Fieldbus Foundation

Safety Fieldbus for Process Automation – FF SIS (SIF) Trygve Harvei

FF-SIS

1
© 2008 Fieldbus Foundation

ABB Corporate Research Center
Research and Development within the area of automation networks at Billingstad (Oslo, Norway)

One important topic is Safe Communication

About 22 scientists in Oslo Integrated part of Scandinavian Corporate Research Center and Global Lab for Automation (ca 700 scientists) Work together with different ABB business units on research activities and front-end technology development

Process Automation
2

Automation Products

Power Systems

Power Products

Robotics

FF-SIS

© 2008 Fieldbus Foundation

IEC 61508
"Functional safety of electrical/electronic/program mable electronic safetyrelated systems". IEC 61508 has the following views on risks:
  

zero risk can never be reached safety must be considered from the beginning non-tolerable risks must be reduced (ALARP)

TÜV Rheinland, FF-SIS approval
FF-SIS © 2008 Fieldbus Foundation

3

but the probability calculations for errors is not good enough FF-SIS 4 © 2008 Fieldbus Foundation .What do we need to ensure with safe communication? Communication:  We must know that the values of the data we receive is right  We must know that the data is not too old  We must know that the data is received from the right node to the right node This is the purpose of the layered protocols such as TCP/IP or others?  Yes.

Some Industrial Safety Protocols CIP-Safety   Vendor specific  DeviceNet Ethernet/IP PROFIBUS DP/PA PROFINET FF H1 PROFIsafe   ABB (Ethernet)  Hima (Ethernet)  PILZ  Others FF-SIS  FF-SIS 5 © 2008 Fieldbus Foundation .

Motion Control and Safety Source: ARC 6 FF-SIS © 2008 Fieldbus Foundation .

Safety Measures in safety protocols Transmission error Message repetition Loss of message Message insertion Sequence failure Data corruption Number sequen ce Time stamp Receipt acknowledgement Identifier for sender & receiver with watchdog timeout Data integrity assurance (CRC) Redundancy with cross check Different data integrity assurance systems for safety & standard messages                              SB only      Delay Masquerade 7               FF-SIS © 2008 Fieldbus Foundation .

Safety Instrumented System (SIS) FF SIS  New approach to SIS – – Defines ”control in the field” Function blocks for building safety applications Shared with ”host”  Distributed  PROFISAFE PA   PROFISAFE transparent to ”media” Utilizes ”black channel” approach ESD: emergency shutdown system SIS: safety interlock (or instrumented) system BMS: burner management system F&G: fire and gas system FF-SIS 9 © 2008 Fieldbus Foundation .

PROFIsafe – “wire representation” Ethernet ramme på kabelen: Sikkerhets bitene i Ethernet rammen: FF-SIS 10 © 2008 Fieldbus Foundation .

FF SIS scope Safety Instrumented Systems n Extends FF Technology to Safety Instrumented Systems n Based on the IEC 61508 International Standard. n Example Application Areas:  Burner Management Systems  Fire & Gas (petrochemical)  Fuel Engineering 11 © 2008 Fieldbus Foundation FF-SIS .Foundation Fieldbus extension .

International Development Team ABB AS ABB Instrumentation BIFFI E. DuPont de Nemours. KG Invensys/Triconex Metso Automation Rockwell Automation Rotork Control Systems Saudi Aramco Smar Shell Global Solutions Softing AG TÜV Westlock Controls Corporation Yokogawa Electric Corporation Yokogawa . ExxonMobil Research & Engineering Emerson Process Management Flowserve HIMA Honeywell SMS ice-PROS Infraserv Höchst Technik GmbH & Co.SCE Yokogawa UK Limited Norway Italy Italy USA USE USA USA Germany The Netherlands Canada Germany USA Finland USA UK Saudi Arabia Brazil and Singapore The Netherlands Germany Germany USA Japan The Netherlands UK FF-SIS 12 © 2008 Fieldbus Foundation . Inc.I.

n Example Application Areas:  Burner Management Systems  Fire & Gas  Fuel Engineering FF-SIS 13 © 2008 Fieldbus Foundation .FF-SIS Scope n Extends FF Technology to Safety Instrumented Systems n Based on the IEC 61508 International Standard.

Reduced test interval via increased DCF. switches.  CAPEX – Hardware. SIL 2 and 3 applications n Password protected access to FF-SIS field devices n Additional Function Blocks (e. push buttons. 2 out of 3 voting) n Definable actions on diagnosed failures – trip.g.g.FF-SIS End User Requirements n Reduced Total Cost of Ownership for FF-SIS applications. Footprint. lights.) where H1 dynamic 14 performance is acceptable n FF-SIS © 2008 Fieldbus Foundation . logic. etc. Commissioning. motor trips. Power Consumption  OPEX – Advanced diagnostics. message n Handle discrete signals (e.

FF-SIS End User Requirements n Total system approach Total Asset Management – FF-SIS and Non-SIS  Modular Logic Solver –centralized and distributed option  Diagnostics  Hybrid system architecture – FF-SIS & traditional hardware  Guidance to manual proof test  Signalling/procedures for auto proof test  Awareness of opportunity-based proof test  Logging/documentation of results  Failure rate updates  FF-SIS 15 © 2008 Fieldbus Foundation .

4 Function Block Diagnostics CRC on Device Description Files FF-SIS 16 © 2008 Fieldbus Foundation .4.FF-SIS Extension Areas n Communication  Meet IEC 61508 part 2 clause 7.8 Communication Diagnostics n User Application  Meet IEC 61508 part 3 clause 7.4.

Process Safety Time/ Safety Function Response Time Stale counter – must be applied in accordance with the specific application 3x 17 communcation timeout as thumb rule FF-SIS © 2008 Fieldbus Foundation .

FF Scheduling of communciation and FB execution FF-SIS 18 © 2008 Fieldbus Foundation .

FF H1.Slow but accurate & safe? The PID control algorithm depend on the sampling of process values + filtering  ”Alarm” Polled approach – PLC – cyclic IO Copy  Jitter + drift introduces ”I&Derrors”  Synchronized approach – FF -In loop execution of sampling and control algorithm The analog SIS voter can rely on ”fresh values” -> best possible Process Safety 19 Time 1 ms synch accuracy FF-SIS © 2008 Fieldbus Foundation .

FF-SIS Communication Extensions n Black Channel Approach  H1 Communication System (Black Channel) is unchanged. IEC 61508 New FF-SIS Communication Diagnostics Black Channel IEC 61508 FF-SIS 20 © 2008 Fieldbus Foundation .  A new FF-SIS protocol above the Black Channel detects network faults and appropriate action is taken without human intervention.

FF-SIS User Application Extensions n User Application   New Function Blocks for FF-SIS Applications – FBAP Part 6 New FBAP diagnostics detect application faults and appropriate action is taken without human intervention. New FF-SIS Function Blocks & Function Block Diagnostics IEC 61508 Black Channel IEC 61508 FF-SIS 21 © 2008 Fieldbus Foundation .

FF-SIS User Application Extensions  Function Block Application Process – Part 6  SIS Write Lock  SIS Discrete Input  SIS Analog Input  SIS Discrete Output  SIS Analog Voter  SIS Discrete Voter  SIS AND/OR/XOR FF-SIS Diagnostics and Statistics added to device Resource Block FF-SIS 22 © 2008 Fieldbus Foundation .

Today’s Proprietary SIS Operation Engineering Proprietary Network SIS Logic Hardwired FF-SIS 23 © 2008 Fieldbus Foundation .

. Logic Solver? H1 FF-SIS Devices Logic Solver 24 Non-SIS FF Devices FF-SIS © 2008 Fieldbus Foundation ...Tomorrow’s Open FF-SIS Operation Engineering Total Asset Management Operation Engineering Proprietary Network SIS Logic HSE Linking Device Ethernet Switch Linking Device H1 Hardwired .

System topology for process safety Plant Network / Intranett Arbeidsstasjoner Firewall Enterprise Optimization Suite Tredje part applikasjon server Mobile Operator Client/server Network Connectivity server Aspect server Application server Engineering Arbeidsstasjoner Control Network Control/ PLC ESD – SIL 3 Seriell kommunikasjon/felt buss PSD – SIL2 F&G SIL 2 25 Trenger sikker (safe) kommunikasjon på Kontrollnetverks-nivå og på felt-nivå. Delevis på operatør-nivå FF-SIS © 2008 Fieldbus Foundation .

Increased diagnostic coverage with FF-SIS The instruments and actuators are included in the safety system and becomes part of the diagnostic testing The increased diagnostic coverage  Makes it possible to at an early stage do repair in many cases No longer proven in use certification  TÜV will not accept the proven in use concept for FF-SIS devices FF-SIS 26 © 2008 Fieldbus Foundation .

Effects of increased diagnostic coverage FF-SIS 27 © 2008 Fieldbus Foundation .

Example FF-SIS Application SIS_ SIS_ SIS_ WL RB AI SIS_ SIS_ SIS_ WL RB AI SIS_ DI SIS_ SIS_ SIS_ WL RB AI SIS_ AVTR SIS_ SIS_ WL RB SIS_ DO Write Lock S FF-SIS 28 © 2008 Fieldbus Foundation .

Example FF-SIS Application SIS_ SIS_ SIS_ WL RB DI SIS_ SIS_ SIS_ WL RB DI SIS_ DI SIS_ SIS_ SIS_ WL RB DI SIS_ DVTR SIS_ SIS_ WL RB SIS_ SIS_ SIS_ WL RB DI SIS_ LOGIC SIS_ DO PS PS PS Write Lock Estop S FF-SIS 29 © 2008 Fieldbus Foundation .

3u @ 100 Mbit/s PHYSICAL LAYER COMMUNICATION STACK TRANSPORT LAYER NETWORK LAYER DATA LINK LAYER 2 1 PHYSICAL LAYER H1 HSE H1/HSE FF-SIS 30 © 2008 Fieldbus Foundation .FF-SIS – New Kid on the Block USER LAYER DD – IEC 61804-2 USER LAYER USER LAYER DD – IEC 61804-2 USER LAYER DD – IEC 61804-2 OSI Model 7 6 5 4 3 FF-SIS IEC 61508 APPLICATION LAYER PRESENTATION LAYER SESSION LAYER 7 IEC 61158 .DLL IEC 61158 @ 31.FDA 6 COMMUNICATION STACK 5 4 3 2 PHYSICAL LAYER 1 IEC 61158 .3 MAC IEEE 802.FMS IEC 61158 .25 kbit/s IETF TCP/UDP IETF IP IEEE 802.

4 TÜV Concept Approval for SIS 2004  1Q DPS Version 0.0  3Q Develop Lab Test Tools and Lab Prototypes  4Q Begin Specification Validation Lab Testing @ Infraserve in Frankfurt 2005 – Release SIS Specification 1.0 and Final TÜV Type Approval 2008 – FF SIS Rollout Team 31 © 2008 Fieldbus Foundation FF-SIS .5 External Review  2Q Release DPS Version 1.Target Schedule 2002  4Q FF Board of Director Approval for SIS Project 2003  1Q  2Q  3Q  4Q Project Kickoff Meeting Architecture Completed Draft Preliminary Specifications (DPS) Version 0.

SROT FF-SIS 32 © 2008 Fieldbus Foundation .FF SIS demonstrators .