Redundancy involves including extra components in a system so that if one fails, the others can maintain functionality. There are two main types of redundancy: active, where extra components operate simultaneously to share the load, and standby, where extra components are on standby to activate if one fails. Standby redundancy can be further broken down into cold standby, where standby components share no load, and partly loaded, where they share a weak load while on standby. For redundancy to be effective, the components must be independent so that a single failure does not disable multiple components through common cause or cascading failures.
Redundancy involves including extra components in a system so that if one fails, the others can maintain functionality. There are two main types of redundancy: active, where extra components operate simultaneously to share the load, and standby, where extra components are on standby to activate if one fails. Standby redundancy can be further broken down into cold standby, where standby components share no load, and partly loaded, where they share a weak load while on standby. For redundancy to be effective, the components must be independent so that a single failure does not disable multiple components through common cause or cascading failures.
Redundancy involves including extra components in a system so that if one fails, the others can maintain functionality. There are two main types of redundancy: active, where extra components operate simultaneously to share the load, and standby, where extra components are on standby to activate if one fails. Standby redundancy can be further broken down into cold standby, where standby components share no load, and partly loaded, where they share a weak load while on standby. For redundancy to be effective, the components must be independent so that a single failure does not disable multiple components through common cause or cascading failures.
There are two ways of achieving better technical reliability of systems: (1) use items with very high reliability, and (2) introduce one or more reserve items [1]. The latter is referred to as redundancy. More specifically, the term redundancy means that a system has two or more components so that if one component fails, the other component(s) enable the system to function continuously, and this design principle is also called as fault tolerance [2]. IEC 60050-191 [3] defines redundancy as follows: In an item, the existence of more than one means for performing a required function It is self-evident that redundancy enhances the reliability of many technological systems [4]. Redundancy therefore has been a key concept to ensure high system reliability in engineering for over 50 years, and the concept is central in modern technology regulations [5]. Depending on its implementation, redundancy can be classified into two main categories: active redundancy and standby redundancy [2]. In active redundancy, 2 H. Kim et al. reserve components operate in parallel and share the load. Whereas in standby redundancy, reserve components are in standby and are activated when the ordinary component fails [1–3]. Standby redundancy can be further classified according to the load sharing. If the reserve components share no load in the waiting period, the redundancy is called cold standby. If the reserve components share a weak load in the waiting period, the redundancy is said to be partly loaded [1, 2]. The classification of redundancy is illustrated in Fig. 1. 1.2 Dependent Failure One important aspect of successful redundancy is independence. If the ordinary and reserve components are dependent, a single failure may disable both of the components, and consequently, the entire system can be inoperable. Dependent failures can be classified in three main groups [1, 2]: 1. Common cause failure (CCF): two or more component fault states exist simultaneously, or within a short time interval 2. Cascading failure: a failure of one component results in multiple failure through domino effect 3. Negative dependency: a single failure reduces the likelihood of failures of other components This chapter focuses on CCFs that can incapacitate redundant systems instantly (or within a short time interval). Negative dependency, which is not harmful (or maybe beneficial) to redundancy, and cascading failure, which may be modelled explicitly [6], are not within the scope of this chapter. Fig. 1