What's new
Van's Air Force

Don't miss anything! Register now for full access to the definitive RV support community.

The ultimate in power redundancy

SinCityJets

SinCityJets

Active Member
OK, so I recently posted a thread titled "Is this battery overkill."

I am going to be building a new RV shortly, and I was all set to get a VPX-Pro. Then there was a post by Carl Froelich (name used with permission) that made me really start to question what I was doing. Not that he was trying to steer me away from anything, but asking what I thought I was gaining.

He sent me his 5 Buss design, that after his explanation, made a lot of sense to me.

It seems people, including me, want all this redundancy (batteries, ECU's, Alternators, AHARS, etc) and then want to run it all through one single potential point of failure. I have read enough threads on the VPX (and other power management systems) to know that it CAN be a single point of failure.

So my question is WHY? (or why not). WHY NOT use circuit breakers / breaker switches? What do you gain by using the VPX-pro. Aside from speed controlled wig-wag (which is in the G3X) and flap position control, what do you lose by NOT using a VPX?

Carl's 5 Bus system made sense to me and seemed to be the ultimate in redundancy. I will try to post pictures...

Again, not trying to knock any product, I am trying to learn...

Chad
 
I?m torn about using a VP-X in my project. I?m thinking that I will use it for my main bus items but have an essential bus that is powered through circuit breakers. My main EFIS (and perhaps my main COMM/GPS) might receive their power through the VP-X but can draw power from the essential bus when the main is offline.

Off hand, the advantages I see to the VP-X is that it can identify the type of fault in a circuit and not just have a popped breaker or inoperative device. Reconfiguration is also easier, in some respects. The electronic CBs should also have a much higher MTBF.
 
One thing that has impressed me with some electrical system designs, is that they can be designed so that if there's a failure, nothing needs to be done. Nothing.

See DanH's postings, or it might be Ironflight's. Very sensible and they include adequate system redundancy.

Another related topic, Ironflight's, I think, refers to a basic question of the type of redundancy built in - is it "like" redundancy? Or better, is it "unlike" redundancy?

And for more on the general philosophy of system design, there have been occasional postings, often by DanH, regarding how to figure out the consequences of a single failure, how to assess what's adequate to handle failures and implicit, when to stop adding complexity.

The only contribution I can make is this: simplicity is more than a good idea, it's elegant. Naturally, it's not often easy. Aim for it whenever possible, especially when it affects pilot workload.

Dave
 
In case my electrical design is interesting

In case my electrical design is interesting start with readme here

I'm guessing it's what one responder to your "Is electronic injection "there?"" post sees as unnecessarily complicated. All feedback cheerfully accepted.

In any case, isn't a wire by wire fault analysis a great idea or even critical? And a review of inflight failure recognition and response.
 
I am the last person who should be explaining Carl's diagrams, but what I understood is this:

There are 5 buses (I know, I'm a genius)

2 - for the electronic ignition (1 each side, but powered by both batteries, or one battery in case of a failure)

2 - busses for VITAL equipment (split in half for redundancy). Each battery is assigned to one of the two busses, but can be powered by the other battery with a simple flick of the switch. Even if you did nothing, the "other" vital bus would continue to operate (half the engine/avionics)

1 - non vital buss which is powered by one/both batteries.

Any failure of either battery can be fixed with a simply flip of the switch, OR you can continue the mission with half of the electronics by doing nothing.

It really does seem "Simply Redundant" - Feel free to use this as a tag line!
 
On a related note, many of the G3X system components have two diode-protected power inputs so they can draw power from two different buses. One thing you can do with the two inputs is to have a database download bus so that you can turn on those components without powering on the whole system or pulling a bunch of circuit breaker.

Ask me how I came up with this idea...
 
Some thoughts

Chad was nice enough to post my less than clear power point slides on one design version of electrical distribution. I know from experience however that most people who see the slides tend to have their eyes glaze over.

There are many ways to do power distributions and reference material to provide examples of what others have done so I suggest builders do their own homework to decide what they want.

My approach started with some simple rules:
- No one component or connection fault will result in a dark panel or no engine (battery connection, ground connection, relay terminal, relay, etc.). This element drives the two battery approach. While a battery is the most reliable element in any designs (assuming is it not abused or run flat and then jumped), the system connections to the battery are not as reliable. So two battieres, two master relays, and four 30amp avionics relays.
- There will always be something that goes wrong. Pick any element and fail it. Will the resulting degraded system support continued IFR flight with no pilot action? This is what drove the separate relays feeding the left and right vital (avionics) busses and direct battery feed for engine electronic ignition (I no longer include this as I run pMags, but it will support those who want electronic engine ignition/fuel managment systems).
- Need to have things like EFIS and ignition backup batteries is eliminated. No battery is along just for the ride.
- In the RV-10 I added a standby alternator as the power hungry glass panel (especially the GTN-650) draw meant the two PC-625 batterie no longer hit my target 2+ hour reserve capacity. The standy alternator was added, but feeds the left and right avionics buss via isolation diodes as another layer to mitigate single failure mode risk.
- Battery health is a maintenance element. Any abused battery (e.g. master switch left on) is replaced - period. One battery is replaced every three years to help ensure reserve capacity is maintained (pulled batteries go on to a second life in lawn tractors, airplane tugs and such).

Again - a lot of ways to do this. This design and variations has been flying for 16 years in four RVs and soon to fly in my new RV-8 project.

Carl
 
SinCityJets said:
It seems people, including me, want all this redundancy (batteries, ECU's, Alternators, AHARS, etc) and then want to run it all through one single potential point of failure. I have read enough threads on the VPX (and other power management systems) to know that it CAN be a single point of failure.

So my question is WHY? (or why not). WHY NOT use circuit breakers / breaker switches? What do you gain by using the VPX-pro. Aside from speed controlled wig-wag (which is in the G3X) and flap position control, what do you lose by NOT using a VPX?
Click to expand...

While I do have a VPX Pro, I'm not promoting it nor am discounting Carl's design.

Are you implying that a VPX Pro is a single point of failure? If so, then my assumption that you haven't read the manual and/or designed the additional circuits to make it more fault resilient than it is out of the box.

Yes, there are many fault scenarios that will leave you with diminished service, but I wouldn't go as far as to call it a single point of failure.

You may also want to seek out and understand AFS's Advanced Control Module. The current one is fuse based, but there is a solid state version in the works that should be available by OSH. I would talk to AFS directly to get all the facts and availability timeline.

Before anyone asks, I don't share my electrical design. I've been burnt by novices looking for a silver bullet and attempt to implement it without understanding the design criteria. I'd rather spend time helping people understand what they install in their aircraft and let them drive design decisions based upon their requirements.
 
rleffler said:
Are you implying that a VPX Pro is a single point of failure? If so, then my assumption that you haven't read the manual and/or designed the additional circuits to make it more fault resilient than it is out of the box.
Click to expand...

Yes, on both accounts. I am saying that the VPX could be a single point of failure. Your assumption is also correct, I have not designed any additional circuits that would be necessary to make my first statement false.

The truth is, I do not possess the skill or knowledge base to design circuits that will make the VPX Pro more resilient.

I am looking for a truly redundant electrical system, and Carl's seemed to make sense to me. On a side note, I currently fly an RV10, with a VPX Pro. Never had an issue. This next plane will not be purchased flying, so I want to put the best characteristics that will suit my needs, mainly redundancy and reliability.

If there is something I can do or add to the VPX pro, I'm all ears and willing to learn from those willing to teach!

Chad
 
So let me throw out the same scenero I posted in the "Is electronic injection "there?" thread..

What are you going to do when you have smoke in the CP from an electrical fault. Are you really going to start troubleshooting and isolating your 5 bus system one at a time (thats if you can remember how it even works a few years down the road) and see if the smoke stops, or would it be better to have just one thing to do, shut off the master, land and figure the rest out on the ground.

More complexity mean more chances of failure, KISS is a good philosophy, less is more IMO.

A simple battery backup source with one switch can power your basic flight instruments (using the #2 power inputs on G3X for example).

If you have an electrically dependent engine then you need a seperate buss and power source for that system with the primary purpose of keeping the engine runnng.

These are pretty simple little airplanes, I think it's best to keep the electrical system that way too.

As Stein likes to say.. just my 2c
 
Last edited:
Hi Chad, I think Bob may have been referring to the section of the VPX manual that offers a couple ideas for how to build a backup circuit to bypass the VPX in the event of a VPX failure. It's section 5.24 and you can download the manual from the VPX website.
 
SinCityJets said:
I am trying to learn...
Click to expand...

I appreciate your position. We're all learning.

Please realize many VAF contributors are not going to respond when it's obvious you've not reviewed the huge quantity of material already posted. "Search" is your friend.

Walt said:
....or would it be better to have just one thing to do, shut off the master, land and figure the rest out on the ground.
Click to expand...

Amen!
 
Last edited:
Agree with Bob, recommend reading the manual.
Quote from the manual:
4.4 DualBuss? Technology (VP-X Pro)
The VP-X Pro includes our new DualBuss? technology that has two
independent power busses in a single system
 
As 24 years as an EFI supplier and 15 years of actually flying EFI, our thinking and experience closely follows Walt's philosophy. KISS and leave the backup power switch over in the hands of the pilot. Just have one switch to throw as you may be task saturated in an emergency which is no time to start running through the schematics in your head of a complex backup system.

I'll come back to it again- one backup battery, one 30 amp ATO fuse, one heavy duty toggle switch to the essential bus. Master off to isolate alternator and main battery, backup switch on. Prop will be windmilling almost any time in flight at best glide speed or above. If that doesn't restore power, look for the best forced landing option.
 
You must log in or register to reply here.
Back
Top