What is the difference between redundancy and fault tolerance?











up vote
5
down vote

favorite
1












What is the difference between redundancy and fault tolerance in the context of aviation ?










share|improve this question


























    up vote
    5
    down vote

    favorite
    1












    What is the difference between redundancy and fault tolerance in the context of aviation ?










    share|improve this question
























      up vote
      5
      down vote

      favorite
      1









      up vote
      5
      down vote

      favorite
      1






      1





      What is the difference between redundancy and fault tolerance in the context of aviation ?










      share|improve this question













      What is the difference between redundancy and fault tolerance in the context of aviation ?







      aircraft-design safety emergency aircraft-systems terminology






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Nov 21 at 16:18









      summerrain

      421312




      421312






















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          10
          down vote



          accepted










          Redundancy is when there are multiple ways of doing the same thing; quite possibly by having multiple gadgets, or ways of interconnecting gadgets, that can perform the same function with the same or at least very similar fidelity even if a non-zero number of them fails. One likely effect of this is that there is no single point the failure of which will cause the failure of the entire system (no "single point of failure").



          Fault tolerance is when the overall system can tolerate the failure of a component without going into a dangerous state, but it won't necessarily maintain the safe state by having full functionality or fidelity. The system may operate in a degraded state, but it won't immediately be in a dangerous state.



          Redundancy can be a way of providing fault tolerance in the larger system, but redundancy on its own does not guarantee fault tolerance, particularly against all kinds of faults. It's only redundancy if each separate way of accomplishing a goal can function without the other ways of accomplishing the same goal. Fault tolerance is a result; redundancy is one way of achieving that result.



          For example, there are two basic ways by which you can cause an airplane to assume a new heading; either by using the ailerons to bank, or by using the rudder to skid. Normally these are used together in a coordinated turn, but if you're really in a pinch, either one can be used to turn (but watch that stall speed). This is one crude example of fault tolerance, since either the ailerons or the rudder can fail and you are still able to make a turn (other effects of the failure, or other effects from the cause of the failure, notwithstanding). — Redundancy, on the other hand, would be more like if you had multiple independent sets of rudders and ailerons, each with its own, independent control system.



          Commercial aircraft often have two or three of each flight-critical instrument; one for each (of two) pilot, and one backup instrument. For example, each pilot will have their own attitude indicator ("artificial horizon"), and they will have a shared instrument that can be used to, for example, determine which instrument is faulty if there is a disagreement between the two main instruments. This is an example of redundancy, because if designed right, any one of them can be used fully independently of the others to determine the aircraft's current attitude; the ability of the instrument to carry out the intended function at full fidelity does not depend on the others functioning properly, and there is hopefully no single failure which will cause two or three to fail in the same way, or at all.



          An example where having redundancy doesn't necessarily provide fault tolerance can be having multiple hydraulic systems to control deflection of control surfaces. If all hydraulic systems are routed through a single location, and that location is damaged, there exists a possibility that you will lose all hydraulic systems at once due to that single failure. Therefore the hydraulic system is redundant but not necessarily fault tolerant.






          share|improve this answer























          • perfect! thank you
            – summerrain
            Nov 21 at 17:15






          • 2




            Or redundancy is when there is no single point of failure.
            – mins
            Nov 21 at 19:06






          • 1




            @mins I meant for that to be covered by what I wrote, but I have now spelled it out.
            – a CVn
            Nov 21 at 20:13






          • 1




            @aCVn: Airliners have a third way of controlling heading--differential engine thrust. That can sometimes provide adequate control to keep the airplane aloft even if all hydraulic control systems fail. The level of control offered by engine thrust alone may not be sufficient to safely land the plane, but may be sufficient to make the landing survivable for at least some of the occupants.
            – supercat
            Nov 21 at 20:41










          • I'm sure Capt. Haynes can give a pretty thorough dissertation on the benefits of redundancy and why it's still needed to cover a-billion-to-one odds. And I think Capt. Fitch can speak a bit about controlling an aircraft with just engines. en.wikipedia.org/wiki/United_Airlines_Flight_232 <<< That accident has so many good lessons. It should be required study for EVERY pilot.
            – Shawn
            Nov 22 at 0:37











          Your Answer





          StackExchange.ifUsing("editor", function () {
          return StackExchange.using("mathjaxEditing", function () {
          StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix) {
          StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["$", "$"], ["\\(","\\)"]]);
          });
          });
          }, "mathjax-editing");

          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "528"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          convertImagesToLinks: false,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          noCode: true, onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faviation.stackexchange.com%2fquestions%2f57332%2fwhat-is-the-difference-between-redundancy-and-fault-tolerance%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          up vote
          10
          down vote



          accepted










          Redundancy is when there are multiple ways of doing the same thing; quite possibly by having multiple gadgets, or ways of interconnecting gadgets, that can perform the same function with the same or at least very similar fidelity even if a non-zero number of them fails. One likely effect of this is that there is no single point the failure of which will cause the failure of the entire system (no "single point of failure").



          Fault tolerance is when the overall system can tolerate the failure of a component without going into a dangerous state, but it won't necessarily maintain the safe state by having full functionality or fidelity. The system may operate in a degraded state, but it won't immediately be in a dangerous state.



          Redundancy can be a way of providing fault tolerance in the larger system, but redundancy on its own does not guarantee fault tolerance, particularly against all kinds of faults. It's only redundancy if each separate way of accomplishing a goal can function without the other ways of accomplishing the same goal. Fault tolerance is a result; redundancy is one way of achieving that result.



          For example, there are two basic ways by which you can cause an airplane to assume a new heading; either by using the ailerons to bank, or by using the rudder to skid. Normally these are used together in a coordinated turn, but if you're really in a pinch, either one can be used to turn (but watch that stall speed). This is one crude example of fault tolerance, since either the ailerons or the rudder can fail and you are still able to make a turn (other effects of the failure, or other effects from the cause of the failure, notwithstanding). — Redundancy, on the other hand, would be more like if you had multiple independent sets of rudders and ailerons, each with its own, independent control system.



          Commercial aircraft often have two or three of each flight-critical instrument; one for each (of two) pilot, and one backup instrument. For example, each pilot will have their own attitude indicator ("artificial horizon"), and they will have a shared instrument that can be used to, for example, determine which instrument is faulty if there is a disagreement between the two main instruments. This is an example of redundancy, because if designed right, any one of them can be used fully independently of the others to determine the aircraft's current attitude; the ability of the instrument to carry out the intended function at full fidelity does not depend on the others functioning properly, and there is hopefully no single failure which will cause two or three to fail in the same way, or at all.



          An example where having redundancy doesn't necessarily provide fault tolerance can be having multiple hydraulic systems to control deflection of control surfaces. If all hydraulic systems are routed through a single location, and that location is damaged, there exists a possibility that you will lose all hydraulic systems at once due to that single failure. Therefore the hydraulic system is redundant but not necessarily fault tolerant.






          share|improve this answer























          • perfect! thank you
            – summerrain
            Nov 21 at 17:15






          • 2




            Or redundancy is when there is no single point of failure.
            – mins
            Nov 21 at 19:06






          • 1




            @mins I meant for that to be covered by what I wrote, but I have now spelled it out.
            – a CVn
            Nov 21 at 20:13






          • 1




            @aCVn: Airliners have a third way of controlling heading--differential engine thrust. That can sometimes provide adequate control to keep the airplane aloft even if all hydraulic control systems fail. The level of control offered by engine thrust alone may not be sufficient to safely land the plane, but may be sufficient to make the landing survivable for at least some of the occupants.
            – supercat
            Nov 21 at 20:41










          • I'm sure Capt. Haynes can give a pretty thorough dissertation on the benefits of redundancy and why it's still needed to cover a-billion-to-one odds. And I think Capt. Fitch can speak a bit about controlling an aircraft with just engines. en.wikipedia.org/wiki/United_Airlines_Flight_232 <<< That accident has so many good lessons. It should be required study for EVERY pilot.
            – Shawn
            Nov 22 at 0:37















          up vote
          10
          down vote



          accepted










          Redundancy is when there are multiple ways of doing the same thing; quite possibly by having multiple gadgets, or ways of interconnecting gadgets, that can perform the same function with the same or at least very similar fidelity even if a non-zero number of them fails. One likely effect of this is that there is no single point the failure of which will cause the failure of the entire system (no "single point of failure").



          Fault tolerance is when the overall system can tolerate the failure of a component without going into a dangerous state, but it won't necessarily maintain the safe state by having full functionality or fidelity. The system may operate in a degraded state, but it won't immediately be in a dangerous state.



          Redundancy can be a way of providing fault tolerance in the larger system, but redundancy on its own does not guarantee fault tolerance, particularly against all kinds of faults. It's only redundancy if each separate way of accomplishing a goal can function without the other ways of accomplishing the same goal. Fault tolerance is a result; redundancy is one way of achieving that result.



          For example, there are two basic ways by which you can cause an airplane to assume a new heading; either by using the ailerons to bank, or by using the rudder to skid. Normally these are used together in a coordinated turn, but if you're really in a pinch, either one can be used to turn (but watch that stall speed). This is one crude example of fault tolerance, since either the ailerons or the rudder can fail and you are still able to make a turn (other effects of the failure, or other effects from the cause of the failure, notwithstanding). — Redundancy, on the other hand, would be more like if you had multiple independent sets of rudders and ailerons, each with its own, independent control system.



          Commercial aircraft often have two or three of each flight-critical instrument; one for each (of two) pilot, and one backup instrument. For example, each pilot will have their own attitude indicator ("artificial horizon"), and they will have a shared instrument that can be used to, for example, determine which instrument is faulty if there is a disagreement between the two main instruments. This is an example of redundancy, because if designed right, any one of them can be used fully independently of the others to determine the aircraft's current attitude; the ability of the instrument to carry out the intended function at full fidelity does not depend on the others functioning properly, and there is hopefully no single failure which will cause two or three to fail in the same way, or at all.



          An example where having redundancy doesn't necessarily provide fault tolerance can be having multiple hydraulic systems to control deflection of control surfaces. If all hydraulic systems are routed through a single location, and that location is damaged, there exists a possibility that you will lose all hydraulic systems at once due to that single failure. Therefore the hydraulic system is redundant but not necessarily fault tolerant.






          share|improve this answer























          • perfect! thank you
            – summerrain
            Nov 21 at 17:15






          • 2




            Or redundancy is when there is no single point of failure.
            – mins
            Nov 21 at 19:06






          • 1




            @mins I meant for that to be covered by what I wrote, but I have now spelled it out.
            – a CVn
            Nov 21 at 20:13






          • 1




            @aCVn: Airliners have a third way of controlling heading--differential engine thrust. That can sometimes provide adequate control to keep the airplane aloft even if all hydraulic control systems fail. The level of control offered by engine thrust alone may not be sufficient to safely land the plane, but may be sufficient to make the landing survivable for at least some of the occupants.
            – supercat
            Nov 21 at 20:41










          • I'm sure Capt. Haynes can give a pretty thorough dissertation on the benefits of redundancy and why it's still needed to cover a-billion-to-one odds. And I think Capt. Fitch can speak a bit about controlling an aircraft with just engines. en.wikipedia.org/wiki/United_Airlines_Flight_232 <<< That accident has so many good lessons. It should be required study for EVERY pilot.
            – Shawn
            Nov 22 at 0:37













          up vote
          10
          down vote



          accepted







          up vote
          10
          down vote



          accepted






          Redundancy is when there are multiple ways of doing the same thing; quite possibly by having multiple gadgets, or ways of interconnecting gadgets, that can perform the same function with the same or at least very similar fidelity even if a non-zero number of them fails. One likely effect of this is that there is no single point the failure of which will cause the failure of the entire system (no "single point of failure").



          Fault tolerance is when the overall system can tolerate the failure of a component without going into a dangerous state, but it won't necessarily maintain the safe state by having full functionality or fidelity. The system may operate in a degraded state, but it won't immediately be in a dangerous state.



          Redundancy can be a way of providing fault tolerance in the larger system, but redundancy on its own does not guarantee fault tolerance, particularly against all kinds of faults. It's only redundancy if each separate way of accomplishing a goal can function without the other ways of accomplishing the same goal. Fault tolerance is a result; redundancy is one way of achieving that result.



          For example, there are two basic ways by which you can cause an airplane to assume a new heading; either by using the ailerons to bank, or by using the rudder to skid. Normally these are used together in a coordinated turn, but if you're really in a pinch, either one can be used to turn (but watch that stall speed). This is one crude example of fault tolerance, since either the ailerons or the rudder can fail and you are still able to make a turn (other effects of the failure, or other effects from the cause of the failure, notwithstanding). — Redundancy, on the other hand, would be more like if you had multiple independent sets of rudders and ailerons, each with its own, independent control system.



          Commercial aircraft often have two or three of each flight-critical instrument; one for each (of two) pilot, and one backup instrument. For example, each pilot will have their own attitude indicator ("artificial horizon"), and they will have a shared instrument that can be used to, for example, determine which instrument is faulty if there is a disagreement between the two main instruments. This is an example of redundancy, because if designed right, any one of them can be used fully independently of the others to determine the aircraft's current attitude; the ability of the instrument to carry out the intended function at full fidelity does not depend on the others functioning properly, and there is hopefully no single failure which will cause two or three to fail in the same way, or at all.



          An example where having redundancy doesn't necessarily provide fault tolerance can be having multiple hydraulic systems to control deflection of control surfaces. If all hydraulic systems are routed through a single location, and that location is damaged, there exists a possibility that you will lose all hydraulic systems at once due to that single failure. Therefore the hydraulic system is redundant but not necessarily fault tolerant.






          share|improve this answer














          Redundancy is when there are multiple ways of doing the same thing; quite possibly by having multiple gadgets, or ways of interconnecting gadgets, that can perform the same function with the same or at least very similar fidelity even if a non-zero number of them fails. One likely effect of this is that there is no single point the failure of which will cause the failure of the entire system (no "single point of failure").



          Fault tolerance is when the overall system can tolerate the failure of a component without going into a dangerous state, but it won't necessarily maintain the safe state by having full functionality or fidelity. The system may operate in a degraded state, but it won't immediately be in a dangerous state.



          Redundancy can be a way of providing fault tolerance in the larger system, but redundancy on its own does not guarantee fault tolerance, particularly against all kinds of faults. It's only redundancy if each separate way of accomplishing a goal can function without the other ways of accomplishing the same goal. Fault tolerance is a result; redundancy is one way of achieving that result.



          For example, there are two basic ways by which you can cause an airplane to assume a new heading; either by using the ailerons to bank, or by using the rudder to skid. Normally these are used together in a coordinated turn, but if you're really in a pinch, either one can be used to turn (but watch that stall speed). This is one crude example of fault tolerance, since either the ailerons or the rudder can fail and you are still able to make a turn (other effects of the failure, or other effects from the cause of the failure, notwithstanding). — Redundancy, on the other hand, would be more like if you had multiple independent sets of rudders and ailerons, each with its own, independent control system.



          Commercial aircraft often have two or three of each flight-critical instrument; one for each (of two) pilot, and one backup instrument. For example, each pilot will have their own attitude indicator ("artificial horizon"), and they will have a shared instrument that can be used to, for example, determine which instrument is faulty if there is a disagreement between the two main instruments. This is an example of redundancy, because if designed right, any one of them can be used fully independently of the others to determine the aircraft's current attitude; the ability of the instrument to carry out the intended function at full fidelity does not depend on the others functioning properly, and there is hopefully no single failure which will cause two or three to fail in the same way, or at all.



          An example where having redundancy doesn't necessarily provide fault tolerance can be having multiple hydraulic systems to control deflection of control surfaces. If all hydraulic systems are routed through a single location, and that location is damaged, there exists a possibility that you will lose all hydraulic systems at once due to that single failure. Therefore the hydraulic system is redundant but not necessarily fault tolerant.







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Nov 21 at 20:12

























          answered Nov 21 at 16:43









          a CVn

          3,82721749




          3,82721749












          • perfect! thank you
            – summerrain
            Nov 21 at 17:15






          • 2




            Or redundancy is when there is no single point of failure.
            – mins
            Nov 21 at 19:06






          • 1




            @mins I meant for that to be covered by what I wrote, but I have now spelled it out.
            – a CVn
            Nov 21 at 20:13






          • 1




            @aCVn: Airliners have a third way of controlling heading--differential engine thrust. That can sometimes provide adequate control to keep the airplane aloft even if all hydraulic control systems fail. The level of control offered by engine thrust alone may not be sufficient to safely land the plane, but may be sufficient to make the landing survivable for at least some of the occupants.
            – supercat
            Nov 21 at 20:41










          • I'm sure Capt. Haynes can give a pretty thorough dissertation on the benefits of redundancy and why it's still needed to cover a-billion-to-one odds. And I think Capt. Fitch can speak a bit about controlling an aircraft with just engines. en.wikipedia.org/wiki/United_Airlines_Flight_232 <<< That accident has so many good lessons. It should be required study for EVERY pilot.
            – Shawn
            Nov 22 at 0:37


















          • perfect! thank you
            – summerrain
            Nov 21 at 17:15






          • 2




            Or redundancy is when there is no single point of failure.
            – mins
            Nov 21 at 19:06






          • 1




            @mins I meant for that to be covered by what I wrote, but I have now spelled it out.
            – a CVn
            Nov 21 at 20:13






          • 1




            @aCVn: Airliners have a third way of controlling heading--differential engine thrust. That can sometimes provide adequate control to keep the airplane aloft even if all hydraulic control systems fail. The level of control offered by engine thrust alone may not be sufficient to safely land the plane, but may be sufficient to make the landing survivable for at least some of the occupants.
            – supercat
            Nov 21 at 20:41










          • I'm sure Capt. Haynes can give a pretty thorough dissertation on the benefits of redundancy and why it's still needed to cover a-billion-to-one odds. And I think Capt. Fitch can speak a bit about controlling an aircraft with just engines. en.wikipedia.org/wiki/United_Airlines_Flight_232 <<< That accident has so many good lessons. It should be required study for EVERY pilot.
            – Shawn
            Nov 22 at 0:37
















          perfect! thank you
          – summerrain
          Nov 21 at 17:15




          perfect! thank you
          – summerrain
          Nov 21 at 17:15




          2




          2




          Or redundancy is when there is no single point of failure.
          – mins
          Nov 21 at 19:06




          Or redundancy is when there is no single point of failure.
          – mins
          Nov 21 at 19:06




          1




          1




          @mins I meant for that to be covered by what I wrote, but I have now spelled it out.
          – a CVn
          Nov 21 at 20:13




          @mins I meant for that to be covered by what I wrote, but I have now spelled it out.
          – a CVn
          Nov 21 at 20:13




          1




          1




          @aCVn: Airliners have a third way of controlling heading--differential engine thrust. That can sometimes provide adequate control to keep the airplane aloft even if all hydraulic control systems fail. The level of control offered by engine thrust alone may not be sufficient to safely land the plane, but may be sufficient to make the landing survivable for at least some of the occupants.
          – supercat
          Nov 21 at 20:41




          @aCVn: Airliners have a third way of controlling heading--differential engine thrust. That can sometimes provide adequate control to keep the airplane aloft even if all hydraulic control systems fail. The level of control offered by engine thrust alone may not be sufficient to safely land the plane, but may be sufficient to make the landing survivable for at least some of the occupants.
          – supercat
          Nov 21 at 20:41












          I'm sure Capt. Haynes can give a pretty thorough dissertation on the benefits of redundancy and why it's still needed to cover a-billion-to-one odds. And I think Capt. Fitch can speak a bit about controlling an aircraft with just engines. en.wikipedia.org/wiki/United_Airlines_Flight_232 <<< That accident has so many good lessons. It should be required study for EVERY pilot.
          – Shawn
          Nov 22 at 0:37




          I'm sure Capt. Haynes can give a pretty thorough dissertation on the benefits of redundancy and why it's still needed to cover a-billion-to-one odds. And I think Capt. Fitch can speak a bit about controlling an aircraft with just engines. en.wikipedia.org/wiki/United_Airlines_Flight_232 <<< That accident has so many good lessons. It should be required study for EVERY pilot.
          – Shawn
          Nov 22 at 0:37


















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Aviation Stack Exchange!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          Use MathJax to format equations. MathJax reference.


          To learn more, see our tips on writing great answers.





          Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


          Please pay close attention to the following guidance:


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faviation.stackexchange.com%2fquestions%2f57332%2fwhat-is-the-difference-between-redundancy-and-fault-tolerance%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          Сан-Квентин

          Алькесар

          Josef Freinademetz