UPS systems - Reliability and resilience key


In uninterruptible power supplies (UPS) resilience is the capacity of a system to adapt to hazardous conditions by resisting or changing to maintain an acceptable level of function and operation. It is also known as fault tolerance.

There are three key elements to UPS resilience:

  • The use of multiple power paths to ensure ac supply continuity (even during maintenance).
  • The ability of power protection systems to clear fault conditions.
  • Achievement of the lowest number of single-points-of-failure.

In this article, Robin Koffler, general manager of Riello UPS, examines uninterruptible power supply reliability and resilience and highlights the issues electrical engineers must take into consideration when designing UPS systems to ensure the result is the most reliable and resilient possible.

Designing resilience into a power protection solution is easier, less costly and disruptive at the outset, rather than retrofitting an existing system. UPS resilience levels are affected by the topology chosen and its distribution. Online UPS include an automatic bypass and therefore a safe failure to mains mechanism - not present in line interactive or offline designs. Online UPS (above 10kVA) are also capable of parallel operation, which provides additional capacity and redundancy. Dual input supplies and static transfer switches can be incorporated to strengthen overall system design but should not be considered viable options as alternatives to UPS in their own right.

Firstly, the category of load will directly influence the need for resilience and redundancy in the power protection system. There is little point implementing high levels of redundancy and thus wasting capital expenditure for loads that are none-essential or not critical to business continuity; canteen and printing facilities for example. However, computer, security, fire suppression, safety and building management systems must be kept going at all costs and so are classed as either critical or essential and require UPS redundancy, or in certain cases, the highest levels of redundancy. Redundancy comes from having a power protection system that has itself a ‘backup', which could be parallel UPS and/or an alternative power path and bypass.

Reliability measures include meantime between failure (MTBF), which needs to be maximised and meantime to repair (MTTR), which must be minimized. Another measure is availability of protected loads, which is not the same as reliability and is defined, in percentage terms, by a series of nines, five nines (99.999%) and six nines (99.9999%) being the most desirable level to attain.

The various UPS configurations, including single, parallel and series redundant will each offer a different level of resilience, MTBF and availability. Other aspects to consider are bypass arrangements, the selection of a shared or common battery set and distribution of power to the loads themselves.

Single UPS Installation

This is the most common form of UPS below 10kVA. It has one power path, a single ac supply, normally mains, which can be supplemented by a standby generator. The single power path represents a single-point-of-failure, which can be removed using a dual input supply. This configuration provides no redundancy.

The field population calculation MTBF for a typical online UPS is 250,000 hours (which varies between manufacturers). However, this reduces to just that of the mains power supply (50 hours) when the UPS is bypassed and the load is connected directly to it. Typically, this type of uninterruptible power supply would be implemented for non-essential loads.

Parallel UPS

There are two primary types of parallel UPS configuration: parallel-redundant systems (N+X) and parallel-capacity (N). Parallel-redundancy describes an uninterruptible power supply comprised of two or more UPS modules that equally share the load during normal operation but that can take over the total load should one or other of them fail during a mains power cut. It is the most commonly implemented solution for mission critical applications. MTBF ratings for this type of configuration are ten times higher than a single UPS. When designing such a system, the trick is to get the sizing of it just right, allowing enough spare capacity within each module so that they can power the total load if required but not so much that they run inefficiently. Too little and an overload will cause the static switch bypass to be triggered; too much and the capital cost of buying the extra capacity has been wasted.

A parallel-capacity UPS is created when multiple modules are connected in parallel but without redundancy. This type of configuration does not increase system resilience.

Series Redundant UPS

Series redundancy occurs when two UPS modules are connected so that either a) one directly feeds the other, which would typically be used for low power applications or b) the output of one uninterruptible power supply module is used to supply the bypass of another, which is also known as a ‘cold standby' arrangement. If one UPS fails the other automatically powers the load.

The disadvantages of series redundancy are inefficiency and cost and a single-point-of-failure. The configuration is less efficient than the two parallel configurations because series redundancy requires the UPS modules to be significantly oversized, which means higher capital and installation costs.

Automatic Transfer Switches (ATS)

For UPS below 10kVA that cannot be operated in parallel, automatic transfer switches can provide resilience. An ATS has two ac input power sources, which can work in three different ways:

  • One power source can be supplied from the output of a UPS and the other from the mains.
  • Both can be supplied from two separate UPS outputs.
  • Both can be supplied from two separate mains sources.

When one of the power sources fails, the loads are automatically transferred to the second. This is instantaneous when the two supplies are in phase with one another. An ATS can also provide protection against load short-circuits and can be powered on and off remotely (over a network). Its load can be measured locally via an LCD panel or built-in sub-D type communications port. Hardwired versions for higher operating power are also available.

The key to designing the most reliable and resilient UPS system is to take each and every element of it and ask the following questions: if this component fails in a power cut, will the loads still be powered? If the answer is "no" and it's a critical or essential load, design redundancy into the uninterruptible power supply by introducing another power path, installing a parallel-redundant system and closing off single-points-of-failure.