Plant System I&C Architecturestatic.iter.org/codac/pcdh7/Folder 1/2-Plant_System_I&C... · EXTERNAL...

PDF generated on 18-Mar-2013DISCLAIMER : UNCONTROLLED WHEN PRINTED – PLEASE CHECK THE STATUS OF THE DOCUMENT IN IDM

Technical Specifications (In-Cash Procurement)

Plant System I&C Architecture

This technical note discusses the architecture of the ITER Plant System Instrumentation & Control System. There will be more than 160 of these systems, each with different characteristics and requirements. They all have to be integrated in the ITER I&C System.

Approval Process Name Action AffiliationAuthor Wallander A. 06-Feb-2013:signed IO/DG/DIP/CHD/CSDCoAuthorReviewers Journeaux J.- Y. 06-Feb-2013:recommended IO/DG/DIP/CHD/CSD/PCIApprover Thomas P. 18-Mar-2013:approved IO/DG/DIP/CHD

Document Security: level 1 (IO unclassified)RO: Wallander Anders

Read Access LG: CODAC team, AD: ITER, AD: External Collaborators, AD: Division - Control System Division - EXT, AD: Section - CODAC - EXT, AD: Section - CODAC, project administrator, RO, AD: Division - Control System Division

IDM UID

32GEBHVERSION CREATED ON / VERSION / STATUS

06 Feb 2013 / 2.4/ Approved

EXTERNAL REFERENCE

PDF generated on 18-Mar-2013DISCLAIMER : UNCONTROLLED WHEN PRINTED – PLEASE CHECK THE STATUS OF THE DOCUMENT IN IDM

Change Log

Title (Uid) Version

Latest Status Issue Date Description of Change

Plant System I&C Architecture (32GEBH_v2_4)

v2.4 Approved 06 Feb 2013

Minor updates for PCDH v 7 package; update of PCDH document map, introduction of DAN, clarifications of network connections (new figure), resolving some TBD, removing list of plant system I&C (appendix)


v2.3 Approved 07 Feb 2011

After review of PCDH v6 package


v2.2 Signed 05 Jan 2011

UPLOADED FOR REVIEW ONLY (PCDH v6).

After technical editing by JP.



UPLOADED FOR REVIEW ONLY (PCDH v6)



THIS VERSION IS UPLOADED FOR PCDH v6 DOCUMENTATION PACKAGE REVIEW ONLY!


v1.1 Approved 29 Jan 2010

After technical editing by John Poole and review by I&C IPT


v1.0 Approved 03 Dec 2009

First issue after internal review


v0.0 In Work 02 Dec 2009

Table of Contents

1 INTRODUCTION..................................................................................................................................3

1.1 Objective.........................................................................................................................................3

1.2 Assumptions ..................................................................................................................................3

1.3 References......................................................................................................................................3

1.4 Acronyms .......................................................................................................................................4

2 PHYSICAL ARCHITECTURE..............................................................................................................5

2.1 OSI layer 2 switch ..........................................................................................................................6

2.2 Plant System Host .........................................................................................................................6

2.3 Fast Controller ...............................................................................................................................6

2.4 Slow Controller ..............................................................................................................................6

2.5 Interlock Controller........................................................................................................................7

2.6 Occupational Safety Controller ....................................................................................................7

2.7 COTS Intelligent Device ................................................................................................................7

2.8 Remote I/O ......................................................................................................................................7

2.9 Signal Interface ..............................................................................................................................7

2.10 Cubicles ..........................................................................................................................................7

2.11 CODAC Terminal............................................................................................................................7

2.12 High Performance Networks.........................................................................................................7

2.13 CODAC System / Mini-CODAC .....................................................................................................8

2.14 Central Interlock System...............................................................................................................8

2.15 Central Safety System ...................................................................................................................8

3 FUNCTIONAL ARCHITECTURE.........................................................................................................9

3.1 Simplest possible plant system I&C ............................................................................................9

3.2 Small Industrial Plant System I&C .............................................................................................10

3.3 Small Mixed Plant System I&C ...................................................................................................11

3.4 Industrial Plant System I&C with Fast Acquisition...................................................................12

3.5 Complex Diagnostics plant system I&C connected to PCS ....................................................14

4 CONCLUSIONS.................................................................................................................................17

1 INTRODUCTION1.1 Objective

This technical note discusses the architecture of plant system I&C. The objectives are to identify and define the plant system I&C components and their relations, to analyze the feasibility of implementing different types of plant system I&C using these components and to identify any weaknesses and problems in the approach.

This document is part of the PCDH documentation package (Fig 1.1).

Core PCDH (27LH2V)Plant system control philosophyPlant system control Life CyclePlant system control specificationsCODAC interface specificationsInterlock I&C specificationSafety I&C specification

PCDH core and satellite documents: v7PS CONTROL DESIGN

Plant system I&C architecture (32GEBH)

Methodology for PS I&C specifications (353AZY)

CODAC Core System Overview (34SDZ5) INTERLOCK CONTROLS

Guidelines for PIS design (3PZ2D2)

Guidelines for PIS integration & config. (7LELG4)

Management of local interlock functions (75ZVTY)

PIS Operation and Maintenance (7L9QXR)

I&C CONVENTIONSI&C Signal and variable naming (2UT8SH)

ITER CODAC Glossary (34QECT)

ITER CODAC Acronym list (2LT73V)

PS SELF DESCRIPTION DATASelf description schema documentation (34QXCP)

CATALOGUES for PS CONTROLSlow controllers products (333J63)

Fast controller products (345X28)

Cubicle products (35LXVZ)

Integration kit for PS I&C (C8X9AE)

PS CONTROL INTEGRATIONThe CODAC -PS Interface (34V362)

PS I&C integration plan (3VVU9W)

ITER alarm system management (3WCD7T)

ITER operator user interface (3XLESZ)

Guidelines for PON archiving (B7N2B7)

PS Operating State management (AC2P4J)

Guidelines for Diagnostic data structure (354SJ3)PS CONTROL DEVELOPMENT

I&C signal interface (3299VT)

PLC software engineering handbook (3QPL4H)

Guidelines for fast controllers (333K4C)

Software engineering and QA for CODAC (2NRS2K)

Guidelines for I&C cubicle configurations (4H5DW6)

CWS case study specifications (35W299)

NUCLEAR PCDH (2YNEFU)

OCCUPATIONAL SAFETY CONTROLSGuidelines for PSS design (C99J7G)

Available and approved

Legend

This document

(XXXXXX) IDM ref.

Plant system I&C architecture (32GEBH)

Figure 1.1 Schema of PCDH documents

1.2 Assumptions

The starting point of the analysis is the CODAC system design description [RD1] and the Plant Control Design Handbook (PCDH) [RD2]. Design decisions taken during 2009 are incorporated, in particular the decision to use Siemens Simatic S7, EPICS and channel access communication middleware. Further, evolution and development in 2010-2012 in the areas of high performance networks, interlocks and occupational safety have been incorporated. This technical note does not address the nuclear safety control systems.

1.3 References

[RD1] CODAC DDD (ITER_D_6M58M9 v1.3)

[RD2] Plant Control Design Handbook (ITER_D_27LH2V)

[RD3] Signal and plant system I&C Variable Naming Convention (ITER_D_2UT8SH)

[RD4] ITER Control System Architecture - Technical Note (ITER_D_2VTVHT)

[RD5] I&C signal processing, part I cubicle and wiring configurations (ITER_D_3299VT)

https://user.iter.org/?uid=6M58M9&action=get_document







https://user.iter.org/?uid=27LH2V&action=get_document









https://user.iter.org/?uid=2UT8SH&action=get_document

















https://user.iter.org/?uid=2VTVHT&action=get_document















https://user.iter.org/?uid=3299VT&action=get_document



















1.4 Acronyms

AVN Audio Video NetworkCIN Central Interlock NetworkCIS Central Interlock SystemCODAC Control, Data Access and CommunicationCOS Common Operating StateCOTS Commercial Off-The-ShelfCSS Central Safety SystemsEPICS Experimental Physics and Industrial Control SystemHMI Human-Machine InterfaceHPN High Performance NetworksI&C Instrumentation & ControlI/O Input / OutputIO ITER OrganizationIOC Input / Output ControllerNTP Network Time ProtocolMRG-R Real-time enabled version of RHELOSI Open System InterconnectPCI Peripheral Component InterconnectPCIe PCI ExpressPCS Plasma Control SystemPLC Programmable Logic ControllerPON Plant Operation NetworkPS Plant SystemPSH Plant System HostPV Process VariableRD Reference DocumentRHEL Red Hat Enterprise LinuxSDN Synchronous Databus NetworkTBD To Be DefinedTCN Time Communication Network

2 PHYSICAL ARCHITECTUREAny plant system I&C is made up of a set of standard components. These standard components can be selected and combined in different ways to address the particular plant system I&C characteristics and requirements. The set of components can be viewed like Lego blocks to be assembled by the plant system I&C designer.

Figure 2-1illustrates how the plant system I&C components can be connected to the central I&C networks.

Interlock controller

Fast controller

Signal Interface

Slow controller

Plant System

Host

PON

Safety controller

SDNTCNDANAVN

CSN

CIN

NETWORK PANEL

Signal Interface

Signal Interface

Signal Interface

PLANT SYSTEM I&C

Figure 2-1 Network connections of plant system I&C

The baseline physical network topology is flat, i.e. all components are connected to the Plant Operation Network (PON) via a switch as illustrated in Figure 2-2 [RD4]. Although it is possible to physically connect components in a hierarchical way using private networks, this is not recommended since it will make remote maintenance more difficult. For example, a development station for a controller (not shown) could be connected anywhere on the PON and reach the target controller. PON may be implemented using multiple physical networks depending on the evolution of network technologies. For example, with today’s technology it is not appropriate to mix control traffic and bulk scientific data transfer on the same physical network. The Central Interlock Network (CIN) is an independent network connecting the interlock controller to the Central Interlock System. The Central Safety Network (CSN) is an independent network connecting the safety controller to the Central Safety System. The High Performance Networks (HPN) are physically separated networks, which may connect to the Plant System Host and/or fast controllers depending on the particular plant system I&C. All network connections are provided in CODAC hutches and network panels are distributed throughout all ITER site buildings.

The HPN lines pointing to the grey area indicate a possible connection as detailed in Chapter 3.

Actuators and sensors are considered outside the scope of plant system I&C.

Figure 2-2 Illustration of a possible plant system I&C physical architecture. Lines are cables.

2.1 OSI layer 2 switch

The OSI layer 2 switch is an IO furnished standard Ethernet switch which allows full management of the Plant Operation Network (PON). The OSI layer 2 switch is installed in a plant system I&C cubicle. There are one or more OSI layer 2 switches in a particular plant system I&C.

2.2 Plant System Host

The Plant System Host (PSH) is an IO furnished hardware and software component installed in a plant system I&C cubicle. There is one and only one PSH in a plant system I&C. The PSH runs RHEL (Red Hat Enterprise Linux) and has an EPICS (Experimental Physics and Industrial Control System) soft IOC (Input Output Controller). It provides standard CODAC services such as health monitoring, common state management, maintenance functions and time source. The PSH is fully data driven, i.e. it is customized for a particular plant system I&C by self-description. There is no plant specific code in a PSH. A PSH has no I/O.

2.3 Fast Controller

A fast controller is a dedicated industrial controller implemented in PCI family form factor with PCIe communication fabric installed in a plant system I&C cubicle. There may be zero, one or many fast controllers in a plant system I&C. A fast controller runs RHEL or MRG-R and has EPICS IOC, it acts as a channel access server and exposes process variables (PV) [RD3] to PON. A fast controller normally has I/O and the IO supports a set of standard I/O modules with associated EPICS drivers. A fast controller may have interfaces to high performance networks (HPN), i.e. the Synchronous Databus Network (SDN) for plasma control, Time Communication Network (TCN) for absolute time and pre-programmed triggers, Data Archive Network (DAN) for high throughput archiving and/or Audio Video Network (AVN) for video transfers. Fast controllers involved in critical real-time operations run a real time (RT) enabled version of Linux (MRG-R) on a separate core or CPU. A fast controller can have plant-specific logic and can act as supervisor for other fast controllers and/or slow controllers. The Plant System Operating State is maintained by the supervising controller.

2.4 Slow Controller

A slow controller is a Siemens Simatic S7 industrial programmable logic controller (PLC) installed in a plant system I&C cubicle. There may be zero, one or many slow controllers in a plant system I&C. A slow controller runs software and plant-specific logic programmed with Step 7 and interfaces to either the PSH or a fast controller using an IO-furnished interface (EPICS driver and self description). A slow controller

normally has I/O and the IO supports a set of standard I/O modules. A slow controller has no interface to the HPN. A slow controller can synchronize its time using NTP over PON. A slow controller can act as supervisor for other slow controllers. The Plant System Operating State is maintained by the supervising controller.

2.5 Interlock Controller

An interlock controller is a Siemens Simatic S7 FH industrial programmable logic controller (PLC) installed in a plant system I&C cubicle, possibly with hardwired logic for high performance protection functions. There may be zero, one or many interlock controllers in a plant system I&C. An interlock controller runs software and plant specific logic programmed with Step 7, interfaces to the Central Interlock System and to either a slow controller or a fast controller using digital I/O, depending on the functional requirements. An interlock controller normally has I/O and IO supports a set of standard I/O modules. An interlock controller can act as supervisor for other interlock controllers.

2.6 Occupational Safety Controller

The technology for safety controllers is identical to Interlock Controller.

2.7 COTS Intelligent Device

A COTS intelligent device is a commercial off-the-shelf controller, which implements an integrated control function, e.g. a building management system or a power supply controller (such as intelligent electronic devices as defined by IEC 61850). A COTS intelligent device has an ethernet interface and is considered a black box in the ITER I&C System. A COTS intelligent device can be physically connected either to the OSI layer 2 switch or as a slave to a slow or fast controller. It is the responsibility of the plant system I&C developer to design and implement an interface, either to a slow controller or to a fast controller. The use of a COTS intelligent device in a plant system I&C has to be approved by the IO through the deviations policy defined in [RD2]. A COTS intelligent device is not maintained by the IO.

2.8 Remote I/O

A remote I/O device is an I/O chassis, with or without intelligence, geographically separated from other plant system I&C components. A remote I/O device is connected to a slow controller or fast controller via a network or fieldbus. The IO provides a catalogue of standard remote I/O devices. An intelligent remote I/O device can be EPICS enabled and viewed as a fast controller from the CODAC System / Mini-CODAC.

2.9 Signal Interface

A signal interface is the mechanics, cabling and electronics between the actuators/sensors and the controllers. Signal interfaces are described in [RD5].

2.10Cubicles

The components (switches, PSH, fast and slow controllers, part of signal interface) are embedded within cubicles defined in an IO catalogue of products. The unit for hardware delivery between the PS suppliers and IO, is a cubicle together with spare parts.

2.11 CODAC Terminal

A CODAC terminal is a standard terminal, connected to PON, providing a display unit and input devices (keyboard and mouse) to allow a human user to interact with the plant system I&C.

2.12 High Performance Networks

High performance networks are physically dedicated networks to implement functions which are not achievable with the conventional Plant Operation Network. These functions are distributed real-time feedback control, high accuracy time synchronization bulk data and video distribution.

2.13 CODAC System / Mini-CODAC

The CODAC System / Mini-CODAC is not part of the plant system I&C. Mini-CODAC, which is a scaled down version of the CODAC System, is provided by the IO to all plant system I&C developers as a software package. Mini-CODAC provides all of the tools necessary to configure the plant system I&C using self-description, to implement the HMI, to monitor and supervise the plant system I&C, to configure and manage the networks and to perform the factory acceptance test. The early use of Mini-CODAC in the development process will make later on-site integration seamless. Future versions of Mini-CODAC will support HPN, CIS and CSS. The CODAC System also receives data from the Central Interlock System to be displayed via the HMI and to be archived for post-mortem analysis following an interlock event.

2.14 Central Interlock System

The Central Interlock System (CIS) is not part of the plant system I&C. The Central Interlock System provides all necessary tools to configure the interlock controller(s), to monitor and supervise the interlock controller(s), to configure and manage the CIN and to carry out the inter-plant protection functions. Future versions of Mini-CODAC will support CIS.

2.15 Central Safety System

The Central Safety System (CSS) is not part of the plant system I&C.

3 FUNCTIONAL ARCHITECTUREDespite the flat network topology explained in the previous chapter, the functional architecture may be more hierarchical. In this chapter a number of example architectures are analysed. Arrows are functional data flows, which can be mapped to the flat physical architecture presented in Chapter 2.

3.1 Simplest possible plant system I&C

In this example (Figure 3.1) we have the simplest possible plant system I&C consisting of only one slow controller. The slow controller interfaces via a signal interface to actuators and sensors.

Plant System

Host

Actuators and Sensors

Slow Controller

CODAC System /Mini-CODAC

Plant System I&C

Signal Interface

1 2

3

TCN

4

CODAC Terminal

Figure 3.1. Functional architecture and dataflow of the simplest possible plant system I&C

The CODAC System / Mini-CODAC send commands and, if required, publishes data from other plant system I&C to the PSH using the channel access protocol (1). This interface is also used to set runtime configuration properties. The PSH publishes data, alarms and logs to CODAC System / Mini-CODAC using the channel access protocol (2). This interface is also used to retrieve configuration properties. The interface between the PSH and the CODAC System / Mini-CODAC is fully defined and configured by self-description.

The PSH and slow controller exchange data using the standard interface provided by the IO (3). This interface is fully defined and configured by self-description. The PSH manages the COS.

The slow controller interfaces to actuators and sensors via a signal interface and contains plant-specific software and logic programmed with Step 7.

The PSH receives absolute time from the TCN (4). The absolute time on the slow controller can be set using NTP with the PSH as the NTP server.

3.2 Small Industrial Plant System I&C

In this example (Figure 3.2) we have a small plant system I&C consisting of three slow controllers. One slow controller is elevated as the supervising controller. The other two slow controllers interface to actuators and sensors via a signal interface. In addition, the plant system I&C implements interlock and occupational safety functions.

Figure 3.2. Functional architecture and dataflow of a small industrial plant system I&C

The CODAC System / Mini-CODAC sends commands and, if required, publishes data from other plant system I&C to the PSH using the channel access protocol (1). This interface is also used to set runtime configuration properties. The PSH publishes data, alarms and logs to CODAC System / Mini-CODAC using the channel access protocol (2). This interface is also used to retrieve configuration properties. The interface between the PSH and CODAC System / Mini-CODAC is fully defined and configured by self-description.

The PSH and supervising slow controller exchange data using the standard interface provided by the IO (3). This interface is fully defined and configured by self-description. The PSH supervises the supervising slow controller to manage COS.

The supervising slow controller implements plant specific coordination software and logic programmed with Step 7. The supervising slow controller interfaces to two other slow controllers (5) through the PON. The supervising slow controller could also have a direct interface to actuators and sensors via a signal interface (not shown). Non supervising slow controllers could also have direct interfaces to the PSH (not shown).

Two slow controllers interface to actuators and sensors via a signal interface and contain plant specific software and logic programmed with Step 7.

The PSH receives absolute time from TCN (4). The absolute time on the slow controllers can be set using NTP with the PSH as an NTP server.

The Central Interlock System sends commands to the interlock controller using the CIN (15) (protocol TBD). This interface is also used to set configuration properties and to distribute the absolute time. The interlock controller sends events, publishes data, alarms and logs to the Central Interlock System using the CIN (16) (protocol TBD). This interface is also used to retrieve configuration properties.

The interlock controller sends analogue and digital non-critical data to the supervising slow controller (17) for monitoring and logging purposes.

The CODAC System receives data from the Central Interlock System to be displayed via the HMI and to be archived for post-mortem analysis following an interlock event via a dedicated secured gateway (not shown) using the channel access protocol (18). It sends its interlock signals by means of a dedicated secured gateway (19) and the requests for acknowledgement of alarms via a dedicated secured gateway using the channel access protocol (19).

The Central Safety System sends commands to the safety controller using the CSN (20) (protocol TBD). This interface is also used to set configuration properties and to distribute the absolute time. The occupational safety controller sends events, publishes data, alarms and logs to the Central Safety System using the CSN (21) (protocol TBD), This interface is also used to retrieve configuration properties.

The CODAC System receives data from the Central Safety System to be displayed via the HMI and to be archived for post-mortem analysis following an occupational safety event via a dedicated secured gateway (not shown) using the channel access protocol (22).

3.3 Small Mixed Plant System I&C

In this example (Figure 3.3) we have a small plant system I&C consisting of one slow controller and one fast controller. The fast controller may be supervising the slow controller or they may be independent (not needing any coordination). The two controllers both interface to actuators and sensors via a signal interface. In addition the plant system I&C implements interlock functions.

The CODAC System / Mini-CODAC sends commands and, if required, publishes data from other plant system I&C to the PSH using the channel access protocol (1). This interface is also used to set runtime configuration properties. The CODAC System / Mini-CODAC may also send commands and, if required, publish data from other plant system I&C to the fast Controller using the channel access protocol (6). The PSH publishes data, alarms and logs to the CODAC System / Mini-CODAC using the channel access protocol (2). This interface is also used to retrieve configuration properties. The fast controller may also publish data, alarms and logs to CODAC System / Mini-CODAC using the channel access protocol (7). The interface between the PSH and the CODAC System / Mini-CODAC is fully defined and configured by self-description.

The PSH and slow controller exchange data using the standard interface provided by the IO (3). This interface is fully defined and configured by self-description.

The PSH supervises the fast controller (8) to manage COS.

The slow controller implements plant-specific software and logic programmed with Step 7. The slow controller interfaces via the signal interface to actuators and sensors.

The fast controller implements plant-specific logic in EPICS. The fast controller interfaces to actuators and sensors via the signal interface.

The fast controller could also interface directly to the slow controller using the standard interface provided by the IO (9).

The PSH receives absolute time from the TCN (4). The absolute time on the slow controller and fast controller can be set using NTP with the PSH as an NTP server. Alternatively, the fast controller could also be connected to the TCN.

Figure 3.3. Functional architecture and dataflow of a small mixed plant system I&C

Either the fast controller or the slow controller provides the interface (17) with the interlock controller and acts as a supervisor for the other using the standard interface provided by the IO (9).

The Central Interlock System sends commands to the interlock controller using the CIN (15) (protocol TBD). This interface is also used to set configuration properties and to distribute the absolute time. The interlock controller sends events, publishes data, alarms and logs to the Central Interlock System using the CIN (16) (protocol TBD). This interface is also used to retrieve configuration properties.

The interlock controller sends analogue and digital non-critical data to the fast controller (17) (could also be the slow controller) for monitoring and logging purposes.

The CODAC System receives data from the Central Interlock System to be displayed via the HMI and to be archived for post-mortem analysis following an interlock event via a dedicated secured gateway (not shown) using the channel access protocol (18). It sends its interlock signals by means of a dedicated secured gateway (19) and the requests for acknowledgement of alarms via a dedicated secured gateway using the channel access protocol (19).

3.4 Industrial Plant System I&C with Fast Acquisition

In this example (Figure 3.4) we have a plant system I&C consisting of many slow controllers, one COTS intelligent device, one remote I/O and one fast controller dedicated to fast acquisition. In addition, the plant system I&C implements interlock functions.

Figure 3.4. Functional architecture and dataflow of an industrial plant system I&C with fast acquisition

The CODAC System / Mini-CODAC sends commands and, if required, publishes data from other plant system I&C to the PSH using the channel access protocol (1). This interface is also used to set runtime configuration properties. The CODAC System / Mini-CODAC may also send commands and, if required, publish data from other plant system I&C to the fast controller using the channel access protocol (6). The PSH publishes data, alarms and logs to the CODAC System / Mini-CODAC using the channel access protocol (2). This interface is also used to retrieve configuration properties. The fast controller may also publish data, alarms and logs to CODAC System / Mini-CODAC using the channel access protocol (7). This interface can also be used to transfer acquired data for visualization and archiving. The interface between the PSH and the CODAC System / Mini-CODAC is fully defined and configured by self-description.

The PSH and supervising slow controller exchange data using the standard interface provided by the IO (3). This interface is also fully defined and configured by self-description. The PSH manages the COS.

The supervising slow controller implements plant-specific coordination software and logic programmed with Step 7. The supervising slow controller interfaces to four other slow controllers and one COTS intelligent device (5). The supervising slow controller could also have a direct interface to actuators and sensors via the signal interface (not shown). The non-supervising slow controllers could also have direct interfaces to the PSH (not shown).

The slow controllers implement plant-specific software and logic programmed with Step 7. One slow controller interfaces to a remote I/O (11).

The slow controllers, remote I/O and COTS intelligent device interface to actuators and sensors.

The PSH supervises the fast controller (8) to manage the COS.

The fast controller implements plant-specific logic in EPICS. The fast controller interfaces to actuators and sensors via the signal interface.

Data acquisition by the fast controller can be triggered by the PSH (8), slow controller (9), CODAC System / Mini-CODAC (6) and/or the TCN (10). The latter can be through a pre-programmed trigger(s) or pre-programmed absolute time(s). The acquired data is streamed out on DAN (20) to the high throughput archive system.

The PSH receives absolute time from the TCN (4). The fast controller receives absolute time from the TCN (10). The absolute time on the slow controllers can be set using the NTP with the PSH as an NTP server.

Central Interlock System sends commands to the interlock controllers using the CIN (15) (protocol TBD). This interface is also used to set configuration properties and to distribute the absolute time. The interlock controller sends events, publishes data, alarms and logs to the Central Interlock System using the CIN (16) (protocol TBD). This interface is also used to retrieve configuration properties.

The interlock controller sends analogue and digital non-critical data to the supervising slow controller (17) for monitoring and logging purposes.

The CODAC System receives data from the Central Interlock System to be displayed via the HMI and data to be archived for post-mortem analysis following an interlock event via a dedicated secured gateway (not shown) using the channel access protocol (18).It sends its interlock signals by means of a dedicated secured gateway (19) and the requests for acknowledgement of alarms via a dedicated secured gateway using the channel access protocol (19).

3.5 Complex Diagnostics plant system I&C connected to PCS

In this example (Figure 3.5) we have a complex diagnostics plant system I&C participating in plasma control and consisting of many fast controllers and one slow controller. In addition the plant system I&C implements interlock functions.

The CODAC System / Mini-CODAC sends commands and, if required, publishes data from other plant system I&C to the PSH using the channel access protocol (1). This interface is also used to set runtime configuration properties. The CODAC System / Mini-CODAC may also send commands and, if required, publish data from other plant system I&C to fast controller using the channel access protocol (6).The PSH publishes data, alarms and logs to CODAC System / Mini-CODAC using the channel access protocol (2). This interface is also used to retrieve configuration properties. The fast controller may also publish data, alarms and logs to the CODAC System / Mini-CODAC using the channel access protocol (7). The interface between the PSH and the CODAC System / Mini-CODAC is fully defined and configured by self-description.

The PSH supervises the fast controller (8) to manage the COS.

Figure 3.5. Functional architecture and dataflow of a complex diagnostics plant system I&C connected to PCS

The supervising fast controller implements plant-specific coordination logic in EPICS. It also implements real-time logic using a real-time operating system on a different core or CPU. The supervising fast controller interfaces to three other fast controllers and one slow controller (5). The supervising fast controller and slow controller exchange data using the standard interface provided by the IO (8). The fast controllers may or may not run EPICS. The fast controllers implement plant-specific logic. The slow controller implements plant-specific software and logic programmed with Step 7. The supervising fast controller could also have a direct interface to actuators and sensors via a signal interface (not shown). The non supervising fast and slow controllers could also have direct interfaces to the PSH (not shown). The non supervising fast controllers could also have a direct interface to the CODAC System / Mini-CODAC (not shown).

The supervising fast controller streams data over PON to the CODAC System / Mini-CODAC for visualization (12). One of the fast controllers streams data on DAN (20) to the high throughput archive system.

The PSH receives absolute time from the TCN (4). The fast controller receives absolute time from the TCN (10). The absolute time on the slow controller and other fast controllers can be set using the NTP with the PSH as an NTP server. Alternatively, other fast controllers could also be connected to the TCN.

The supervising fast controller pre-processes and publishes data for the PCS on the SDN (13). The raw data may originate from multiple other fast controllers. In addition, any fast controller could receive data from the SDN according to specific events in order to change acquisition behaviour.

One fast controller interfaces to a camera and streams the data on the AVN (14).

The interlock controller sends analogue and digital non-critical data to the supervising fast controller (17) for monitoring and logging purposes. Central Interlock System sends commands to the interlock controller using the CIN (15) (protocol TBD). This interface is also used to set configuration properties and to distribute the absolute time. The interlock controller sends events, publishes data, alarms and logs to Central Interlock System using the CIN (16) (protocol TBD). This interface is also used to retrieve configuration properties.

The interaction between the interlock controller and the supervising controller (17) is carried out by means of digital I/O.

The CODAC System receives data from the Central Interlock System to be displayed via the HMI and to be archived for post-mortem analysis following an interlock event via a dedicated secured gateway (not shown) using the channel access protocol (18). It send its interlock signals by means of a dedicated secured gateway (19) and the requests for acknowledgement of alarms via a dedicated secured gateway using the channel access protocol (19).

4 CONCLUSIONSIn this technical note the standard components making up a plant system I&C have been identified and defined. The flexibility in combining these standard components in the design of different types of plant system I&C has been emphasized.

Plant System I&C Architecturestatic.iter.org/codac/pcdh7/Folder 1/2-Plant_System_I&C... · EXTERNAL...

Documents

Transcript of Plant System I&C Architecturestatic.iter.org/codac/pcdh7/Folder 1/2-Plant_System_I&C... · EXTERNAL...