What's new
Van's Air Force

Don't miss anything! Register now for full access to the definitive RV support community.

Power system architecture for EFI

SNIP

I found some of these on ebay:
http://www.elecdirect.com/truck-trailer-parts-connectors/pollak-switches-connectors/pollak-50-30-amp-toggle-switches
The handle is a bit oversized, which you might be able to convince yourself is a good thing (differently shaped switches can help ergonomics). SNIP

Charlie

I shy away from any switch that does not have silver plated contacts. Here is example of a high current switch: https://www.alliedelec.com/switches/toggle-switches/?a10=NKK Switches&n8520=30 A

30A is way up there. For such application I use a 12vdc relay (with a low current switch) like this: https://www.alliedelec.com/schneider-electric-magnecraft-92s7d22d-12/70185034/

For lower current needs (ignitions, masters, vital buss power), I like these locking toggle switches: https://www.alliedelec.com/nkk-switches-s6al/70192232/

Carl
 
Responding to Ross's comment:

" I'll put the question out there though- what are the diodes really doing for you though with the isolation switches on each bus feed, assuming you have only one source at a time connected to the bus, current can only flow one way. I'm thinking they could be ditched too. I've seen diodes fail both shorted and open a number of times over the years."

Yeah, good point. I was initially thinking that in an emergency, I would possibly flip a "both" battery switch. But that does bring in the diode reliability thing. Is there more merit in having a single three position switch for "Battery 1-OFF-Battery 2"? That would now bring me down to two contactors and one switch. I could keep two separate SPST switches, maybe that would be more reliable? (although that allows someone to flip both ON and possibly backfeed some bad voltage).

And the high current switch possibilites look interesting, thanks Charlie and Carl.

Great comments, thanks!
 
I prefer relays to switches carrying power. I have changed lots of switches in my life. Maybe one normal relay I have changed, not counting a few starter relays. Different animal.

My engine bus will be powered through a relay, unless someone convinces me otherwise, which i am open to.
 
If we do a single schematic with every wire and pin shown it would be very hard to follow the basic concepts being discussed in this thread. We prefer to have separate drawings to more clearly illustrate each section. This is simply an overview of the basic power and ground connections, switches and breakers.

Lots of people's eyes glaze over when you have 150 connections shown on one frame.
I don't think Dan's saying that we need the detailed wire-by-wire diagrams in this thread. For our purposes here, and for understanding the basics of the system, the simple block diagrams work well. But for installation, troubleshooting, etc. it would be really nice to have a full wire diagram with everything on it. Or even full separate diagrams for each harness. Just looking at the documentation as it stands right now, I don't really see enough to feel confident in installing and terminating the harnesses that would come with a kit.

I'll put the question out there though- what are the diodes really doing for you though with the isolation switches on each bus feed, assuming you have only one source at a time connected to the bus, current can only flow one way. I'm thinking they could be ditched too. I've seen diodes fail both shorted and open a number of times over the years.
I think that's an invalid assumption with most of the people proposing systems here. At least, my intent with diodes is to have redundant power feeds going to the engine bus that are both on under normal operations.
 
I don't think Dan's saying that we need the detailed wire-by-wire diagrams in this thread. For our purposes here, and for understanding the basics of the system, the simple block diagrams work well. But for installation, troubleshooting, etc. it would be really nice to have a full wire diagram with everything on it. Or even full separate diagrams for each harness. Just looking at the documentation as it stands right now, I don't really see enough to feel confident in installing and terminating the harnesses that would come with a kit.


I think that's an invalid assumption with most of the people proposing systems here. At least, my intent with diodes is to have redundant power feeds going to the engine bus that are both on under normal operations.

We have ECU pinout diagrams if you need them. When we leave the FWF cables unterminated, you get the connectors and pins in a bag for each sensor with the wire colors and terminal numbers/letters marked. Each cable is marked on the ends as well. Easy to match up and do. Each sensor has a multi conductor, sheathed cable to keep things clean for routing. I've never liked the all white wire thing they commonly do in the aircraft world so we use multi colored single conductor wires to make things easier to trace and hook up like in the automotive world. All Tefzel of course.

On the second point, just throwing the diode thought out there to make people think. If you'll have both batteries feeding your engine bus at the same time the diodes serve a purpose, otherwise not and are another possible failure point which could bring you down to only one power source.
 
Last edited:
But for installation, troubleshooting, etc. it would be really nice to have a full wire diagram with everything on it.

Or merely assessing it before buying it.

I think that's an invalid assumption with most of the people proposing systems here. At least, my intent with diodes is to have redundant power feeds going to the engine bus that are both on under normal operations.

Precisely.

Perfect = The failure of one feed requires no immediate pilot action to keep the fan turning.

Acceptable = The failure of one feed requires a single pilot action, preferably standard and familiar to all operators.

Unacceptable = The failure of one feed requires several pilot actions, in some specific order.
 
Or merely assessing it before buying it.



Precisely.

Perfect = The failure of one feed requires no immediate pilot action to keep the fan turning.

Acceptable = The failure of one feed requires a single pilot action, preferably standard and familiar to all operators.

Unacceptable = The failure of one feed requires several pilot actions, in some specific order.

The docs are right there on our Aircraft Page under the bold type heading "Aircraft Manuals and Documentation". ECU pinouts for the 2 DB connectors here: http://www.sdsefi.com/em5aviationpinout3.pdf

The programmer ports use a molded data cable so you can't get that one wrong.

For the 16pin Molex connector, there are several different configurations depending on the system and type of injectors and options used. Happy to send anyone info on that aspect if you need it for troubleshooting your specific system. Color coded wiring here makes things pretty easy IMO.

A fair percentage of folks don't count wiring as their #1 forte. A simple, uncluttered layout for each aspect is far easier for them to grasp we've found after doing this stuff for 25 years.
 
Last edited:
Diodes in power design

I would LOVE to keep diodes in the design, and have both batteries supplying power as needed. However, I re-iterate what I was told by the automotive electrical designer: (and also reflected by Ross)

"I am suspicious of parallel operations. I have tried paralleling power supplies, coils, and transistors and due to imperfect matching things get hot due to oscillations: on and off and the switching causes heat. Getting the parallel devices to conduct equally is not easy. It also does not offer the same safety factor as having tested redundant components that can be switched out and in as needed. Some math analyses would be needed to verify this.

Another concern is that diodes can fail either open or short. I am not sure and will do some more thinking about the impact of a shorted diode. An open diode by itself would not be a problem, other than being able to detect and replace when back on the ground. What is not wanted is one battery draining into the other; one or both batteries might fail. To me a switching arrangement would be better. That is switching in and out either power system to either critical component set. The best would be on the ground checks, before air, of both power systems and both sets of critical components and then the capability of switching."


In light of the above statements, can anyone make a good rebuttal? Or offer a concept that avoids paralleling the batteries? Again, a redundant power source that does not need to be switched would be preferable, if it can be safely implemented. Trying to learn here....
 
I would LOVE to keep diodes in the design, and have both batteries supplying power as needed. However, I re-iterate what I was told by the automotive electrical designer: (and also reflected by Ross)

"I am suspicious of parallel operations. I have tried paralleling power supplies, coils, and transistors and due to imperfect matching things get hot due to oscillations: on and off and the switching causes heat. Getting the parallel devices to conduct equally is not easy. It also does not offer the same safety factor as having tested redundant components that can be switched out and in as needed. Some math analyses would be needed to verify this.

Another concern is that diodes can fail either open or short. I am not sure and will do some more thinking about the impact of a shorted diode. An open diode by itself would not be a problem, other than being able to detect and replace when back on the ground. What is not wanted is one battery draining into the other; one or both batteries might fail. To me a switching arrangement would be better. That is switching in and out either power system to either critical component set. The best would be on the ground checks, before air, of both power systems and both sets of critical components and then the capability of switching."


In light of the above statements, can anyone make a good rebuttal? Or offer a concept that avoids paralleling the batteries? Again, a redundant power source that does not need to be switched would be preferable, if it can be safely implemented. Trying to learn here....

I?ve been running parallel batteries (normal operations mode) for 16 years in four, soon to be five RVs.

For one application I have the output of the standby alternator feeding the left and right Avionics busses via diodes. I do this so a fault on one buss would not take down the other buss. In short, I offer you concerns on diodes in not warranted assuming the components used are of appropriate ratings.

There in no magic in parallel machines or batteries. There is a lot of documentation out there to review.

Carl
 
In response to:
Unitink72:
"First of all, will you have regulators that you can adjust?"

Yes, BandC also.

"I don't think you need two switches to feed the engine bus."
I would defer to the post from Ross at SDS......."With any layout, we feel you must have a way to isolate the essential bus from each battery and alternator because if those go bad in some way you can take down the ECUs."

Can we get specific about buses going "bad in some way"? These are the things I can think of off the top of my head, in reference to my design:
  • Overvoltage - Handled by the regulator
  • Contactor Fail open - no biggie the main bus dies but Aux picks up the slack. Aux contactor no issue.
  • Contactor fails closed - figure it out on the ground
  • Main->ESS bus wire shorts - diode protects Aux backfeeding the short. Assumes diode is installed close to ESS bus so little chance of the short segment after the diode shorting.
  • AUX->ESS bus wire shorts - Need to throw the ESS Aux Feed Switch if short is before the switch. If short is after switch, Main bus will short also
  • Main->ESS diode fails open/closed - Ok assuming its the only failure.

This has been a good exercise, I've discovered the weak point is the wire between the diode/switch and ESS Bus. Did I miss any?

4rXts4c.png
 
"I am suspicious of parallel operations. I have tried paralleling power supplies, coils, and transistors and due to imperfect matching things get hot due to oscillations: on and off and the switching causes heat. Getting the parallel devices to conduct equally is not easy. It also does not offer the same safety factor as having tested redundant components that can be switched out and in as needed. Some math analyses would be needed to verify this.

Another concern is that diodes can fail either open or short. I am not sure and will do some more thinking about the impact of a shorted diode. An open diode by itself would not be a problem, other than being able to detect and replace when back on the ground. What is not wanted is one battery draining into the other; one or both batteries might fail. To me a switching arrangement would be better. That is switching in and out either power system to either critical component set. The best would be on the ground checks, before air, of both power systems and both sets of critical components and then the capability of switching."


The caution about paralleling power supplies is worthy, but not a total prohibition. You just need to know how the system will act with the chosen components. (But don't confuse a battery with a power supply in this context.)

As Carl mentioned, paralleling batteries, while not perfection, can work fine if the design calls for it. The only danger of one battery 'feeding into' another is if there's a catastrophic short in one of the batteries, or one is almost totally discharged. If both are healthy and at a reasonable state of charge, neither battery has enough voltage to 'feed into' (charge) the other. As evidence, consider the open circuit voltage of a fully charged lead-acid battery (~12.5V), and that it takes almost 14V from the charge source (alternator or charger) to fully charge that battery. The issues with paralleling batteries, while real, are of more academic than practical significance in our a/c applications, where batteries are seldom discharged by more than 5-10% (during the start sequence).

Paralleling devices: Look carefully at any power supply bus and its attached devices. Having said that, paralleling *components* feeding a single device *might* have implications. For an example, see the AEC book for a description of how to safely parallel multiple subD pins in a connector to share a higher current than one or two pins can handle safely.

Diode failures: Yes, they can fail. Just like switches, which can also fail either open or shorted. The proper way to consider them (and any other component) is to ask whether something bad happens with a single failure, and what (if anything) needs to be done with a simple operation to work around that failure until safely on the ground. Just assume that any one random component *will* fail on a given flight, and try to have a plan B (if needed) for that failure. FWIW, a properly selected and installed diode will have many orders of magnitude more reliability than a switch/relay/etc that's mechanical. But on any given flight, it either will or won't fail, just like any other component. So you plan your *system* design expecting failure of any one component.

My take would be that you pick diode or switch, as appropriate, for desired circuit operation; not on reliability.

FWIW...

Charlie
 
Last edited:
Cross Tie Open, ESS Aux switch closed

(1) You're on the run up pad. How will you determine if the aux feed is actually working?

(2) 8500 ft, smoke in the cockpit. I'm not going to tell you the source. just like you won't know in the air. What will you do?
 
Diode shorted?

Sure.

Note this popular maxim, from Saint-Exupery:

..perfection is finally attained not when there is no longer anything to add, but when there is no longer anything to take away...

Now consider these two sketches. What is the reliability difference between the one on the left (your original) and the one on the right?

1263d5g.jpg


BTW, I am not suggesting that the one on the right is optimum. It's just an example, an illustration of a point.

On the right... we can preflight for an open diode but how do we know if a diode is shorted?
 
Last edited:
(1) You're on the run up pad. How will you determine if the aux feed is actually working?

(2) 8500 ft, smoke in the cockpit. I'm not going to tell you the source. just like you won't know in the air. What will you do?

I would rather be riding in a glider, than a Roman Candle.
 
With controllable alternators, you can check the diodes for shorts by shutting down the alts individually [edit: Should have completed the thought:] and individually monitoring bus voltages on either side of each diode.


On a more general note. After 12 pages of discussion, I went back to the 1st post. The OP mentions using a modified AEC Z-14, but with electronicly controlled engine. Is there any reason for not going directly to Z-19? I confess it seems unlikely that those of us with limited to no a/c electrical design experience can beat what 40+ years of experience, seeing both the good and bad of a/c design in the certified world, brought to designing Z-19.

Charlie
 
On a more general note. After 12 pages of discussion, I went back to the 1st post. The OP mentions using a modified AEC Z-14, but with electronicly controlled engine. Is there any reason for not going directly to Z-19? I confess it seems unlikely that those of us with limited to no a/c electrical design experience can beat what 40+ years of experience, seeing both the good and bad of a/c design in the certified world, brought to designing Z-19.

I'm the OP ;)

Z-19 is one alternator, two batteries. If the alternator goes down, then you're down to the capacity of those two batteries to handle the engine and run everything else. I didn't feel comfortable with that limitation, given the power demands of SDS and an all-glass, likely IFR panel.

Z-19 has diode modules for the ECU and primary fuel pump; taking that strategy with the SDS system would have lots of diode modules (one for each component). It seems simpler to have one engine bus fed by two sources through diodes.

Z-19 also uses a voltage-sensing relay to switch engine power source from main to engine battery. I'd rather keep the two through simple switches and diodes, and with a modern EFIS I can monitor voltages on both batteries easy enough.
 
Last edited:
Well, I guess that this is my 'Duhhh!' moment for the day...

My apologies. I breezed right past the 'single alternator' item while looking for 'electronically controlled engine' spec.

I may raise the issue on the AEC list, to see of Bob's interesting in revising or adding a drawing to allow dual alt/dual battery/electronic engine.

Charlie
 
Prospective Z diagram for EFI

... I may raise the issue on the AEC list, to see if Bob's interested in revising or adding a drawing to allow dual alt/dual battery/electronic engine.

Charlie

Be sure to point out there are dual ECUs, dual fuel pumps, and dual coilpacks, but only one set of injectors. The injectors need B+; they are not powered by the ECU but switched to ground by it, this function relay selectable between primary and backup ECU. (The coilpacks are powered by B+ also and triggered by the ECU but there are two coilpacks; each dedicated to its own ECU.

AEC states Z-14 is suitable for an electrically dependent engine; it shows electronic ignition and electric fuel pumps but does not speak to electronic fuel injection.

Z-19:
* States it's for electronic fuel injection and shows diodes arranged from two battery buses like post 86.
* Does not show coilpacks or injectors.
* Shows only one ECU so hence the diodes to automatically power it from one or both battery buses; like we could do with the injectors.
 
wow

I fly for a living and you guys are scaring me...


Just for a couple of data points:

There were MILLIONS of hours flown safely in the B-727, and it had human intervention required..."Protect Essential" was the name of the game.

The B-757 and 767 have automatic switching but things can STILL go dark requiring human intervention.

The B-717 has uninterrupted power transfer systems and things STILL go dark, usually requiring a reboot of the system.

Let's not even mention the Airbus electrical system!:eek:

and let's not forget the MILLIONS of safely flown IFR hours in GA aircraft with simplistic electrical systems.

In aviation, there is ALWAYS a risk, and as these pages demonstrate, no matter what idea someone comes up with there will always be someone there to shoot it down.

I would propose that these "experts" provide their own designs and let the crowd have a stab at shooting them down...

I am not an electrical expert but for discussion's sake, here is my example. My design is that of a J-3 Cub with no electrical system...oh, wait, what if there is a failure of the switch hooked to the P leads?...:eek:

Seems like, if I may quote a classic movie, "The only winning move is not to play."
 
(1) You're on the run up pad. How will you determine if the aux feed is actually working?

(2) 8500 ft, smoke in the cockpit. I'm not going to tell you the source. just like you won't know in the air. What will you do?

1) When I first power up the plane, I'll turn on the ESS Aux feed first and verify power to the ESS Bus and no power to the Main Bus. No need to test that again at the runup pad.

2)See smoke - cut both masters. The ESS bus is now fed by the Aux battery only.
 
After a lot of education via this thread, I am thinking of settling on the following power design. Extremely similar to John Brights and others:

30bnyfs.jpg


On run up, each battery/switch/diode can be tested by alternating power switches.

In flight, my plan would be to have both engine bus switches connected. If either alt/battery goes bad, no pilot intervention would be required. If one side became very problematic, it could be removed.

In an emergency (smoke), both contactors can be opened, hopefully clearing the problem. My last option would be to kill the engine bus.

A lot of research prompted by Carl and Charlie leads me to believe that the diodes and switches can be quite reliable. And a 30amp rated switch should behave well with a max 20amp load.

Looking at: http://ixapps.ixys.com/DataSheet/DSS2x121-0045B.pdf
and: https://www.gamainc.com/product/28a-mtd/
Cole Hersee contactors for Primary and Secondary

Lastly trying to decide on adding a bus tie or not. And I have learned quite a bit from the discussion and appreciate the feedback. Thanks to all.
 
Last edited:
I believe Cliff has about the simplest design with two alternators where you can use both power sources to keep the engine running and still isolate the alternators and batteries if there is a problem.

Nothing wrong with human intervention, especially when that intervention is never likely to be required for hundreds or thousands of hours, if ever.

Adding more components for unlikely events doesn't make sense as it may increase the likelihood of failure. Most people who have been in the systems design field for a long time will tell you that.
 
Last edited:
1) When I first power up the plane, I'll turn on the ESS Aux feed first and verify power to the ESS Bus and no power to the Main Bus. No need to test that again at the runup pad.

That would work. Non-standard, so it would require a bit of pilot training. A pre-start checklist perhaps? After start, it can't be verified without shutting down the main bus, so it's impractical to see if the engine actually runs on the aux source.

See smoke - cut both masters. The ESS bus is now fed by the Aux battery only.

Engine remains running...unless the aux feed was the smoke source (see your post 110).

Best case (as you say) you're running on one power source. That means half the range before flameout.

Contrast with Cliff's approach. To fire it up, the pilot merely flips on both masters and both engine power supplies. The engine may be run on either power source at any time, for test or otherwise. Opening one or both masters for any reason has no effect on engine operation; power remains dual. Two batteries, so two batteries worth of run time.

I fly for a living and you guys are scaring me...

Catchy rant Bob, but that trusty Boeing has separate systems to support the left and right engines, yes? Is there some single electrical failure which would shut down both engines?

The issue is required intervention following silence at a few hundred feet, without CRM, simulator-trained responses, or time. Some intervention may be unavoidable, but less is better, and none is best.

And risk? Yeah, we know we're taking a risk. Design is about reasoned compromise; no design is perfect. The goal is to shave the odds via better choices. Buy a Bus Master if you don't want to think about it.
 
more

Catchy rant Bob, but that trusty Boeing has separate systems to support the left and right engines, yes? Is there some single electrical failure which would shut down both engines?

Can't say for sure Dan, but there IS a checklist for dual engine flameout and loss of all electrical busses, so it must be possible.

The issue is required intervention following silence at a few hundred feet, without CRM, simulator-trained responses, or time. Some intervention may be unavoidable, but less is better, and none is best.

Agree with you there. Unfortunately, to make a system that requires no intervention (or at least minimal intervention) you end up relying on additional mechanical/electrical/solid state devices to provide the required action. This, in turn, can introduce additional failure modes leading you right back to where you started. A mechanical/electrical/solid state device that is 100% reliable would be made from Unobtainium.

And risk? Yeah, we know we're taking a risk. Design is about reasoned compromise; no design is perfect.

Yes Dan, I am very familiar with the design process...especially Spacecraft Design. There is also far more than one way to skin a cat, as they say.


The goal is to shave the odds via better choices.

I agree...but who gets to decide what is better, Dan?

Buy a Bus Master if you don't want to think about it.

Nice childish shot at someone else's design decisions, Dan...and I believe it's called a Bus Manager not a Bus Master...
__________________
 
People can pine for fully automatic fail overs and properly implemented, they have their place- auto feather systems for instance have probably saved a fair number of lives.

However, then we come down to how to detect and what to do. Have we thought about every possible scenario and a solution or strategy to each? Do we end up with something so complicated that many people won't understand it if something doesn't work as intended?

Remember the CVRs on one Airbus crash- "what is IT doing now?

Automation can be great if it always works, unfortunately it doesn't.

Seems like having the dual power source setup that Cliff depicts is probably as good as the basic power architecture gets with simplicity. Should we leave the ECU switchover in the hands of the pilot or automate it?

How much time will it take to develop and TEST such hardware and software before we trust to use it? What's the liability if the system doesn't save the day if something takes a dump? I'm not sure we have the resources to develop this.

Single engined helicopter folks know the risk of losing the engine at 100-300 feet at low speed airspeed but they still fly them.

Some people want a BRS, other people think they are dead weight.

Always some risk and of course we should take reasonable steps to mitigate most of the ones that may injure us.

In the event of engine stoppage at low altitude, my training (and I do train for this as you all should) is to lower the nose, flip on my backup power switch and my 2nd fuel pump in that order. If I have time, I'll switch tanks. After that, there are not many options left. If Cliff uses both pumps for takeoff and already has 2 power sources feeding the engine bus, he can shave off a couple of these actions.
 
Last edited:
Agree with you there. Unfortunately, to make a system that requires no intervention (or at least minimal intervention) you end up relying on additional mechanical/electrical/solid state devices to provide the required action....

Not necessarily. Consider Cliff's architecture, or John's. I merely posit that less is better. Ross says getting to none (an automated injector swap) is too difficult, so it looks like one switch flip will stay.

Buy a Bus Master if you don't want to think about it.

Nice childish shot at someone else's design decisions, Dan...

Hey, it's Robert's solution. See post 40. You already an owner?
 
Bus Manager

I do not own a Bus Manager.

I do own A Dual EFII System from Robert.

I am following these discussions as I am currently contemplating the electrical system for my -10.

I am planning on a dual battery, Primary/Standby alternators, EFIS, and EFII system...
 
I fly for a living and you guys are scaring me...


Just for a couple of data points:

There were MILLIONS of hours flown safely in the B-727, and it had human intervention required..."Protect Essential" was the name of the game.

The B-757 and 767 have automatic switching but things can STILL go dark requiring human intervention.

The B-717 has uninterrupted power transfer systems and things STILL go dark, usually requiring a reboot of the system.

Let's not even mention the Airbus electrical system!:eek:

and let's not forget the MILLIONS of safely flown IFR hours in GA aircraft with simplistic electrical systems.

In aviation, there is ALWAYS a risk, and as these pages demonstrate, no matter what idea someone comes up with there will always be someone there to shoot it down.

I would propose that these "experts" provide their own designs and let the crowd have a stab at shooting them down...

I am not an electrical expert but for discussion's sake, here is my example. My design is that of a J-3 Cub with no electrical system...oh, wait, what if there is a failure of the switch hooked to the P leads?...:eek:

Seems like, if I may quote a classic movie, "The only winning move is not to play."

I was a 727 FE for a year. Trust me, having a human in the loop was not optimal. It was required. My next position was 757 FO. No FE. 1st generation modern cockpit automation. VERY GOOD level of automation.

At our level sometimes automation massively complicates a lot of things. I would prefer a max of 1 pilot action required in an emergency.
 
I do not own a Bus Manager.

I do own A Dual EFII System from Robert.

I am following these discussions as I am currently contemplating the electrical system for my -10.

I am planning on a dual battery, Primary/Standby alternators, EFIS, and EFII system...

Ok, so as a trained engineer/designer, what can you contribute to the discussion? How would you increase reliability, reduce risk, and simplify operation?
 
questions

"...Ok, so as a trained engineer/designer, what can you contribute to the discussion? How would you increase reliability, reduce risk, and simplify operation?..."

Those are fair questions. Since I am just beginning my electrical architecture, I am in the process of researching what I actually need, and what I want. I can't answer the "how" questions at this point. Since there appears that any kind of "standard" does not exist, I followed this thread looking for what others are considering and how it compares to those systems designed by people who actually have electrical architecture backgrounds.

After reading this thread, it seems far easier for people to reject other's designs than actually suggest a realistic solution. Realistic is the key word. It is a fine "thought exercise" to try and design a perfect system. In reality, regardless of the number of iterations tried, the perfect system will remain just out of reach. What it comes down to is what is acceptable to each builder. I will defer the "how" questions until I am farther into my design process.

Maybe someone out there who actually is flying with EFIS, EFII, dual batteries, and dual alternators would care to share their experience with their particular design. A discussion based on actual experience might be more helpful than trying to design a perfect system.
 
Coming from the avionics side of things I'll use the Garmin G5 as an example of how I think it should be done: dual power inputs with it's own dedicated backup battery.

With a system like that there is no pilot action required for the unit to keep operating (in this case engine keeps running) even if one or both of the external power inputs fail.

Having recently experienced "smoke in the cockpit" (thankfully on the ground), you want to be able to shut things off quickly without having to think about it, smoke in the cockpit and a dead engine not so good.
 
Last edited:
". SNIP....

Maybe someone out there who actually is flying with EFIS, EFII, dual batteries, and dual alternators would care to share their experience with their particular design. A discussion based on actual experience might be more helpful than trying to design a perfect system.

Happy to share what I?ve been flying with for 16 years in 4 planes. Just PM me your email address.

Carl
 
Very few folks have any wide experience with EFI and dual batteries and 2 alternators because the latter is a pretty new development. Plenty have a single alternator and dual batteries as that's worked just fine with AGM batteries for many years. All this dual everything trend started with the widespread use of Lithium batteries and some of their different characteristics and potential problems.

Some of the people commenting have zero experience even flying EFI equipped engines so take that into consideration when reading what they have to say.
 
Last edited:
These design excercises are a fine use of time, but lets not forget one simple axiom: You can't add "quality" after the fact.

In this application I see a bunch of angst and concern over what happens when a circuit fails... It would be nice to see that much concern going into the actual fabrication, installation and maintenance of the circuit in the first place. After all, a given battery, wire, and connectors should be MORE RELIABLE than (for example) the bolt holding the drive gear on the back of the crank on your next flight. If you doubt this, then you are not doing your job as a maintainer.

I know Ross has countless examples of "failed" components that are directly related to poor installation practices. In my time with the E-AB world I've seen some downright scary fabrication of critical systems so it appears we have a long way to go before we get it right. I've also spent 30+ years in military and commercial aviation and can say that "wiring" is highly reliable. Short of combat or other acute damage, wire bundles live long and happy lives. I'd suggest we start by ensuring to the best of our ability that the circuit you DO install does NOT fail. That means no chaffing, good grounds, strain relief, proper crimps, regular load testing of batteries, and no possibility of short circuits. Do this and the probability of relying on this yet to be determined "perfect" redundant architecture drops to the noise level.
 
Last edited:
That is why I asked for someone that actually has experience with a working system...

OK, I had 240+hours over 6+ years on a dual battery, dual alternator system part of which had dual electronic ignition-------and a failure of the dual EIwill make the engine just as quiet as a failure of EFI.

My system was 60A alternator and Odyssey 925 feeding the mail buss, and a SD8 and Odyssey 680 to feed the aux/essential buss.

There was a cross feed contactor to hook the batteries together if I ground down the main battery trying to start----------never used it. If doing things again, would not put it in.

There was a Schotkky diode that allowed the main buss to feed power to the aux/essential buss.

All radios, EFIS equipment, and Lasar ignition were fed directly off the aux/essential buss.

All other loads were on the main buss.

I had one case of an electrical "failure" that proved the system to work as I wanted/designed it to. The field breaker popped and the warning light for the alternator came on. There were no other noticeable effects on the plane, as I had yet to engage the A/P---which was not fed off the aux/essential buss. I switched off the master for the main buss, flew home just fine.

So, what happened?--------my fault for not securing the ignition key switch better, and it rotated a few degrees in the panel hole, contacted a terminal on the main alt field switch.

When I installed the dual CPI-------it was fed off the aux/essential buss.
 
Last edited:
A slight thread drift (sorry) but a couple of Michael's points here are thought provoking. The idea of being a good maintainer, and the observation that wire bundles are generally very long-lived.

I had a very good friend who, before becoming a FO and captain for a major, worked as a mechanic for the same major, specializing in avionics and electrics. They had a 757 with chronic electrical shorting problems. After hours and hours of testing, he isolated it to a short stretch of wire bundle. When he unbundled it, he found some aluminum chips in the bundle that had fallen from above when some other mechanic drilled a hole in something. The aluminum chips had wiggled and vibrated into the bundle until they cut into the Tefzel and caused a short.

Lesson: Wire bundles can be damaged/affected by other maintenance activities.


These design excercises are a fine use of time, but lets not forget one simple axiom: You can't add "quality" after the fact.

In this application I see a bunch of angst and concern over what happens when a circuit fails... It would be nice to see that much concern going into the actual fabrication, installation and maintenance of the circuit in the first place. After all, a given battery, wire, and connectors should be MORE RELIABLE than (for example) the bolt holding the drive gear on the back of the crank on your next flight. If you doubt this, then you are not doing your job as a maintainer.

I know Ross has countless examples of "failed" components that are directly related to poor installation practices. In my time with the E-AB world I've seen some downright scary fabrication of critical systems so it appears we have a long way to go before we get it right. I've also spent 30+ years in military and commercial aviation and can say that "wiring" is highly reliable. Short of combat or other acute damage, wire bundles live long and happy lives. I'd suggest we start by ensuring to the best of our ability that the circuit you DO install does NOT fail. That means no chaffing, good grounds, strain relief, proper crimps, regular load testing of batteries, and no possibility of short circuits. Do this and the probability of relying on this yet to be determined "perfect" redundant architecture drops to the noise level.
 
Same but different...

Bob,

I am still building my -10 and have the following config:

SDSFI
Z-14 dual split buss with cross feed contactor.
60A B&C primary alternator.
BC410 secondary alternator.
2 - Odyssey 625s in the back.
1- Shorai 36Ah battery FWF mounted up high as an aux batt just for the engine buss should I need it. This battery only connects to the engine buss via a Honeywell 20A locking toggle switch. It will be charged / maintained in the hangar as needed between flights via a maintenance lead in the oil door recess.

I could connect the Shrorai to a charging circuit through a diode but have chosen not to. For the typical duration away from the nest it will hold the necessary charge. For anything longer, multi-day OSH, Bahamas, etc. maintenance top off is easy enough via cord or solar. Don't have to worry about overcharging OV Li issues on the running plane.

Is 5lbs worth the added safety net? Will I ever use it? In the -10 I'm not worried about an extra 5lbs hanging around for the piece of mind personally. If it gets to be an issue, I'll lay off the heavy IPAs and extra pizza every week.

The extra $$$ for the dedicated AUX engine battery is peanuts compared to what we put in the rest of the plane.

In normal mode the engine buss will be fed through a primary engine buss switch and diode by the 60 A buss. If I have smoke, the 2 battery masters go off, the aux engine buss switch connected to the aux batt goes on. The avionics to get on the ground have their own B/U batts. I land... NOW, just like I would in any other electrical FI config airplane to sort out why.

It's not automatic but its robust and I will drill the switch procedure at each run up.

"Red switches OFF - Yellow Switch UP!" for any engine power loss or smoke in the cockpit period....LAND!

As a comparison risk management process....When we skydive we expect a malfunction on every jump. The cut away / reserve deployment is mentally rehearsed before every exit regardless of skillset. It should be muscle memory. This rehearsed procedure has gotten me on the ground safely a couple of times when the main canopy did not deploy as it should have. Automatic activation devices can be used for auto reserve deployment if chosen. AADs are "problem solving automation" but can get you into another set of issue entirely if they deploy the reserve in "fringe malfunction" areas.

I view my EFI system in the same way personally. If there's a problem I will deal with it appropriately. Build the system as best you can with sound building practices and know the fault scenarios. The thought that I should build my experimental for anyone to fly and be fully "auto" is something that I personally do not put any weight to....but to each their own.

"...Ok, so as a trained engineer/designer, what can you contribute to the discussion? How would you increase reliability, reduce risk, and simplify operation?..."

Those are fair questions. Since I am just beginning my electrical architecture, I am in the process of researching what I actually need, and what I want. I can't answer the "how" questions at this point. Since there appears that any kind of "standard" does not exist, I followed this thread looking for what others are considering and how it compares to those systems designed by people who actually have electrical architecture backgrounds.

After reading this thread, it seems far easier for people to reject other's designs than actually suggest a realistic solution. Realistic is the key word. It is a fine "thought exercise" to try and design a perfect system. In reality, regardless of the number of iterations tried, the perfect system will remain just out of reach. What it comes down to is what is acceptable to each builder. I will defer the "how" questions until I am farther into my design process.

Maybe someone out there who actually is flying with EFIS, EFII, dual batteries, and dual alternators would care to share their experience with their particular design. A discussion based on actual experience might be more helpful than trying to design a perfect system.
 
SNIP....

I am still building my -10 and have the following config:

SDSFI
Z-14 dual split buss with cross feed contactor.
60A B&C primary alternator.
BC410 secondary alternator.
2 - Odyssey 625s in the back.
1- Shorai 36Ah battery FWF mounted up high as an aux batt just for the engine buss should I need it. ...SNIP
.

Assuming you are careful in how you connect the two PC-625 batteries I offer that the extra Shorai battery is not needed, nor or the backup EFIS batteries.

Carl
 
These design excercises are a fine use of time, but lets not forget one simple axiom: You can't add "quality" after the fact.

In this application I see a bunch of angst and concern over what happens when a circuit fails... It would be nice to see that much concern going into the actual fabrication, installation and maintenance of the circuit in the first place. After all, a given battery, wire, and connectors should be MORE RELIABLE than (for example) the bolt holding the drive gear on the back of the crank on your next flight. If you doubt this, then you are not doing your job as a maintainer.

I know Ross has countless examples of "failed" components that are directly related to poor installation practices. In my time with the E-AB world I've seen some downright scary fabrication of critical systems so it appears we have a long way to go before we get it right. I've also spent 30+ years in military and commercial aviation and can say that "wiring" is highly reliable. Short of combat or other acute damage, wire bundles live long and happy lives. I'd suggest we start by ensuring to the best of our ability that the circuit you DO install does NOT fail. That means no chaffing, good grounds, strain relief, proper crimps, regular load testing of batteries, and no possibility of short circuits. Do this and the probability of relying on this yet to be determined "perfect" redundant architecture drops to the noise level.

Couldn't have said it much better. Keep the number of connections and components to a minimum (less components= less connections). We've covered in other threads how you should make connections, install strain relief and support wiring, keeping it away from high temps and chafing- vitally important with EFI and EI. You can't blame an ECU for "failing" when you don't feed it electrons through good power and ground connections.
 
Last edited:
Bob,


1- Shorai 36Ah battery FWF mounted up high as an aux batt just for the engine buss should I need it. This battery only connects to the engine buss via a Honeywell 20A locking toggle switch. It will be charged / maintained in the hangar as needed between flights via a maintenance lead in the oil door recess.

I could connect the Shrorai to a charging circuit through a diode but have chosen not to. For the typical duration away from the nest it will hold the necessary charge. For anything longer, multi-day OSH, Bahamas, etc. maintenance top off is easy enough via cord or solar. Don't have to worry about overcharging OV Li issues on the running plane.


It's not automatic but its robust and I will drill the switch procedure at each run up.

"Red switches OFF - Yellow Switch UP!" for any engine power loss or smoke in the cockpit period....LAND!

I view my EFI system in the same way personally. If there's a problem I will deal with it appropriately. Build the system as best you can with sound building practices and know the fault scenarios. The thought that I should build my experimental for anyone to fly and be fully "auto" is something that I personally do not put any weight to....but to each their own.

My RV6A also has no alternator connection to the backup battery- just a 30 amp ATO fuse and toggle switch to the engine bus. I isolate that bus from the primary battery and alternator by turning off the master.

I also have all my backup switches labeled in yellow. They all go on if the engine stops so I don't need to search for them or think much. It's a trained response.

Nobody flies my plane without a good systems checkout as it's pretty different from most other RVs- turbocharged, electrically dependent, auto engine and variable pitch (not CS) prop. I hope nobody lends out their plane to people unless they understand the systems. That being said, the checkout can be a lot shorter if you don't have a complex electrical layout which requires a checklist to operate in an emergency.
 
After reading this thread, it seems far easier for people to reject other's designs than actually suggest a realistic solution.

A sincere attempt to provide review, as most request, requires time and thought. And we've been discussing much of it for a long time. Didn't feel a great need to post architecture again, but...

Here's an oldie from a past discussion on developing architecture. It proposes independent dual systems as the best solution for electrically dependent engines (specifically, in that discussion, electronic ignition), but the idea of developing in logical order holds for any proposal.

Start with the basic concept, add charging and airframe power supply, then flesh out the system with required components. I've added the sketch on the right for this discussion, power for full EFI/EI, which in its current iteration requires bringing power to a single bus.

34owvme.jpg


Some of the people commenting have zero experience even flying EFI equipped engines so take that into consideration when reading what they have to say.

Ross, how might specific EFI flight experience aid discussion of basic power supply architecture?

My RV6A also has no alternator connection to the backup battery- just a 30 amp ATO fuse and toggle switch to the engine bus. I isolate that bus from the primary battery and alternator by turning off the master.

That was a system add-on following an incident. You added it a long time ago. Views change. Would you use the same architecture if you were wiring the new airplane today? If so, why, in technical terms?
 
Guys, Thank You...

Thank you to the numerous PMs and thread posts on currently flying systems and your experience with them.
 
Ross, how might specific EFI flight experience aid discussion of basic power supply architecture?

That was a system add-on following an incident. You added it a long time ago. Views change. Would you use the same architecture if you were wiring the new airplane today? If so, why, in technical terms?

I didn't say comments from people not flying EFI have no merit, just consider that their ideas have never flown. I personally always value your input and ideas as they are almost always well considered and you have wide experience in many fields. Some others here, not so much.

Actual working experience with any topic is a bonus in my view. For example, if someone has done a lot of nice composite work, they're far more qualified to give advice IMO compared to someone who has little or no experience on that subject- which is why you don't see me giving advice on that topic.

While a clean sheet design may work flawlessly, you don't know without some time on it. Lot's of folks think they have a great idea but have no experience using those circuits to know how well it works or if it's been reliable for a period of time. In this business, we consider that important and significant.

On my layout, I'd use it again with no changes because it's simple and it works. I need nothing more than that. I only offer what has worked for me and others to put forth ideas and make people think. I know most people have their own ideas for their aircraft. Their mission and experiences are likely different from mine and I get that. I am not the "know it all guy" on this topic. What I do have is feedback and ideas from hundreds of customers over many years who have been flying EFI. I've learned some useful things from this thread too which I'll distribute to out customers.

I've/ we've learned from my mistakes and others to improve system reliability. On other forum at the moment, the topic is how best to implement backup fuel and spark on an alternative engine. The sub topic was the details on two forced landings caused by crank sensor wires melting though from poor routing near exhaust systems. While obvious to most people, these 2 builders didn't consider their choices carefully enough and both planes were damaged as a result. We can learn from those mistakes and add special cautions and improved thermal resistance and shielding to those wires. You can't get feedback from someone who has never done something.

There are plenty of ways to approach and implement an electrical layout for your EFI aircraft (as we've seen on numerous threads here). No best way for everyone so I think people looking for a definitive layout that they should use may be disappointed. I would urge everyone reading this thread to take all the good ideas put forth and perhaps use them to improve your design.
 
Last edited:
I have been considering running an AWG 6 "fat wire" to the switches for the EFI bus. According to Nuckolls he feels it does not require fusing.

True enough, but I would not select #6 for a 20 amp max load just to skip a fuse.
 
Back
Top