What is the difference between redundancy and fault tolerance?
up vote
5
down vote
favorite
What is the difference between redundancy and fault tolerance in the context of aviation ?
aircraft-design safety emergency aircraft-systems terminology
asked Nov 21 at 16:18
rainbowtableturner
1479
add a comment |
up vote
5
down vote
favorite
What is the difference between redundancy and fault tolerance in the context of aviation ?
aircraft-design safety emergency aircraft-systems terminology
asked Nov 21 at 16:18
rainbowtableturner
1479
add a comment |
up vote
5
down vote
favorite
up vote
5
down vote
favorite
What is the difference between redundancy and fault tolerance in the context of aviation ?
aircraft-design safety emergency aircraft-systems terminology
asked Nov 21 at 16:18
rainbowtableturner
1479
What is the difference between redundancy and fault tolerance in the context of aviation ?
aircraft-design safety emergency aircraft-systems terminology
aircraft-design safety emergency aircraft-systems terminology
asked Nov 21 at 16:18
rainbowtableturner
1479
asked Nov 21 at 16:18
rainbowtableturner
1479
asked Nov 21 at 16:18
rainbowtableturner
1479
asked Nov 21 at 16:18
rainbowtableturner
1479
asked Nov 21 at 16:18
rainbowtableturner
1479
1479
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
up vote
10
down vote
accepted
Redundancy is when there are multiple ways of doing the same thing; quite possibly by having multiple gadgets, or ways of interconnecting gadgets, that can perform the same function with the same or at least very similar fidelity even if a non-zero number of them fails. One likely effect of this is that there is no single point the failure of which will cause the failure of the entire system (no "single point of failure").
Fault tolerance is when the overall system can tolerate the failure of a component without going into a dangerous state, but it won't necessarily maintain the safe state by having full functionality or fidelity. The system may operate in a degraded state, but it won't immediately be in a dangerous state.
Redundancy can be a way of providing fault tolerance in the larger system, but redundancy on its own does not guarantee fault tolerance, particularly against all kinds of faults. It's only redundancy if each separate way of accomplishing a goal can function without the other ways of accomplishing the same goal. Fault tolerance is a result; redundancy is one way of achieving that result.
For example, there are two basic ways by which you can cause an airplane to assume a new heading; either by using the ailerons to bank, or by using the rudder to skid. Normally these are used together in a coordinated turn, but if you're really in a pinch, either one can be used to turn (but watch that stall speed). This is one crude example of fault tolerance, since either the ailerons or the rudder can fail and you are still able to make a turn (other effects of the failure, or other effects from the cause of the failure, notwithstanding). — Redundancy, on the other hand, would be more like if you had multiple independent sets of rudders and ailerons, each with its own, independent control system.
Commercial aircraft often have two or three of each flight-critical instrument; one for each (of two) pilot, and one backup instrument. For example, each pilot will have their own attitude indicator ("artificial horizon"), and they will have a shared instrument that can be used to, for example, determine which instrument is faulty if there is a disagreement between the two main instruments. This is an example of redundancy, because if designed right, any one of them can be used fully independently of the others to determine the aircraft's current attitude; the ability of the instrument to carry out the intended function at full fidelity does not depend on the others functioning properly, and there is hopefully no single failure which will cause two or three to fail in the same way, or at all.
An example where having redundancy doesn't necessarily provide fault tolerance can be having multiple hydraulic systems to control deflection of control surfaces. If all hydraulic systems are routed through a single location, and that location is damaged, there exists a possibility that you will lose all hydraulic systems at once due to that single failure. Therefore the hydraulic system is redundant but not necessarily fault tolerant.
answered Nov 21 at 16:43
a CVn
3,75721748
perfect! thank you
– rainbowtableturner
Nov 21 at 17:15
2
Or redundancy is when there is no single point of failure.
– mins
Nov 21 at 19:06
1
@mins I meant for that to be covered by what I wrote, but I have now spelled it out.
– a CVn
Nov 21 at 20:13
1
@aCVn: Airliners have a third way of controlling heading--differential engine thrust. That can sometimes provide adequate control to keep the airplane aloft even if all hydraulic control systems fail. The level of control offered by engine thrust alone may not be sufficient to safely land the plane, but may be sufficient to make the landing survivable for at least some of the occupants.
– supercat
Nov 21 at 20:41
I'm sure Capt. Haynes can give a pretty thorough dissertation on the benefits of redundancy and why it's still needed to cover a-billion-to-one odds. And I think Capt. Fitch can speak a bit about controlling an aircraft with just engines. en.wikipedia.org/wiki/United_Airlines_Flight_232 <<< That accident has so many good lessons. It should be required study for EVERY pilot.
– Shawn
Nov 22 at 0:37
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
10
down vote
accepted
Redundancy is when there are multiple ways of doing the same thing; quite possibly by having multiple gadgets, or ways of interconnecting gadgets, that can perform the same function with the same or at least very similar fidelity even if a non-zero number of them fails. One likely effect of this is that there is no single point the failure of which will cause the failure of the entire system (no "single point of failure").
Fault tolerance is when the overall system can tolerate the failure of a component without going into a dangerous state, but it won't necessarily maintain the safe state by having full functionality or fidelity. The system may operate in a degraded state, but it won't immediately be in a dangerous state.
Redundancy can be a way of providing fault tolerance in the larger system, but redundancy on its own does not guarantee fault tolerance, particularly against all kinds of faults. It's only redundancy if each separate way of accomplishing a goal can function without the other ways of accomplishing the same goal. Fault tolerance is a result; redundancy is one way of achieving that result.
For example, there are two basic ways by which you can cause an airplane to assume a new heading; either by using the ailerons to bank, or by using the rudder to skid. Normally these are used together in a coordinated turn, but if you're really in a pinch, either one can be used to turn (but watch that stall speed). This is one crude example of fault tolerance, since either the ailerons or the rudder can fail and you are still able to make a turn (other effects of the failure, or other effects from the cause of the failure, notwithstanding). — Redundancy, on the other hand, would be more like if you had multiple independent sets of rudders and ailerons, each with its own, independent control system.
Commercial aircraft often have two or three of each flight-critical instrument; one for each (of two) pilot, and one backup instrument. For example, each pilot will have their own attitude indicator ("artificial horizon"), and they will have a shared instrument that can be used to, for example, determine which instrument is faulty if there is a disagreement between the two main instruments. This is an example of redundancy, because if designed right, any one of them can be used fully independently of the others to determine the aircraft's current attitude; the ability of the instrument to carry out the intended function at full fidelity does not depend on the others functioning properly, and there is hopefully no single failure which will cause two or three to fail in the same way, or at all.
An example where having redundancy doesn't necessarily provide fault tolerance can be having multiple hydraulic systems to control deflection of control surfaces. If all hydraulic systems are routed through a single location, and that location is damaged, there exists a possibility that you will lose all hydraulic systems at once due to that single failure. Therefore the hydraulic system is redundant but not necessarily fault tolerant.
answered Nov 21 at 16:43
a CVn
3,75721748
perfect! thank you
– rainbowtableturner
Nov 21 at 17:15
2
Or redundancy is when there is no single point of failure.
– mins
Nov 21 at 19:06
1
@mins I meant for that to be covered by what I wrote, but I have now spelled it out.
– a CVn
Nov 21 at 20:13
1
@aCVn: Airliners have a third way of controlling heading--differential engine thrust. That can sometimes provide adequate control to keep the airplane aloft even if all hydraulic control systems fail. The level of control offered by engine thrust alone may not be sufficient to safely land the plane, but may be sufficient to make the landing survivable for at least some of the occupants.
– supercat
Nov 21 at 20:41
I'm sure Capt. Haynes can give a pretty thorough dissertation on the benefits of redundancy and why it's still needed to cover a-billion-to-one odds. And I think Capt. Fitch can speak a bit about controlling an aircraft with just engines. en.wikipedia.org/wiki/United_Airlines_Flight_232 <<< That accident has so many good lessons. It should be required study for EVERY pilot.
– Shawn
Nov 22 at 0:37
add a comment |
up vote
10
down vote
accepted
Redundancy is when there are multiple ways of doing the same thing; quite possibly by having multiple gadgets, or ways of interconnecting gadgets, that can perform the same function with the same or at least very similar fidelity even if a non-zero number of them fails. One likely effect of this is that there is no single point the failure of which will cause the failure of the entire system (no "single point of failure").
Fault tolerance is when the overall system can tolerate the failure of a component without going into a dangerous state, but it won't necessarily maintain the safe state by having full functionality or fidelity. The system may operate in a degraded state, but it won't immediately be in a dangerous state.
Redundancy can be a way of providing fault tolerance in the larger system, but redundancy on its own does not guarantee fault tolerance, particularly against all kinds of faults. It's only redundancy if each separate way of accomplishing a goal can function without the other ways of accomplishing the same goal. Fault tolerance is a result; redundancy is one way of achieving that result.
For example, there are two basic ways by which you can cause an airplane to assume a new heading; either by using the ailerons to bank, or by using the rudder to skid. Normally these are used together in a coordinated turn, but if you're really in a pinch, either one can be used to turn (but watch that stall speed). This is one crude example of fault tolerance, since either the ailerons or the rudder can fail and you are still able to make a turn (other effects of the failure, or other effects from the cause of the failure, notwithstanding). — Redundancy, on the other hand, would be more like if you had multiple independent sets of rudders and ailerons, each with its own, independent control system.
Commercial aircraft often have two or three of each flight-critical instrument; one for each (of two) pilot, and one backup instrument. For example, each pilot will have their own attitude indicator ("artificial horizon"), and they will have a shared instrument that can be used to, for example, determine which instrument is faulty if there is a disagreement between the two main instruments. This is an example of redundancy, because if designed right, any one of them can be used fully independently of the others to determine the aircraft's current attitude; the ability of the instrument to carry out the intended function at full fidelity does not depend on the others functioning properly, and there is hopefully no single failure which will cause two or three to fail in the same way, or at all.
An example where having redundancy doesn't necessarily provide fault tolerance can be having multiple hydraulic systems to control deflection of control surfaces. If all hydraulic systems are routed through a single location, and that location is damaged, there exists a possibility that you will lose all hydraulic systems at once due to that single failure. Therefore the hydraulic system is redundant but not necessarily fault tolerant.
answered Nov 21 at 16:43
a CVn
3,75721748
perfect! thank you
– rainbowtableturner
Nov 21 at 17:15
2
Or redundancy is when there is no single point of failure.
– mins
Nov 21 at 19:06
1
@mins I meant for that to be covered by what I wrote, but I have now spelled it out.
– a CVn
Nov 21 at 20:13
1
@aCVn: Airliners have a third way of controlling heading--differential engine thrust. That can sometimes provide adequate control to keep the airplane aloft even if all hydraulic control systems fail. The level of control offered by engine thrust alone may not be sufficient to safely land the plane, but may be sufficient to make the landing survivable for at least some of the occupants.
– supercat
Nov 21 at 20:41
I'm sure Capt. Haynes can give a pretty thorough dissertation on the benefits of redundancy and why it's still needed to cover a-billion-to-one odds. And I think Capt. Fitch can speak a bit about controlling an aircraft with just engines. en.wikipedia.org/wiki/United_Airlines_Flight_232 <<< That accident has so many good lessons. It should be required study for EVERY pilot.
– Shawn
Nov 22 at 0:37
add a comment |
up vote
10
down vote
accepted
up vote
10
down vote
accepted
Redundancy is when there are multiple ways of doing the same thing; quite possibly by having multiple gadgets, or ways of interconnecting gadgets, that can perform the same function with the same or at least very similar fidelity even if a non-zero number of them fails. One likely effect of this is that there is no single point the failure of which will cause the failure of the entire system (no "single point of failure").
Fault tolerance is when the overall system can tolerate the failure of a component without going into a dangerous state, but it won't necessarily maintain the safe state by having full functionality or fidelity. The system may operate in a degraded state, but it won't immediately be in a dangerous state.
Redundancy can be a way of providing fault tolerance in the larger system, but redundancy on its own does not guarantee fault tolerance, particularly against all kinds of faults. It's only redundancy if each separate way of accomplishing a goal can function without the other ways of accomplishing the same goal. Fault tolerance is a result; redundancy is one way of achieving that result.
For example, there are two basic ways by which you can cause an airplane to assume a new heading; either by using the ailerons to bank, or by using the rudder to skid. Normally these are used together in a coordinated turn, but if you're really in a pinch, either one can be used to turn (but watch that stall speed). This is one crude example of fault tolerance, since either the ailerons or the rudder can fail and you are still able to make a turn (other effects of the failure, or other effects from the cause of the failure, notwithstanding). — Redundancy, on the other hand, would be more like if you had multiple independent sets of rudders and ailerons, each with its own, independent control system.
Commercial aircraft often have two or three of each flight-critical instrument; one for each (of two) pilot, and one backup instrument. For example, each pilot will have their own attitude indicator ("artificial horizon"), and they will have a shared instrument that can be used to, for example, determine which instrument is faulty if there is a disagreement between the two main instruments. This is an example of redundancy, because if designed right, any one of them can be used fully independently of the others to determine the aircraft's current attitude; the ability of the instrument to carry out the intended function at full fidelity does not depend on the others functioning properly, and there is hopefully no single failure which will cause two or three to fail in the same way, or at all.
An example where having redundancy doesn't necessarily provide fault tolerance can be having multiple hydraulic systems to control deflection of control surfaces. If all hydraulic systems are routed through a single location, and that location is damaged, there exists a possibility that you will lose all hydraulic systems at once due to that single failure. Therefore the hydraulic system is redundant but not necessarily fault tolerant.
answered Nov 21 at 16:43
a CVn
3,75721748
Redundancy is when there are multiple ways of doing the same thing; quite possibly by having multiple gadgets, or ways of interconnecting gadgets, that can perform the same function with the same or at least very similar fidelity even if a non-zero number of them fails. One likely effect of this is that there is no single point the failure of which will cause the failure of the entire system (no "single point of failure").
Fault tolerance is when the overall system can tolerate the failure of a component without going into a dangerous state, but it won't necessarily maintain the safe state by having full functionality or fidelity. The system may operate in a degraded state, but it won't immediately be in a dangerous state.
Redundancy can be a way of providing fault tolerance in the larger system, but redundancy on its own does not guarantee fault tolerance, particularly against all kinds of faults. It's only redundancy if each separate way of accomplishing a goal can function without the other ways of accomplishing the same goal. Fault tolerance is a result; redundancy is one way of achieving that result.
For example, there are two basic ways by which you can cause an airplane to assume a new heading; either by using the ailerons to bank, or by using the rudder to skid. Normally these are used together in a coordinated turn, but if you're really in a pinch, either one can be used to turn (but watch that stall speed). This is one crude example of fault tolerance, since either the ailerons or the rudder can fail and you are still able to make a turn (other effects of the failure, or other effects from the cause of the failure, notwithstanding). — Redundancy, on the other hand, would be more like if you had multiple independent sets of rudders and ailerons, each with its own, independent control system.
Commercial aircraft often have two or three of each flight-critical instrument; one for each (of two) pilot, and one backup instrument. For example, each pilot will have their own attitude indicator ("artificial horizon"), and they will have a shared instrument that can be used to, for example, determine which instrument is faulty if there is a disagreement between the two main instruments. This is an example of redundancy, because if designed right, any one of them can be used fully independently of the others to determine the aircraft's current attitude; the ability of the instrument to carry out the intended function at full fidelity does not depend on the others functioning properly, and there is hopefully no single failure which will cause two or three to fail in the same way, or at all.
An example where having redundancy doesn't necessarily provide fault tolerance can be having multiple hydraulic systems to control deflection of control surfaces. If all hydraulic systems are routed through a single location, and that location is damaged, there exists a possibility that you will lose all hydraulic systems at once due to that single failure. Therefore the hydraulic system is redundant but not necessarily fault tolerant.
answered Nov 21 at 16:43
a CVn
3,75721748
edited Nov 21 at 20:12
answered Nov 21 at 16:43
a CVn
3,75721748
answered Nov 21 at 16:43
a CVn
3,75721748
answered Nov 21 at 16:43
a CVn
3,75721748
3,75721748
perfect! thank you
– rainbowtableturner
Nov 21 at 17:15
2
Or redundancy is when there is no single point of failure.
– mins
Nov 21 at 19:06
1
@mins I meant for that to be covered by what I wrote, but I have now spelled it out.
– a CVn
Nov 21 at 20:13
1
@aCVn: Airliners have a third way of controlling heading--differential engine thrust. That can sometimes provide adequate control to keep the airplane aloft even if all hydraulic control systems fail. The level of control offered by engine thrust alone may not be sufficient to safely land the plane, but may be sufficient to make the landing survivable for at least some of the occupants.
– supercat
Nov 21 at 20:41
I'm sure Capt. Haynes can give a pretty thorough dissertation on the benefits of redundancy and why it's still needed to cover a-billion-to-one odds. And I think Capt. Fitch can speak a bit about controlling an aircraft with just engines. en.wikipedia.org/wiki/United_Airlines_Flight_232 <<< That accident has so many good lessons. It should be required study for EVERY pilot.
– Shawn
Nov 22 at 0:37
add a comment |
perfect! thank you
– rainbowtableturner
Nov 21 at 17:15
2
Or redundancy is when there is no single point of failure.
– mins
Nov 21 at 19:06
1
@mins I meant for that to be covered by what I wrote, but I have now spelled it out.
– a CVn
Nov 21 at 20:13
1
@aCVn: Airliners have a third way of controlling heading--differential engine thrust. That can sometimes provide adequate control to keep the airplane aloft even if all hydraulic control systems fail. The level of control offered by engine thrust alone may not be sufficient to safely land the plane, but may be sufficient to make the landing survivable for at least some of the occupants.
– supercat
Nov 21 at 20:41
I'm sure Capt. Haynes can give a pretty thorough dissertation on the benefits of redundancy and why it's still needed to cover a-billion-to-one odds. And I think Capt. Fitch can speak a bit about controlling an aircraft with just engines. en.wikipedia.org/wiki/United_Airlines_Flight_232 <<< That accident has so many good lessons. It should be required study for EVERY pilot.
– Shawn
Nov 22 at 0:37
perfect! thank you
– rainbowtableturner
Nov 21 at 17:15
perfect! thank you
– rainbowtableturner
Nov 21 at 17:15
2
2
Or redundancy is when there is no single point of failure.
– mins
Nov 21 at 19:06
Or redundancy is when there is no single point of failure.
– mins
Nov 21 at 19:06
1
1
@mins I meant for that to be covered by what I wrote, but I have now spelled it out.
– a CVn
Nov 21 at 20:13
@mins I meant for that to be covered by what I wrote, but I have now spelled it out.
– a CVn
Nov 21 at 20:13
1
1
@aCVn: Airliners have a third way of controlling heading--differential engine thrust. That can sometimes provide adequate control to keep the airplane aloft even if all hydraulic control systems fail. The level of control offered by engine thrust alone may not be sufficient to safely land the plane, but may be sufficient to make the landing survivable for at least some of the occupants.
– supercat
Nov 21 at 20:41
@aCVn: Airliners have a third way of controlling heading--differential engine thrust. That can sometimes provide adequate control to keep the airplane aloft even if all hydraulic control systems fail. The level of control offered by engine thrust alone may not be sufficient to safely land the plane, but may be sufficient to make the landing survivable for at least some of the occupants.
– supercat
Nov 21 at 20:41
I'm sure Capt. Haynes can give a pretty thorough dissertation on the benefits of redundancy and why it's still needed to cover a-billion-to-one odds. And I think Capt. Fitch can speak a bit about controlling an aircraft with just engines. en.wikipedia.org/wiki/United_Airlines_Flight_232 <<< That accident has so many good lessons. It should be required study for EVERY pilot.
– Shawn
Nov 22 at 0:37
I'm sure Capt. Haynes can give a pretty thorough dissertation on the benefits of redundancy and why it's still needed to cover a-billion-to-one odds. And I think Capt. Fitch can speak a bit about controlling an aircraft with just engines. en.wikipedia.org/wiki/United_Airlines_Flight_232 <<< That accident has so many good lessons. It should be required study for EVERY pilot.
– Shawn
Nov 22 at 0:37
add a comment |
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faviation.stackexchange.com%2fquestions%2f57332%2fwhat-is-the-difference-between-redundancy-and-fault-tolerance%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
