Redundant power supplies ensure system operation
A power failure that shuts down the system may be acceptable in some applications. However, such a shutdown is not acceptable in a central-office telecom system counted upon to provide uninterrupted communications.
For such systems, the two potential causes of such a catastrophe are a mains failure and power-supply failure. Mains failures can be avoided only by protecting the line with an uninterruptible power supply (UPS) or by installing a battery, usually at a point in the system following a first-stage stepdown conversion. Definition of the battery size or external UPS then lets you calculate the maximum time interval for which the system can withstand this type of failure.
Nearly all redundant systems include a battery. For example, the first stage in a telecom system (called a rectifier) charges the battery and in normal conditions supplies the system. The rectifier is the first stage of the chain and must be accounted for in a study of possible failure modes. As we shall see, it must be redundant.
The battery voltage used in a major system can be 12, 24, or 48 V. From that voltage (isolated or not, according to the system type and related safety standards) are generated all other necessary voltages. It is easy to understand that all blocks must at least be duplicated to avoid the effect of failure at any point in the chain, from the system's energy source (110 or 220 V at 50/60 Hz) to its low-end voltages. Thus, a failure in subsystem A excludes A from the system, causing the normal operating condition A–B to become C–B (see Figure 1).
This type of redundant architecture, in which every block is duplicated exactly, is called 1+1. For a total load power of 100 W, for example, we use two 120-W blocks (B and D) and two 140-W blocks (A and C). Power increases, so the conversion efficiency must be accounted for at every stage:
Pout = Pin (Aefficiency + Cefficiency).
Thus, the power supply for a 100-W system must be designed for twice the necessary power (200 W), thereby duplicating its cost and the necessary mechanical space as well. Because maintenance usually requires changing a complete block that is generally heavy and expensive, mechanical problems sometimes compel you to shut down a system during maintenance. As a result, 1+1 redundancy is seldom used for output loads higher than 500 W.
More interesting is the redundancy N+1 for higher-power systems, in which every stage is divided into N power blocks (see Figure 2). Assuming an output power of 1 kW and a subsystem block of 250 W, the dc-dc converter requires four stages and the rectifier requires six stages. To these blocks one spare is added, so the rectifier is configured as 6+1 and the power supply as 4+1. The spare begins operating in the event of failure in one subsystem block, thereby providing continuous and uninterrupted power to the load.
The Figure 2 system is completely redundant, like the 1+1 system, but with a big advantage: It is designed not for double the necessary load power but only for 20–30% more. That feature allows cost and space reductions. Maintenance is easier because the low-power block can be more easily placed on a printed circuit board and because hot-swap insertion allows a failed unit to be replaced without shutting down the system. You can simply extract the board and insert another. Spare parts are cheaper, and it's generally easier to buy another board than to send the board back to the supplier for repair.
Having defined two possible architectures for redundancy, it's interesting to evaluate (from an electrical point of view) how to implement an automatic change from one block to another in response to a failure. Two possible solutions are investigated: one based on diodes and the other on an active electronic circuit.
For the diode arrangement, two diodes are placed on the output of both power supplies in an OR configuration. Both power supplies are turned on during normal operation. In the case of a failure where one output voltage is lost, the other one supplies the load via the diode.
The diode approach is easy and inexpensive for type 1+1 configurations, and it's the right choice for output voltages over 15 V. It has drawbacks, however, for lower output voltages (5 V and below) and N+1 configurations. Today's electronic systems require ever-lower voltages. Not just 3.3 V, but also 2.5 V, 1.8 V, etc., are becoming more popular, and for such low voltages, a single diode drop represents a big waste of power. Assuming a drop of 0.4 V, the diode represents a 12% loss of power for a 3.3-V output and a 16% loss at 2.5 V.
First of all, this is a thermal-management problem, concerning how to dissipate power in the diode, but it also produces a more expensive system. The power supply must provide more power than is necessary for the load. Today's designer must consider that energy is not an unlimited resource, that the system must meet certain efficiency goals, and that to avoid wasting power the future rules will be ever more restrictive.
Overvoltage at the power-supply output can destroy the load. To guard against that problem, the output voltage is monitored continuously by an external comparator-reference IC. Overvoltage causes this IC to assert a logic signal, which can disable the dc-dc converter. (Disable capability is included in many off-the-shelf dc-dc modules.) If the secondary voltage is obtained with post-regulation, the regulators available for that purpose often have a shutdown control pin. These regulators can include stepdown controllers, step-up controllers, and linear regulators.
Connecting the comparator-reference IC after the diode allows it to continue operating after a failure removes the power-supply voltage. That configuration also allows the device to advise the control logic when a failure occurs. The IC operates on supply voltages up to 11 V. For supply voltages of 15 V or more, the IC supply voltage should be regulated with a simple network consisting of a resistor and zener diode. During system turn-on, a microprocessor-supervisory IC advises the system whether power is okay. Its output, which includes a delay of 140 msec typical (the delay is programmable for some of these ICs), acts as a reset that turns on the electronics only after the power is stable.
Today's technology makes possible actively redundant electronic systems. The electronic control circuit is based on replacing the diode with a power MOS device, which achieves (besides other advantages) a strong power loss reduction in the redundant system. A power MOSFET exhibits a voltage drop related to the current flowing through it. It operates in the "on" condition (saturation mode) and presents a resistance value that depends on its type (values of 10 mW, with high-current capability are possible).
For diodes, the voltage drop ranges between 0.4 and 0.6 V but is relatively constant with current. For power MOSFETs, the drop is equal to R×I, so it's easy to verify power savings by comparing voltage drops for the diode and MOSFET. By comparing a MOSFET with 10-mW on-resistance to a diode with a 0.45-V forward-voltage drop, for example, the current level for which the diode is more attractive than the MOSFET can be determined (see Figure 3).
Power losses are the same at 45 A, but at 10 A the MOSFET loss is less than a quarter of the diode loss. Thus, for a power supply delivering 10 A at 3.3 V with 75% input/output efficiency, the total system efficiency is 68% with a diode and 73% with a power MOSFET. Note that the MOSFET cannot be placed in-series with the output, like a diode, but requires a control circuit to turn it off and on and monitor certain parameters.
A power MOSFET is an active device driven by a voltage applied between its gate and source. For turn-on, this voltage must be positive for n-channel devices and negative for p-channel devices. In Figure 3, the application is based on an n-channel MOSFET, for which the intrinsic parasitic diode has the correct orientation (anode to positive and cathode to negative) to allow current flow from power supply to load but not from load to power supply. Moreover, the required positive gate-drive voltage is more easily generated than is a negative gate-drive voltage. Gate drive for this circuit should be approximately 5 V for logic-threshold power MOSFETs and 12 V for others.
Figure 4 illustrates a complete circuit for use in systems with N+1 redundancy. The lower the output voltage, the more interesting the implementation of this architecture. The first block is a power supply for generating a positive gate-drive voltage for the power MOSFET. A dc-dc converter IC, which in this case requires only an external inductor, diode, and capacitor, steps up the input voltage from 2.7 to 5.5 V. Because a power MOSFET's gate input impedance is several hundred kilo-ohms, the total power consumption for the converter circuit is close to zero.
Power MOSFETs are bidirectional devices, so once turned on they handle current flow in both directions. Thus, a power supply can source current to the load through the power MOSFET, and if that supply fails (an output short circuit, for example), then the failed supply can sink current from the other supplies, thereby short-circuiting their voltages as well.
A protection circuit must detect normal current flow, and when it detects sink current from a power supply, it must immediately turn off the associated power MOSFET. By sensing the level of current flow, a high-side current-measurement circuit can provide information to an external circuit for controlling power consumption, equipment status, etc.
Figure 5 details an application in which the active element is a power MOSFET. UL1 generates the gate voltage, and a comparator acts as a discriminator that turns the power MOSFET on, then off when reverse current is detected. Because the comparator is powered by a bus voltage common to all other power supplies, this control logic continues to operate in the event of failure.
A control-logic circuit can be introduced wherein overvoltage protection is implemented with a comparator. By acting on pin A of Figure 5, the IC monitors the output and turns off the power MOSFET in case of overvoltage. A flag should be set to advise of this problem to ensure a supply voltage is always present on the comparator.
Sometimes the output of a single power supply is routed through the backplane and connectors to several different boards. In particular, telecom equipment often does not allow you to turn off the power supply when replacing or inserting a new board. For such applications, a circuit-breaker IC that lets you "hot-swap" boards while maintaining overload protection is of great interest.
Consider a redundant supply powering N boards, all in parallel. If one board has a failure and starts to draw a large current, the supply voltage common to all boards may begin to decrease, thereby compromising all redundant functionality in the system. The circuit-breaker IC provides protection in such cases by disconnecting the bus from the failed board.
By placing a circuit-breaker IC on every board that may be inserted or disconnected without powering down the supply, it can be ensured other boards on the same supply-voltage bus are not affected by the operation. Such an IC prevents undershoots on the common bus by regulating the maximum current demanded as a board is inserted (to charge input capacitors, for instance).
Because the output voltage of future systems will be lower and their high-level integration cannot accept wasted power, the advantages of replacing diodes with power MOSFETs should be considered in all future systems.
Roberto Amadio is a corporate field application engineer for the Information and Communication Division of Maxim Integrated Products/Dallas Semiconductor in Italy. Giuseppe Radaelli is an R&D design manager for Alcatel in Italy.