What's new
Van's Air Force

Don't miss anything! Register now for full access to the definitive RV support community.

Power system architecture for EFI

rmartingt

Well Known Member
So I'm getting closer to being able to start my systems installation and hoping to make some progress on my electrical diagram while I'm laid up next week. I've been looking over some thoughts on electrical systems and trying to figure out how best to go about providing reliable power to an SDS EFI system on an IFR-equipped aircraft.

I've done all my planning around the idea of a dual-battery, dual-alternator system--effectively, the Nuckolls Z-14, albeit with minor changes to the cross-tie wiring and switching (I don't want my start switch and crosstie switch combined), and adding some form of ground power input.

Under such a system, I'd wire half of the EFI directly to each of the battery buses, with a fuse and a switch for each component. However, this leaves me with at least 10 switches just for the engine components, as I'd have to have some way of turning them all off. Unless the coils, injectors, and injector relay don't draw power at all when they aren't firing? This also means I lose power to half the injectors if a whole bus goes down, and I don't think that would be a good thing for the engine.


Now, I also considered taking the same basic system, but instead of splitting items among two buses, I'd have them feed a single "engine bus" through a diode arrangement straight off the batteries. This reduces problems of having to deal with "which bus is powering things" but adds parasitic drain from the diodes and still keeps all the switches.

A variation on that would be to put a switch in line between each battery and the engine bus and keep the diodes; this would eliminate a lot of the individual component switches and leave me with just the fuel pumps. Everything else would be on whenever engine power was on.

I will try to get some block diagrams up soon to illustrate these ideas, but for now, does anyone have feedback so far?
 
The coils and injectors don't draw any power unless the ECU(s) are running and the engine is turning over.

You'll get plenty of opinions on the best way to wire this setup.

The more diodes and relays you have, the more potential points of failure.
 
The coils and injectors don't draw any power unless the ECU(s) are running and the engine is turning over.

You'll get plenty of opinions on the best way to wire this setup.

Same for the injector relays, I assume (listed on the sheet for 2A fuses)?



The more diodes and relays you have, the more potential points of failure.
That's why I'm trying to go through this exercise. I'd like to keep the engine power supply as basic as possible but also minimize switchology and operational complexity.
 
The injector relays only switch the injector paths between ECUs when using dual ECUs. They are necessary in this instance because we need primary isolation as well as backup connection for this strategy. Contacts are normally closed with no power so they draw nothing in the primary position. This is a normal design strategy in most critical systems, for us at least.

I'm a big fan of ATO fuses rather than breakers for most parts of the EFI. Lighter, cheaper, more reliable and take up less space. We pick a fuse rating of around 3 times the nominal current draw of the device. If that fuse blows, it's because there is probably a short in that wire and you wouldn't want to reset a breaker anyway.

Fuses are generally there to protect the wiring, not the device.
 
Ok, I've put up a couple of basic block diagrams below.

Block diagrams

I've received some feedback from others; haven't yet had time to process those, but thank you!

I'm aiming to keep this alive as my plan evolves; the more eyes, the better...
 
Last edited:
One design I really liked was the following:

Three buss systems.
Primary: This is your 60A system, includes MFD, landing lights....
Essential: This is your 20A system, Nac/Com 1, PFD....
Engine: Ran the Plasma III systems (dual).

Three batteries; Two large batteries for the primary and essential bus. A third small NiCad (I think) battery for the engine bus.

Starter connected to primary bus.

Primary connected to Essential via one way diode.
Primary connected to Engine via one way diode.
Essential connected to Engine via one way diode.

Engine bus will maintain power, until you lose both alternators and all three batteries. Downside, you lose Essential bus Alt in flight. You do not find out until you test on ground at startup or shutdown by turning off Primary bus first.

Tim
 
So I've done lots of thinking in the past several months and have come up with another idea.
https://drive.google.com/file/d/0Bzc0mKhKON4HTXE5VmFJVWpROGU5Rl9oay1pNl9nbWdRTmVJ/view?usp=drivesdk

This starts off as a Z-14 (dual alt, dual batt) with the following major addition/change:

A separate engine bus is fed off the main and aux buses through diodes. If either bus is up, the engine has power. I'd set the alternator on the main bus about 0.5V higher to give it "priority" in feeding the engine bus.

For additional redundancy, I'd have an "emergency power" switch that directly connects the engine bus to the batteries through diodes (or, two switches that individually connect each battery to the engine bus). This way, I can kill the entire system and then feed just what I need to run the engine. In such a scenario I'd rely on the EFIS backup batteries for instrumentation as they're likely to last about as long as the ship's batteries will power the engine.


As before, I'd be using fuse blocks for power distribution.

The only other notable change I could see would be either separating the crossfeed and start switches, or using a crossfeed switch and a separate "start battery selector" rotary switch. But that might be getting too fancy.

Ground power input will just be battery charger connections under the cowl.

More comments invited. Thanks!

Edit: link should be viewable now
 
Last edited:
I actually liked your Z14 Mod 2 setup. I'm planning for SDS and using an Engine bus with a back up alternator and two batteries and VPX. Shoot me an email and I'll send you the power schematic that I'm working on.

On your mod 2, I'd recommend just adding a switch for the second battery. I have a diode keeping my second battery charged, but it remains isolated until I throw the "oh ****" switch.

Honestly, it depends on what your failure modes are and what you want your flow. Personally, I'm doing an avionics master through the VPX to quickly load shed for alt/s failure. For a main batt failure, I'll kill the master and flip on the "oh ****" switch which will power back up the engine buss as well as the IFD440, PFD (with ems). The G5 has it's own battery and will remain on even if everything else craps out.

At some point, you'll arrive at situations you just can't have a redundancy for and either accept those risks or stop flying (for example, electrical fire, engine failure).
 
A good design has no "Oh ****" switch to keep the engine running. Engine electronics need dual power or auto switching.

The airplane is at 200 feet, the departure end just went under the wing, and the engine quits. Right then, nobody has enough spare brainpower to diagnose an electrical problem.
 
A good design has no "Oh ****" switch to keep the engine running. Engine electronics need dual power or auto switching.

The airplane is at 200 feet, the departure end just went under the wing, and the engine quits. Right then, nobody has enough spare brainpower to diagnose an electrical problem.

Exactly correct. Design for continued IFR flight after a fault with no pilot immediate action.

Carl
 
Exactly correct. Design for continued IFR flight after a fault with no pilot immediate action.

That's what I'm going for with Mod 3. I'd have to go wire-by-wire to confirm but I think it should be tolerant of any one failure without killing the engine. We could take that down the rabbit hole of auto-switching for fuel pumps and ECU control but that might be taking it too far--I'd rather just run both pumps for takeoff and landing, and I don't think automatic ECU switching is really feasible. So I'd just have to live with that one--it's a much less likely failure mode anyway.

The emergency power feed is a second line of redundancy giving me a way to kill everything else and still have power to the engine. Or, if for some reason I lost both alternators it would let me easily maximize time on batteries. For the cost of a switch and some wire, it's cheap insurance.
 
That's what I'm going for with Mod 3.

Let's see some architecture.

BTW, let's not focus on IFR. The issue here is keeping the engine running without interruption....anytime, anywhere.

The best system would not require a type certificate check ride to fly safely. It would have a master switch, two ON-OFF switches for the ignitions, and a fuel pump switch...the same as any light airplane, familiar to all.

I think we're creating our own future safety crisis with endless variations on complex electrical systems. A few years down the road, not even the builder will remember how it is wired. The second owner ain't got a snowball's chance. God help anyone who borrows the airplane.
 
Wiring

KISS

Sometimes simple can be reliable too.

The last thing you want to think about in an actual emergency is ... Oh I need to toggle this switch before this one because.... I have a cross feed that could back feed a fault.

Just saying. My opinion
 
Let's see some architecture.

BTW, let's not focus on IFR. The issue here is keeping the engine running without interruption....anytime, anywhere.

The best system would not require a type certificate check ride to fly safely. It would have a master switch, two ON-OFF switches for the ignitions, and a fuel pump switch...the same as any light airplane, familiar to all.

I think we're creating our own future safety crisis with endless variations on complex electrical systems. A few years down the road, not even the builder will remember how it is wired. The second owner ain't got a snowball's chance. God help anyone who borrows the airplane.

Dan,

There is merit in your position. I offer however that we should not consider every builder/pilot unable to learn and understand how their aircraft systems work. Perhaps I'm too old school. In my first life I was never allowed to touch a valve or switch before I could draw the system, explain how it worked, and list all immediate actions in the event of a casualty.

We are way passed steam gauges and vacuum pumps. For any IFR airplane there are just too many better options than a 1960 Cessna single split master switch. For those who fly only VFR, no issue.

As a side issue, I have found no data to show that the new full electronic engine management system create more power or are more efficient than one running pMags and a well balanced standard fuel injection system. I've seen some special case applications that may or may not provide some gain in the margins, but for 99% of us the cost and risk of these installs would seem to override this approach. I'm open for anyone to provide the performance data that proves me wrong.

Carl
Donning my Nomex for the anticipated blast.
 
I offer however that we should not consider every builder/pilot unable to learn and understand how their aircraft systems work.

After all, 90% of us are above average.

there are just too many better options than a 1960 Cessna single split master switch.

Really good architecture for EFI/EI power doesn't have anything to do with the master switch. Master on, off, or broken, the engine should continue to run.

As a side issue, I have found no data to show that the new full electronic engine management system create more power or are more efficient than one running pMags and a well balanced standard fuel injection system.

Let's not go there and ruin Bob's thread.
 
Last edited:
Let's see some architecture.
See my link above: https://drive.google.com/file/d/0Bzc0mKhKON4HTXE5VmFJVWpROGU5Rl9oay1pNl9nbWdRTmVJ/view?usp=drivesdk

Actual wiring diagrams are still in work.

BTW, let's not focus on IFR. The issue here is keeping the engine running without interruption....anytime, anywhere.
Right. Though one could argue that you should have an engine system that you'd trust for IFR, whether you intend to fly it or not.

The best system would not require a type certificate check ride to fly safely. It would have a master switch, two ON-OFF switches for the ignitions, and a fuel pump switch...the same as any light airplane, familiar to all.
Who says that "just like any light airplane" is the best way to do it? Or is that just "that's how we've always done it" and therefore we should keep doing it whether it's really the best idea or not?


I think we're creating our own future safety crisis with endless variations on complex electrical systems. A few years down the road, not even the builder will remember how it is wired. The second owner ain't got a snowball's chance. God help anyone who borrows the airplane.
Anyone who jumps into any airplane without first learning the peculiarities of its systems is an idiot. Anyone who lets someone borrow their airplane (especially a homebuilt) without making sure that person understands the peculiarities of that airplane is also an idiot. Airplanes aren't cars, and "hop in and go" went out the window a long time ago. We preach all the time about getting transition training for airplanes, and about taking the time to learn your avionics before you fly with them; what makes transition training for the other systems any different? Nobody expects an average guy driving a steam Cherokee to hop into a glass-paneled RV without at least a few hours of transition; is "your engine works a differently now" an insurmountable obstacle?

In any case, is a "fancy" electrical system really that much more complicated compared to a traditional electrical system and a vacuum system operating together? Good markings and careful thought during the system design process should keep the operator's complication to a minimum. And good record-keeping (schematics and wire diagrams) will make design and maintenance a whole lot easier.


As a side issue, I have found no data to show that the new full electronic engine management system create more power or are more efficient than one running pMags and a well balanced standard fuel injection system. I've seen some special case applications that may or may not provide some gain in the margins, but for 99% of us the cost and risk of these installs would seem to override this approach. I'm open for anyone to provide the performance data that proves me wrong.
It's not always about raw performance.

The biggest attraction, for me, is to have what someone here once described: an engine that does what you tell it to do, without you having to re-tell it each time. It's the idea of not having to play flight engineer. It's the idea of doing away with hot-start techniques, vapor lock, manual leaning, carb ice, and swapping parts around to optimize performance. It's about a system that (to me, at least) is actually more intuitive, from a systems understanding point, and easier to optimize and operate than a mechanical injection or carb system and magnetos.

As an aside, I had the opportunity to sit with Dave Anders last week and learn about his airplane, including what the SDS system can do. Very fascinating discussion and it reinforced my decision to go EFI.


Maybe it's a generational thing. I never tuned engines or hot-rodded cars or motorcycles as a kid. I have never driven a car that didn't have electronic fuel injection. My first full-time job involved testing the most advanced civilian cockpit in the world (at least at the time) in the engineering sim. The first time I flew a glass cockpit airplane for real, I was showing the owner (a 767 captain) how to use various functions on his new Skyview despite never using it before or ever reading the manual. And now my day job involves troubleshooting and devising fixes for an entire range of aircraft, from older jets with cable-driven flight controls and mechanically-controlled engines, up to the latest full fly-by-wire jets with computerized doors.

I'm aware that going EFI and using a fancier electrical system brings with it additional responsibilities. I know it's different than "traditional" light airplanes. But I'd also opine that the electrical system and engine management of traditional light airplanes isn't exactly a goal to be aspired to, either.
 
Let's see some architecture.

I cant help with "seeing" but I can do a quick description of what I had in the 10.

Dual batteries and dual alternators. Each battery fed by its own alternator ----big battery and big alternator, small battery and small alternator. Basically two parallel systems, but a cross feed Schottky diode to allow current to flow from the main or big system to the aux or small system. All electronics ----EFIS, radios, ignitions----directly fed from aux with back up via the diode. All other electrical loads fed directly from the main system. Your critical electrical loads suck current from either system, depending on which has the higher potential.

The issue here is keeping the engine running without interruption....anytime, anywhere.

Well, at least as far as the ignition goes-----cant help dry tanks.;)

The best system would not require a type certificate check ride to fly safely. It would have a master switch, two ON-OFF switches for the ignitions, and a fuel pump switch...the same as any light airplane, familiar to all.

Yep, what I described above---------as well as failure light on each charging circuit.

I only had one occasion to see the backup system in action------worked just as it should-----seamless transition.
 
The best system would not require a type certificate check ride to fly safely. It would have a master switch, two ON-OFF switches for the ignitions, and a fuel pump switch...the same as any light airplane, familiar to all.

I think we're creating our own future safety crisis with endless variations on complex electrical systems. A few years down the road, not even the builder will remember how it is wired. The second owner ain't got a snowball's chance. God help anyone who borrows the airplane.

I?m definitely with Dan on this one. I fly a LOT of different airplanes - some kit company demonstrators, some personal homebuilts, and some ?one of a kinds?, and you?d be surprised how often the personal homebuilts have systems complex beyond their need. I also used to be responsible for operating one of the most complex human-carrying flying machines ever built, and it?s electrical complexity was eye-watering. Today a similar ship would have automatic bus reconfiguration and do what was necessary to keep critical systems going without human intervention. And, in fact, the last spaceship I operated was built that way.

My own electrical designs follow this philosophy - if something bad happens electrically, diodes do what is necessary to keep power going to the right places - no human switch throwing is required as an initial response. I might have to step in to clean up systems after the initial failure response is complete - but if I don?t, it?s not critical. In an emergency, I want to aviate, navigate, and communicate (in that order), and not have to work a set of procedures I might or might not remember because they haven?t been needed since the airplane was tested.

Remember, you lose half your IQ points in an unexpected emergency, no matter who you are. Don?t make it harder than it needs to be.

Paul
 
I?m definitely with Dan on this one. I fly a LOT of different airplanes - some kit company demonstrators, some personal homebuilts, and some ?one of a kinds?, and you?d be surprised how often the personal homebuilts have systems complex beyond their need. I also used to be responsible for operating one of the most complex human-carrying flying machines ever built, and it?s electrical complexity was eye-watering. Today a similar ship would have automatic bus reconfiguration and do what was necessary to keep critical systems going without human intervention. And, in fact, the last spaceship I operated was built that way.

My own electrical designs follow this philosophy - if something bad happens electrically, diodes do what is necessary to keep power going to the right places - no human switch throwing is required as an initial response. I might have to step in to clean up systems after the initial failure response is complete - but if I don?t, it?s not critical. In an emergency, I want to aviate, navigate, and communicate (in that order), and not have to work a set of procedures I might or might not remember because they haven?t been needed since the airplane was tested.

Remember, you lose half your IQ points in an unexpected emergency, no matter who you are. Don?t make it harder than it needs to be.

But we aren't talking about space shuttle levels of complexity. We're talking two master switches instead of one, two fuel pump switches (one of which has to stay on) instead of one. I'm trying to keep switch-flipping to a minimum while still ensuring reliability. I guess if you really wanted to you could "hard wire" one of the fuel pumps so it runs any time power is on, but that's a lot of current to waste if you just want power on for a bit to do some avionics maintenance. I'll just remember to leave one of them on.

Going by my "Mod 3", for any single electrical power failure, supply to the engine bus would be uninterrupted as it's fed through diodes from both the primary and aux bus. The response, at the pilot's leisure, would be to flip the crossfeed switch and maybe load-shed nonessential equipment, depending on the failure. Same goes for avionics; the EFIS will have its own internal backup battery to hold the line if necessary. For a local VFR flight you probably wouldn't even have to mess with the crossfeed if you didn't want to--just come back and land.

The only two cases I can think of* where a single failure requires any immediate action are (a) the failure of a fuel pump, where the corrective action is the same as in a conventional system--turn on another fuel pump, and use both for takeoff and landing; and (b) the failure of the primary ECU (flip the secondary ECU switch). Considering the demonstrated reliability of the SDS ECU, that's something I can deal with.


The emergency feed is basically a backup to the backup. It's there if things really start going to pot, like losing both master contactors or both alternators. Or if I have some other failure where I want to kill everything else quickly but need to keep the engine going. It's a high-current switch that ties the engine bus (and nothing else) directly to the batteries. I suppose they could even come on at startup and stay on, if you wanted to operate that way, and the diodes would keep anything untoward from happening.


Has anyone besides majuro15 even looked at the last diagram I posted? Can I please get some useful, constructive feedback on what I've presented instead of "why aren't you going mechanical and mag" and "more than four switches is too complicated"? Maybe I confused things a bit resurrecting my old thread from last July, but still...
 
SNIP...

Has anyone besides majuro15 even looked at the last diagram I posted? Can I please get some useful, constructive feedback on what I've presented instead of "why aren't you going mechanical and mag" and "more than four switches is too complicated"? Maybe I confused things a bit resurrecting my old thread from last July, but still...

I did. Looking at that and your previous diagrams I assume the entire engine is running off the one engine buss, is that correct? Is it not possible to have half of the engine on each battery with separate feeds?

Carl
 
Can I please get some useful, constructive feedback on what I've presented...

Sure.

Note this popular maxim, from Saint-Exupery:

..perfection is finally attained not when there is no longer anything to add, but when there is no longer anything to take away...

Now consider these two sketches. What is the reliability difference between the one on the left (your original) and the one on the right?

1263d5g.jpg


BTW, I am not suggesting that the one on the right is optimum. It's just an example, an illustration of a point.
 
Ok, thanks guys...

I did. Looking at that and your previous diagrams I assume the entire engine is running off the one engine buss, is that correct? Is it not possible to have half of the engine on each battery with separate feeds?

Unfortunately, no. The kicker is the injectors; each one is powered individually (rather than by the ECU driving it) and there's only one per cylinder, so one way or another power needs to be able to get to them from both "sides". Running on two of four injectors is not good. So at that point, if I need to feed power from both sides to make the injectors work, why not do it for all of the engine components? That's how I went from the original plan down to these later concepts, trying to address that issue.

Also, as I was playing with wire diagrams and got better details on the EFI system I discovered some failure modes with that approach that would have had me throwing switches after one failure, or even just losing a bit of power (like losing one mag). Running everything off one bus with multiple feeds means everything keeps working even after a hypothetical complete bus failure.

Sure.

Note this popular maxim, from Saint-Exupery:

..perfection is finally attained not when there is no longer anything to add, but when there is no longer anything to take away...

Now consider these two sketches. What is the reliability difference between the one on the left (your original) and the one on the right?

http://i67.tinypic.com/1263d5g.jpg

BTW, I am not suggesting that the one on the right is optimum. It's just an example, an illustration of a point.
The one on the right is essentially my "Mod 2" from July, just with switches shown on the feeds from the batteries. But it is a good point. Each has its advantages and disadvantages. Both will keep the engine running without a hiccup after a single electrical power failure and both allow that failure to be dealt with in a calm and unhurried manner. Mod 3 (left) offers a little more redundancy on engine power supply at the expense of an extra wire or two and another pair of diodes. Mod 2 (right) is a little simpler to build and wire. Both would probably be operated in exactly the same way in practice, and even for most failure cases until you got into multiple failures (going past two independent failures is definitely overkill here, amd even two is probably stretching it some...).

I know the devil can lurk in the details of the design and in the execution of the wiring, but from an overall view every other approach I start with leads me back to 2 and 3. And making the one into the other is something that could easily be done in an afternoon even after it's flying.
 
I've been considering this as well and this is the basics of what I feel has the most simplicity with adequate redundancy. Normal operation has the master switch and the engine bus feed on. In this scenario power is normally fed to the engine bus via the primary alternator/battery and in the event of a main alternator failure or master failure the backup battery/alternator will take up the load (backup regulator is set to lower voltage to prevent it from taking the load during normal ops). Engine bus is fed directly from the master solenoid (via a fuse) with a diode to prevent back feed.

dbda.JPG
 
Both will keep the engine running without a hiccup after a single electrical power failure and both allow that failure to be dealt with in a calm and unhurried manner.

The example on the right requires no pilot intervention, no in-flight switch flipping to maintain a turning prop. Smoke in the cockpit, for example, requires only killing the master switch(es), a classic response for any pilot. After all, you won't know which of your two busses (master or aux) is the smoke source.

Think about it. Although 90% of pilots consider themselves above average, Paul just told you that even NASA went to systems requiring limited human intervention...and their machines are flown by some very good pilots.

Mod 3 (left) offers a little more redundancy on engine power supply at the expense of an extra wire or two and another pair of diodes.

No, it doesn't. It only compensates for a need to turn off the masters. When master OFF doesn't affect engine operation, it becomes unnecessary. Flip side, if the system never requires a master OFF, the extra power wire is simply riding around as a liability. Parts not on the vehicle never fail.

As before, an example. The best system is often the least system.
 
I've been considering this as well
dbda.JPG

Same here. I think you have an elegant solution.

The post above (right image) has two switches feeding the engine bus. What does that buy you when compared to this diagram? It removes a switch. Taking it one step farther by connecting both engine bus leads after the master would break the ability to throw the masters and still have everything work.
 
So what purpose does the switch between the batt bus and the engine bus serve?

Going back to your original post and evolution towards an engine bus instead of multiple feeds from separate batt buses, I'd think you could have diode isolated feeds from main, batt and aux batt bus all going to the engine bus. You're going to have to have multiple switches for SDS for normal function (ECU 1&2, Coil 1&2, Fuel Pump 1&2) anyway. Does this cover the failure for each of the batteries, alternators, wires (not all at once of course)?

I like the idea of diodes and have made some changes to my system based on feedback from Dan H. His feedback simply put was to try and make the engine bus a "or" system, ensuring only one of the power feeds is connected to the entire system at a time. That makes more sense to better isolate faults such as shorts in primary feeds. He mentioned using relays, but diodes would also work, allowing independent power in but limiting a fault's effect to the remaning power source.
 
The post above (right image) has two switches feeding the engine bus. What does that buy you when compared to this diagram?

The two switches are turned on at start. Cycle them on the runup pad to confirm both power sources. There is never any in-flight diagnosis or switching to maintain engine power.

Zuldarin's: Architecture is functionally the same as Bob's. The difference is feeding aux power to the engine bus via the crossfeed, rather than via a dedicated wire. Given smoke in the cockpit, the pilot will need to find and flip the aux feed switch before opening the masters. Checking backup ignition power on the runup pad will require opening a master.
 
Last edited:
Given smoke in the cockpit, the pilot will need to find and flip the aux feed switch before opening the masters. Checking backup ignition power on the runup pad will require opening a master.

I believe you are assuming that the aux bus switch is normally open? My thought was that normal operation has the aux feed switch closed so that power is available from both buses. If there is smoke in the cockpit I need only follow the normal procedure of turning off the master switch. The cross-feed switch is normally open.

Here is the actual diagram that I have been working on. Remember this is for an RV-10 which normally has the battery in the tail cone.

In this scenario I have a much smaller backup battery on the firewall. This allows me to have a reliable battery backup without having to run multiple long heavy power leads to the tailcone.

I added a relay in the main feed to the Engine bus but I want it to fail closed so I am planning on using a normally closed solenoid that is operated via a momentary switch. This allows me to test the backup power to the engine bus still have power in most failure modes.

FWF.JPG
 
Darin,

Some thoughts:
- Both batteries available for engine start? If so, the rear battery need not be as big.
- Don?t forget to do a W&B calculation. My guess is you will be nose heavy.
- Overlay the rest of your power to the panel plans to get the most out of having two batteries and a standby alternator.
- Consider a 70amp or so breaker on the output of the primary alternator. 60amp alternators have a nominal output of 60 amps. It is not uncommon for them to put out a little more if it is trying to bring up a depleted battery. A 70 amp breaker will help eliminate nuisance trips and still provide the protection you want.

Carl
 
I like the idea of using a momentary open switch to test feeds. You could have a "push to test" button that is rated for whatever current going through that alternate power path that would then test the primary path. I would be an alternate to having multiple switches to power on the aircraft power.

Guess it depends on what works for you.

I think an important bit of advice is to make a comprehensive POH and checklists for the aircraft, no matter how you end up building it. Not only for you but for anyone else that ever flies the aircraft so that it is clear how to operate and what the failure modes / responses look like.
 
In this scenario I have a much smaller backup battery on the firewall. This allows me to have a reliable battery backup without having to run multiple long heavy power leads to the tailcone.

I added a relay in the main feed to the Engine bus but I want it to fail closed so I am planning on using a normally closed solenoid that is operated via a momentary switch. This allows me to test the backup power to the engine bus still have power in most failure modes.

This is pretty cool, I've got nearly the same thing in my plan. I was thinking of using a traditional small battery so I could use it inside the cockpit, closer to CG. Maybe something like Tim Olson's, but probably less capacity and less weight. His added to over 20 lbs.

I'm still not convinced of the need for the switch/relay in the connection between Main bus and Engine bus. Yes it has to be tested, but couldn't that be solved with a startup procedure?
  1. Throw the Engine Bus switch, make sure the ENG bus is powered
  2. Throw the Main switch, commence startup
  3. At run-up, kill the Aux to ensure the fan keeps spinning
I plan on powering my backup Attitude indicator thru the engine bus. This saves the weight/cost of the backup battery and would be an easy indicator of bus power in this startup procedure.

Great discussion. Keep it going guys, super helpful.
 
Last edited:
Darin,

Some thoughts:
- Both batteries available for engine start? If so, the rear battery need not be as big.

I hadn't really considered the backup battery as available for start but it in effect is available in this design. I will have to ensure the wires will support the current. Thanks!

- Don?t forget to do a W&B calculation. My guess is you will be nose heavy.
I expect to be a little nose heavy but I always carry extra weight in the baggage area in the form of a tool/spare parts bag. Its saved my bacon a time or two. I also plan on having my remote transponder mounted aft which should help. I will keep that in mind though because I don't want be out of CG without that tool bag.

- Consider a 70amp or so breaker on the output of the primary alternator. 60amp alternators have a nominal output of 60 amps. It is not uncommon for them to put out a little more if it is trying to bring up a depleted battery. A 70 amp breaker will help eliminate nuisance trips and still provide the protection you want.
Carl
Sounds reasonable. Thanks.
 
I'm still not convinced of the need for the switch/relay in the connection between Main bus and Engine bus. Yes it has to be tested, but couldn't that be solved with a startup procedure?
  1. Throw the Aux switch, make sure the ENG bus is powered
  2. Throw the Main switch, commence startup
  3. At run-up, kill the Aux to ensure the fan keeps spinning

That is a good observation. The EFI systems I am looking at have a controller/display that would allow for this option. Good thinking.
 
I like the idea of using a momentary open switch to test feeds. You could have a "push to test" button that is rated for whatever current going through that alternate power path that would then test the primary path. I would be an alternate to having multiple switches to power on the aircraft power.

I actually like Josh's idea of using procedure rather than adding another potential point of failure. If we can achieve the same end result with procedure why add a switch?
 
More or less reliable?

I reluctantly am going to jump in to this thread. I too am struggling with an EFI power design. I am partial to an engine bus, switched off of two batteries. Both batteries will be independent with their own alternator.

No fuses or such in this rough diagram, but conceptually, here is an idea. Would having two diode modules increase reliability or not? What I am looking at is:

http://ixapps.ixys.com/DataSheet/DSS2x121-0045B.pdf

Low Vf drop, extremely robust for our application. But I also can't figure out how I could test each diode module without the switch after the module, but that would leave the diodes always powered up. I am spitballing here, so no worries about criticism. Have at it.

21cf6sl.jpg
 
Last edited:
Perhaps you can explain what the diodes do for you. As both sets of diodes provide current flow for a fault on the engine buss, a straight wire would do the same. In other words, a fault on the engine buss will be reflected on both batteries. If you have separate alternator for each battery, then perhaps I can see a function, but that would be several down the list of stuff to worry about.

If you have a single engine buss, any fault on it will stop your EFII engine, no matter how many feeds you have going to it. Can you split your EFII loads into two busses, each buss adequate to keep the engine running? If so, you will have new opportunities for design.

No reason for each battery to have a dedicated alternator. A primary (60 amp) feeding both and vacuum pad (20 amp) standby alternator will do more than you need.

While you work this I recommend you include all the other loads and how you will feed them. Doing it by section then splicing it all together may not yield what you want.

Carl
 
That diode will be one of the most reliable things on your airplane. Mount it to an aluminum surface with heat conductive paste. If kept cool and protected against excessive current, it will likely never fail. Having two diodes will give you peace of mind, but will cost money and add weight. Other than that, it will not hurt to have two diodes.
 
Diodes

My desire for diodes is to keep my two electrical buses as separate as possible. The diodes prevent current running back to a battery/bus, which in an emergency could be a problem. And yes, each battery it's own alternator. Completely independent systems.

Without an emergency situation, (or even with), the diodes would hopefully guarantee me with at least one source of current to the engine bus.

It becomes difficult to split my EFI (EFII) onto two separate buses. For instance, the third coil pack for 6 cyl. runs cylinders 4 and 5 top and bottom. If this coil pack were on one bus, it could potentially completely go down.

My intent here is to have one dual fed engine bus, off of which all engine electrical components can be fed. Everything else I can probably survive without. I am only addressing a concept for feeding EFI components, the remainder is another story.
 
Un-necessary SPOF

It becomes difficult to split my EFI (EFII) onto two separate buses. For instance, the third coil pack for 6 cyl. runs cylinders 4 and 5 top and bottom. If this coil pack were on one bus, it could potentially completely go down.

Check with SDS, they don't have this single point of failure.

It's not only that the coil pack's bus could lose power but its wiring could fail or it could have an internal failure. Why not two triple coils, one for top and one for bottom plugs?
 
Last edited:
EFII Bus Manager

This concern was alleviated many moons ago with our Bus Manager.
12 years on the oldest installs, hundreds in service - rock solid reliable!
https://www.flyefii.com/products/bus-manager/

And if you happen to look at our website, don't forget to look at System32:
https://www.flyefii.com/system-32/

System32 ECUs have a built-in high end power supply that operates from 3 volts to 40 volts and can absorb a 4 Joule energy hit from alternator load dump or a lightning strike. I doubt any other electronics in the plane are this robust.

Bottom line - with a Bus Manager and System32, it's pretty hard to have the engine turn off unintentionally.

Robert Paisley
EFII
 
This concern was alleviated many moons ago with our Bus Manager.
12 years on the oldest installs, hundreds in service - rock solid reliable!

Installing a box doesn't guarantee reliability.

https://app.ntsb.gov/pdfgenerator/R...D=20171031X10251&AKey=1&RType=Prelim&IType=LA

https://app.ntsb.gov/pdfgenerator/R...D=20161129X71536&AKey=1&RType=Prelim&IType=LA


System32 ECUs have a built-in high end power supply that operates from 3 volts to 40 volts and can absorb a 4 Joule energy hit from alternator load dump or a lightning strike.

A Joule is the energy dissipated as heat when one amp passes through a resistance of one ohm for one second. Four of them would equal...

0.0011112 Watt-hours
0.0037912 BTU
less than one calorie

A lightning strike is something like one billion Joules.
 
Last edited:
1 plus 1 equals purple

Bus Manager did not fail in either of Horton's citations.
Thank you Dan for making the point.

Robert
 
+1 on Dan?s comment.

Perhaps we should recognize there is no free lunch. Any single component that is installed and must work to keep the engine running or the panel up in IFR is not a foundation for reliabitly. Assume any single element, connection, wire, etc. will fail. Is there reduancy to maintain IFR flight if that happens - with no pilot action?

Not applicable to VFR only airplanes.

Carl
 
I'm pretty sure even the space shuttle wouldn't pass muster with the VAF crowd :eek:
The best engineering teams in the world still can't make a machine that can't fail.
 
Last edited:
+1 on Dan?s comment.

Perhaps we should recognize there is no free lunch. Any single component that is installed and must work to keep the engine running or the panel up in IFR is not a foundation for reliabitly. Assume any single element, connection, wire, etc. will fail. Is there reduancy to maintain IFR flight if that happens - with no pilot action?

Not applicable to VFR only airplanes.

Carl

We can also say that about a carb float, needle and seat, magneto drive gears, servo diaphragm, oil pump, crankshaft. The list goes on. If you think single engined aircraft don't have a bunch of single points of failure, you're not being realistic. All of the things I've listed above have failed before.
 
Good thing I have my Nomex on....

Perhaps I should elaborate. Yep - single engine airplanes have specific single elements that can fail that will stop the fan. That does not mean we should close our eyes to adding more such elements - especially when proper (and fairly simple) electrical design can greatly mitigate against many risks. Overlay this with the design objective for continued IFR flight after a fault (component, power, etc.).

Everything will fail. Either accept the failure risk or design around it.

Going back to zip the Nomex back up.

Carl
 
Bus Manager did not fail in either of Horton's citations.

So what did? The question goes directly to the subject, power system architecture. Both quit running for some reason, and I'm sure everyone would like to avoid whatever it was.
 
That does not mean we should close our eyes to adding more such elements - especially when proper (and fairly simple) electrical design can greatly mitigate against many risks. Overlay this with the design objective for continued IFR flight after a fault (component, power, etc.).

Everything will fail. Either accept the failure risk or design around it.

Carl

No intention to flame, just making sure people don't become too complacent about risks. I totally agree electrical design and workmanship should be given careful thought and attention. This can help reduce the chances of things going dark and/or silent.
 
This concern was alleviated many moons ago with our Bus Manager.
12 years on the oldest installs, hundreds in service - rock solid reliable!
https://www.flyefii.com/products/bus-manager/

And if you happen to look at our website, don't forget to look at System32:
https://www.flyefii.com/system-32/

System32 ECUs have a built-in high end power supply that operates from 3 volts to 40 volts and can absorb a 4 Joule energy hit from alternator load dump or a lightning strike. I doubt any other electronics in the plane are this robust.

Bottom line - with a Bus Manager and System32, it's pretty hard to have the engine turn off unintentionally.

Robert Paisley
EFII

I'm kind of late to this conversation, and learning as I go. But it strikes me oddly to have a single box that performs lots of functions, including essential ones, and claim redundancy or added reliability. Robert -- is there no point inside that box where a single failure (bad solder joint? bad circuit element? metal chip? high-velocity projectile penetration?) can cause the essential bus to shut down? No place?
 
Bus Manager

"is there no point inside that box where a single failure (bad solder joint? bad circuit element? metal chip? high-velocity projectile penetration?) can cause the essential bus to shut down? No place?"

The Bus Manager is plenty good enough for me to fly behind and I'm pretty picky about what keeps me in the air. And it's way better than any home brew solution I've ever had the privilege of reviewing. Our professional installers who have lots of experience with these parts use a Bus Manager - as do we.

Robert
 
Back
Top