Skip to content

Two is One and One is None – Resilience

Quality, Consequences and the Construction Industrial Complex (part 92) – All IMHO:

“ Two is One and One is None”, Jocko Willink, retired Navy Seal.

This is a military perspective on redundancy for mission critical equipment and systems. 

For businesses, redundancy is a risk management issue. For example, if Amazon servers go down they lose an estimated $1,104 in sales for every second of downtime (Source: www.datacentres.com)

Bottom line, you need a back-up. Downtime matters, and downtime prevention matters, so redundancy matters.

From a property perspective this concept is understood to some extent, but in my experience, not well enough. I regularly meet with design engineers that do not have clear definitions of N or N+1, 2N or 2N+1. Many do not know what building systems are mission critical for the owner. 

This issue must be addressed on every building and it starts with the design brief or “Owners Project Requirements” (OPR). When building services engineers commence design work they must confirm what functions and systems are mission critical. There is a hierarchy:
​ 

  1. Basic life safety – emergency power and lighting for egress 
  2. Additional life safety – e.g clinical / medical functions in hospitals 
  3. Business mission critical risks – e.g. bank dealing operations or data centres
  4. Catastrophe threats – e.g nuclear power plants 

Depending on building type and user application one of the following redundancy definitions should IMHO, form part of the design strategy and be recorded in the OPR. It is also important to differentiate between equipment and systems.

Key Definitions 

  • Equipment: distinct item of plant

  • System: a set of interconnected materials and equipment, forming a complex, integrated whole 

  • Resilience: Ability to recover quickly from difficulties or loss 

  • Redundancy: Inclusion of additional system components in case of failure to ensure functionality and mission continuance 

  • SPOF: Single Point of Failure

N (Normal) Equipment and System 

No redundancy and multiple single points of failure

N+1 Equipment

Form of resilience that ensures system availability in the event of key component failure or maintenance.

Equipment / plant (N) required for at lest one independent backup component (+1).

Referred to as active or passive stand-by e.g. 2 duty + 1 stand-by pump. 

2N Equipment

Level of resilience that ensures system availability in the event of key component failure or maintenance.

For 2N equipment redundancy there is double the required amount of equipment / plant to support the load;

Should N=1 then there should be 2 items of equipment / plant;

Should N=3 then there should be 6 items of equipment / plant;

Referred to as parallel stand-by e.g. 2 duty + 2 stand-by pumps.

This arrangement is seldom considered unless there is a high level of mission criticality e.g Data Centres, Hospitals, Laboratories.

Note: N+1 and N+2 are not fully redundant systems. System failure can occur because the system is run on common circuitry, networks or feeds at one or more points rather than completely separate circuitry, networks or feeds. 

2N System

Also known as “system + system”. Complete redundancy with no single points of failure.

Two distinct and separate systems including separate equipment, distribution plus diverse routing for power and comm’s.

Should one system fail, the second system will operate in isolation and continue to support the entire system load. 

This arrangement is appropriate for high levels of mission criticality e.g Data Centres, Hospitals, Laboratories.

2N+1 System

This is “system + system” plus further back-up on equipment, providing complete redundancy with no single points of failure.

Two distinct and separate systems including separate equipment plus redundant back-up equipment, distribution plus diverse routing for power and comm’s.

Should one system fail, the second system will operate in isolation and continue to support the entire system load with additional equipment back-up. 

This arrangement is appropriate for extreme levels of mission criticality e.g Data Centres, Bio Laboratories, Nuclear Facilities.

A PDF file with the above diagrams and definitions can be downloaded from https://bldwhisperer.com/downloads.html

I hope the above clarifies what I believe is a fundamental building design issue. 

I have been on hospital projects where mission critical items of medical equipment were not connected to the generator and this was identified at handover, when it was too late. Who was to blame? The hospital owners, because they never briefed the design team correctly. However the design team also failed, because they never asked. 

Design teams must ask questions regarding mission critical equipment and systems, record the answers in the OPR and get the owner to sign off before design is completed, IMHO. 

Twitter: @BLDWhisperer

Related posts & links:

#59 – Building Design Principals Hierarchy ( https://www.linkedin.com/pulse/building-design-principals-hierarchy-adam-muggleton?trk=mp-author-card )

#85 – Who Wants Free Risk & Quality Management? ( https://www.linkedin.com/pulse/who-wants-free-risk-quality-management-adam-muggleton?trk=mp-author-card )

#89 – Single Point of Effectiveness & VAV Systems ( https://www.linkedin.com/pulse/single-point-effectiveness-vav-systems-adam-muggleton?trk=mp-author-card )

Comments (0)

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top