BUREAU VERITAS APPROVAL OF COMPUTERIZED EQUIPMENT NR 424 DNC R00 E/F 17 bis, Place des Reflets - La Défense 2 - 92400 Courbevoie Tel. +33 (0)1 4291 52 91 - Telex 615376 F BVDNG -Fax. +33(0)1 4291 53 20 Postal Address : 92077 Paris La Défense CedexBUREAU Registre international de Classification de Navires - Fondé en 1828 - International Register for Classification of Ships - Established 182% MARINE DIVISION GENERAL CONDITIONS ae eatin Remytrge cto ures sshacaneait ase eae Tact crete nb et ers tea peice sevten andra can paid ‘ulance Notes nd ce Scrat bs onan nprnney ony he set Beara \owal tne Soetyeisrororoie by aoe pushed ne Rept by ne Soot 1 22, i rcevnca Ru "Sooty matte! snd lene tuna ean eos isetteles cae sent oes Sy rt be Sey Sees Nites thet datas sus tat hes ecm of she neh le 122 - BUREAU VERITAS 1 sole qaies I> decide vor the meancg, he sinh Sot cto nce sl onan 4 pst nd “Ribera ti sen, connate carey naa tse, "LA Suey concn by ha Sait ce, Ou 6 ot id 6 wa nes penn sunset she Posey umtene ine dusaten op fe parorance asec Oy be Soy Srtiens oa parca pupae ere any Sv, ss, ai eget eye Es, yet ta Rs 153. Neoingconalne hte, a in ay infomation, repo, cates ote ‘es sarc, san be deamn orate any Genrer reece angen Buide menutcttes anya, sen nace of subcontract ‘eon, or emma, pers oroiner an may waranty 9 ter cena igen earece imps ot rom any at waste, oro eee Sy HEM im beet in any ra par In paren, tw Soy Soe hat dcr he acceptance er comissoning of & Shi hat being te exclu espera one ower pyar rang eps sa an Can fy {eras tm permnce oft srien, gored Oy te Rl fe Sasa ‘inch sat oe eS ope stam essa dreion 64.-In providing services, Information of avi naar the Soca nor ay ot oa racy ue tary set or onlin oer of haere, wate of at fn howowver caused it sy nformaton er avin given 8 Way er by oro bana he Society. Socay ahaete net are han #000906 3m or amas whan rte by itn 8 bart te pursue such a oaia the Soe 2... Alplng, devin, snctaton and nfematon worded te Soc ot ef wich ne Sty may tec reason awa cones wh he borate St eanacon sa thse te Cater oy te Seceand sata wba oe FOR ee ea ai ae Sr Sc eect! esapeemant ae betwen the equestng gan an he BUREAY GERCIASranoyr, the Soe may aie ene oR pa Sern “sete by the pares ana incase hey could po each an ogre. he Wot ‘en be nomnued byte Present ete Law Soe of Engl’ are is opon esas tm evercean throne tt reForeword A great number of the functions operated on board is now controlled by the computerized technology. Processors manage most of the systems nowadays and their increasing performance makes their use inevitable. The safe and efficient operation of this new technology demands a standardization of concepts ; the present document attempts to materialize these concepts and therefore defines the requirements applicable to the systems submitted for the Society's approval. Bureau Veritas reserves the right to review this document should further elements need considering, Bureau VeritasContents 1. General 2. Documents to be submitted 3. Definitions 4. Design 4.1. Principles 4.2. Central units 4.3. Memories 4.4. Software 4.5. Peripheral control units/Interfaces 4.6. Networks 4.7. Man/Machine interfaces 4.8. Testing Bureau Veritas1. General 1.1. The following requirements apply to the computerized equipment on board which is subject to the essential services 1.2. Asa general rule, the approval of such equipment covers both hardware and software parts although examination of any part of them can be considered separately 1.3. In case of type approval associated or not with a qualitative software study, a certificate and/or attestation can respectively cover hardware and/or software 1.4, At the time of the approval, if the application field is clearly defined in advance, the corresponding requirements of the Rules and Regulations for the Classification of Ships are to be taken into account ; if not, each application is, before installation, to be submitted for the Society’s consideration 2. Documents to be submitted Any drawing and document necessary to check that the requirements of the present note are actually met are to be submitted to the Society for approval, In particular, the following is to be provided ‘* a request of approval expressed by the manufacturer or his authorized representative, ‘the technical specifications and a description of the system (hardware and/or software), installation particularities and conditions of use, * test reports that might have been already prepared by specialized laboratories. 3. Definitions Automatic data processing : the branch of science and technology that is concemed with methods and techniques relating to data processing largely performed by automatic means Topology : way in which the network nodes are interconnected (see appendix A.1) Switching techniques : techniques that distribute the information through a cloud of nodes from the source towards the destination (see appendix A.2). Access protocols : mecanism of access control to the communication ressources (see appendix A.3) Interface : coupler that ensures the parallel or serial connection with the periphery. Network: means put in service for the interconnection and communication of several units controlling the whole installation Bureau Veritas4. Design 4.1. Principles 4.1.1. The equipment is to be so designed to ease the maintenance operations (e.g possibility to change a printed card or a set of printed cards, intervention from a terminal unit in the aided conversational mode). nal 4.1.2 The interchangeable components are to be protected against unintent inversions (e.g. interlock devices, marking...) ; if they are inserted in a wrong position, they are not to be damaged or cause malfunctions, 4.1.3. If the equipment may introduce variations from the temperatures stated in §19.025.2 of the Rules and regulations for the Classification of Ships, it is to be fitted with a monitored cooling device or an indication is to stipulate its installation in an adequate air-conditioned atmosphere. 4.1.4. The equipment is to be protected against current overloads and short circuit currents 4.1.5. Any supply failure is to be indicated by an alarm. 4.1.6. The response times of the equipment are to be compatible with the planned applications, 4.1.7. The equipment is to be provided with self-test devices in order to detect failures related to the central unit, the memories, the inputs/outputs and the communication links (e.g. watchdog, logical self-test... 4.1.8. Permission for access to the equipment is to be controlled. 2. Central units 4.2.1. In case of voltage supply failure, the processor condition is to lead to the least dangerous position for the installations. 4.2.2, The equipment is to be fitted with at least two time bases ; failure of anyone of them is to be detected For the non synchronized components, the time bases are to be interconnected to allow failure detection. 4.3. Memories 4.3.1. Any voltage supply failure, external interference or wrong control signal is not to affect the program/data memory. Bureau Veritas4.3.2. The criteria of memory storage and rate transfer are to be compatible with the planned applications. 4.3.3. The static random access memories are to characterized by low error rates. 4.4, Application Software 4.4.1. Software development and maintenance are to be organized according to recognized quality plans 4.4.2. Ifa quality attestation is requested by the manufacturer, the software component is to fulfil the recommendations of the guidance note NI 425 DNC R00 E/F. 4.5. Peripheral control units/Interfaces 4.5.1. Every outgoing/ingoing circuit is to be protected against short-circuit, currents and voltage overloads. 4.5.2. Insulation faults are to be indicated by an alarm and, as far as possible, are not to isturb the good operation of the system. 4.5.3, Wire breaks are to be cated by an alarm. The scanning frequencies or windows are to be selected so that the parameters are suitably monitored. 4.6, Networks 4.6.1. The networks are to be designed so that the individual units can be tested, repaired and put in service without interfering with the other parts of the system. 4.6.2. The performance of the network transmission medium (transfer rate and delay time) are to be compatible with the planned applications. 4.6.3. The data transmission is to be self-checked, regarding both the network transmission medium and the interfaces/connections. 4.6.4, Unless justified, the connections are to be in compliance with the applicable international standards or equivalent (see appendix A.4), 4.6.5. The nework configuration (topology, switching techniques and access control) is to be compatible with the planned applications (see appendix A.1/2/3) 4.6.6. Conflicting control interventions from several terminals are to be limited by means of interlocking or appropriate warnings. The « active » terminal is to be indicated on the other terminals, Bureau Veritas4.7. Man / Machine interface 4.7.1. The control panels are to be suitably lit ; controllable lighting may be required where necessary, 4.7.2. The brightness and colour representation of the displays are to be adjustable to the ambient conditions. In any case, information is to stay easily discernible. 4.7.3, The handling and action direction of the input devices is to be logical and, as far as practicable, to correspond to the action direction of the controlled device 4.7.4, When keys are dedicated to common/important controls, and if several functions are assigned to the said keys, the « active function » is to be recognizable. 4.7.5. IEuse of a key may have dangerous consequences, appropriate measures are to prevent an instruction from being executed by a single action (e.g, simultaneous use of two keys, repeated use...) 4.7.6, Means are to be provided to enter the manual input data correctly (e.g. checking of the number of characters, value checking...) 4.7.1. If a training/simulation mode is integrated to the system, itis to be clearly indicated and is not to hide the processing indications. 4.7.8. The information status is to be clearly indicated (e.g. alarm acknowledgement...) 4.7.9. The alarm signal, within the scope of the alarms required by the Rules, is to be displayed whatever the information displayed on the screen, 4.7.10, User and maintenance manuals are to be provided. 4.8, Testing The system as a whole is to be tested according to §19.02 of the Rules and Regulations for the Classification of Ships. Bureau VeritasInformative appendix A.1 Network topology The way in which the nodes are interconnected defines the network topology, that must not be confined with the topography ; the topography corresponds to the physical location of the link cables. The most used topologies are the following - Star networks They are used to connect several peripherals to a central system. The failure risks are high and the delay times depend heavily on the load of the central point. - Bus networks They are often used in the Local Area Network (LAN). The bus length is often low due to the passband. New stations can be connected without network reconfiguration. Bureau Veritas- Tree networks They can be built from the transmission medium (busses) but are generally built from highband LAN. The latter uses a frequency division multiplexing, The covered distance is higher than the one covered by a single transmission medium (bus). The weak point is the tree root. - Ring networks They are only used for LAN with the token passing access mode or empty slot/slotted ring access. The node number and the distance between the nodes are limited. Every node addition can cut the line and therefore disturb the operation of the system. The reliability can be increased by duplicating the network transmission medium. Bureau VeritasA.2. Switching techniques There are three important techniques in transmission networks - Circuit switching, that consists of materializing a path between the source and the destination ; the path is maintained for the whole communication. - Message switching, that consists of distributing the binary data sequence from node to node up to the destination, This method may need important intermediary stores if the information quantity is, for instance, a file. - Pack switching, that follows the same principle as above. The message is at first cut into packs of maximum fixed length ; the packs flow through the nodes. This method needs few intermediary stores and seems to be fitted to most networks. This kind of switching is not compatible with the cross networks A.3 Network access protocols Access protocols can be grouped into three categories - Static policies, such as - FMDA (Frequency Division Multiple Access) in which a frequency is allocated to every user on a broadband support. - TDMA (Time Division Multiple Access) in which a period of time is cut into intervals periodically allocated to each user. - Dynamic policies, such as - polling. This was one of the first techniques to be used. It consists, in case of centralized control, of questioning every user sequentially and letting them speak in turn, In case of distributed control, the speaking user gives his place to the following one without master intervention, An improvement, « adaptative polling », consists, for the master, of asking who wants to speak, listening to the answers and making a choice. Their heaviness and lack of flexibility forced these techniques to move on towards a token system - token techniques. The principle consists of circulating a « token », only the station retaining the token has the right to transmit. Two alternatives are introduced, the unadressed token (it is just put back into circulation) or the adressed token (a successor is privileged). In case of loss, if the management is centralized, the supervisor has to regenerate the token. If the management is distributed, every station has a delay timer that is released at the last token passage. If the station doesn’t detect the token again before a fixed period of time, a new token is generated - empty slot. This method consists of dividing the total capacity of the ring into series of time periods characterized by a full / empty indicator. Any station wishing to send a message has to wait for an empty slot. Bureau Veritas- register insertion. This technique aims to deviate the ring traffic into a buffer during the insertion time of the frame. - random access. The idea is to emit on the information support without caring about the other users. If there is a collision, the signals become unintelligible and are re- emitted later on. Besides a large simplicity, this method does not require any synchronization and is fully decentralized. Its major disadvantage is an increase of collisions due to an increase in the number of emitters. In order to resolve the problem, the following solutions have been proposed © CSMA or Carrier Sense Multiple Access, in which the channel is monitored until the data emission, which decreases the collision riots considerably, © CSMAICD (with collision detection) which is the most used random technique at the present time. This solution is very often fitted on LAN, especially Ethernet, * CSMAYCA (with collision avoidance) which is not used often, * CSMAICR (with collision resolution), - The hybrid policies which result from using time multiplexing or frequency multiplexing to gather the random accesses. A.4 Network connections The physical connection to a network consists of linking to it by means of patchplugs, cables and electronic cards ; the signals relative to the information are emitted on the physical support of the network, Important improvements have been made to attempt to standardize these different elements. Two organizations have especially contributed to standard issuance, the IEEE in the USA (802 committee) and the ECMA® in Europe (LAN group). The following standards are quoted as examples * IEEE 802.1(A) Local and Metropolitan Area Network Standard Overview and architecture. © IEEE 802.1(B) Addressing, Internetworking and network management. * IEEE 802.2 Local Area Network Standard, Logical link control, + IEEE 802.3 CSMA/CD. Access method and physical layer specification. * IEEE 802.4 Token passing bus. Access method and physical layer specification. * IEEE 802.5 Token pasing ring. Access method and physical layer specification. * IEEE 802.6 Metropolitan Area Network Standards, © IEEE 802.7 Broadband Local Area Network Standards. © IEEE 802.8 Fibre optics standards. Bureau Veritas10 (1) IEEE : Institute of Electrical and Electronics Engineers (2) ECMA : European Computer Manufacture Bureau Veritas