The interlocking system in Helsinki metro and its western extension (2017) has been implemented using a commercial off-the-shelf (COTS) platform. The SIL4 HIMax based Mipro TCS-O interlocking has been controlling and supervising hundreds of trackside signalling elements and auxiliary safety-critical components, such as rolling fire doors, for five years now with excellent availability and safety. New functions and elements have been added to the system over the years. The system structure enabled a straightforward development and expansion of the existing system.
The benefits of using COTS hardware
Availability and safety
High availability and safety are a must in railway signalling systems. The chosen hardware and the platform play a crucial role in system deliveries and the system supplier must be able to trust that the used hardware will meet the industry’s high requirements. The system supplier also needs to be confident that the hardware supplier will be able to deliver the goods within a short delivery time and as agreed throughout the delivered system’s entire lifetime. When using COTS hardware from a trusted vendor, the signalling system supplier is using hardware that has been proven for use not only in railway applications, but also in various other industrial fields that require high availability and safety, such as the water, oil, gas and chemical industries. In addition, pre-certified COTS platforms not only meet the relevant railway standards, but the same platforms are often also certified according to other industry standards. These two facts give the system vendor a very strong basis for building applications that ensure great availability and rail traffic safety.
The cost
The cost of the platform and the hardware is naturally a significant factor. Unlike proprietary hardware which is often manufactured to serve only one purpose and therefore in smaller amounts, COTS hardware serves several industry sectors and is therefore manufactured in larger amounts, meaning that the hardware costs can be cut. This means savings not only at the time of acquisition, but also throughout the system’s entire lifecycle. Unlike in proprietary systems, COTS hardware can also be reused. This brings both monetary and environmental savings.
Connectivity and interfaces
Now and in the future, a signalling system is not simply a separate, standalone system used to control traditional trackside signalling elements such as signals and points and for track vacancy detection. The customer may need to connect various auxiliary systems to the interlocking so that they are controlled and supervised. These auxiliary systems can include for example: a UPS, a fire alarm system, door systems, intrusion detection systems, automatic train protection (ATP), intelligent point heating systems, intelligent trackside element data collection and monitoring systems. I/O-interfaces and standard communication protocols such as the Ethernet, TCP/UDP, RS232, RS422 & CAN are usually readily available in the products and the fact that COTS hardware is used in multiple industry sectors means that rarer protocols are also available. New interfaces can also be introduced to a COTS platform without too much pain. For example, Mipro has implemented a Rail Safe Transport (RaSTA) network protocol to be used in Mipro’s COTS based interlocking.
The long-term relationship
The availability of experts
A rail signalling system’s lifecycle is typically very long. The need for changes will likely ensue throughout the delivered system’s lifetime. Good COTS based systems are developed using tools that comply with the IEC 61131 standard. This ensures that new experts can be found from different generations over the years and it is not so necessary to maintain the capability to program and set up proprietary systems.
The availability of components and vendor locking
The system components will eventually reach the end of their lifetime and the manufacturer’s support for them will run out. A replacement component for a proprietary product is, at worst, very difficult to find, while a replacement component that is simultaneously serving several industrial sectors can be made available in the world of COTS even years before the end of the old component’s life. It is also worth noting that the user is not completely locked into the original system supplier when using COTS and for this reason some infrastructure owners have started to prefer COTS products.
The use of COTS in the world of telecommunications
There are similarities between the world of telecommunications and that of railway signalling. The systems are built for long use and it takes years for new technology to be developed and for the market to adapt it. Like the railway signalling business, the telecommunications industry was previously ruled by proprietary systems supplied by a few big companies. New companies entered the telecom market using COTS around ten years ago. The migration to COTS has brought about faster design cycles and reduced maintenance and hardware costs. The use of COTS has also smoothed the way to server virtualisation, which is also taking place in the rail industry.
Securing the world’s northernmost metro
The Helsinki Capital Area Metro
The Helsinki metro opened in 1982 and it has been extended several times throughout its history. The biggest change occurred in 2017 when the metro tracks crossed the Helsinki city limits for the first time and extended to the city of Espoo. The West Metro Project brought eight new stations to the metro network. Another big project, the West Metro Extension, is currently on the verge of completion.
Critical procurement in the preliminary design phase
The original plan was to implement the West Metro signalling using CBTC technology to be operated in fully automatic GOA 4 (Grade of Automation 4) operations. However, this plan was cancelled in early 2015 and the signalling system had to be re-tendered and re-procured on a fast schedule. When Mipro was selected to deliver the interlocking and traffic control system for the metro extension in 2015, there was no time to be wasted. Thanks to the used modular COTS solution, designing the right equipment configurations for each station was a quick process and equipment purchases were able to be started well in advance, already in the preliminary design phase. Even though some additional needs still had to be taken into account during the final design, the expansion of the system would still have been possible due to its modular architecture. The COTS platform supplier’s delivery times also supported the fast pace of the project start-up.
Special interfaces and functions
As the new line involved an extension to the existing operating metro line, an interface to that system was needed. The project organisation could not find an economically and technically sensible way of making the changes to the existing metro line’s signalling system. For this reason, the interface was not built in the usual way where two signalling systems communicate together and thus jointly protect any train movements between the systems. In co-operation with the customer and the project safety organisation, Mipro designed and built a special interface, where the two systems’ control and supervision areas overlapped to ensure safe traffic at the border of the two systems. The new metro section has a total of 52 different technical systems to ensure passenger safety and a smooth travel experience. Some of these systems also interface with the signalling system. Of course, the interface alone is not enough for the data transmission, so functions have also had to be planned and implemented in the systems. The flexibility of the modular COTS platform and Mipro’s architecture have enabled unusual interfaces and functions without any heavy adaptation of the base product itself.
A pre-certified platform to save time and money
Getting the SIL4 approval of the final output of a delivery in rail transport projects is a big and important process. The delivered system’s suitability for its intended environment and application must be demonstrable. All three Mipro metro projects have used a pre-certified COTS platform. The used platform has been designed and implemented according to the railway signalling standards. The use of a pre-certified platform has reduced the burden of proof in relation to the independent safety assessor (EN ISA) during the project design and implementation and, in its capacity as the system supplier, Mipro was able to focus on its own core competencies and prove the suitability of the application itself. The COTS platform’s manufacturer has already taken care of the compliance with the relevant standards and ensured that the platform-related hardware, software, programming tools, communication protocols and related documentation have undergone the necessary assessments. This means that the pre-certified platform is capable of being used in SIL4 applications, provided the system supplier controls the safety related application conditions (SRAC) set by the COTS manufacturer and designs and implements each specific application in a controlled manner for the intended environment.
The Helsinki Capital Area Metro today
The West Metro has been in passenger operation since 2017. After the West Metro project, Mipro was awarded two other projects in the capital area metro: the re-signalling of the old part of the Helsinki Metro (2017–2019) and the signalling for the second western extension (2020–2022) which extends the metro tracks even further to the city of Espoo and adds five new stations and an underground metro depot to the network. At the time of writing, the signalling project for the second extension is nearing its completion and driver training on the new line section that is secured and controlled by the new system is currently underway.
RELATED CONTENT
Article:
A SIL4 certified signalling solution with flexible COTS
Read more about metro solutions:
Metro solutions and references
Video:
West Metro extension test run phase
AUTHOR
Janne Siirilä
Account Manager
Janne has almost 20 years of experience in interlocking and rail traffic control systems, of which about 15 years are in metro traffic.
At Mipro, Janne works as an Account Manager, responsible for customer services in urban traffic.
