Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science

Control System Design Handbook

advertisement 
ITER
G 45 MA 1 01-06-28 W 0.1
Control System Design
Handbook
ITER
1.
G 45 MA 1 01-06-28 W 0.1
ITER Plant Control System
The ITER Command Control and Data Acquisition (CODAC) system is structured in a
hierarchy composed of the supervisory control system and individual dedicated plant control
subsystems to ensure the integrated control of the whole ITER plant. The supervisory
control system provides high level commands to subsystems which are dedicated to the
control and operation for the machine and of the diagnostics.
To achieve these objectives, CODAC will provide general software functions for the benefit
of all individual subsystems, a synchronization system, and large bandwidth backbone
networks. The individual subsystem local networks provide communications with gateways
and communication protocols which allow real-time participation in control from remote
centres. In addition, CODAC includes the management of the experimental database, its
storage and archiving.
In the hierarchical structure of the CODAC:
• subsystem controllers are supervised from a supervisory control system;
• individual plant subsystems are directly controlled and monitored by their dedicated
intelligent control systems;
• the limits in the autonomous behaviour of a subsystem are always determined by the
supervisory control system, allowing the possibility of going from complete autonomy
during test, for example, to a total subordination when all parameters of the subsystem
process are fixed from the supervisory control system.
Control System Design Handbook
Page 1
ITER
G 45 MA 1 01-06-28 W 0.1
S u pe r v i s or y C on t r o l S Y S T E M
P l an t - w i de
Op e .S ta te
D is c h a r ge
O p e r at io n
A r c h iv e
C ON TR OL
&
A n al y s i s
M a c hi n e
M a na g em e n t
C on t r o l
PL ASMA
C ON TR OL
status data
Bulk data
Plant image data
Bulk data
Plant data
Command, Timing
Staus up date
Operation permission
Plant image data
Setpoint
Protective action
Event
P r o t e c t i on
Same as Subsystem 1
P r o t e c t i on
C ON TR OL
&
M ON IT OR
D at a A c q.
&
R ed u c t i on
D is p l ay
P l an t s ub s y s t e m 1
P r o t e c t i on
C ON TR OL
&
M ON IT OR
D at a A c q.
&
R ed u c t i on
D is p l ay
P l an t s ub s y s t e m 2
P la n t su b syste m 1
Figure 1.1
P la n t su b syste m 2
ITER control system architecture
In this whole CODAC structure, the individual subsystem designers describe the logic of
their system control, operation, and interlock, and provide their instrumentation & control
signal processing. The interpreting software application, common to all individual
subsystems, will be available from the supervisory control system.
2.
Supervisory Control System
2.1
Functions
The supervisory control system (SCS) supervises the ITER plant operation, controls the
plasma discharge, imposes the selected plasma parameters, acquires the plant and scientific
diagnostic data, displays alarms, creates the ITER database, and communicates to both the
on-site and remote site control rooms. The following sections describe the functions of the
SCS in more detail.
2.1.1
Overall ITER Plant Operation Management and Data Monitoring
The ITER plant will be composed of various individual plant subsystems and scientific
diagnostic subsystems. The SCS provides centralized integrated plant operation and overall
plant operating status monitoring features for the ITER plasma discharge. The individual
Control System Design Handbook
Page 2
ITER
G 45 MA 1 01-06-28 W 0.1
subsystems may be operated independently for testing and commissioning.
operations will be done by subsystem controllers under SCS supervision.
These
The SCS must operate continuously to supervise those subsystems which operate even when
the Tokamak is shut down, such as the cryoplant, steady state power supply and heat
removal systems.
The SCS's operation requires supervisory functions for the ITER plant operation sequence
and discharge sequence control. The concept of the overall ITER operation states and
discharge phases have been introduced to manage this complex system. The SCS will
manage the operation state and discharge phase transitions to facilitate safe and reliable
ITER plant operation. The SCS will coordinate and interface the necessary information
among the individual subsystems for their sequential operation, and also display various
alarms from each of the subsystems.
2.1.2
Provide Plasma Discharge Sequence Management
The SCS provides global plasma discharge sequence management functions which supervise
the global discharge parameters such as pulse length and dwell time. The SCS monitors
subsystem operating status which is necessary to continue plasma discharge. The SCS
interfaces to the plasma control system such that when off-normal events occur, it can
perform a secure plasma discharge.
2.1.3
Provide Plasma Operation Support
ITER plasma support operations, such as plasma parameter selection, discharge result
display and real-time data analysis are provided by the SCS. Data review and parameter
selection for the next shot is centralized, flexible, intelligent and well integrated for efficient
and secure plasma discharges. The SCS supports these operations with sophisticated human
interfaces and intelligent functions such as real-time major plasma parameter display,
simplified parameter calculation and pre-programmed wave form creation.
2.1.4
Provide Diagnostic Data Processing Support
Scientific diagnostic data processing support and supervisory functions of the diagnostic
systems are provided by the SCS. Simplified parameter calculations, configuration control
of the diagnostic subsystems, and diagnostic subsystem status monitoring are also provided.
2.1.5
Provide Experimental Results on Data Management Functions
The SCS system provides the storage of data important to fusion engineering and plasma
physics understanding. The data is acquired by the ITER plant subsystems and scientific
diagnostic subsystems. These data are also provided as the ITER experimental database for
quick retrieval, more detailed data analysis, and permanent archival. The ITER
experimental database is created continuously during the shot to use for plasma parameter
calculation, data display and also remote site experiment control.
Control System Design Handbook
Page 3
ITER
G 45 MA 1 01-06-28 W 0.1
2.1.6
Provide Synchronization System for Plasma Discharge and Data
Acquisition
The SCS system provides the master clock and individual timing signals which are
synchronized to particular events and actions such as poloidal field coil magnetization start
timing, plasma initiation timing (T=0), additional heating start timing and burn termination
timing. This synchronization enables simultaneous operation and data acquisition of the
various subsystems.
Some of the subsystems will require their own synchronization system which slaves to the
master clock provided by the SCS to synchronize their local processors and modules and to
allow autonomous operation.
2.1.7
Provide Various
Networks
Communication
Functions
and
Communication
The ITER control system will be located over a wide area at the ITER site even though most
of the CODAC system will be installed in the central control room and computer room in
the control building. It will be necessary to provide the data communication lines physically
and functionally between the SCS and the individual subsystem control systems and also the
subsystem local networks. In addition, video/voice communication will be necessary for
operator communication and facility monitoring. The SCS provides general functions for
the data, operation command communication software applications and necessary
communications hardware to communicate with the subsystems. Local communication
networks are provided as part of the individual subsystems. These communication networks
will be fast enough for data and message transfer requirements.
2.1.8
Provide Remote Site Experiment Capability
ITER will provide remote experiment capability to maximize its experiment efficiency,
enable participation of other, off-site control rooms and reduce the number of personnel
located at ITER site. However, subsystems which are important to safety or protection of
the environment must be excluded from direct control from the remote site control room.
The SCS system provides the interactive remote data access functions for the ITER
experimental database, ITER operating status data, discharge parameter selection, and realtime control from a remote site. However, the ITER plant operation sequence control
actions which are related to experimental database management, investment protection and
safety are restricted from remote-site control.
The SCS system will provide the communication nodes and functions which will be
developed in more detail in a later phase to realize the full potential of the remote
experiment.
2.1.9
Provide Plasma Control System (PCS)
The SCS system provides the overall plasma control functions which supervise the plasma
discharge sequence scenario and provide the output commands to the subsystem controllers
according to the pre-programmed wave forms. This system may also use calculated results
Control System Design Handbook
Page 4
ITER
G 45 MA 1 01-06-28 W 0.1
which reflect pre-determined control algorithms, plasma parameters and plasma termination
functions to respond to off-normal events.
3.
ITER Dedicated Plant Control Subsystem
3.1
Operation strategy
3.1.1
Definition of the Operation States and State Transition
Each dedicated subsystem shall be described by their operation states and state transition
diagrams written in SFC formalism [IEC 61131-3].
3.1.2
Integrated Operation/Individual Operation Capability
The complete autonomous behaviour of the subsystem and the total subordination from the
supervisory control system should be clearly described in the individual subsystem operation
sequence by using SFC formalism.
3.2
Functions
3.2.1
Control and Operation
The following function/requirements should be described for each individual subsystem:
• control and operation functions, including off-normal condition, using SFC formalism in
detail, and the allocated control level of these functions;
• necessary parameters and conditions in the SFC for control and sequential operation in
the defined individual subsystem operation states.
3.2.2
Monitoring
Individual subsystem's monitoring signals should be identified at each control level by the
list of input/output signals for each defined subsystem operation state and state transition
based on SFC formalism.
All of the instrumentation data which is necessary for individual subsystem control and
operation shall be monitored periodically and/or at the time of events occurrence using the
monitoring software application provided.
According to this function, the monitoring results will be displayed to the operator
workstation by detailed data displays, summarized displays and prioritized displays
associate with alert sounds.
The above monitoring and related human interface functions are also provided at the
supervisory control level to build a plant-wide summarized monitoring display for the
integrated ITER plant operation.
Control System Design Handbook
Page 5
ITER
3.2.3
G 45 MA 1 01-06-28 W 0.1
Data Acquisition and Storage
The list of necessary data input/output signals should be established for data acquisition,
storage and monitoring for individual subsystems associated with the required information.
The analogue signals are digitised in real time, but if the acquired data has a significantly
high sampling rate and affects the data communication network load significantly, some data
reduction shall be performed at the lower end control level.
Each individual subsystem should provide local data storage for a 24 hr interval (cyclic data
storage). These plant data will be stored in the supervisory control system database with
some degree of data reduction.
Event triggered data such as alarm and interlock data should be stored in the supervisory
control system database for permanent archiving in addition to the local storage.
3.2.4
Timing
The list of necessary timing signals should be established to synchronize master clock and/or
events to enable individual subsystem actions described in their sequential operation and/or
control SFC to be executed.
The supervisory control system will provide master clock and several standard clocks (1µ,
1ms, 1s, 10s) which originate from the master clock (100MHz).
In addition, it will be able to disseminate event initiation timing signals through the
individual subsystems.
3.2.5
Local Data Communication and External Communication
The individual subsystem's local area network (LAN) requirements should be defined by
subsystem designers in association with the dedicated control subsystem structure.
All the process signals from instrumentation devices and output signals from the hardware
component should be wired from signal conditioning equipment to sensor or hardware
components. All signals converted to digitised signals at the signal conditioning equipment
should be linked to the digital control system with fibre optic local communication network.
The network shall use FDDI or optical Ethernet as a reference.
From the subsystem control cubicle, the ITER plant-wide networks will be designed and
provided with the supervisory control system.
Eight different networks are planned for different functionality and reliability reasons.
1-1. Interlock I
1-2. Interlock II (if necessary for high reliability requirement)
2-1. Control
2-2. High speed control (if necessary)
3. Timing
Control System Design Handbook
Page 6
ITER
G 45 MA 1 01-06-28 W 0.1
4-1. Data acquisition/monitoring
4-1. High speed data acquisition
4-2. Video data network (if necessary)
These eight networks are assumed to use ring FDDI 100 Mbps hub based backbone
architecture.
3.2.6
Individual Interlocks and External Relations
Individual subsystem interlock functions should be identified with their necessary response
time and external information.
The supervisory interlock system shall provide plant-wide interlocks based on the external
information needed by each individual subsystem interlock, and the ITER plant-wide
investment protection priorities (based on FMEA).
If for response time and safety reasons a direct interlock action with another subsystem is
required, a direct "wired" interface between relating subsystems is allowed, but it is
necessary to inform the supervisory interlock system to perform additional protective action
if required.
The hardware should use PLC (programmable logic controllers) as reference.
3.2.7
Access Control
Plant-wide area access control will be provided by the supervisory access control system,
including personnel identification, and hazard monitoring system.
Particular access control functions for individual subsystems, such as high voltage
equipment area access control logic, high pressure gas room access for worker safety, should
be described, with the necessary access control status display at local areas.
3.3
System structure
3.3.1
System Configuration
Each individual dedicated subsystem configuration should be described by using schematic
system block diagrams and functional flow diagrams, which should identify the
instrumentation sensors and related activators, with their control links.
3.3.2
Reliability Considerations
The system structure should consider reliability requirements, such as redundancies for
particular components for example.
Control System Design Handbook
Page 7
ITER
3.4
G 45 MA 1 01-06-28 W 0.1
Interfaces
Interfaces are defined by lists and tables which define exact interface information including
numbers, amounts of data, range, scan intervals, necessary protective actions, etc. (See
attachment for an example.)
Examples include control command message list,
instrumentation list, timing signal list, archiving data list.
3.5
Tests and Commissioning
It is necessary that individual tests be described for different phases, such as factory issue,
installation, construction and commissioning, for example, associated with expected test
conditions.
3.6
Maintenance
The system's maintainability and in-service inspection capabilities should be considered
based on the design requirements:
• in service inspection for electronic components (during operation and maintenance
period).
• expected MTTR (mean time to repair).
3.7
Standards
The system shall be designed according to the following standards:
IEC standard for SFC, electric components
Recommended software language
Recommended software operation system
Recommended communication protocols
Recommended interface bus
Control System Design Handbook
Page 8
ITER
G 45 MA 1 01-06-28 W 0.1
Attachment
An example of assumed list and format for interface.
1) Plant I/O signal list
Sample
Alarm
Alarm
Range
Unit
time
point
level
2611 A 0001
V.V Inlet. T
10sec
0-500
°C
220
3
2611; first two WBS number, third; cooling system number, forth; loop number;
(the numbering for the signal need more work)
A; analogue input
Alarm level;
3; high level alarm; necessary link to discharge sequence
4; low level alarm; only warning
SCS; supervisory control system
I/O No.
I/O Name
SCS
access
Yes
2) Diagnostic signal list
I/O No.
Name
Sample Comp.
Alarm Sample Control
Range Unit
time
factor
point timing interlock
100msec
3
Wb
t2, t30
1msec
3
0.5-30 MA 25
t1, t30
C, I
5510 A 0001 #1 flux ch01
5510 I 0001
Plasma cur
A; analog input
I; logically calculated values using analogue input (e.g. plasma position)
tn,tm; data acquisition start(tn) and finish(tm) timing
3) Message Command list
Message
No.
Message
Send
Message
name
timing
initiator
Plant data
Demand
102
SCS
request
request
Plant data
Request
Cooling
103
reply
reply
system
Message number; message identification number
Message type; define format
Message
receiver
Cooling
system
Message
Type
SCS
2
1
4) Discharge parameter list
Parameter
No.
P0001
Z0001
Parameter
Parameter
name
Plasma current
0.5-25 MA
Fuel Gas
H, D, T,Ne
#1 NB shut
Z0021
0-2000sec
open timing
P0001: pre-programmed wave form number
Z0001: subsystem level parameter number
Control System Design Handbook
Consistency
check No.
C002
C031
C042
Selection type
Wave form
Man.
Auto(L-001)
Page 9
ITER
G 45 MA 1 01-06-28 W 0.1
C002: Consistency check algorithm number
L001: Automatic parameter selection logic algorithm number
5) Timing signal list
Signal
number
CT001
Signal name
Initiate
system
SCS
T=0
P-coil
Coil power
LT003
magnetization
supply
complete
CT001,LT003: Timing signal number
L001,L011: Timing signal output logic number
Receive
system
All
SCS
Logic
L001
L011
6) Alarm signal list
This list can be created from lists (1) and (2).
7) Interlock signal list
Number
Event name
Initiating
subsystem
Power supply
system
Interlock
level
Self
protection
PF2 Over
1 or 2
Gate block
current level1
Interlock level 1-3:
1: fast shutdown (uncontrolled shutdown)
2: slow shutdown (controlled shutdown)
3: shot sequence suspension (after t=0, same as level 2)
IL0001
Required
protection
Pulse
termination
8) Access control list
Number
Name
Initiating
subsystem
Self
protection
AC0024
Tokamak
door #1 open
Tokamak
service
access key
Control System Design Handbook
Required
protection
No plasma
No coil current
Low Radiation
SCS link
Yes
Page 10
Related documents
M0084 – Sistem Informasi dalam Manajemen Essay – Group Assignment
M0084 – Sistem Informasi dalam Manajemen Essay – Group Assignment
16.810 IAP 2007 Requirements and Interface Document
16.810 IAP 2007 Requirements and Interface Document
Marketing information system
Marketing information system
IO ITER POLICY ON ELECTRONICS EXPOSED TO RADIATION
IO ITER POLICY ON ELECTRONICS EXPOSED TO RADIATION
Confidentiality commitment
Confidentiality commitment
Download
advertisement