China Safety Science Journal ›› 2026, Vol. 36 ›› Issue (6): 262-270.doi: 10.16265/j.cnki.issn1003-3033.2026.06.0794

• Intelligent Safety Technology • Previous Articles    

Redundant structure design of railway signaling safety cloud platforms based on 3oo5-Y architecture

Shang Linyu1(), Huang Susu1,2,**(), Wei Dongdong1, Liu Mingduan1, Li Ke1   

  1. 1 Signal & Communication Research Institute, China Academy of Railway Sciences Corporation, Beijing 100081, China
    2 School of Automation and Intelligence, Beijing Jiaotong University, Beijing 100044, China
  • Received:2026-02-04 Revised:2026-04-18 Online:2026-06-28 Published:2026-12-28
  • Contact: Huang Susu

Abstract:

To enhance the operational reliability and the capability to defend against common cause failures of railway signaling systems in cloud platform environments, a 3oo5-Y(Y denoting the heterogeneous scheme) redundant architecture based on heterogeneous virtualization (a combination of VMware and Kernel-based Virtual Machine(KVM)) deployment was proposed on the basis of traditional 3oo5 architecture. First, reliability and safety function models for typical redundant architectures, such as 2oo3, 3oo5, and 4oo7, were constructed to comparatively analyze the impact of different numbers of redundant nodes on system performance. Second, combined with the consensus algorithm theory, a three-state node control and random timeout consistent voting mechanism was designed without relying on third-party software. The results show that within the high-reliability interval where the unit reliability exceeds 0.9, both the reliability and safety of the redundant architectures increase with the number of nodes, with the performance ranking of 4oo7 > 3oo5 > 2oo3. Compared with the homogeneous 3oo5 architecture, the risk of common cause failures induced by high homogeneity is effectively reduced by the 3oo5-Y architecture at the cost of a marginal compromise in absolute reliability. Furthermore, under the constraint that the two KVM nodes do not fail simultaneously, a maximum of two node failures can be tolerated by the system. In conclusion, the deployment economy and heterogeneous consistency comparison functions are effectively balanced by the 3oo5-Y heterogeneous redundant architecture, and the high availability of the cloud architecture is maintained while extremely high system safety is ensured.

Key words: 3-out-of-5 (3oo5-Y) architecture, railway signaling, safety cloud platform, redundant structure, heterogeneous virtualization

CLC Number: