SAN FRANCISCO – For Atomic Energy of Canada Ltd., which operates nuclear power plants in Canada, China and Slovenia, downtime just isn’t an option. About 15 to 20 years ago, the Mississauga, Ont.-based company turned to QNX Software’s real-time operating system to keep its plants running. Since then, it has upgraded to version 4.0 and is now rolling out 6.0 – and that’s it.
“We chose QNX initially because of its micro-kernel architecture, its performance and its real-time capabilities,” said Ross Judd, manager of information and control systems development with Atomic Energy. It recently upgraded the hardware in its Slovenia plant, but didn’t have to upgrade the software except for one driver, he said. That application has been running for more than 10 years, and the company doesn’t anticipate upgrading the software for another 15 to 20 years.
Nuclear power plants have a lifecycle of about 30 years, he said, so these plants require technology that’s stable over long periods of time. “That’s what QNX has given us in contrast to some other operating systems like Windows, (where) you’re upgrading all the time, mostly for security reasons,” Judd said. “Besides its basic capabilities, (QNX) has features that protect it from failures that aren’t available in other operating systems.”
Atomic Energy is using QNX and its own in-house applications; it doesn’t use any other third-party products. And this provides the company with better control, said Judd, since it has to meet certain regulatory requirements and standards for its software.
“They provided redundant network support early on,” he said. “They have their own networking protocols that allow you to create distributed applications very easily. Combined with their message handling, they meet our regulatory requirements as well as our need for quality assurance.”
The QNX operating system is a micro-kernel operating system, which means it consists of a relatively small base of code. Only a few components that are critical to maintaining the operation of a function are in what’s called the protected kernel. All other elements are in modules that plug into the kernel. That means if one function fails, it won’t bring down the other functions; they’re protected from corrupting each other.