The Offshore Voyaging Reference Site

Three Tips to Make Your Cruising Boat Fault Tolerant

Some time ago, Eric Klem, sailor and professional engineer, asked in a comment if I had ever applied fault tolerance theory to my gear acquisition and system design decisions for Morgan’s Cloud, the aluminum expedition sailboat that has owned us for the last 25 years.

I have to admit that he caught me a bit flat-footed on that one, as I had never really thought about it…or maybe I had, but not put that name to it.

A Good Way To Think

Anyway, I read up on fault tolerance and realized that it’s a way of thinking that all of us who go to sea in small boats (or aspire to do so) should be using every day. And further, that many of my experience-based prejudices against certain systems and gear were actually the result of thinking about fault tolerance, although I had not used that label.

It Works

Also, this way of thinking, that I was unconsciously practicing, has yielded a reasonably reliable boat (touch wood) as we cruised to remote places where gear failures have much worse consequences than they do in more frequented locals where parts and services are available.

For All of Us

But fault tolerance thinking is not just for us high latitude sailors. After all, if something fails us halfway to Bermuda, we are just as much in a pickle as we would be in Greenland, perhaps more so since we can’t anchor in a nice sheltered cove to sort out the problem.

Heck, even if you do not plan to go offshore at all, gear failures are the most common cruise ruiner out there, so it still pays to apply fault tolerance thinking to your gear acquisition and installation decisions.

Defined

So what is fault tolerance? Wikipedia has this (and much else) to say:

Fault tolerance is the property that enables a system to continue operating properly in the event of the failure of (or one or more faults within) some of its components.

And I would add that it’s important to grasp that fault tolerance is different from reliability, repairability and backup (all important things to think about too).

At this point I could write a lot more words, probably really boring words, about fault tolerance theory, but let’s not do that.

Instead, let’s look at three real world system choices we sailors are faced with, and show how fault tolerance thinking makes the right choices obvious, or at least easier to arrive at. So here we go:


Login to continue reading (scroll down)

40 Comments
Oldest
Newest
Inline Feedbacks
View all comments
Robert Muir

Looks to me that option two would be two 200ah 12v banks totalling 400ah.

That aside, good article. I’m looking forward to seeing reasons for splitting a house bank.

I have:
Start: 2 x 100ah 12v
House: 6 x 100ah 12v
Fwd: 4 x 100ah 12v (mounted at base of mast for windlass & bow thruster)

0000 cables connect all banks and all are connected with Blue Sea Systems ML-ACR & ML-RBS with remote switches at the nav station. So I can use any or all of the banks for engine or electronics.

Rob Gill

Hi John,
Interesting article again, the most important part for me being the decision process in selecting critical gear. I would like to make a distinction between fault tolerant planning and back-up planning – something we gave a lot of thought to in our network business.
Fault tolerance in the network industry meant either absolute network (resiliency) or partial network (redundancy) with back-up. Most customers wanted resiliency until they saw the cost – true resiliency is very expensive and hard to implement. If the customer chose redundancy (or no fault tolerance) we would ask them for their back-up plan and where we fitted in to this. The plan needed to include full operational running of their business by alternate method ie. de-centralised computing and phones able to run without network support. Even more importantly their staff needed to be able to revert to the back-up operation without our intervention, and run independently. This needed good processes on their part, documentation and regular practises and training. For some customers this was indeed the best compromise because of their budget, location, or usage. Lesson1 – back up needs to be simple and fool-proof. This thinking can be applied to sailing but we need to understand what fault tolerance gives us, but also what it doesn’t provide. Very few systems are truly resilient, and often a well used and rehearsed back-up is much better than a partly fault tolerant option that then fails. When we are sailing, our sails are our primary propulsion system with the storm sails and working jib as back-up. The engine is secondary back-up. When we are motoring the engine is the primary, and the sails are the back-up and should be ready to hoist, halyard attached and cover off. Ditto the anchor. There is little redundancy in these systems but they are effective back-ups to each other if regularly used and practised.
Taking this further to the electronic navigation example above, option 2. This may seem to be fault tolerant, but it is important to recognise it also has a number of systemic weaknesses and dependencies. What if the GPS system fails – both units are probably using the same GPS system? What if the electronic charts are from the same provider – will the rock be missing on both sets of charts? What if we have a lightning strike – would we loose both? So for us, yes the chart plotter is now the primary system. The back-up is a well used paper chart, compass, identical route and way points with updated plot for each appropriate time interval and 2 handheld battery GPS units (and sextant in reserve). Importantly we both use the back-up system and it is part of our routine. We do have my iPad also with iSailor to give us some redundancy for the chart plotter function, and different (raster) electronic charts, but this is not our back-up. The weakness is we will only have paper passage and island group charts and we will be missing a number of the large scale island charts.
I spoke to my brother who is a Coastguard skipper about resiliency, and he says very few of their systems are duplicated and independent. Too costly and heavy and I wonder if this is true on most boats? I would much prefer a reliable primary system with a proven and well rehearsed back-up than a partial fault-tolerant system – too many “gotchas”.
Rob

Rob Gill

Hi John, I think your point was well made – I hope I didn’t infer otherwise. We used redundant network links often to improve availability of services to customers and this can improve things in most respects. The point I was trying to make (clumsily), is the paradoxical situation we observed with our customers where the better the fault tolerance of their system, the greater the time between failures experienced, the less likely their back-up system would work with staff able to operate it.
Rob

Marc Dacey

Precisely why I bought a 2017 Almanac at the boat show. The outlay encourages sextant practice. Some may smirk, but the stars, so far, can’t be turned off. Also, if one can be said to have a navigational mind, celestial nav keeps it sharp in a way plotters do not seem to. Same with taking bearings, etc. The physical side of nav means the mental side tends (for me) to make fewer mistakes, and it’s therefore worth at least one stashed iPad to me.

Paul Browning

Whilst I generally agree with you Marc, one of the great benefit of GPS, which many of us ornery old critters often overlook, is that it works when the sun and the stars are switched off, which they very frequently are for days on end, by clouds.

Rob Gill

Hi John,
I think there are numerous voyaging equivalents, the biggest one being the yacht itself. We put so much thought (this site is dedicated to it) to staying afloat, right side up, that most of us will never use our back up – the life-raft. But how many readers have done a sea survival course in the last three or five years and know the latest thinking on survival techniques i.e.. Plan B?
Jenny and I did our coastguard course two weeks ago. Let me add though I am not feeling smug. My three year old auto-inflate lifejacket failed to operate when I jumped in the wave pool clad in full wet weather gear, and the manual pull also failed. Luckily the back-up (he old unzip the jacket and blow air in) saved my day. We later found my gas cylinder lying on the bottom of the pool, having unscrewed itself.
Rob

Gary Warner

Option #1 of the bettery connection diagrams is also a strictly parallel connection and will yield a total voltage of only 2 volts.

John Christopher

Hi All,

I’m relatively new to this site and sailing in general and on my way to closing on our our first sailboat with a dream of one day cruising “out there”. I primarily joined this site above others as it represents true quality in dialog based on real experience. To date this is by far my favourite article since joining because it implies direct thinking to saftey, and questions I have for myself as responsible for my 7 and 10 year old, as well as my wife, and I’ll throw in the dog when we are out there. The boat we are closing is mid 80’s and has basic equipment which is what I wanted because I wanted to install a reliable system that is future proof saftey wise.

I have worked in R&D the telecommunication field for over 20 years which means fault tolerance and backup systems are at built into implicit thinking in any design. Ask yourself when was the last time you tried to make a call and the system didn’t work, and you can understand the complexity, and how it is hidden behind a simple interface of 10 digits.

In the Telecom space fault tolerance implies the system interruption, say to end users, cannot be unavailable for any period of time. One of the main fault tolerance use cases is emergency handling (I.e. 911). These systems have fault tolerance, backup systems, as well as manual systems (completely separate networks) if ever needed. Think disaster zones.

What I have gained from the above is primary system, secondary system (iPad), manual system (charts). Try to build in redundancy in all, and balance that on cost based on primary use cases (high latitudes vs lake sailing, vs coastal) against cost.

The heart of the article, to me, lies in the balance of where and in what conditions I sail in. My primary use case is safty. Achieving that allows me to enjoy sailing… 20 years of telecom and witnessing the most remote corner cases one could imagine Murphy could devise has taught me a lot.

It comes down to what level of risk you are comfortable with.

PS… sorry for posting a previously incomplete post (fat fingers on an iPad)

John Christopher

Hello John,

The beauty, and one of the main differentiators of AAC lies in the fact that it is admiringly not perfect, but like all of us endeavours to get better and better at what it stands for. AAC doesn’t draw hostility and that’s nice, especially when a novice like me can try and add value.

You see, I would not have picked out the unintended error, and if someone hadn’t pointed it out I would not have had anything to compare it against. In other words I have learned something thru others coming together and refining a message. The internet is full of “hmmm can I trust this” questions. AAC strives to be accurate thru a living audience, that contributes.

This is huge for those of us at the starting line of sailing.

Regards,

/John C.

PS.. issued corrections have been part of print in magazines, news papers, and on-line since the dawn of each. It’s actually quite normal, and says a lot about the editor when they make them 🙂

Spirits up… you and Phyllis have created something great :).