Challenge Question:

Goal: create a device that does a simple function with a high level of reliability.

Function: A patient has a unique medical condition that requires a precise luminosity level in the room.
You are designing a device to be placed in the room. It should analyze the luminosity and adjust the
overhead lights to keep the luminosity within a specific threshold. An LED should be turned on if the
system feels it needs maintenance. A human operator checks the LED every 24 hours, and is trained to
change any piece of the circuit that is needed.
Tools: there is a perfectly reliable 9V power supply in the room. You are only allowed to use Arduino
Nano boards, although you may use as many as you want. You may also use as many photoreceptors as
you want. You can assume the overhead lights and the LED are perfectly reliable, and you can use either
serial or simple PWM to communicate with them.

Challenge: describe the kind of circuit you would assemble with the few simple components you are
allowed to use. How would you program each Arduino so that the whole system has a high collective
reliability and fault tolerance. What level of reliability do you feel you can reach (% of uptime). Which
faults do you expect, how to detect them, how to maintain operations if a fault is detected, etc. If you were
not constrained in the tools you can use, how would you design the system?

Solution:

Each circuit that is connected to an overhead light will consist of a Nano, photoresistor, and static resister
to create a voltage divider to send accurate luminosity readings. To maximize collective reliability and
fault tolerance, I will use one circuit unit for each overhead light. The collective system will be connected
to a central Nano (without a photoresistor) that will be used for processing the inputs. It will determine the
reliability of the incoming signals, send luminosity adjustment commands to the other Nanos, and notify
the human operator in case of system failure, by lighting up an LED (connected to the central Nano). The
9V power supply will power all of the Nanos in parallel.

I will program the central Nano to receive the output voltage readings of each of the Nanos in the
collective and command each of the Nanos to adjust the luminosity of its respective overhead light based
on the average reading of the collective. Each Nano will adjust luminosity of its respective overhead light
using the Nano’s PWM port. The data between each of the Nanos will be transferred via I2C protocol.
For each set of readings, the program will also measure the range between the maximum and minimum
signals (output voltage) of all of the units in the system. If the range rises above the photoresistor’s
defined tolerance (per its datasheet), this will be recorded as a “failure event” and will trigger the
maintenance LED to light up indefinitely until the operator comes in to fix and manually reset the system.
Likewise, if the difference between the average luminosity reading and the desired luminosity reaches
beyond the photoresistor’s tolerance range and stays outside the tolerance for more than one second,
this too will trigger the maintenance LED to light up. The operator will have access to the record of all
failure events to enable him to easily troubleshoot the problem.

Let’s take an example where the desired luminosity of the room is “X” and the average luminosity of all
the readings is “A”, the central Nano will command each of the other Nanos to adjust their light’s
luminosity by Absolute(”X” – “A”). In readings where the range rises above the defined tolerance, the
central Nano will remove all outliers for that specific reading. This way, when the output range rises above
the defined tolerance, the program will allow the system to continue working and at the same time prevent
the magnitude of each error to continue increasing with each reading.

To sum up, this system’s reliability (% uptime) will be dependent on the number of overhead lights. The
more lights, the lower the reliability. If “failure” is defined by the first instance of an incoming range that is
beyond the photoresistor’s tolerance, than system reliability is significantly lower. For that reason, I have
allowed to system to continue working, by eliminating outlier readings, allowing for significant fault
tolerance. If “failure” is defined by the point where actual luminosity stays outside the photoresistor’s
tolerance for over one second, I believe I can reach at least a 90% uptime for this system.

Because simple photoresistors have a pretty high acceptable tolerance range, I expect the range
between the minimum and maximum readings will be very significant, leading to high potential for “failure
events”. I have minimized system failure by incorporating a fault tolerance process by eliminating outliers
in each set of readings. Were I not restrained by the tools, I would use high accuracy luminosity sensors
to limit the allowable tolerance range of the sensor. This will lower the level of “failure events” and
significantly increase the availability and % uptime.

Follow-up

What happens if the central Nano unit fails? Can you also elaborate on how the PWM value to send to
each light is calculated?

Answer to Follow-up:

I’ll discuss the PWM calculation first. The voltage output to each overhead light is a factor of the duty
cycle defined by that photoresistor. When the central Nano unit calculates the difference between desired
luminosity and the average luminosity received from the other Nanos, it will convert that to the required
duty cycle to make the luminosity adjustment. In our case, if the luminosity needs to be adjusted up, the
duty cycle needs to rise, and vice versa. To accomplish this, the central Nano unit will update the
remaining Nanos about the required value in the counter register, which will be updated each time a
luminosity adjustment is required.

Now with regard to failure of the central unit: if that occurs, each of the Nano’s will have to be
programmed to be able to continue operation independently of the central unit in case proper data
communication is disabled. The purpose of installing one Nano per lighting unit is to make the system
robust, so that failure will not be dependent on any specific unit. Thus such a fault tolerance must also be
applied to the central unit. Each Nano is fully capable of adjusting luminosity on its own using its PWM
port. In case of central unit malfunction, the default response will be to light up the LED, and the
remaining Nanos will take over processing the luminosity deltas for themselves, and discontinue sending
data to the central unit. To accommodate for the case where the central unit experiences a complete
shutdown and is not able to power up the LED to notify the human operator, each of the Nanos of the
collective must be programmed to detect the central unit’s failure and power up the LED.