, a maintenance team must necessarily resort to a test bench to access the apparatus configuration cue. A test bench is an installation which is devised so as to power and access the content of the memories internal to the apparatus. This installation is expensive and/or bulky and it is not always possible to transport the apparatus rapidly to a test bench. The delay taken to identify the configuration of an apparatus may impinge directly on the duration of unavailability of the apparatus, and can engender a duration of unavailability of a system which may turn out to be very expensive.
Concerning “intelligent” maintenance management, in the prior art, information cues are generally transmitted in the up-going direction, that is to say the messages are delivered by the built-in test devices integrated into the apparatus and are received by the main computer of the system. Certain information cues are conveyed in the down-going direction, that is to say: delivered by the main computer destined for the apparatus of the system. It should be noted that these information cues are accessible only if the apparatus are powered. Nevertheless, it may be very instructive, for a maintenance team which has extracted an apparatus from a system, to rapidly ascertain the applicable configuration of the system in which the apparatus was inserted and also the nature of the apparatus operating anomalies which were signalled to the main computer by the built-in test devices.
A first solution known for alleviating the drawbacks exhibited by “intelligent systems” is a configuration management and a maintenance management that are based on employing radio tags (or “RFID Tags” or else “Radio-Frequency Identification Tags”).
A so-called passive radio tag is a component which has the capacity to store information cues and to communicate them, on request, by means of a contactless link, in general in the radio frequency stretch. When such a radio tag, in which a configuration cue pertaining to an apparatus has been stored, is stuck to the apparatus, it enables a maintenance team equipped with a radio tag reader/marker to access the configuration cue for the apparatus, even when the apparatus is not powered, and without resorting to a test bench. The radio tag is powered via an electromagnetic field which is generally provided by the radio tag reader/marker. Nevertheless, a radio tag stuck to an apparatus does not make it possible to transmit the configuration of the apparatus rapidly to the main computer in order for it to carry out the ultimate verification of compatibility between the configuration of the apparatus and the applicable configuration of the system. Indeed, the frequency stretch of the contactless link making it possible to communicate the radio tag is not suited to a communication over a long range, typically more than a few meters, for two essential reasons: the power supply decreases very rapidly with distance and the environment may attenuate or jam the radio link, especially if it comprises surfaces made of electrically conducting materials.
For the same reason, because a computer cannot deliver data, via the contactless link, to a radio tag that is a distance of greater than a meter away from it, maintenance management based solely on employing a radio tag does not constitute a solution to the problem of communication followed by storage of the messages delivered by the test devices integrated into radio tags, that is to say in a down-going direction.
FIG. 1 represents an “intelligent system” 1 according to the prior art, which comprises a main computer RC and a plurality of items of electronic apparatus EQi, each comprising at least one built-in test device BITEi, i denotes an index identifying the apparatus.
Each apparatus EQi is linked directly to the main computer RC by a communication network of the system. The communication network is in general wired, that is to say that the computer and the apparatus each comprise an electrical connector and that at least one electrical conducting cable links the connector of the main computer to the connector of the apparatus. The built-in test devices BITEi and the connectors are not represented in the figure.
On the communication network, the main computer RC exchanges data and commands with the electronic apparatus EQi. While power is supplied to the system, an apparatus configuration stored on a memory internal to the apparatus can furthermore be communicated to the main computer RC so that it verifies that the apparatus EQi present do all indeed possess a configuration compatible with its own.
Messages of test results delivered by the built-in test devices BITEi are also transmitted on the communication network, in the up-going direction, that is to say the messages are delivered by the electronic apparatus EQi and are intended for the main computer.
When a test result message contains a failure cue pertaining to an apparatus, for example a failure of the apparatus EQ1, the system can, as a function of the type of failure, decide to use or to ignore the data and the commands delivered by the apparatus EQ1, but in all cases it writes into a nonvolatile memory MVN of the main computer RC a reference of the apparatus that emitted the test result message, a content of the test result message and the date of receipt of the message by the main computer RC.
Later, in the course of a maintenance operation, the nonvolatile memory MVN is read by a maintenance team. The reading of the information cues stored in the nonvolatile memory MVN can serve for an analysis regarding the location in the system of the failed apparatus EQ1 and regarding the nature of the failure. The reading of the content of the nonvolatile memory MVN can be carried out, for example, by means of a connector termed a “maintenance connector” disposed on the main computer RC, and provided for this purpose, on condition that the system is powered. The analysis leads to a diagnostic about the necessity to replace the failed apparatus EQ1.
The nonvolatile memory MVN of the main computer RC and the maintenance connector are not represented.
When the maintenance team has located the failed apparatus EQ1 and has extracted it from the system for replacement thereof, it must determine the configuration of the failed apparatus before replacing it. Accordingly, it can either read configuration information cues appearing in a system configuration register which remains in proximity to the system, or read configuration information cues appearing on a tag fixed to the apparatus, on condition that these information cues are up to date and reflect the actual configuration of the apparatus at the time of the failure.
Indeed, the apparatus are sometimes difficult to access in the systems and it is possible that all the software updates of an apparatus, usually carried out by a download across the communication network that has not given rise to a modification of the identifier of the configuration of the apparatus, for example, when it appears on a tag fixed to the apparatus.