ITER CODAC Plant Control Design Handbook October 2008

Th

is in

form

ati

on

is

pri

vate

an

d c

on

fid

en

tial. ©

Feb

ruary

13

, 2

00

8

ITER CODAC Plant Control Design Handbook – Barcelona - 27 Oct 2008

ITER CODACPlant Control Design Handbook

October 2008

Anders Wallander & Luigi ScibileCHD Department

Th

is in

form

ati

on

is

pri

vate

an

d c

on

fid

en

tial. ©

Feb

ruary

13

, 2

00

8


The Plant Control Design Handbook (PCDH) defines standards, specifications and interfaces applicable to ITER Plant Systems Instrumentation & Control (I&C)

I&C standards are essential for ITER to• Integrate all Plant Systems into one integrated control system • Maintain all Plant Systems after delivery acceptance• Contain cost by economy of scale (spare parts, expertise)

The PCDH is applicable to all Procurement Arrangements

PCDH Objectives

ITER International Organization (IO)• Develop• Support• Maintain• Enforcethese standards

Th

is in

form

ati

on

is

pri

vate

an

d c

on

fid

en

tial. ©

Feb

ruary

13

, 2

00

8


• The development of PCDH started from the conceptual design• The process to get consensus within an intercontinental group takes time • The purpose of the official release IDM v.3 in July was to communicate current thinking, not to provide a contractual document• Therefore the current version is conceptual

• We have inserted “hold-points” in the first PA• The first ones elapse in April 2009 (hard deadline)• Next release of PCDH IDM v.4 before April 2009

• PCDH is a living document and will be released throughout the lifetime of ITER• The list of standards and specifications will be extended and will evolve• PCDH shall address obsolescence management

History and Future of PCDH

Th

is in

form

ati

on

is

pri

vate

an

d c

on

fid

en

tial. ©

Feb

ruary

13

, 2

00

8


CODAC Systems (WBS 4.5)

Interlock Safety

Plant SystemHost (PSH)

Main Control Room

CODAC Networks

Central Interlock Network

Central Safety Network

Central Safety SystemsCODAC Central Interlock System

Plant Operation Zone

Plant Conventional Control System

Subsystem Controller

Equipment

Sensors / Actuators

Sensors /

Plant Safety System


Equipment

Sensors / Actuators

ITER_CODAC_PCDH_Figures_Visio_0002

Plant Interlock System


Equipment

ActuatorsP

roc

ure

me

nt

Bo

un

dry

Pla

nt

Sys

tem

Systems (WBS 4.6)

Systems (WBS 4.8)

I&C structure• Segregation of ITER I&C into 3

tiers and 2 layersConventional Control • Control and monitoring for all

ITER PSInterlock • Protects the investment• Independent network and I&CSafety • Protects personnel, and

environment • Independent network and I&C • Two train systemsPlant Operation Zone (POZ)• Communication, command

and control boundary for Tokamak plant

Three tiers, two layers

Th

is in

form

ati

on

is

pri

vate

an

d c

on

fid

en

tial. ©

Feb

ruary

13

, 2

00

8


A CODAC Plant System has one and only one Plant System Host

Product Breakdown Structure

What are the Plant Systems?

Th

is in

form

ati

on

is

pri

vate

an

d c

on

fid

en

tial. ©

Feb

ruary

13

, 2

00

8


Th

is in

form

ati

on

is

pri

vate

an

d c

on

fid

en

tial. ©

Feb

ruary

13

, 2

00

8


Plant System Instrumentation & Control

Th

is in

form

ati

on

is

pri

vate

an

d c

on

fid

en

tial. ©

Feb

ruary

13

, 2

00

8


Plant System Host

Provided by IO with standard software

• Provides single point of entry for asynchronous communication• Supports set of standard field-buses to Local Controllers• Data driven (Plant System customization is done by self-description) • May come on different platforms to address scalability

PCDH chapter 5.4.1


Th

is in

form

ati

on

is

pri

vate

an

d c

on

fid

en

tial. ©

Feb

ruary

13

, 2

00

8


Plant System Host

Mini CODAC

Provided by IO with standard software

• Tool to verify functionality and interface at factory and on site (FAT, SAT)• Provides SCADA functionality including HMI• Can be used as platform for developing higher level Plant System functionalities later integrated in proper CODAC

PCDH chapter 2.8.9


Th

is in

form

ati

on

is

pri

vate

an

d c

on

fid

en

tial. ©

Feb

ruary

13

, 2

00

8


Plant System Host

Mini CODAC

Local Controller and Field Buses

Selected from catalogue of standard components

• Can be “slow” control (PLC) or “fast” control (embedded)

PCDH chapter 5.4.2-5


Th

is in

form

ati

on

is

pri

vate

an

d c

on

fid

en

tial. ©

Feb

ruary

13

, 2

00

8


Plant System Host

Mini CODAC


High Performance Network I/F


• High Performance Networks (HPN) are• SDN – Synchronous Databus Network• TCN – Time Communication Network• EDN – Event Distribution Network• AVN – Audio/Video Network

• Not all Plant Systems require HPN• Interface boards/drivers provided for selected platforms PCDH chapter 4.3


Th

is in

form

ati

on

is

pri

vate

an

d c

on

fid

en

tial. ©

Feb

ruary

13

, 2

00

8


Plant System Host

Mini CODAC


High Performance Network I/F

Actuators, sensors, signal conditionings

Selected by Plant System DeveloperPCDH will provide recommendations

PCDH chapter 5.4.7


Th

is in

form

ati

on

is

pri

vate

an

d c

on

fid

en

tial. ©

Feb

ruary

13

, 2

00

8



Cubicles


• Racks• Chassis• Power Supply• Cooling• Terminal strips• …

PCDH chapter 5.4.8

Th

is in

form

ati

on

is

pri

vate

an

d c

on

fid

en

tial. ©

Feb

ruary

13

, 2

00

8



Cubicles

I&C Bridge

Provided by IO

• Patch Panel connecting to ITER infrastructure (mainly fiber optics)• Wall mounted or in “CODAC hutch” close to I&C cubicles• Specifies cables and connectors• Plant System developer provides cables from cubicle to I&C bridge

PCDH chapter 4.3.4

Th

is in

form

ati

on

is

pri

vate

an

d c

on

fid

en

tial. ©

Feb

ruary

13

, 2

00

8



Cubicles

I&C Bridge

Cabling

Rules and Recommendations

• cables and connectors• internal and external• naming & labeling• grounding & earthing• electrical isolation• cable distances• EMC• radiationPCDH ch. 5.4.9 & Electrical Design Handbook

Th

is in

form

ati

on

is

pri

vate

an

d c

on

fid

en

tial. ©

Feb

ruary

13

, 2

00

8



Software environment and development process

Specified by IO

• Operating Systems on the different platforms (PSH, PLC, Embedded)• Communication middleware• Open source SCADA/software framework• Format and schemas for Self description data

• Programming languages on the different platforms• Programming standards• Methodology• Naming rules• Design and development tools• Testing tools• Configuration control

PCDH chapter 5.5

Th

is in

form

ati

on

is

pri

vate

an

d c

on

fid

en

tial. ©

Feb

ruary

13

, 2

00

8


Interlock Systems

Covered by PCDH

• Main system requirements

– Highest level interlock functions shall be designed to a high integrity level conforming to a Safety Integrity Level (SIL) 3 according to the standard IEC 61508

– The Central Interlock System shall acquire the critical digital signals from the Plant Interlock Systems and deliver outputs to Plant Systems (either via the corresponding “Plant Interlock Systems” or via direct interlocks) on the basis of boolean logic on the full set of inputs and on the latched outputs.

– The Central Interlock Systems are classified as non-SIC

– The interlock protective actions shall be graded at three levels:

• Level 1 interlock events (Fast shutdown) • Level 2 interlock events (Fast Controlled Pulse Shutdown)• Level 3 interlock events (Inhibit)

Th

is in

form

ati

on

is

pri

vate

an

d c

on

fid

en

tial. ©

Feb

ruary

13

, 2

00

8


Interlock Systems

• Equipment required:

Covered by PCDH

PCDH chapter 6

• Highly reliable and available PLC systems (SIL3)

• Some hardwired systems (2oo3 redundancy)

• Various type of transducers and actuators

• Various type of networks: TCP/IP, field buses, monitored hardwired links.

• Supervisory systems

• Short term data storage

• Operator synoptic via CODAC + Gateway

Th

is in

form

ati

on

is

pri

vate

an

d c

on

fid

en

tial. ©

Feb

ruary

13

, 2

00

8


Safety Systems

Covered by PCDH

• Main system requirements

– The CSS for Nuclear risk and Personnel access shall be classified as a SIC system classed as implementing safety functions of category B (IEC 61226) with systems of class 2 (IEC 61513)

– The CSS for conventional risks shall be designed to a high integrity level conforming to a Safety Integrity Level (SIL) 3 (IEC 61508).

– Safety functions of category A shall be implemented via hardwired logic with systems of class 1.

– No Common Cause of Failure

– Multiple line of defense

Th

is in

form

ati

on

is

pri

vate

an

d c

on

fid

en

tial. ©

Feb

ruary

13

, 2

00

8


Safety Systems


Covered by PCDH

PCDH chapter 7

• Highly reliable and available PLC systems (Class 2)

• Hardwired logic (Class 1)

• Various type of transducers

• Various type of networks: TCP/IP, Safety field buses, monitored hardwired links.


• Long term safe data storage

• Safety operator’s desks

Th

is in

form

ati

on

is

pri

vate

an

d c

on

fid

en

tial. ©

Feb

ruary

13

, 2

00

8


Plant System I&C – Life Cycle

PCDH chapter 2.4 and 3

Th

is in

form

ati

on

is

pri

vate

an

d c

on

fid

en

tial. ©

Feb

ruary

13

, 2

00

8


Build to print Procurement Arrangement


IO -> <- DA

Th

is in

form

ati

on

is

pri

vate

an

d c

on

fid

en

tial. ©

Feb

ruary

13

, 2

00

8



Detailed design Procurement Arrangement

IO -> <- DA

Th

is in

form

ati

on

is

pri

vate

an

d c

on

fid

en

tial. ©

Feb

ruary

13

, 2

00

8



Functional specifications Procurement Arrangement

IO -> <- DA

Th

is in

form

ati

on

is

pri

vate

an

d c

on

fid

en

tial. ©

Feb

ruary

13

, 2

00

8



Check points

Th

is in

form

ati

on

is

pri

vate

an

d c

on

fid

en

tial. ©

Feb

ruary

13

, 2

00

8


A proper long term plan shall be developed in the next months

Short-term Schedule

Th

is in

form

ati

on

is

pri

vate

an

d c

on

fid

en

tial. ©

Feb

ruary

13

, 2

00

8


Cooperation agreement CERN Machine ProtectionInterlock & Safety Support (Framework contract, in-sourcing)CODAC Engineering Support (Framework contract, in-sourcing)SW Tools for packaging and trainingCustomization/improvements CODAC comm middleware and SCADA func.Supply Mini CODAC application layer modulesSupply customized Mini CODAC systems for NB, Cryo, PS, etc.Design and supply CODAC networksStudy scientific data streamingPrototype Data Acquisition and Data Streaming ArchitecturePrototype and case study for plasma feedback controlPrototype Plasma Control System ArchitecturesPrototype CODAC SupervisorPrototype Integration of Pulse Execution SystemAnalysis of fault scenarios for machine protectionPrototype evaluation of highly available interlock architecturesFormal models for Instrumented Central Safety SystemsSupply of Central Interlock System

Some ideas for 2009-2011

Th

is in

form

ati

on

is

pri

vate

an

d c

on

fid

en

tial. ©

Feb

ruary

13

, 2

00

8


Conclusions

• The Plant Control Design Handbook (PCDH) defines standards, specifications and interfaces applicable to ITER Plant Systems Instrumentation & Control (I&C)

• PCDH is applicable to all Procurement arrangement having any I&C

• PCDH covers hardware, software and development process

• PCDH contains mandatory standards and recommendations

• Next release of PCDH is due in April 2009• PCDH is a living document and will be released on a

regular basis throughout the lifetime of ITER

Th

is in

form

ati

on

is

pri

vate

an

d c

on

fid

en

tial. ©

Feb

ruary

13

, 2

00

8


Conclusions

ITER IO is committed to • develop • support • maintain • enforce PCDH standards in order to successfully • integrate • maintain • contain the cost of the ITER control system

First prototype in IO lab Sep’08

Th

is in

form

ati

on

is

pri

vate

an

d c

on

fid

en

tial. ©

Feb

ruary

13

, 2

00

8


20192018201720162015201420132012201120102009

Q4Q3Q2Q1 Q4Q3Q2Q1 Q4Q3Q2Q1 Q4Q3Q2Q1 Q4Q3Q2Q1 Q4Q3Q2Q1 Q4Q3Q2Q1 Q4Q3Q2Q1 Q4Q3Q2Q1 Q4Q3Q2Q1 Q4Q3Q2Q1

Contract strategy (1/2)

I&C Support for Plant Systems

CODAC Support

Central Interlock and Safety Systems Support

I&C Plant Systems DevelopmentI&C Plant Systems DevelopmentI&C Plant Systems DevelopmentI&C Plant Systems realization (~ x100)

CODAC sub-systems DevelopmentCODAC sub-systems DevelopmentCODAC sub-systems DevelopmentCODAC sub-systems realization (~x 10)

Central Safety Systems realization (x 3)

Central Interlock Systems realization (x 3)

In fund, contracts placed by ITER IOIn kind, contracts placed by ITER DAsTask agreements, most probably no contracts with with Industry

Assistance Contracts

Central Safety Systems realization (x 3)Central Safety Systems realization (x 3)

Central Interlock Systems realization (x 3)Central Interlock Systems realization (x 3)

Start Integrated commissioning

First Plasma

Procurement Contracts

Start of Tokamak assembly

Prototypes realization (x 10)Prototypes realization (x 10)

Th

is in

form

ati

on

is

pri

vate

an

d c

on

fid

en

tial. ©

Feb

ruary

13

, 2

00

8


Contract strategy (1/2)

• Support:– Technical Specifications– Engineering design– Engineering studies

• Performance evaluations• Safety studies• Modeling and simulations• Pre-construction drawings• PID and Functional drawings • Security engineering• technical reviews

– Provisioning and logistics– Quality Assurance – Contract preparation– Planning and Scheduling– Verification and Validation– Commissioning coordination

• Realization:– Final Design– Software (SW) development– Procurement of equipment– Hardware (HW) assembly– SW & HW Integration– Configuration and data management– Overall documentation

• Detailed design documents• PID and Functional drawings• Construction drawings• As built folders• Installation procedures• Commissioning procedures• Operation manuals• Maintenance manuals

– Factory and site acceptance– Site installation– Site Commissioning

Th

is in

form

ati

on

is

pri

vate

an

d c

on

fid

en

tial. ©

Feb

ruary

13

, 2

00

8


• Highly reliable and available PLC systems (SIL3)

• Some hardwired systems

• Various type of transducers and actuators

• Various type of networks: TCP/IP, field buses, monitored hardwired links.


• Short term data storage

• Operator synoptic via CODAC + Gateway


Interlock Systems

Th

is in

form

ati

on

is

pri

vate

an

d c

on

fid

en

tial. ©

Feb

ruary

13

, 2

00

8


Safety Systems


• Highly reliable and available PLC systems (Class 2)

• Hardwired logic (Class 1)

• Various type of transducers

• Various type of networks: TCP/IP, Safety field buses, monitored hardwired links.


• Long term safe data storage

• Safety operator’s desks

Th

is in

form

ati

on

is

pri

vate

an

d c

on

fid

en

tial. ©

Feb

ruary

13

, 2

00

8


CODAC contracts today

Th

is in

form

ati

on

is

pri

vate

an

d c

on

fid

en

tial. ©

Feb

ruary

13

, 2

00

8


Self-description dataflow: development

PS description

1

Devel tools project files

2PSH static configuration

2

PS devices programs + static configuration

3

PS parameters

4

PS dynamic parameters

5

PS devices dynamic parameters

6PS data

7

PS data

8

PS response

9

Problem report

10Regular transfer

11

PS requirements and needs

12

PS development progress 12

CODAC test data

12

ITER CODAC Plant Control Design Handbook October 2008

Documents

Transcript of ITER CODAC Plant Control Design Handbook October 2008