ITER Central Interlock System Fast Interlock Controller CIS
- Slides: 20
ITER Central Interlock System Fast Interlock Controller CIS Team PLC based Interlock Workshop February 2016
Requirements CERN Some central interlock functions require a response time which cannot be implemented by the chosen PLC architecture. Central interlock functions requiring faster than 300 ms response time mainly involve heating (EC H&CD, IC H&CD, NB H&CD), fuelling (DMS) and PCS. Requirements for fast architecture: No SIL certification is required, but the studies and developments shall be supported with a formal analysis, as described per IEC 61508 and the Interlock Control System Quality Specific Plan [ITER_D_BGSZW 9] q Cope with availability (99. 9%) and reliability (99, 6% over two 8 -h shifts) • by implementing some redundant solution q Integrity level up to 3 IL-3 (PFH < 10 -7) q Fail-safe solution (deterministic state in case of internal error) q Response time between 100µs and 300 ms q Integrate commercial off-the-shelf solutions • Hardwired and Ethernet communications • The Fast Interlock system will be integrated in the ICS and will communicate via hardwired links with other slow or fast interlock controllers, as well as with the Plasma Control System (PCS). ITER PLC based interlock workshop February 2016 2
CERN ITER Fast interlock functions PLC based interlock workshop February 2016 3
PIS Controllers CERN Integrity Performance Availability Technical Solution Configuration Up to 3 IL-3 > 100 ms Standard Siemens S 7 -400 -F Standard PIS Up to 3 IL-3 > 100 ms High Availability Siemens S 7 -400 -FH Fully Fault-Tolerance Up to 3 IL-3 < 100 ms Standard NI Compact Rio Double Decker Siemens S 7 -400 -FH NI Compact RIO Double Decker Single CPU Fully Fault-Tolerance CPU + 2 CP Red CPU + CP If the mitigation of the event requires an active coordination of the actions. ITER PLC based interlock workshop February 2016 4
Fast PIS Hardware Architecture CERN Generic fast PIS controller solution: 2 oo 3 Double-Decker System The 2 oo 3 Double Decker architecture showed the best overall performance in terms of availability and reliability. The voter is implemented in the FPGA; hence it does not require en external voter unit and thus enables capabilities that can provide a higher level of safety. The two chassis allow for a diagnostic strategy that will increase the SFF. Also, this solution can be adapted as a F-CIS module solution. Compact Rio Modules for Fast Interlock Controllers Description Reference NI 9159, 14 -slot Compact. RIO Chassis, LX 110 FPGA, MXIe NI 9205 32 -Ch ± 200 m. V to ± 10 V, 16 -Bit, 250 k. S/s AI Module NI 9264 16 -Ch ± 10 V, 16 -Bit, 25 k. S/s Analog Output Module NI 9477 32 -Ch 24 V, 8 μs, Sinking DO Module NI 9425 32 -Ch 24 V, 7 μs, Sinking DI Module NI 9476 32 -Ch 24 V, 500 μs, Sourcing DO Module NI 9426 32 -Ch 24 V, 7 μs, Sourcing DI Module NI 9401 8 -Ch, 5 V/TTL High-Speed Bidirectional Digital I/O Module ITER 781315 -01 779357 -01 780927 -01 779517 -01 779139 -01 779140 -01 780030 -01 779351 -01 PLC based interlock workshop February 2016 5
Fast PIS – Features CERN Generic fast PIS controller solution: - Hardware configuration according to IEC 61508 - Reliability and integrity figures available - PFH calculation tool available for integrity - Software preconfigured and tested Configuration A: 3 Analog Inputs – 2 Digital Outputs 24 V Configuration B: 3 Digital Inputs 24 V – 2 Digital Outputs 24 V Configuration C: 3 Digital Inputs TTL – 2 Digital Outputs TTL Additional configuration can be defined and tested if requested - Integration with the central system - Critical signal: FPGA to FPGA, using Manchester coding via fiber optic - Non critical communication with CIS and CODAC via a PC HOST – OPC UA Conf. PFH SIL consump. (IEC 61508) SFF 3 IL Response Time (min / MAX) A 1. 324 E-8 13. 2% of SIL 3 85. 47 % 3* 41 / 89 µs B 1. 322 E-8 13. 2% of SIL 3 85. 47 % 3* 143 / 643 µs C 1. 597 E-8 16% of SIL 3 85. 47 % 3* 5 / 20 µs Note: the requirement for SIL-3 according to IEC 61508 is SFF>90%, There is no SIL-3 COTS with a response time below 1 ms ITER PLC based interlock workshop February 2016 6
CERN ITER Fast PIS – Hardware Architecture PLC based interlock workshop February 2016 7
Prototypes CERN ITER PLC based interlock workshop February 2016 8
CERN ITER PLC PIS – Software Architecture PLC based interlock workshop February 2016 9
CERN ITER Fast PIS – Software Architecture PLC based interlock workshop February 2016 10
CERN ITER Fast PIS – FPGA core application PLC based interlock workshop February 2016 11
Fast PIS – Labview Code CERN https: //svnpub. iter. org/codac/iter/c odac/dev/units/m-cis-pisfc ITER PLC based interlock workshop February 2016 12
Fast PIS – PC Host CERN The interlock critical data of the F-PIS or F-CIS module will be transmitted via hardwire links. The interlock non-critical data (diagnostics) and the communication with both interlock desk and engineering workstation would be done using ethernet CIN-P connected to an attached Fast Controller Server. The server will be also used to send all the field data to CODAC (e. g. via PON) The time synchronization for the fast controller will used the TCN Reference Documentation: FMEDA Analysis for the 2 oo 3 SD Double Decker Diagnostic and Improvement of the Safe Failure Fraction Figures (SFF) (N 62 LS 6) ITER PLC based interlock workshop February 2016 13
CERN Fast-PIS Development Cycle Several development tools are involved into the development of fast CIS runtime Application: • Lab. VIEW for FPGA is used to develop and compile the FPGA code • The OPC UA driver and the DMA FIFO for the data exchange between the FPGA and Win CC OA are configured under Linux environment with the necessary tools. • Win CC OA is used to implement the archiving and monitoring of the CIS Fast controller from CIS Desk ITER PLC based interlock workshop February 2016 14
CERN ITER Fast ICS architecture PLC based interlock workshop February 2016 15
Fast CIS – Fast PIS Supervisor Module Win. CC OA Server Engineering Server CIS PPM-2 CIS PPM-1 MC CIN-P 1 CIN-P 2 CNP F-PIC-2 F-PIC-1 SPI PON TCN MXIe Host PC ITER – Interlocks
CCPS architecture CERN HOST Red Hat linux CODAC compliant Connected to CODAC and to CIS ITER PLC based interlock workshop February 2016 17
CERN ITER Fast interlock for SC circuits PLC based interlock workshop February 2016 18
CERN Conclusions and Outlook q The project launched in January 2013 has so far produced a PIS controller design over the base of the National Instrument’s c. RIO with the required capabilities: • Availability (99. 9%) and reliability (99, 6%) • Integrity level up to 3 IL-3 (PFH < 10 -7) • Fail-safe solution (deterministic state in case of internal error) • Response time of 100µs q First real applications: • Fast interlock for the superconducting coil power supplies (FAT of the Correction Coils Master Controller in December 2015 and for the poloidal field coils, central solenoid and toroidal field coils power converters during 2016) • CIS v 1 ITER PLC based interlock workshop February 2016 19
CERN Thank you. . . @ITERinterlocks ITER PLC based interlock workshop February 2016 20