PIC configuration (maskable/unmaskable circuits) I. Romera MPP meeting – 07.03.2014.
CERN Ivan Romera MPE-Technical meeting Status on CERN-ITER collaboration for Machine Protection...
-
Upload
alannah-norman -
Category
Documents
-
view
213 -
download
0
Transcript of CERN Ivan Romera MPE-Technical meeting Status on CERN-ITER collaboration for Machine Protection...
CERN
Ivan Romera MPE-Technical meeting
Status on CERN-ITER collaboration for Machine Protection
Acknowledgments: J.Burdalo, R.Schmidt, S.Wagner , M.Zaera Sanz, M.Zerlauth and Critical Systems Lab
EDMS 1283934
CERN
Ivan Romera MPE-Technical meeting
Overview of current agreement
2
Collaboration agreement with duration from 2010 to end 2012
● Task-1: Consultancy for the setup of a Machine Protection Working GroupProposal and recommendations sent to ITER
● Task-2: Definition of the overall architecture of the Machine Protection and Central Interlock SystemThe overall architecture of these systems is defined
● Task-3: Specifications for the fault scenarios simulationsDone for the magnet interlock system, new methods were developed to
assess architectures of interlock systems + external consultant from system safety domain
● Task-4 Definition of tools for diagnostics of the machine protection systemsPartially done, combined with the development of a prototype
CERN
Ivan Romera MPE-Technical meeting
Recap - Powering Layout
3
CS3U
CS2U
CS1U
CS1L
CS2L
CS3L
PF1
PF6
PF2
PF3
PF4
PF5
CCU1
CCU2
CCU3TF
PF1 PS
CS3U PS
CS2U PS
CS1U PS
CS1L PS
CS2L PS
CS3L PS
PF6 PS
TF PS
PF2 PS
PF3 PS
VS PS
PF4 PS
PF5 PS
9 FDUs
SNU FDU
SNU FDU
SNU FDU
SNU FDU
SNU FDU
SNU FDU
SNU FDU
SNU FDU
FDU
FDU
FDU
FDU
CSU1 PSPMS
CSU2 PS
CSU3 PS
CCL1
CCL2
CCL3
CSL1 PS
CSL2 PS
CSL3 PS
CCS1
CCS2
CCS3
CSS1 PS
CSS2 PS
CSS3 PS
PMS
PMS
PMS
PMS
PMS
PMS
PMS
PMS
PMS
PMS
PMS
PMS
PMS
PMS
PMS
PMS
PMS
PMS
PMS
PMS
PMS
TF
PF1
PF2
PF3
PF4
PF5
PF6
CS3U
CS2U
CS1U
CS1L
CS3L
CS3L
CCU
CCS
CCL
Acronym Naming
I Nominal
(kA)
Inductance
(H)
Stored Energy
(Gj)
TF Toroidal Field 68 17.7 41
CS Censtral Solenoid 45 0.784 4
PF Poloidal field 48 0.784 4
CCU,S,L
Correction Coil Upper,
Side, Lower 10 0.02
PS Power Supply
PMS Protective Make Switch
SNU Switching network Unit
FDU Fast Disharge Unit
CERN
Ivan Romera MPE-Technical meeting
Recent activities 1/5
4
● Prototype for magnet powering interlocks has been completed and delivered to Cadarache (fully documented)
● Following individual commissioning, system is awaiting first connection and tests with quench detectors before being shipped to India & China
Redundant S7400 PLCs
I/Os in 2oo3
Local supervision
Standard User Interface
Based on redundant safety PLCs + 2oo3 I/O module configuration (down to and
including client connections)
Fault tolerant to any single component failure
Redundancy of programming through safety matrix + standard logic
Local SCADA system + touch screen
Standard user interface (DLUI) for client connections and diagnostics
CERN
Ivan Romera MPE-Technical meeting
Recent activities 1/5
5
● Prototype for magnet powering interlocks has been completed and delivered to Cadarache (fully documented)
● Following individual commissioning, system is awaiting first connection and tests with quench detectors before being shipped to India & China
Based on redundant safety PLCs + 2oo3 I/O module configuration (down to and
including client connections)
Fault tolerant to any single component failure
Redundancy of programming through safety matrix + standard logic
Local SCADA system + touch screen
Standard user interface (DLUI) for client connections and diagnostics
CERN
Ivan Romera MPE-Technical meeting
Recent activities 2/5
6
● Different HW architectures tested in order to find the fastest and more dependable solution
N
Discharge loop based on Standard + Failsafe components
Implementation based on Safety Matrix + AWL
CERN
Ivan Romera MPE-Technical meeting
Recent activities 3/5
7
● Different HW architectures tested in order to find the fastest and more dependable solution
Discharge loop using only standard componentsbut diversity of components
Implementations based on AWL for Boolean Processors and CPU
CERN
Ivan Romera MPE-Technical meeting
Recent activities 4/5
8
● Working on 2nd version of User Interface Box (only non COTS component), including Profinet connectivity for diagnostic purposes
● PCB already produced and currently being tested
Rad tolerant FPGA
User connectivity
Mechanics + redundant power supplied
Profbus in V1.0Profinet in V2.0
CERN
Ivan Romera MPE-Technical meeting
Recent activities 5/5
9
● Completed dependability analysis of magnet powering interlock system with external company from system safety domain (CSL – Critical Systems Lab), including
• Dependability analysis and review of functional specification, definition of Investment Protection functions
• Definition of state machines for system functionality (concurrency between circuits)
• Study of interfaces and dependencies with main client systems (QD, PC, FDU,…)
• Catalogue of (unresolved) design issues• Failure Mode and Effect Analysis (FMEA) for backbone architecture
CERN
Ivan Romera MPE-Technical meeting
Budget and resources
10
● CERN resources invested to date:• 2200 hours of CERN staff (system design, meetings,…) • 400 hours of student/Fellow for analysis of interlock architectures• 1200 hours of Fellow (50% since Aug 2011) for development of
interface box • 960 hours of PJAS + 880 hours of external consultant for PLC SW and
SCADA
● Additional external resources invested to date:• 300 hours of system safety consultancy (through direct contract of
CSL with ITER)
● Budget and expenses evolved as planned
CERN
Ivan Romera MPE-Technical meeting
Conclusions
11
● The collaboration agreement ended in 2012, all deliverables completed● Collaboration has been fruitful learning experience for CERN in many fields
(COTS vs voting in interlock systems, radiation tolerant FPGAs, Profinet, studies of architecture and system dependability,..)
● Due to delay of China test and ITER wish for a V2.0 of user interface, agreed on extension of collaboration by 1 year
● Possible continuation as of 2014 on following topics (tbd):• Analysing + feed back the performance from the China tests into final
design• Provision of full-scale system including full monitoring part• Definition of the entire powering interlock system (includes
clarification of open questions)• Other topics related to Machine Protection (towards interlocking of
Plasma)