PilotjohnS
Well Known Member
Golden Rule
I have golden rule on design: Never add software stuff, when analog will work. JMHO
I have golden rule on design: Never add software stuff, when analog will work. JMHO
One option I'm considering is mounting a block of CBs much like Walt's arrangement in post #42, but on a hinged door so that it swings out from the panel.
Another option is just a variation of the idea you've mentioned above. Mount the CB's on a sub-panel which screws to the face of the main frame of the instrument panel. Wire the CB's such that you have a large enough service loop to allow the sub-panel to be unfastened from the main panel and laid out face-down on your knees so you can work on it. This will cost you an extra foot or more of wire for each circuit but SO worth it when it comes time to work on the power circuits. The same advice would apply to a fuse block installation.
I have a question about a concept, and am wrestling with this issue at this time as well. Is there merit to a train of thought to have traditional circuit breakers, for the absolutely mission critical items, (essentially whatever needed to keep the big fan up front turning), and say power to a Garmin G5, and then route everything else through the ECBS solution?
Is that a way to have one’s cake and eat it too? (Less real estate for CB’s on the panel, but the few there, are critical ones, not prone to risk of the mystery box failure, but then you get all the benefits of the ECBS for the vast majority of everything else.)
Thanks,
Lance
I have a question about a concept, and am wrestling with this issue at this time as well. Is there merit to a train of thought to have traditional circuit breakers, for the absolutely mission critical items, (essentially whatever needed to keep the big fan up front turning), and say power to a Garmin G5, and then route everything else through the ECBS solution?
Is that a way to have one’s cake and eat it too? (Less real estate for CB’s on the panel, but the few there, are critical ones, not prone to risk of the mystery box failure, but then you get all the benefits of the ECBS for the vast majority of everything else.)
Thanks,
Lance
Yes, that is what I did with mine. I have the engine critical items on an essential bus and everything else on the VPX...and yes, you will run out of circuits on the VPX in a full IFR RV-10 if you try and put everything on the VPX...
I have golden rule on design: Never add software stuff, when analog will work. JMHO
I find it hard to believe this is an optimized solution that balances electrical system availability, redundancy, reliability, weight, cost, maintainability, system reconfigurability and functionality for a single engine IFR airplan ... I understand the desire to have the latest all singing and dancing whiz bang piece of kit that is easy to install and wire up that replaces something as mundane as a bunch of thermal circuit breakers ...
KT
Sorry I meant @roketman1988...
I thought @keitht ...
In addition to convenience there's value in standardization and componentization (is that a word?). Any shop can look at a VP-X based system and tell at a glance whether it's put together correctly. If something's wrong, then it's the unit at either end or the wiring harness. No one needs to trace spaghetti.
we read the same but took away different things.
I thought @keitht meant he acknowledges the potential pitfalls, which is why he's protecting his essential circuits with traditional breaker/fuse. For the the non-essential stuff he's opting for the convenience that "whiz bang" has to offer.
Others have pointed out that every wire has 2 ends, etc... as if that means systems like VP-X offer no real convenience. I disagree.
In addition to convenience there's value in standardization and componentization (is that a word?). Any shop can look at a VP-X based system and tell at a glance whether it's put together correctly. If something's wrong, then it's the unit at either end or the wiring harness. No one needs to trace spaghetti.
An obscure example: Saville Row standardized how men's suits are put together. I can have a suit cut in Istanbul, sewn in Hong Kong and fitted in SF. But every thread has 2 ends one might say... then you're missing the point.
-c
Others have pointed out that every wire has 2 ends, etc... as if that means systems like VP-X offer no real convenience. I disagree.
In addition to convenience......
-c
I find it hard to believe this is an optimized solution that balances electrical system availability, redundancy, reliability, weight, cost, maintainability, system reconfigurability and functionality for a single engine IFR airplane. The probability of a common mode event that results in concurrent loss of power to multiple system functions has to be significantly higher than a comparable electrical system based on individual circuit breakers or fuses. If you have an essential buss with fuses of circuit breakers then you clearly understand the common mode problem and potential single point failure that would worry me with a VPX system. I understand the desire to have the latest all singing and dancing whiz bang piece of kit that is easy to install and wire up that replaces something as mundane as a bunch of thermal circuit breakers. When I see data that quantifies in real number what level of protection against loss of more than one circuit function due to internal failures ( predicted or measured) is available from any of the current ECB offerings (VPX etc.) and the MTBF of the system overall and that it is in the same ballpark as a simple circuit breaker system then I might be more inclined to trade some panel real estate for much higher cost, weight and added functionality ( which I may not be able or want to use). Until that time I will probably continue to put the VPX into the category of an expensive solution looking for a problem that doesnt exist but does potentially create problems of its own making.
KT
...and THAT is your OPINION, to which you are entitled. It is your build, I respect your design choices.
............
It seems as if this board is descending into "My way or the highway"...and it is a shame...
But I think that the conversation, here, has been fairly congenial and instructive.
Humans are very susceptible to "negativity bias" (https://en.wikipedia.org/wiki/Negativity_bias) and that might be what we are seeing here. As you wrote, more people report issues than report correct operation:... Cooled by pointing out that like most anything we deal with in society, there are always more complaints than atta-boys as there are lots of happy customers who are likely to never feel the need to report in.
...and THAT is your OPINION, to which you are entitled. It is your build, I respect your design choices.
I am entitled to mine, as well...unfortunately, there are many, many people on this board that feel that their OPINION of how things should be done is the only way that works, is safe, is reliable, is _________...and they tend not to respect others design choices...
It comes down to risk and risk mitigation. Everyone has their own level of acceptable risk; some are ok with one in a million odds and others are searching for that ever elusive "perfect" system (hint: it doesn't exist).
It seems as if this board is descending into "My way or the highway"...and it is a shame...
"...I find it hard to believe this is an optimized solution that balances electrical system availability, redundancy, reliability, weight, cost, maintainability, system reconfigurability and functionality for a single engine IFR airplane..."
I think that statement says it all. You are firmly in the camp of "It isn't my way" and there would be nothing that I, or anyone else could say to sway your opinion...(not shouting)...nor would I try.
You, however, do not see me questioning your design decisions, though...
That's not what I meant. I don't expect to debug a blackbox. I expect it to be simple to verify the connections between the EFIS and the ECB (i.e., integrity of the harness) and isolate the problem to the EFIS or the ECB then rely on the manufacturers to provide the fix thereafter.I can't believe you would think any shop could look at a sealed red box with wires coming out of it that requires a computer with serial port to program and tell at a glance if something is wrong.
On the contrary, the few times I looked at wiring behind instrument panels I'm usually presented with a complete mess of wires and cables. But I agree that bus bars and breakers themselves are super staightforward.I think you may have meant to say traditional bus bar, breakers and wires are super easy for any shop to look at and tell if there is something amiss at a glance.
Agreed. I like the philosophy of ECB over the simplicity of busbars and breakers. That's a personal preference. I do not in any way mean to indicate that I endorse the VP-X product, though I would like to see these types of products continue to mature.I think that there is another factor when it comes to threads like these where we have the equivalent of the one-hump camel guys arguing with the two-hump camel guys as to which is "best". In the end they both get you to the oasis and watering hole.
It is admittedly an obscure reference.Not sure what international suit manufacturing has to do with aeronautical systems engineering or the price of butter
Not sure what 40,000 ft has to do with this discussion. Are you suggesting those of us who routinely fly below 12,000 are more accepting of avionics failures?...but maybe those of us that spent the evening at 40,000 ft have it figured out.
Again, I am not tied to the VP-X product. I like the concept and would like to see it continue to grow.Clearly a VPX electrical system solution is front and center in your thinking.
Without being specific to VPX (which I admitted have no direct experience with) I just like the concept of connecting controllers (e.g., knobs and switches) and devices (e.g., lights and EFIS) to a blackbox and then assigning the functions via software. The wiring is therefore simplified. For me, personally, doing the complex part (I.e., assigning the function) via software feels more convenient. If, say, the switch assigned to nav lights goes bad, I can "borrow" the beacon switch to control the nav lights and default beacon with the master switch. This can be done without touching any wiring.Would you list the conveniences that an ECBS system like VPX provides?
Actually all he said was that he found it hard to believe. Not impossible to believe...hard to believe. He did not say his mind could never be changed.
He didn't question anyone's design decision with that statement.
He stated his opinion.
Bob,
So lets cut to the chase……… I am not bashing the VPX, PPS or any other Ashtronics product just wondering why you would implement an essential bus with circuit breakers and fuses. The VPX pro system has two processors and separation of output switches, power supplies and other functions assigned to each processor
It is essentially two sport VPX systems in one box - if I read the literature correctly, and it has 30 switched outputs - should be more than enough for any single engine IFR aircraft. There is still the possibility of common mode generic design problems (software, firmware, hardware) resulting in loss of all functions but with well written requirements, thorough comprehensive testing those risks can be minimized. So why, if you are so confident of the basic integrity and system availability of the VPX, would you put circuit breakers in the essential bus powered distribution pathways.
I can think of a number of reasons why you did that but rather than make a wild guess I would prefer to get your version.
KT
Even if this is the only failure of all the units that have shipped and they had shipped, say10,000 units then that represent a failure rate of 10E-4 per hr which is far from acceptable for the consequences of this type of failure by at least 3 orders of magnitude. I would be surprised if this is the only shipped unit to have experience a failure with these consequences so the failure rate for total system loss of power control is likely worse - maybe an order of magnitude worse. If the electrical system failure rate in an all or mostly all electric airplane is significantly worse than the power plant then something is seriously out of balanceSam,
I don't know about expectations. All I know is that our single-event VPX failure was a total "device" or "system" failure (pick your term). All or nothing, symantics aside. Phone charging cord unplugged, everything normal. Phone charge cord plugged in, the VPX and associated circuit wiring disappear. Virtually removed from the aircraft. No lights, flight deck, avionics, wigwag, trim or anything else utilizing the VPX ECBS. We still use the same original ECBS unit today. Shorted charge cord was cut up and discarded to ensure no dumpster divers tried to use it. Take that as only one data point or blip.
Even if this is the only failure of all the units that have shipped and they had shipped, say10,000 units then that represent a failure rate of 10E-4 per hr which is far from acceptable for the consequences of this type of failure by at least 3 orders of magnitude. I would be surprised if this is the only shipped unit to have experience a failure with these consequences so the failure rate for total system loss of power control is likely worse - maybe an order of magnitude worse. If the electrical system failure rate in an all or mostly all electric airplane is significantly worse than the power plant then something is seriously out of balance
KT
Sam,
I don't know about expectations. All I know is that our single-event VPX failure was a total "device" or "system" failure (pick your term). All or nothing, symantics aside. Phone charging cord unplugged, everything normal. Phone charge cord plugged in, the VPX and associated circuit wiring disappear. Virtually removed from the aircraft. No lights, flight deck, avionics, wigwag, trim or anything else utilizing the VPX ECBS. We still use the same original ECBS unit today. Shorted charge cord was cut up and discarded to ensure no dumpster divers tried to use it. Take that as only one data point or blip.
Your math assumes each unit only flies 1 hour.
Also in risk assessment you need to start with a baseline, then assess whether the “additional” risk is acceptable. Suppose (using your numbers) its 10E-4 additional risk over a baseline risk of 10E-2 (my made up number)... then would you still say it’s unacceptable?
Some might... to each his own.
Nevertheless I find all too often people make up numbers out of thin air then try to “deduce” a result as if those made up numbers lend credence. It achieves the exact opposite, IMHO.
... For each of us that line is going to be in a different place depending on our own risk /reward tolerance and past life experiences.
KT
Thanks Keith, that was a pleasure to read. Very interesting see in numbers how this kind of risk is evaluated.Taking your comments a bit out of order. Lets consider acceptable risk.
If you fly on a commercial flight your expectation is that taking a one hour flight is not going to significantly shorten your life expectancy. Assuming you expect to live to 80 years old that works out at 700,800 hrs so lets round that up 1,000,000 hrs and say that the chances of having a serious life changing event by taking the flight is 1:100.
So the chances of that event occurring on a per hour basis is the reciprocal of that number 10E-8. So in the big airplane world all major systems have a basic design requirement to meet a 10E-9 failure rate for loss of function and any failure that has a catastrophic effect. When all the system effects are combined the number needs to be better than 10E-8 and over the last 20 years that has generally held true and commercial air travel has been remarkably safe. For us flying our single engine, single string flight controls, single generator electrical systems aircraft we have no choice but to accept a much lower level of safety when we consider single point failures and the level of cost,weight and complexity it would take to mitigate those issues. So although we have single point failures, we (at least most of us) do everything in our control to avoid the consequences of failures in those single point areas. Accepting a failure rate of loss of function of 10E-6 in a single string system requires very careful design, analysis, testing, maintenance and modification which is why we (those of us that really care about these numbers) are using aircraft engines that have a legacy back the the 1930's and represent the most reliable power plants available (not the cheapest, nor the most fuel efficient). Looking at the number of those engines flying, the number of hours flown, the failure rate for failures resulting in a significant event the failure rate is somewhere in the region of 10E-6 to
10E-7 failures per flight hour.
Turning to electronics and electrical systems.
Getting to a 10E-6 failure rate with single string analog avionics electronics is possible with careful design, good thermal management and quality component selection. It is much harder to meet those numbers with digital electronics where component complexity is increased, feature size is smaller and the issues of software design and the probability of unintended features in the system operation place greater demands on systems engineering, testing, qualification, validation and revalidation following modifications or updates.
It is very easy to overlook the level of systems engineering needed to write acceptable design requirements that will specify the characteristics of the architecture needed to meet specific failure modes and effects that are inherent in any digital system implementation. In our particular case is it a single string processor with simple switch outputs or is it a dual self checking pair of processors with smart switches or is it a bunch of simple state machines with smart switches in a distributed architecture that is required?
It all depends on how the requirements are written and where the designers accept the compromises. At least for me, loss of all outputs resulting from the first apparent failure is not acceptable and if I can't be certain that isn't going to occur I have no interest in considering such a system when the alternative has less perceived functionality but has proven verifiable data confirming the absence of total loss of function on a first failure. If you consider the graph of probability of the event on one axis and the severity of consequences on the other axis then it is easy to see that how to draw the line between between acceptable and unacceptable. For each of us that line is going to be in a different place depending on our own risk /reward tolerance and past life experiences.
KT
.........and the issues of software design and the probability of unintended features in the system operation place greater demands on systems engineering, testing, qualification, validation and revalidation following modifications or updates.
KT
The use of software in the systems especially complicates things. Just think of the bugs that are found on operating systems after they are released...and then the bugs that appeared in the updates which were fixed by later updates.
I'm a career software engineer and I know how hard it is to think of everything when designing software. It's not easy. Neither is thorough testing. To think of every possible eventuality is difficult and to test all the ones you can think of can take enormous amounts of time. I've worked on systems where we never ran out of ideas of things to test - but you had to stop somewhere.
ETC.......Let's start with Vertical Power VP-X costs $1700 to $2400 (plus wiring kit). It is cool, interfaces with EFIS systems, and can monitor and control the electrical system from EFIS I gather (never used one). Even if you add up all the cost of a standard electrical system (they call "old way") it is significantly less cost, despite their exaggerated comparison cost chart they use in their promotional material. We can debate cost but in my experience the VP-X would be significantly more expensive than fuses/CB's and switches. If it fails, it is not like replacing a fuse, a CB or a switch. VP-X has "extras" but I don't think that justifies cost for me; your mileage may vary.
"...Most everybody I've seen that uses a microcontroller enabled switchbox wouldn't dream of using this for a fuel injection controller or electric ignition. Basically they don't want to add a small microcontroller and software as a dependency to keep the windmill turning..."
...Now you are including everyone that is using electronic ignition and electronic fuel injection...can you guess what an ECU is?
So I guess there a bunch of us out there that are really in trouble because not only are we using the VPX (oh, the horror), we are also flying behind one brand or another EFII systems...and doing it IFR...OMG.
...Now you are including everyone that is using electronic ignition and electronic fuel injection...can you guess what an ECU is?
So I guess there a bunch of us out there that are really in trouble because not only are we using the VPX (oh, the horror), we are also flying behind one brand or another EFII systems...and doing it IFR...OMG.
See, everyone has an opinion...
I think you missed my point... I'm talking about compounding risk with one microcontroller depending on another and the fact that EFI and EI vendors that I've seen specifically recommend against powering their units with a VPX.
... all on a VPX with 6+ years and 1300+ trouble-free hours except for 2 episodes of electrical components acting up...and the VPX caught the problems (one short circuit, one runaway flap motor). The VPX closed the circuits, ID'd the problems, allowed me to troubleshoot and fix the problems and reactivate the systems, both times in IFR.
I contend that the OP has plenty to consider, and I believe it the thread just about run its course.
However, before putting the thread to bed, I offer the opportunity for final thoughts.