This hardware is successfully used on railways in Europe and Asia. The system equipment complies with the safety requirements of level SIL 4 according to European standard EN 50129.
The high-level availability is provided by use of three identical processor units, which function in the mode 2-from-3.
To ensure the safety the further data processing can be performed only in the case, when minimum two computing channels output identical results. The solution of this type allows to fix a failure of any of the three processor units and switch off the faulty processor unit. At the same time the system continues operating in the mode 2-from-2. Information about the fault is recorded in the database. The faulty unit can be replaced; the new unit can be putted into operation without to stop the system. The faults of the system operation are prevented on the software and hardware levels. Such algorithms and methods are used, which allow to detect equipment failures and to switch over the system to the safe mode.
The system also includes main and backup workstations of an assistant station master, a service & diagnostic workstation. These workstations are interfaced with the control computer ECC via the ProfiBus.