of 10

SWITCHING LOGIC. RC channel 5 Heartbeat. Fig. 1: Basic failsafe operation selecting one group of 8 channels from 3 possible sources

Failsafe Device Introduction Congratulations on purchasing a Millswood Engineering Failsafe. The Failsafe and Failsafe PTZ provide reliable control surface and engine management in the event of autopilot,
0 views10 pages
All materials on our website are shared by users. If you have any questions about copyright issues, please report us to resolve them. We are always happy to assist you.
Failsafe Device Introduction Congratulations on purchasing a Millswood Engineering Failsafe. The Failsafe and Failsafe PTZ provide reliable control surface and engine management in the event of autopilot, communications or power system failure. The PTZ version sacrifices 4 failsafe channels to provide 4 channels of payload control nominally pan, tilt, zoom and trigger. Failsafe operation is similar to a deadman switch: a heartbeat must be detected on a regular basis or the failsafe will activate. When activated the failsafe takes control of all servos and drives them to predetermined failsafe positions. The failsafe positions are fully programmable, and do not have to result in flight termination. Activation of the Failsafe is highly configurable: it can be enabled, disabled, triggered manually or automatically, there are multiple heartbeat sources that may be used separately or in combination, the timing is programmable as is the heartbeat string, and failsafe activation can be reported on the downlink with yet another programmable string. RC RECEIVER (8 channels) AUTOPILOT (8 channels) INTERNAL PWM (8 channels) SWITCHING LOGIC SERVOS (8 channels) RC channel 5 Heartbeat Fig. 1: Basic failsafe operation selecting one group of 8 channels from 3 possible sources Radio control may be resumed any time a valid RC signal is present, even after the Failsafe has activated and taken control of the aircraft. The 4 payload channels of the PTZ also have failsafe positions, but telemetry control resumes immediately after activation and continues for as long as the uplink remains viable. The Failsafe includes a switching power supply that is capable of sourcing 2 Amps from an 8 to 22 Volt DC supply. A redundant power system can be constructed from a Failsafe and a ServoStation, ensuring control surface authority even after primary electrical power failure. Two full-duplex RS232 / TTL converters are included to allow easy connection of a computer to the telemetry radio and the autopilot. These RS232 ports are used for configuring the radio and autopilot on the ground, and are usually linked out during flight. Failsafe Device Page 1 of 10 Installing the telemetry radio Fitting a Digi XTend radio modem is simple: install the 4 aluminium posts with the M3 sockethead screws provided, plug the radio into the radio connector, and secure with the remaining socket-head screws. Fig. 2: A Failsafe fitted with a Digi XTend radio modem As well as providing a way to connect different telemetry radios, the generic telemetry radio connector may also be used to control the Digi XTend radio, as shown in the table below: Pin Name Description 1 GND Ground 2 +5VDC Source of 5V power with a 3 second delay on power up. Can be switched on and off using the radio silence jumper. 3 DI TTL serial data input to telemetry radio / output from RS232 converter. 4 DO TTL serial data output from telemetry radio / input to RS232 converter. 5 /SHDN A low signal (such as an active open collector output) will shutdown the Digi XTend radio. A 10kΩ pull-up resistor is fitted internally. 6 RSSI Connects to the RSSI output of the Digi XTend radio. As noted above, fitting radios other than the Digi XTend is possible using the generic telemetry radio connector. Please note that DI has TTL input thresholds, and DO is a 5V logic level output. Failsafe Device Page 2 of 10 Programming the XTend Because RS232 / TTL conversion is built-in, connecting your XTend to a computer for programming requires nothing more than a suitable cable. Just connect your computer s serial port to the Radio pins in the RS232 interface. Only 3 of the 4 pins need to be connected (a ground is provided at both ends so that different connector pin-outs can be used). Don t worry about plugging the cable in backwards; we do it all the time. The photo doesn t show a radio obviously you need to have one of these installed! Note that you can use a Digi XTend / Failsafe combo instead of a packaged XTend for your ground station telemetry radio. Buying a Failsafe and an OEM (naked) XTend is actually cheaper than buying a packaged XTend. Fig. 3: Showing where to connect the programming cable to configure the Digi XTend Programming the Failsafe Plug the programming cable into the failsafe board as shown. For the programming software to work correctly you must have the I and O pins of the TTL Autopilot Interface linked together, either directly with a jumper or indirectly with a telemetry-transparent autopilot. You must also ensure that the status reporting jumper is fitted in the E position. Download the programming software from the Millswood Engineering website ( and configure your Failsafe. Fig. 4: Showing where to connect the programming cable to configure the Failsafe Failsafe Device Page 3 of 10 Connecting telemetry to your autopilot There are two ways to connect up telemetry if your autopilot is telemetry transparent you can just connect directly to the TTL Autopilot Interface connector. By telemetry-transparent we mean that all data that goes into the autopilot s telemetry input comes out from its telemetry output. In other words, as far as telemetry data is concerned, the autopilot behaves like a piece of wire. This is important is because, generally speaking, you will want telemetry data to be able to reach the Failsafe. This allows in-flight control of pan, tilt, zoom, trigger, the ability to terminate flight remotely, the ability to reconfigure the Failsafe after installation, and so on. As can be seen in figure 5, when the autopilot is transparent all telemetry data will eventually reach (and pass through) the Failsafe. (The Failsafe itself is completely transparent to all telemetry data.) Ground Control Station (GCS) Unmanned Aerial Vehicle (UAV) Uplink Laptop computer Telemetry radio Downlink Telemetry radio Failsafe Autopilot Fig. 5: Data flow with telemetry-transparent autopilots Attopilots are telemetry transparent and may be plugged directly into the TTL Autopilot Interface connector, as shown in figure 6 below: Fig. 6: A typical Attopilot installation But before you wire up your UAV like this, you should be aware that there is another way, and it offers significant performance advantages. Failsafe Device Page 4 of 10 Connecting telemetry to your autopilot, take 2 Many autopilots are not transparent to telemetry data. This is not a big problem, the solution is simply to swap the relative positions of the Failsafe and autopilot, as shown in figure 7 below: Ground Control Station (GCS) Unmanned Aerial Vehicle (UAV) Uplink Failsafe Autopilot Laptop computer Telemetry radio Downlink Telemetry radio Fig. 7: Telemetry data flow with non-transparent autopilots This arrangement is universal in the sense that it will work with any autopilot. Naturally there are pros and cons: Advantages A crashed autopilot cannot interfere with GCS to Failsafe communications. Faster, smoother pan, tilt, zoom & trigger servo movement. Less data on the downlink, reducing UAV power consumption. Disadvantages Cannot detect autopilot failure, only loss of uplink. No status reporting. The procedure is as follows: 1. Remove the status reporting jumper and place it across the I and O pins of the TTL Autopilot Interface. 2. Connect Telemetry data out from your autopilot to the centre pin of the status reporting header. 3. Connect Telemetry data in from your autopilot to the D pin of the status reporting header. The E pin should be left unconnected. If you are connecting your Attopilot this way, then just pull the earth wire out of the telemetry cable and plug the modified telemetry cable into the status reporting header as shown in figure 8. (You still need to put a jumper across the TTL Autopilot Interface I and O pins.) Fig. 8: Connecting autopilot telemetry for better pan and tilt performance Failsafe Device Page 5 of 10 Electrically powered vehicles In electrically powered vehicles one of the autopilot s output channels usually channel 3 controls the vehicle s throttle. This channel ultimately connects to an Electronic Speed Controller (ESC), which then drives the motor. Most ESCs have an on-board Battery Eliminator Circuit (BEC) that provides 5 volts for powering vehicle electronics. If the BEC is capable of delivering at least 1 Amp continuously, then it may be used to power the Failsafe (and thus autopilot, RC receiver, servos and radio modem). A second battery may be connected directly to the Failsafe to provide power supply redundancy. Note: If the BEC is rated at less than 1 Amp, then this is insufficient to power the Failsafe reliably. The BEC must be disconnected or at least disabled, preferably both (see the next section for instructions on how to do this). The failsafe power jumpers must be set to stand-alone operation and a power source connected to the Failsafe s main power input. Note: If you are using a ServoStation then the BEC must be disconnected or at least disabled, preferably both. See the next section for instructions on how to do this. To power the Failsafe from your ESC s BEC: 1. Configure the Failsafe s power jumpers for redundant operation (link the middle two pins together). You must do this regardless of whether you connect a battery to the Failsafe or not. 2. Plug the ESC s receiver connector into the throttle servo connector on the Failsafe (usually channel 3). This connection delivers the BEC s power to the Failsafe. A secondary power source may be connected to the Failsafe s main power input. We strongly recommend that you do this. Under normal circumstances the Failsafe will draw power from the ESC s BEC in preference to its own battery. When the ESC s battery is depleted and the BEC output fails, the motor will stop running but the Failsafe will use the secondary battery to continue to deliver power to the autopilot, RC receiver, radio modem and servos. There are a few things to be aware of when using this arrangement: BECs are usually linear regulators and will get hot. If a BEC gets too hot it will go into thermal shutdown. If this happens and there is no secondary power source available to take over, all electronics will fail and your vehicle will crash. Avoiding this problem is simple: connect a secondary power source to the Failsafe s main power input. A Digi XTend can consume up to 1 Amp if configured for maximum power output. Make sure that the BEC can provide enough current to supply the Digi XTend as well as all of the servos. (The autopilot, RC receiver and Failsafe draw negligible current compared with the Digi XTend and servos.) When operating from secondary power (following BEC or main battery failure), the Failsafe will only maintain the 5 volt rail at approximately 4.8 volts. If the power wire in the servo cable connecting BEC to Failsafe fails, power for the Failsafe will be drawn from the secondary battery (if fitted). If this secondary battery becomes depleted before the primary battery (now just supplying the motor), all electronics will fail and your vehicle will crash. Redundancy implemented with a ServoStation has none of these limitations. Failsafe Device Page 6 of 10 Disconnecting a BEC If your system includes a ServoStation, or your ESC s BEC is not up to the job of supplying the Digi XTend and all your servos, then it must be disconnected or at least disabled. This section shows you how. If the ESC is configurable, configure its BEC to be off. Now we re going to disconnect the ESC s BEC, preventing it from conflicting with the Failsafe or ServoStation. Of course you can just cut the middle wire, but a nicer (and completely reversible) way to do it is to pull the middle pin out of the ESC s receiver connector, like this: Step 1: Insert a scalpel blade behind the middle plastic tongue of the ESC s receiver connector. Step 3: The middle pin is now out. Step 2: Lift up the plastic tongue and pull out the middle wire with its pin. Tweezers and a third hand are useful. Step 4: Secure the wire and pin with some insulating tape or heatshrink tubing. Now you can plug the ESC s modified receiver connector directly into the throttle servo connector on the Failsafe or ServoStation. Failsafe Device Page 7 of 10 Implementing a redundant power system with a ServoStation In combination with a ServoStation, a Failsafe can be configured to provide redundant power supply operation. This means that when two power sources are connected, removal of either one will not affect operation of the failsafe system. Servos do not twitch during the changeover and the system tolerates either battery becoming a dead short to ground. Redundant power is delivered to the servos, autopilot, RC receiver and radio modem. When two power sources are connected, power is drawn preferentially from the battery supplying the ServoStation. The switching power supply inside the Failsafe is running, but not actually powering anything. If the ServoStation's main 6 volt rail begins to fail, the Failsafe takes over. Fig. 9: Showing the power jumpers set for redundant operation and the external power cable To configure the Failsafe for redundant power supply operation: 1. Connect a primary power source to the ServoStation. 2. Connect a secondary power source to the Failsafe (can be identical to the primary power source). 3. Set the power jumpers on the Failsafe board as shown in figure 9 (link the middle two pins together). 4. Connect a female-female servo cable between the Failsafe and the ServoStation. This cable plugs in to the external power header on the Failsafe (seen on the right in figure 8), and into any one of the servo outputs on the ServoStation. If all 8 servo outputs are already in use, the cable may be Y connected into one of them. Failsafe Device Page 8 of 10 Reference data 1. RS232 INTERFACES Autopilot: GND TXO RXI GND Telemetry radio: GND RXI TXO GND 2. AUTOPILOT TTL INTERFACE Pinout: GND TXO RXI GND 3. RADIO SILENCE JUMPER Radio silence: Short Normal operation: Open 4. POWER INPUT +8 to +22 VDC 5. EXTERNAL SERVO POWER OUTPUT Pinout: NC +6V GND 6. AUTOPILOT PWM INPUTS 7. POWER SOURCE JUMPERS Stand-alone: Short 1-2 and 3-4 Redundant: Short SERVO PWM OUTPUTS 9. RC RECEIVER PWM INPUTS 10. PROGRAMMING CONNECTOR Pinout: MISO VCC SCK MOSI RST GND 11. STATUS REPORTING JUMPER Status reporting: E(nable) No status reporting: D(isable) 12. DIGI XTEND CONNECTOR 13. GENERIC TELEMETRY RADIO CONNECTOR Pinout: GND +5VDC DI DO /SHDN RSSI Fig. 10: Locations of connectors and jumpers Failsafe Device Page 9 of 10 Further Information Visit us on the web at Didn t find what you wanted? Send us an or give us a call contact details are on our website. Failsafe Device The Fine Print Regarding this document: Millswood Engineering makes no warranty, representation or guarantee regarding the accuracy or completeness of this document and reserves the right to make changes to specifications and product descriptions at any time without notice. Regarding this product: Millswood Engineering makes no warranty, representation or guarantee regarding the suitability of its products for any particular purpose, nor does Millswood Engineering assume any liability arising out of the application or use of any product or circuit, and specifically disclaims any and all liability, including without limitation special, consequential or incidental damages. Millswood Engineering reserves the right to make changes without further notice to any products herein to improve reliability, function or design. Regarding typical specifications: Typical parameters which may be provided in Millswood Engineering datasheets and/or specifications can and do vary in different applications and actual performance may vary over time. All operating parameters, including Typicals must be validated for each customer application by customer's technical experts. Regarding life support applications: Millswood Engineering products are not designed, intended, or authorised for use as components in systems intended to support or sustain life, or for any other application in which the failure of the Millswood Engineering product could create a situation where personal injury or death may occur. Regarding intellectual property: No license, express or implied, by estoppel or otherwise, to any intellectual property rights is granted under this document. Copyright Millswood Engineering April All rights reserved. Failsafe Device Page 10 of 10
View more
We Need Your Support
Thank you for visiting our website and your interest in our free products and services. We are nonprofit website to share and download documents. To the running of this website, we need your help to support us.

Thanks to everyone for your continued support.

No, Thanks

We need your sign to support Project to invent "SMART AND CONTROLLABLE REFLECTIVE BALLOONS" to cover the Sun and Save Our Earth.

More details...

Sign Now!

We are very appreciated for your Prompt Action!