In a nutshell, I have a project that's going to be controlling half a dozen dc motors and a dozen leds. I was going to use N-channel MOSFETs for this.
This is going to be setup on the other side of the country though for a few months. I wanted to go overkill and put in a secondary backup system should the first system fail for any reason. I want the crew onsite out there to have an option of flipping a switch to a backup system. I'm paranoid.
During use, System A would be powered, System B unpowered (and vice versa by flipping a switch should System A be acting up).
Anyone know if the the schematic shown would work ok? Basically I'm afraid I'm missing a component that would need to go in between the Q1, Q2, M1 area but I might just be overthinking this.
I suspect the greatest risk of failure (by far) is with the mechanical parts (assuming you are very conservative in your design of the power electronics).
And I suspect the next greatest risk of failure is with your software.
Your proposed backup system will not address the first of these and is not necessary for the second.
If this was my problem I think I would just provide a second "Arduino system" with instructions how to unplug the failed system and attach the replacement. Anything more complex brings with it additional points of failure.
If that sort of solution is not practical (and please tell us exactly why not) then I suspect you will need a very careful analysis of the issue and a much more complex solution.
Thanks for adding that image Robin2! I was in a rush this morning and it was wasn't immediately clear how to do so.
Mechanics of this pieces are going to have minimal wear and tear on them and it's not going to be run continuously during it's exhibition (only when a button is pressed).
I too thought about just having a swappable part but it's going to be quite a few interconnects and the board is going to be hard to access. Just not something I can expect someone with possibly no technical experience to take care of. That's why I was hoping for the option I'm proposing.
Honestly I do not expect System A of ever burning out etc. The peace of mind in knowing there is a backup in there is what I'm really after.
Any thoughts on the schematic? Am I on the right track?
If the main MOSFET fails in a short-circuit, then the motor will be driven on, no matter what either Arduino does. Do you know if this is a possible failure mode? Does it occur in a frequency that will be significant for your project? (Getting this level of detail from the manufacturer may be difficult unless you have the letters NASA in your name.)
Personally, I would focus on protecting your Arduino from screwups. What happens if someone plugs in power backwards? What if they are unplugging something else and drag a live 12V wire across some of the pins of your Arduino? Note "someone" and "they" are actually you. You're the one playing with it the most and you're most likely to do something silly.
I have recently had a project blow up in a number of different ways. I plugged in power backwards, I touched two pins together, I dropped a ground on the 5V supply and then it just went 'pop' from an inductive surge when I plugged it in normally. That circuit now has a lot of protection devices on it.
Protect from reverse polarity power input. This is the number-one screwup. Use a P-type MOSFET if you don't want to spend power on a diode drop. It's super easy to do this one thing.
If automotive (there's an alternator) then protect from +/-28V continuous input and 40V spikes.
If there's wires going outside the building then nearby lightning strikes can induce big spikes in the long cables. This needs some serious isolation. (You can never design for a direct hit by lightning, except to try to prevent your project from setting your house on fire.)
If there's mains voltage inside your box then there's a long list of things to ensure you don't accidentally get high voltage on the parts of the project that people can touch. Also there's some significant spikes to be considered coming down the power line.
Every wire that enters or leaves your box is subject to screwups. Think about protecting every single input against +/-12V (or whatever is your main circuit voltage.) These are also subject to static electric sparks, which carry little energy but can be up to 15KV.
If there's a battery, make sure there's protection from some idiot touching the live terminals to some metal tool or touching two wires together. Put a fuse ON the battery, plus more breakers or fuses further down the chain.
Make sure all metal parts that might touch live wires can't touch people. Think about how small a child's fingers are when you're putting slots in the case.
The proper solution is for you to modularise major assemblies, and make then pluggable.
Having your redundant controller in the same chassis is not going to really protect it.
Having plug in blocks or PCB cards, so the redundant unit is never in the vicinity of the work unit is the safest.
Also provide instructions and diagrams on how to do the swaps.
IMPORTANT instructions, such as TURN POWER OFF before changing modules.
Being so far away you need to assume that you have electronic beginners at the other end, because they probably will have no idea of your code or hardware.
Fit your project with as many LEDs on the PCB, as possible, to indicate things like powersupply, critical input and output signals to make troubleshooting easy, especially if you have to work over the telephone.
Fit fuses, especially in high current supplies as well as a MASTER ON/OFF switch.
MorganS:
5. Every wire that enters or leaves your box is subject to screwups. Think about protecting every single input against +/-12V (or whatever is your main circuit voltage.) These are also subject to static electric sparks, which carry little energy but can be up to 15KV.
If there's a battery, make sure there's protection from some idiot touching the live terminals to some metal tool or touching two wires together. Put a fuse ON the battery, plus more breakers or fuses further down the chain.
I should look into static countermeasures, you're right there. This will be ran from a 12v power supply but fuses can't hurt. You did get me thinking about interference on the inputs. The trigger button will be a good 6' away. I was thinking of using shielded cable connected to ground. Any other ways to help deal with interference off the top of your head?
TomGeorge:
The proper solution is for you to modularise major assemblies, and make then pluggable.
Having your redundant controller in the same chassis is not going to really protect it.
Being so far away you need to assume that you have electronic beginners at the other end, because they probably will have no idea of your code or hardware.
Fit your project with as many LEDs on the PCB, as possible, to indicate things like powersupply, critical input and output signals to make troubleshooting easy, especially if you have to work over the telephone.
Tom...
While I was really hoping for a switch option it does seem that the consensus is to go with swappable backup units. In all honestly I don't see this piece having issues but having well marked pluggable backups seems like an option.I'm on the same page as far as LED indicators go. There will be NO tech support at the other end of this project.
I've become fairly fond of these plugs. Anyone know ones that are better for whatever reason though?
A well known problem with backup systems is that they multiply the complexity and thus introduce more opportunities for failure. It has to be handled thoughtfully. It doesn't sound like you have time for that. Just make the thing so well that it won't fail.
If the main MOSFET fails in a short-circuit, then the motor will be driven on, no matter what either Arduino does. Do you know if this is a possible failure mode?
This is a fairly likely failure mode.
Another likely failure mode is a gate to substrate short (easily caused by static electricity), which will expose the Arduino to 12V through an output pin, frying it instantly.
For both of these possible failures, the proposed circuit would be useless as a backup. A swappable module is much better.
aarg:
A well known problem with backup systems is that they multiply the complexity and thus introduce more opportunities for failure. It has to be handled thoughtfully. It doesn't sound like you have time for that. Just make the thing so well that it won't fail.
Another likely failure mode is a gate to substrate short (easily caused by static electricity), which will expose the Arduino to 12V through an output pin, frying it instantly.
For both of these possible failures, the proposed circuit would be useless as a backup. A swappable module is much better.
Sounds like my pluggable backup system should be from the Arduino all the way through the motor driver board stopping at the motor itself. Diodes to protect the outputs as well maybe?
Outputs are also inputs when they're incorrectly plugged into a power outlet. They definitely need some protection against likely errors.
Those locking connectors look reasonable. If there's enough pins and they carry the current you need and they are cheap enough, then buy a lot. You can always cut the locking tab off the ones that you don't need to lock. I use a different connector but with similar locks on all my projects. The most common problem with them is the lock held the connector together but a simple user mistake (dropped the box) yanked the cables out of the other end. So you don't always need or want locking.
tatticus:
Sounds like my pluggable backup system should be from the Arduino all the way through the motor driver board stopping at the motor itself. Diodes to protect the outputs as well maybe?
Why stop at the motor?
This all sounds as if your mindset has shifted back to trying to avoid ALL possible problems.
IMHO that is just impractical. You need to identify the potential failures and list them in order of probability and assign some sort of sensible estimate of likelihood to them. Then have a plan to deal with the serious risks and ignore the others. The motor is probably as likely to fail as many other parts, Maybe a good way to rank probabilities is by reference to your estimate of how likely a motor failure is.
The risk that someone can plug something into the wrong socket is normally dealt with by designing the plug layout so that is impossible. It also makes things much simpler for the less-expert user.
To my mind the greatest risk, by far, is an undetected mistake in your program.
