The major design driver for the satellite architecture is the requirement for an implementation of a failure tolerant design. Most of the used components are commercially available, mainly automotive grade. Failure tolerance of the system was achieved by the use of redundant subsystems that either run in parallel, referred to as 'hot-redundant', or lie dormant, referred to as 'cold-redundant'. Radiation induced effects on components are counteracted by prepending a securing circuitry that completely disconnect the components from power supply in case of a malfunction. Possible permanent damage due to excessive heat during latch ups can thus be prevented. The block diagram shows how the individual subsystems are interconnected by a redundant communication bus. The controller area network bus (CAN 2.0B) is used for subsystem communication. The CAN-bus works cold-redundant. Redundancy is supervised by the power control unit (PCU).


