Senin, 06 September 2010
Automatic PLC Code Generation & Design Interchange Standards
Jumat, 03 September 2010
Databases - The Perfect Complement to PLCs
You might ask how it is they’re even related. For one thing, relational databases can sort of be an extension of PLC memory. Live values can be mirrored there bi-directionally. Historical values and events can be recorded there as well. But operators and managers can interact with them too. It’s been over twenty years of working, living, breathing and thinking PLCs, but over the last six years I’ve delved heavily into SQL and learned a lot about relational databases. I’ve discovered that working with SQL is remarkably similar to working with PLCs and ladder logic.
SQL has four basic commands and about a hundred different modifiers that can be applied to each. These can be applied in various ways to achieve all types of results. Here’s an example. Imagine effluent from a wastewater plant with its flow, PH and other things being monitored and logged. That’s what you typically see. But now let’s associate other things with these, such as, discrete lab results, the name of the persons who did the lab work, the lab equipment IDs and calibration expiration dates, who was on shift at the time and the shift just prior, what their certification levels were, what chemicals where added and when, who the chemical suppliers were, how long the chemicals sat before use, and so forth ad infinitum. All of this becomes relational data, meaning that if it’s arranged properly in tables you can run SQL queries to obtain all types of interesting results. You might get insight into the most likely conditions which could result in an improper discharge so it can be prevented in the future.
In my explorations of SQL, I found myself looking at the layout of my tables and evaluating the pros and cons of each layout. I massaged them, turned them on their side, upside-down, and finally ended up with the most appropriate arrangement for my application. And similar to PLC programming, I explored innumerable what-if scenarios. I was struck by the amazing similarity in my approach to developing solutions for PLCs. This has been a lot of fun – in fact exhilarating – just like PLCs used to be. It’s the next logical progression you know.
SQL is a high level language that isn’t very hard to learn and you can be very clever with it. I prefer to think of it as a natural extension to my PLC programming skills. Now that you have the machinery running, what did it do? Furthermore, relational databases and SQL pull people and processes together. Machines don’t run alone. They’re merely part of a containing process and that process was devised by people. SQL and relational databases form the bridge to integrate processes, machinery and people together. I don’t believe a COTS (commercial-off-the-shelf) package can do it any more than you could offer a COTS palletizer program and have it be of any use. It just doesn’t work that way. Every machine is different. And every business process is different. That’s where the SQL comes in. It has to duplicate or augment existing process flows and these are intimately connected to the machinery. And that’s why the PLC programmer is best suited to implement solutions involving PLCs and relational databases.
So where do you start? I would suggest picking up a book at the bookstore like one of those dummies books. Then download and install the open-source MySQL database server along with the MySQL Administrator and Query Browser. It only takes a few minutes to install and then start playing. You can read about a LEFT JOIN or INNER JOIN but typing one in and observing the results is worth about 1000 words. At the end of an evening you’ll probably be very excited with all of your new found knowledge and be thinking of endless ways to employ it in your own field of practice. Happy SQLing!
Kamis, 26 Agustus 2010
Safety PLCs Provide Space Savings For OEMs
Selasa, 24 Agustus 2010
Control Systems Are Increasingly Replacing PLCs in Automation Solutions
Small, fast and cheap PLC-solutions usually offer few engineering options and often do not provide convenient visualisation. In contrast, distributed control systems integrate a host of components such as controls, engineering tools, HMIs (human machine interfaces) and numerous peripheral devices and tools.
The segment between PLCs and the world of control systems – the hybrid market – is currently being targeted by both sides. PLC components are becoming more powerful and they can therefore also process more complex tasks. ‘Lite’ control systems are being introduced and they are increasingly being installed in small to medium-sized applications with less complex automation tasks.
For small and less complex automation tasks with often only few signals standalone PLCs have been and are still used, because until now process control systems have been too expensive for these tasks.
In the process industry many control tasks, eg compressors, centrifuges or steam generators, have been automated as PLC-based package units, leading to variety of different control systems and tools.
Diminishing Returns
The use of different PLCs brings serious disadvantages for the users: different tools increase the training budget and lead to more complexity, but without adding value. Particularly during maintenance, minor changes can cause considerable expenses, as cross-influences from different systems require manual adjusting.
The differences in visualisation and operation as well as the individual alarm concepts used by the various manufacturers can, in extreme cases, even affect the availability and safety of the application and the total plant negatively.
Additionally, the flexibility of the maintenance personnel is reduced because not all users can be familiar with all tools. Often older PLCs can only be maintained by a small number of specialists, many of whom are due to retire over the next few years.
Procuring and storing spare parts for many different systems and products cause additional work and expenses. All these reasons result in higher costs for servicing and maintaining the plants.
In contrast to PLCs, control systems are primarily based on analogue control loops with slow monitoring and control functions but less on fast positioning or switching operations.
The process is operated and monitored in the control room. The systems and plants generally run continuously and often have very high demands when it comes to availability. Consequently, implementing changes must be possible in online project configuration.
Additionally, repairing and changing of components while operating the plant is essential. Applications are often specifically configured for one project and the processes concerned and therefore require powerful and efficient engineering-tools with extensive integration possibilities.
Compact Alternative
Driven by technological developments in the last years, manufacturers of process automation technology are nowadays able to offer control systems with higher scalability as an alternative to PLCs in process-oriented applications. The advantages are obvious: efficient engineering, easy operating and maintaining as well as increased productivity due to intelligent diagnosis.
It is now possible for smaller automation solutions, which to date have been dominated by PLCs, to benefit from the advantages of process control engineering, particularly in the process industry. There are opportunities for use in many industries, including chemicals, petrochemicals, oil and gas, metalworking, cement production, glass production, etc.
Jumat, 20 Agustus 2010
PCs and PLCs Have Grown Up
The question is whether or not I believe PC-based controls will replace PLCs, PACs or CNCs.
I’ve been around in the industry long enough to remember when both PCs and PLCs were in their infancy, and the “old-timers” still were designing their control systems around relay logic.
It still sends a shiver down my spine when I recall sitting in front of a multi-door control cabinet chock full of relays and motor contactors, trying to figure out which contact was bad, while I looked at a dog-eared, incomplete set of “as built” blueprints. Ah, those certainly were memorable days.
So, now that I’ve established my bona-fides, along with a few credentials in both age and senility, let’s address the question at hand: PC-based controls or PLCs?
This question has been around for a while, too, but it really got to be a hot topic in the ’90s. Prior to that, any process that required higher-order mathematics—trigonometry functions, for example—was handled by a PC because the PLCs at that time did not have the math co-processing chips. Also, PCs were networkable and could handle a lot of database applications.However, PCs were notorious for failing in industrial conditions because their hardware wasn’t designed to handle heat, dust and vibration. Also, you were required to have specialized programming skills that the run-of-the-mill industrial electrician/technician did not possess, so if there was a breakdown that required troubleshooting beyond checking the I/O, it often required bringing in outside resources to fix the problem—good for OEMs and integrators; bad for production people.
PLCs were made specifically for industrial control applications. The hardware was ruggedly designed, and the programming wasn’t complicated as it was based on the electrical control wiring ladder diagram.
Joe the Maintenance Electrician easily could learn to program the PLC and then use it as a troubleshooting tool. Curiously, it was about this time that the maintenance mechanic’s life got a little harder. He no longer could just look at a machine for two seconds, declare it to be an electrical problem and walk away to drink coffee and play cards, while the electrician was left to prove that the solenoid valve or cylinder seals were bad.
In the past decade though, PLCs evolved such that they can perform the same functions as the PCs, and the PCs have become more rugged. The advent of soft logic-type programming for PCs virtually eliminated the need for specialized custom programming for most industrial control applications. Both the PC and the PLC CPU still require an I/O interface of some type, whether a PC chassis or PLC rack.
Selasa, 17 Agustus 2010
The Logical Platform
The PLC has moved well beyond its original discrete control function to become a multi-discipline platform for plant-wide automation. Mogan Swamy reports.
Customers increasingly need to make good business decisions based on information obtained from the plant floor. But the devices or methods used to enable this must be at an optimal cost, with the minimum ofdisruption in its execution or implementation.
Interestingly, these were the exact driving forces that gave birth to the programmable logic controller (PLC): it was envisioned as a controller to replace troublesome relay panels, to replace costly minicomputers and reduce programming time for various machine tool applications. In its conception, overall, it provided a simpler interface betweencomputers and machines at a relatively low cost.The concepts upon which the PLC’s development was based, has not diminished, but has been further heightened with a need to define a vision for the factory of the future. This demands the provision of an architectural roadmap, based on hardware and software. Conceptually, the PLC design should depend on prevailing business drivers and emerging technologies and all evidence suggests that the PLC has been up to the task, without slacking on the goalsfor which it was originally envisioned.
In this sense, the PLC continues to play an important role in integrated automation. Theintegration of a PLC into the factory floor makes it not just a single controller, but an extension of thewhole enterprise computer system.In the current context, it would most likely to be part of the technology mix in more collaborative discrete control systems, designed and built for a distributed manufacturing process and supply chain, but sensitive to a demand-driven market, and the need for real-time collaboration and response acrossthe manufacturing enterprise.
The fact is the PLC has become the workhorse of factory automation. Other technologies such as CNC, motor drives, motion control, robotics, automatic ID systems, and vision systems are now factoryfunctional because they are hitched to a PLC system. This implies that information from all these other domains are the engine that runs the production line, with the PLC taking an event-driven approach that allows for optimization of the production processes,by providing access to real-time events.Event-driven information, potentially, can be the cornerstone of an effective production-to-business strategy. As this information is captured, as it occurs, it can be moved to enhance production management, improve manufacturing process visibility and streamline supply chain applications. But this can only be effective if the information is shared across theproduct lifecycle and the manufacturing enterprise.
The trend towards a unified and flattened, tiered, and a hierarchical discrete manufacturing environment, has helped the PLC define its own relationship between the different domains in the manufacturing environment, and move towards aproduction-to-business based architecture.This has resulted in PLC trends towards increased communication capability, smaller sizes, better software and implementation tools, and diagnostics. In addition, these developments have tried to address customer demands for open standards, multi-control disciplines, modular architecture, and comprehensiveautomation solutions software.Minggu, 11 Juli 2010
Quick & Simple PLC Programming
The dual benefits of reduced downtime, and ease of use and training, have quickened the adoption of function blocks and the use of libraries of function block components. The adoption of function blocks has also been encouraged by the development of standards that make their use easier. The Internatiional Electrotechnical Commission’s IEC 61131 makes it easier to use function blocks, though some say the standard has reached the end of its useful life. Many manufacturers have turned to IEC 61499, which builds on its predecessor by providing an open architecture for distributed control systems.
The result is that function blocks are becoming widely used and simple enough for a non-programmer to use. Even so, some detractors claim that function blocks can sometimes slow down production development when the blocks allow developers to move ahead without thinking through the process completely.
Risk-averse
Function block technology actually goes back a few decades, but the process control industry was slow to pick it up because of an initial lack of standards and because the manufacturing industry typically doesn’t move quickly. Unlike most areas of technology, plant automation moves at a slow pace. “The controls industry is very, very risk averse. The attitude is, ‘If it isn’t broken, don’t fix it,’ ” says Ron Bliss, software manager of Logix, for Rockwell Automation Inc., of Milwaukee. “I never got fired for keeping things the way they were.”
Bliss notes that the slow pace of advancement in controls programming matches the long lifetime of plant equipment. “If you put in a piece of production equipment, it will be there for 20 years, and those things around it will be there for a long time as well,” says Bliss. “So when you have something there for a long time and you don’t have large budgets, and you have to train someone on new technology, you’re going to push back against that new technology.”
That attitude began to change as manufacturers faced globalization. With international competition becoming increasingly intense, fewer companies today view the status quo as acceptable. They are becoming interested in achieving “continuous process improvement.” While that’s an overused phrase, the concept does represent a shift in attitude at manufacturers, and that shift has encouraged the adoption of new technology.
The controls industry has also seen a shift from the concept of hard wire to flowcharts. Function blocks have been part of that transition. “One of the reason function blocks have begun to take over is that they replace the relay ladder logic that has been around for 40 years,” says Greg Dixson, product manager for Automation Worx at Phoenix Contact, in Middletown, Pa. Ladder logic mimics hard wire. According to Dixson, ladder logic is being replaced by flow logic. “When we think in yeses and noes, we’re thinking in flowcharts. It’s much easier to understand.” Dixson notes that young programmers take much more quickly to flow logic and that it is much more adaptable to personal computers (PCs).
For many plant operators, the continual pressure to improve operations while reducing downtime is partly solved by the use of function blocks for PLC programming. “Function blocks give you time savings and code portability,” says David Stall, electrical engineer at Grob Systems Inc., in Bluffton, Ohio. “Once you have a working function block and test it on a project, you can take it to the next project.”
While function blocks don’t eliminate the need to write code, they do significantly reduce the need to rewrite code. “Function blocks help because any time I have a piece of code, I throw it into a function block and I only have to write it one time,” says Stall. “Any time I have to interface into another piece of equipment, I do it with the function block.”
In some cases, the function blocks can represent actual pieces of equipment. “With a functional block, you’re encapsulating your process; you’re putting an object wrapper around a whole machine with its inputs and outputs,” says Bob Nelson, manager of PLC and I/O (input/output) products in the Discrete Automation Business at Siemens Energy & Automation Inc., in Norcross, Ga. “You can easily tie together pieces of equipment, and the end user doesn’t need to know what’s happening in the machine.”
That makes integration simple, because the function blocks can be put together like physical equipment. “We have customers who are building code that has a physical relationship to hardware architectures. You have a physical representation and code representation,” says Barney Keeton, business development executive at Schneider Electric, in Palatine, Ill. “You may have an OEM (original equipment manufacturer) who builds conveyors with barcode readers at transfer stations. The company could build a directive function block that matches how it links the conveyers together.” So, when the OEM puts the function blocks in the same connective arrangement as the conveyers, the conveyers are connected by software just as they are physically.
One of the biggest advantages of using function blocks is that they are quick, easy to use, and easy to learn. “The benefits of blocks include a more efficient use of time. They are easy to understand, easy to troubleshoot and easy to train people on,” says Dave Woll, vice president of consulting at ARC Advisory Group Inc., in Dedham, Mass.
Function blocks also appeal because they are stable, they reduce complexity, and they are reusable. As for stability, function blocks do not change significantly. In many cases, programmers can use the same function blocks in a wide range of applications.
Function blocks can greatly reduce complexity. A programmer can work with a function block without understanding how it works internally. Some manufacturers have marveled that you don’t need a programmer to make use of function blocks.
Function blocks are also popular because they are reusable. This attribute comes in handy whether a manufacturer is changing a product or migrating production from one plant to another. Once a function block has been developed and tested, it can become part of the manufacturer’s library of functions. “The directive function blocks are reusable from project to project,” says Schneider’s Keeton.
Legacy integration
A benefit not often mentioned in discussions of function blocks is the ability to integrate legacy equipment. “We’ve used function blocks to integrate legacy products in an open network,” says Joe Biondo, e-business manager at Bosch Rexroth Corp., in Hoffman Estates, Ill. “We build a software library that tells our software how to handle this legacy product.”
Not everyone believes function blocks are the answer to more efficient controls programming. ARC’s Woll notes that function blocks can sometimes create more problems than they solve, by designing automation incorrectly. “The biggest problem process manufacturers in North America have is operational failure. That comes from operators doing the wrong thing, or from automation designed the wrong way,” says Woll. “One thing I’m seeing is a trend toward state logic control and away from block-oriented languages.” He notes that with state logic control, engineers are “forced to give a lot of thought to the process and the control it needs.”
Some companies specifically avoid using function blocks, according to Woll, because it is more precise than using function blocks. “At Dow Chemical, they do their programming using state logic, and Boeing does the same thing,” says Woll. “It’s to ensure precision in the design and operation. It’s been a philosophy they’ve had for a long time.”
Other drawbacks to function blocks include the manual effort involved in copying and pasting code, the difficulty in either copying each tag individually or creating new ones from scratch, the need to rewrite code to utilize new tags, and the need to edit the new tags to contain the appropriate preset values.
Even with these limitations, it’s clear that for most manufacturers, the time-savings that comes from using function blocks far outweighs their drawbacks. The trend is still weighed heavily in favor of adopting function blocks and building libraries of this object-oriented code that can be used and reused with little time and effort.
Selasa, 06 Juli 2010
PROGRAMMABLE LOGIC CONTROLLERS
Input and Output Units (I/O)
Inputs are wired to sensing devices such as button keypads, selector switches, photocells, motion detectors, etc. If an input senses that a sensor is closed, the input converts the voltage to a logic 1 signal understood by the CPU to be ON. A logic 1 signal indicates an On or CLOSED state, and a logic 0 signal indicates an OFF or OPEN state.
Ouputs are wired to switching devices such as lights, garage doors, heating systems, and other household appliances. Outputs switch the supplied control voltage that energizes or de-energizes the switching devices. If an output is turned ON by the CPU, the control voltage is switched to activate the switching device.
Central Processing Unit (CPU)
Within the CPU are the digital processor, memory, and power supply. These components interact to solve application logic and pass control signals to the outputs. The CPU reads the converted input signals, executes the user logic program stored in its memory, then writes the appropriate output signals to the switching devices. The application program is written in a language called ladder logic.
System Block Diagram
The block diagram shows the major components of a PLC. The PLC monitors the state of the sensing devices by receiving signals from its inputs, solves a user logic program stored in its CPU, and then directs switching device activity by sending control signals to its outputs.
Rabu, 30 Juni 2010
The Details of the Safety Standards
The new standards, ISO 13849-1 and IEC 62061 add a quantitative calculation to machine design. These standards will replace EN 954-1, which became the machine safety standard in Europe and throughout most of the world after being released in 1992.
Many in the industry view 954-1 as overly simplistic, because it does not require the assessment of safety components in relation to time or lifecycle. The new standards require machine builders to add quantitative calculations to the design. This will result in a more methodical assessment of the machine’s performance, reliability and availability.
EN 954-1. European Norm (EN) 954-1—titled “Safety of Machinery, Safety Related Parts of Control Systems”—was developed for safety of plant machinery. The standard has two parts: 1. General principles of design and 2. Validation, testing and fault lists. The standard sets out procedures for the selection and design of safety measures. It also provides a list of typical safety functions such as stops, manual re-sets, starts and re-starts and more. While appropriate for its day, 954-1 is now considered appropriate mostly for low-complexity systems.
ISO 13849-1. This standard developed by the International Organization for Standardization builds on EN 954-1. The standard specifies system reliability based on hardware-oriented structure, calculated mean time to dangerous failure, and diagnostic coverage of the safety function. The standard applies beyond electric and electronic systems to include mechanical, hydraulic and pneumatic parts of the control system.
IEC 62061. The International Electrotechnical Commission developed this standard for “functional safety of safety-related electrical electronic and programmable electronic control systems.” The standard determines the amount of risk that needs to be reduced in a machine in terms of safety integrity levels (SIL). The machine industry uses three SILs that determine the level of risk. The standard sets the SIL levels for the machine system and subsystems, though with flexibility.
Kamis, 17 Juni 2010
Machine Safety Incorporates Relays, PLCs, Risk Assessment and Standards
What’s in your bottle? The SPF of your sunscreen lotion might protect your hide, but achieving appropriate safety integrity levels (SILs) will protect your operators and machines. This is especially true if you precede SILs with a hazard identification and risk assessment (RA) and follow them with performance requirements, consistent implementation, thorough training and continuous revaluation.
If you don’t apply protection, however, you could wake up at the metaphorical beach with a lobster-red sunburn. Likewise, most machine safety programs are inspired by a painful wake-up call. These events can be deadly serious destructions of life, limb and equipment, or only slightly less serious near misses that could turn tragic next time if changes aren’t made.
Enough Was Enough
After several years of poor safety performance, Goodyear Tire & Rubber's plant in Gadsden, Ala., had two major injuries, which occurred when employees were caught in the facility’s let-off shear machinery in 2006. In one event, a machine had been left in automatic mode, and it seized and injured an operator’s hands when he patted down the roll of rubber on it.“We had a huge need for improved safety,” says Charles Skaggs, Goodyear’s health and safety manager. “We had 300 new staff this year, and for the past four or five years, we’ve had to tell them that Gadsden was at or near the bottom of all Goodyear plants in terms of safety. After 2006, our corporate management said it wasn’t going to put up with these incidents any more and asked us to study ways for our machines to achieve first-class safety ratings.”
Goodyear’s subsequent study included input from the Rubber Manufacturer Assn, which reported that the most dangerous place in the Gadsden facility—and in most tire-making applications—is the wind-up and let-off areas in their fabric bias cutter and sheet calendar machines. RMA recommended that Goodyear focus on improving the wind-up and let-off safety at all its global facilities. Consequently, Goodyear’s management ordered mandatory safety release (MSR) capabilities, so its machines could attain a Level 1 safety rating, and budgeted $3 million for the project.
To help improve the safety of its machines, many of which were very old, Goodyear used a Rockwell Automation modular kit-based solution that could be implemented and reproduced among multiple machines. Goodyear began installing the presence-sensing equipment and light-activated barriers from August to December 2007. These devices prevent the wind-up and let-off machines from running if an operator puts his or her hand in it. The kit also includes new e-stop equipment, replacing the former safety cables and belly bars, as well as new safety interlocks and fencing.
“Because the kits are modular, we could implement them in 67 wind-up/let-off applications in 20 weeks,” says Skaggs. “The kits were so successful that Goodyear plans to spread them across all of our plants.” Besides completing its MSR project on time, Skaggs reports that Gadsden improved its safety performance and record by 61% in the approximately 12 months that it’s been in place. The plant had 34 fewer OSHA-reportable incidents during the same period, and its safety project also reduced downtime by 34%. The $885,000 worth of safety equipment that Goodyear has installed so far paid for itself in just four months. More specifically, Gadsden’s OSHA-reportable incidents dropped from 148 in 2004 to just 29 in 2007 and 27 as of October 2008.
Skaggs believes the main requirements for a successful safety improvement project include 100% commitment from management, sufficient training and awareness, thorough understanding of the production system and coming to realize that safety is not a technology problem, but is about educating people and overcoming traditional resistance to change.
To further encourage and ensure safety, last year Goodyear started a rapid improvement activity (RIA) program, in which company participants spend one day in a safety class and then go through their facilities and applications, seek out safety-related items that need to be improved and try to complete 80% of those fixes in three days. So far, Skaggs says Goodyear’s employees have found 262 items and have improved 219 of them.
“After doing so badly in 2003-04, Gadsden’s plant management and Goodyear’s corporate management said we just had to do safety differently,” adds Skaggs. “Before that, we just didn’t have enough of a focus on it. So, we revised our whole safety structure and also began to drive more safety responsibility to our safety teams on the plant floors. We also work very closely with our union’s safety representatives, and we have a very good relationship with them because we both have the same goal of no one getting hurt. I think this kind of relationship is something you must have to improve safety and maintain it.”Jumat, 11 Juni 2010
What is SIL?
The IEC 61508 standard provides a new approach for considering the reliability of electrical, electronic, and programmable electronic (E/E/PE) safety-related systems. It creates a safety integrity level for programmable systems using a statistical approach by measuring the probability of dangerous failures per hour, denoted as the PFHd.
The SIL is defined as the probability of a safety system to perform its functions under all stated conditions within a stated period of time. The higher the SIL level, the lower the probability that the safety system will fail to carry out its mission. IEC 61508 outlines the tools and formulas to calculate probability that safety functions will fail and then provides a system of SIL levels to categorize these systems.
The four SIL levels identified by IEC 61508 correspond to the PFHd in high-demand or continuous-operation mode. IEC 62061 dictates how the statistical results obtained in IEC 61508 are applied to machinery. While IEC 62061 does look at both high and low-demand listings, it does not consider lowdemand relevant for safety applications on machinery.
Similar to an electromechanical- risk assessment for safety categories, a SIL-level assessment also considers the consequences of an accident, the frequency and duration of exposure to a hazard, the possibility of avoiding the hazard, and the probability of an unwanted occurrence. So both assessments have similarities in how they look at machine safety.
SIL, however, defines the result of an accident differently. It expands into four subclasses identified as minor injury; serious permanent injury to one or more people, or death to one person; death to several people; and death to many people.
Unlike an electromechanical risk assessment for safety, a SIL-risk assessment includes an additional analysis criterion: The statistical probability of an unwanted occurrence or failure. This criterion is further divided into several subcategories: a slight probability that the unwanted occurrences will come to pass and a only a few unwanted occurrences are likely; a slight probability that the unwanted occurrences will come to pass and a few unwanted occurrences are likely; and a relatively high probability that unwanted occurrences will come to pass and frequent unwanted occurrences are likely.
EN/IEC 62061 states that SIL 4 is not considered relevant to risk-reduction requirements normally associated with industrial machinery. While not specifically stated in any of the standards, it is highly unlikely that industrial machinery would combine a possibility of many people killed with a relatively high probability that the unwanted occurrences will come to pass, plus a likelihood of frequent unwanted occurrences.
Electromechanical Devices Verses Solid State
While electromechanical systems are fairly simple to monitor and it is easy to detect failures, solid-state systems must be designed for redundancy and self-checking. Standard PLCs are typically not designed for safety and won’t qualify for a SIL rating. Safety PLCs have redundant, highly reliable processors and redundant circuitry to verify system integrity. The redundant circuitry continually checks the processors, internal components, inputs, and outputs to ensure everything is working properly.
Another new standard to recently emerge, EN/ISO 13849-1, will eventually replace EN 954-1. The new standard updates EN954-1 with a new way to categorize the risk level of a machine using performance levels. These performance levels use the same criteria as safety categories, but the results are arranged differently and are assigned letter designators A through E. The performance levels also are assigned values for their related mean time to dangerous failure (MTTFd), allowing for a statistical look at electromechanical safety and safety categories. The standard thus allows comparisons between safety categories, performance levels, and SIL ratings. For example, category 4 is the same performance level as SIL 3, and vice-versa.
Determining a Machine’s SIL Level
EN/IEC 62061 provides tables and a worksheet to identify a machine’s SIL-level requirements. There are numerical values for different levels of the criteria discussed previously: C (consequences), F (frequency), P (probability), and W (unwanted occurrences). The numerical values for each criteria are summed, and the SIL level determined from a chart on the worksheet. Each of the levels are more defined than the safety categories, making it simpler and a bit less subjective to determine severity.
As machines become more complicated, so do their safety systems. The growing complexity makes programmable safety systems more attractive and economical. Programmable safety devices easily integrate into control systems while adding new function and diagnostics.
Rabu, 09 Juni 2010
Programmable safety begets new standards
Hard-wired electromechanical components were the only option for machine-safety systems in the U.S. until 2002. Standards banned programmable logic controllers (PLCs) from use in safety systems. The reason was that programmable electronic systems were complex. It could be difficult to predict how a device behaved in the event of a failure,
But new safety standards have led safety PLCs and controllers to become more widely accepted in the U.S. In fact, many users are combining safety and automation components into the same system through use of safety PLCs and safety networks. A combined system can save money through a substantial reduction in wiring, wiring labor, and cabinet space.
Commonality in components for control and safety extends to software as well. Operators need learn only one programming architecture. Safety PLCs operating over safety-rated communications networks linked with machinecontrol systems provide higher levels of information and diagnostics. Not only can the safety system detect the fault, it can now query the control system about specific machine operations at the time.
Many European safety standards, such as IEC 61508 and EN 954-1, are not enforceable in the U.S. But they are still used to verify machine safety levels in both the U.S. and globally. Many U.S. companies must conform to these standards to compete internationally. And much of the European verbiage is being incorporated into U.S. safety standards as they are rewritten and revised.
Each programmable safety device and the overall machine must be classified into an appropriate risk-assessment categor y known as a safety- integri ty level (SIL). But that raises questions about what the SIL ratings actually mean and how they compare to the more familiar safety categories.
Most machine builders today think of risk assessment as detailed in the EU’s EN 954- 1 standard. It created five risk categories in 1995 listed as B, 1, 2, 3, and 4. All machinery in the EU must undergo formal risk assessment before they can be equipped with safety components. The risk assessment in EN 954-1 looks at the result of an accident, the frequency and duration of exposure to the hazard, and the possibility of avoiding the hazard.
From the results of each assessment, the machine or part gets put into one of five safety categories. Each category identifies the system requirements and behavior in the event of a fault. Category B holds the safest machines, where risk of injury is slight or the types of injuries that can occur are easily healed. Category 1 machinery poses a risk of serious injury that is mitigated through the use of well tried and tested components and principles. But no special tests are carried out to maintain the safety functions. Category 2 forces periodic checks of the safety functions but a fault may cause the safety function to fail. Faults in the final two categories should not cause loss of the safety system. That typically means categories 3 and 4 need redundancy from inputs through outputs.
It’s fairly simple to determine how an electromechanical system might fail. Therefore, to satisfy safety requirements, the machine is built so that it will shut down when a part fails or fault occurs. But modern, programmable equipment may fail in unexpected ways with consequences impossible to predict. Thus a new method of rating the safety of today’s machinery was required.
Senin, 07 Juni 2010
Small Control Systems
Technology has been blazing ahead with larger memory capacity and smaller, faster processors in less space. The volume of quality commercial off-the-shelf digital devices used in so many everyday applications is bringing down the price.
New Ethernet technologies have made that venerable communication technique practical for process control work. All of this has contributed to much more affordable, small control systems. This has in turn allowed inexpensive but sophisticated control for applications and industries, which previously were not possible or practical.
The new markets that opened up provided opportunities for the process control companies to offer smaller but complete systems. Because many of these systems had the capacity to scale up, they were equally attractive to traditionally larger companies to also “start small, grow large” and try different suppliers without much risk.
The flexibility of the five IEC 61131 languages and their relative ease of use was attractive to batch-based industries, which often were small batch process units of operation with a packaging line “downstream.” That packaging line was the province of the PLC world. There was pressure (and opportunity) to marry the process and discrete functions in the same control system. Those batch operations were among the earliest to struggle with the need for a hybrid of discrete and process. This no doubt led to the designation of “hybrid industries.” Pressure on the pharmaceutical industries to expand production led the need for “hybrid controls” to also include large system networks.
Both PLC and DCS suppliers raced to fill the void. Today they can be integral to enterprise control systems, which encompass the business side of the operations, not just the manufacturing.
Further, systems include optimization at all levels, which include alarm management, predictive maintenance, cyber security, and the safety of people, product, and equipment.Minggu, 30 Mei 2010
Industrial Control Safety
Perhaps you don't catch the significance of this so let me give you a scenario. Joe is walking by a machine thinking about today's scheduling problems. Bob is driving his forklift down the aisle. Joe walks out from behind the machine a little faster than he should. Bob slams on the brakes just in time to avoid running over Joe but swerves a tad and gently rubs against the machine. Joe jumps back at the same moment and falls on top of some rollers. No real damage done. A piece of conduit pushed out of place. Couple of ripped wires. Whoops! The machine is starting up! Joe dies a horrible death. Okay, there should have been guards in place it's just a story, okay?
Why did the machine start up? Someone thought it was okay to wire a start button in an NPN fashion on a controller fed from a negative ground system. As soon as the damaged wire received a short circuit to ground, the PLC saw a request to start and did as it was told. Joe probably didn't appreciate its obedience.
Input modules should have the common connected to the grounded side of the power source and output modules should have the common connected to the ungrounded side. Think of it this way: Positive or Hot signals should come out of outputs and go into inputs. Negatives & Neutrals shouldn't do anything but sit there looking pretty. Why do I keep seeing the opposite being done?
This drawing shows the wrong way to do it!
I see so many dangerous designs in my day-to-day work that it's beginning to scare me. And they are coming from people who should know better. Control specialists, technical graduates, professional engineers, you name it. So here's my list of Do's and Don'ts. Perhaps I should say it's my "Please, Please, For the Love of God, Don't Even Think About Doing Otherwise" list.
1) Always ground power supplies and transformers unless you plan on monitoring for accidental grounds. For control systems, it's just not worth the complexity needed to make an ungrounded system safe. We want a fully grounded system. Every time you create a new supply source (where the output is isolated from the input), you must re-ground the output. That means your control transformer needs a ground and so does your DC power supply. That includes power supplies built into PLC's. Each connection must be made right at the source device's output and should be wired direct to ground in plain view and as close to the device as possible. Use a dedicated screw into the cabinet backplate, not a din rail terminal and not a device support. Don't hide the screw or the wire in duct and don't put other grounds onto it. It should be obvious and easy to verify that it's still there. The norm in most of the world is to ground the negative side of a DC power supply and X2 in the case of an AC control transformer. Don't forget to bond the cabinet's backplate to the cabinet itself.
2) Fuse the ungrounded side of the source. Don't fuse the grounded side.
3) If you opt for an ungrounded system with a ground detector then bear the following in mind. A ground detector must actually interrupt power when the first ground is detected and it must operate faster than your control system. A simple notification is not good enough. There is an excellent chance that the first short to ground is occuring across both conductors from a button or sensor and is thus bypassing the contacts. The common idea that no hazard exists until a second ground occurs is just plain wrong. Picture a broken conduit coupling bent over at 90 degrees and ripping the wiring inside. It bites into the insulation on the 2 wires going to a single pushbutton and turns on a ground detector's indicator light. It also launches an ICBM towards Moscow. An older idea is to switch both sides of the supply simultaneously which is still not very good and is impossible using things like PLC's that share a common between several I/O points. A properly wired, grounded system would just blow the fuse. A ground detector is also a liability. It can fail.
If you are confused by the terms PNP and NPN, here's a quick primer. They refer to the layered construction of semiconductors like transistors. The "N" stands for "Negative" and the "P" stands for "Positive". With respect to sensors, an NPN device is one that can switch the negative side of a circuit while a PNP device is designed to switch the positive side. In other words, a PNP device must sit between the controlled load and the connection to the positive side of the power supply. It switches the load on or off by making and breaking the load's positive line. It's easy to remember; NPN has the most N's in its name and it switches Negatives; PNP has the most P's in its name and it switches Positives. NPN is the norm in circuit board electronics but in industrial control, PNP = good and NPN = bad.
I'll say this a little louder
DO NOT USE NPN SENSORS OR WIRING METHODS
unless you are sure that a false activation will be harmless. No exceptions. EVER!
5) The rules for inputs also apply to outputs. Your loads should have one side hard- wired to the grounded side of the supply. Switch the ungrounded line. You don't want your PLC overruled by a short to ground.
6) You can't go by the terms "sourcing" and "sinking" when choosing I/O modules. Different manufacturers use the terms in opposite ways. You must check their drawings before you can be sure of what you are getting. A sourcing device is one that supplies positive charges to another. A sinking device accepts positive charges from a sourcing device. A pnp sensor is a source that sends positive signals to a sinking plc input module. The problem is that some manufacturers such as Mitsubishi label such an input module as sourcing presumably because it's designed to be used with sourcing field devices. Just the kind of confusion the industry needs.
7) Always ground everything conductive that could potentially be involved in a bypass attempt. That means enclosures, conduit, cable glands, etc. It also means anything nearby that flailing or falling wiring could touch such as machine sections, railings and guards. If you don't pre-ground these things, your fuse won't protect you, your contacts will be bypassed and you wasted your time grounding the supply in the first place. It doesn't matter if you are only using 24 volts. You still need everything grounded to prevent your contacts and sensors from being bypassed.
8) Stop using 120 volts for every little thing. Quit already. Okay? Use extra-low-voltage whenever possible. 24 volts is ideal and very widely used. Short circuits are gentler, cause less damage and maintenance people and operators won't get electrocuted by it. Anything over 50 volts is bad. You can still power your large contactors and whatnot inside of your main cabinet with 120v when needed. All of your field wiring to pushbuttons, limit switches, sensors, etc should be 24 volt.
9) Use DC for control in the field rather than AC. It doesn't take that much wire length before you have enough capacitance to magically bypass your contacts just like a short circuit. It can wreak havoc on a control system's operation. No point worrying about when it will cause a problem. Just don't use AC for control. Period.
10) Use only isolating type transformers for your control power. Choosing an autotransformer is a quick way to destroy PLC's, computers, test equipment and people. Similar warnings apply to DC power supplies. They must be isolating types built to the appropriate standards. Not all of them are.
11) Feed the top of contactors, switches, etc. Never feed the bottom. I don't care if you have to use an extra three feet of wire and go around and into the next duct to do it. This is a standard that has been around longer than there have been relays, contactors, control cabinets or you or me. As for "cube" relays, you don't have much choice with these sorry excuses of terminal contortions. They were designed by people that didn't know better or didn't care. If you are an actual designer of relays, power supplies and similar things smarten up.
12) Put Emergency Stop buttons all over the place. Think about where someone will be when an emergency happens. What if they are a new employee or a visitor who is not familiar with the machine? Will someone even be within sight of a button? Will they be able to reach it quickly? If they are physically trapped or in the process of being pulled into the machine, will they still be able to reach it? Use real E-Stops with large, red, mushroom heads. I have one client who installed several of these as start buttons because "they were all we had at the time". Could prove entertaining when the safety inspector comes by� "No not that button. The little green one stops it, the black one starts it and the big red one is for Go Real Fast".
13) Don't make Emergency Stop buttons do things when pressed. Make them stop things when pressed. I once almost chopped a client's finger off because of this. I noticed he had his hand inside of a swaging machine adjusting it while it was running. Being a considerate guy, I punched the E-Stop so he wouldn't get hurt. The machine instantly retracted an air cylinder under full power in order to get back to its rest position. He pulled his hand out just in time with only slight bruising of one finger. I feel very stupid for doing that. Just the same, I'd love to get my hands on the idiot that designed it. Remember, they are called "Emergency" buttons for a reason.
14) An ordinary (non-mushroom) stop button can stop whatever you want it to, in whatever fashion you wish (it may even cause cylinders to retract). An E-Stop should immediately shut down everything. Don't mix up their purpose. Of course there are exceptions. Things like braking circuits are obvious candidates for staying on during an E-Stop. The general goal, however, is that whatever could possibly go wrong (or make a bad situation worse) should be on the included list of things that are killed by the E-Stops. The easy rule is that unless an item must stay on for safety, then every E-Stop should shut it off no matter what it is.
15) Releasing an E-Stop is not considered a "Start back up again, I was only kidding" signal. You should have to press a different button to restart. Don't use momentary E-Stops either. They are still sold because some people collect them as museum pieces. Today, we use only latching buttons so that once pressed, you have some confidence the system won't start up again even though a problem somewhere else is causing a start signal to be constantly generated. By the way, that's the standard first test of any stop button; if it's pressed, no other signals should be able to start up the machine.
16) If possible, an Emergency Stop should not only stop all motion, it should also relieve all pressure. This is especially true in machines that are complex when in manual mode. Air systems are a snap for this. The machine should "relax". If you are ever trapped, you'll be glad of this feature. Note: relax does not mean drop a pallet on someone.
17) Think about an "extraction procedure" when designing controls. This means what would have to be done if someone was caught in the machine in order to free them. Maybe you should add certain manual controls. An example might be an inching reverse ability for some of the motors along with clearly marked buttons. There was a case in my city where three workers were crushed badly under a several thousand ton punch press that dropped a bit while they were working under it. The ambulance and fire department had to wait more than an hour while the dying men pleaded for help. Apparently it's not easy to find someone at 3 in the morning who can reverse a motor with a complex control cabinet full of strange looking stuff. They didn't survive.
18) Don't rely on your PLC to respond to Emergency Stops. Use a master contactor that interrupts all control power and have the E-Stops kill that. You can monitor the action with the PLC or even operate both in series. Some localities allow PLC's to operate safety circuits without contactor assistance but many do not. I always use a contactor. What's the big deal? Contactors are cheap. I get the added assurance that should my program or the PLC itself fail in some weird manner, the operator can still nail that E-Stop and shut down the machine.
19) Do some research into "positive-guided relays" also known as "force guided relays". These and the new electronic "safety relays" can add a great deal of confidence that your system is still working the way you intended. They won't tell false tales to your PLC (in theory). For positive-guided, electro-mechanical relays, Omron sells the G7S. FGR International (www.fgri.com) sells various and AEG has small ones and even large power contactor sizes. Check the web.
20) Most of those new ultra-micro PLC's or "Smart Relays" that people are growing fond of are not for use where safety is even remotely involved. Read the specs carefully before you use them. If the inputs can be programmed to be either digital or analogue, that's a give-away that they are not isolated. Except for one high-end model made by Moeller, even the digital-only inputs are not isolated on any of the brands I've checked. An input failure on these, can travel through the internal circuitry and activate any of the other inputs or other parts of your control system. It could cause equally unpleasant actions by interfering with the internal logic and memory. Examples of these are the Alpha, Logo, Easy, Pico, Zelio etc.
21) Don't be too quick to use palm actuators and similar devices that use electronics, proximity triggers and other complex methods to issue start signals. They've been implicated in more than one accident (click here for an example). Some of the models that I have looked at, were low-grade devices that have no place in most industrial applications. They were single-channel, non-redundant, and non-self-checking (can you say non-acceptable?). Their focus was less on safety than on cashing in on the fears of repetitive strain lawsuits. Regardless, I wouldn't use even the best ones except in truly non-hazardous applications (where they might actually be quite useful). The addition of a "safety relay" does not miraculously change the situation either, unless your sales rep bears more than a passing resemblance to Jesus. Be aware too that standard proximity sensors (including infra-red and laser) are not safety rated nor are they intended to be. They're made for counting donuts not for detecting when an operator is clear of a pinch-point. High-hazard rated electronic sensors such as light curtains that will issue stop commands are feasible (when used properly) and available. Issuing start commands is a whole different matter.
22) Consider using a both a normally-open and a normally-closed contact on start buttons (or other sensors) that will initiate a hazardous operation. Declare an error condition if they are both open beyond a short amount of time or if they are ever both closed. A proper start sequence involves seeing that the N.C. contacts are in fact closed, followed by them opening, followed shortly by the N.O. contacts closing. This can help avoid false signals from wiring problems and tends to verify that the button's mechanical operation is good. If you need to use a 2-hand start then you absolutely should use this setup on each button (along with anti-tie-down timing).
23) Don't touch anything on a punch press or brake type of machine unless you are very familiar with the myriad of requirements and dangers. I say type because there are presses that are not called such by the makers but the laws still apply. It's a rather serious and heavily enforced area and you can get yourself into a heap of trouble. Most of the enforcement occurs after an accident. Incidents are often things like double amputations. If you think you can make a quick dollar installing light-curtains, think twice. Read and understand the rules. Even better, read your insurance policy.
24) Check the ratings on "supplementary" or "mini" breakers and certain all-in-one, overload/overcurrent motor protectors and watch how you use them. They've hurt more than a few workers. The problem is they can only safely interrupt a fault current if they are already closed when it occurs. Doing a closure into a fault and then having to immediately open is a serious stress. Some can't handle a fault at all and rely completely on upstream fuses. It goes like this: Motor burns out. Fuses ahead of breaker blow. Man flips breaker on and off a few times to see if that will fix things. Man leaves breaker in the off position. Man finds and changes fuses. Man flips on breaker. Breaker blows up in man's face. More fun stories for the kid's around the campfire.
25) You should go to extreme lengths to ensure that a single switch disconnects all power in a control cabinet. That would be the switch that's within reach of or mounted in the cabinet. Not the one across the factory and definitely not the one in Niagara Falls. It can get tricky when you are interconnecting machines. Add auxiliary contacts to the switch if you have to. If some things must remain live with the switch off then separate all of the involved components and terminals into a distinct area with a faceplate barrier. Label it and the switch with warnings. Better still, put them in a separate box labelled as containing multiple sources.
26) There are various types of charge storage devices. Make sure these don't interfere with your E-Stop system or present a maintenance hazard. Capacitors should have draining resistors added to them if they don't have internal ones.
27) I'm sure you've heard it before but don't mix voltages in your conduits. 24 volts goes in one conduit. 120 volts goes in another. 380, 480 or 600 go in still another. Induced current is the usual reason given for separating them but it's not the only problem. Conduits and cables are where shorts occur. You don't need 600 volts travelling into your 24-volt PLC cards. Strange things could happen. For the same reason, use wire rated for the highest voltage in a cabinet. Don't use 300 volt wiring for the low voltage "cause thets all I'm a usin on thet thar particlar wyre. U know, thet one thets a leanin up agin the 600 volt moter contractor". [Sorry. I couldn't resist]
28) Choose whether you need N.O. or N.C. contacts very carefully. You need a sensor or contact to "fail to safe" rather than "fail to hazard". Statistically, it is much more likely in a failure that you will have a loss of connection rather than closures like locked or bypassed contacts that don't blow the fuse. This means a failure will most likely be a bad joint, a wire pulled away from a terminal or something similar that results in an open circuit rather than a closed circuit. I call it the Broken Wire question. Ask yourself, what will happen if a wire on these contacts breaks off. Do I have a safe condition or a hazardous one? If the button is a start button and the wire falls off, you DON'T want that to mimic a press of the button. If the start button circuit has to be closed to start then a wire break will not hurt anything. If it has to be opened to start then the wire break would be the same as a start signal. Therefore we want start buttons to be "close on activate" or N.O. A stop button is the opposite. We want a wire break to be the same as someone pressing the stop button so we use N.C. (open on activate). Otherwise, if we made a stop button "close on activate" and the wire fell off, pressing the button would not stop the machine.
You need to really think hard about things like door safety contacts and other odd switches. You usually want a door to strike a switch when the door is closed thus closing the contacts and signalling "guards in place safe to run". That requires a N.O. contact. If the wire falls off the switch, it's the same as opening the door. Machine stops.
29) Recognise that everything wears out and fails eventually. If the failure of a limit switch means something catastrophic will happen (like frogs falling from the sky or maybe an expensive machine ripping itself apart) then back it up with a second switch!
30) Use green lights to indicate normal conditions like "Motor is On". Red used to mean pretty much everything. It's better to reserve it for things with a negative connotation like "Error", "Emergency", "Overload", etc. There are many other colours you can choose from to identify various conditions. Leave red for the bad stuff.
31) Don't drill holes or run cables into the top of cabinets & boxes in oily or wet environments. That's just asking to have stuff drip all over everything inside.
32) Conduits should be sealed with a removable compound (duct-seal) if they run to outdoor equipment or between any areas that differ greatly in temperature. If not, you'll get warm, moist air travelling through the conduit and condensing on the equipment at the cold end. That leads to corrosion, arcing, flash-over, icing and freezing of parts.
33) Don't mount terminal strips lower than 18" above the floor. Give all those people with blown out knees & bad backs a break. Pretty please? ;-)
34) Protect your system with current limiting fuses having suitable interrupt ratings. That means 200,000 amp interrupting capacity for the main and wherever else you can manage. Breakers are poor choices for main protection even if you know what the available fault current is. The machine may move to a new home someday.
35) Everything in your panel should be built to an IP20 rating. That means finger-size objects can not touch any live parts. No exposed fuse blocks or transformer lugs thank you very much. Don't make it difficult for test probes however. They should be able to go anywhere. It's also smart to leave enough physical room and wire slack wherever you might need to use a current clamp to check loading such as at motor contactors and fuses. There's nothing like a pretty panel that nobody can work on.
Jumat, 28 Mei 2010
PLC on a Chip
The goal of the chip, explains Terry Divelbiss, president of Divelbiss Corp. (Fredericktown, OH), is to "offer an alternative to OEMs manufacturing front-end equipment, tail-end equipment, or the equipment in the middle." He points out that there's a need to go directly from the logic level of the sensor, machine tool, or whatever to a PLC. An embedded PLC does exactly that. "To me, a PLC is a combination of the right programming capability with everything else ready to go—communications, digital and analog I/O, and high-speed counting capability," says Divelbiss.
The PLC chip he's selling measures 21.5-mm (0.8465-in.) square. It comes in four types that are mostly differentiated by on-board flash memory (128 KB to 512 KB) and random access memory (8 KB to 14 KB). The chips are similar to the CPU in a desktop computer in that they require 5 VDC. They can operate in temperatures between -40ºC to 85ºC (one is ruggedized for temperatures up to 125ºC). All the chips have asynchronous serial communications (up to 11.5 kbaud) and eight analog ports (0 to 5 VDC input, 10 bit). Two of the chips offer up to five CAN ports. (These are proprietary CAN ports that can communicate to CANopen.) They also have some pulse-width-modulation ports: up to eight 8-bit channels or four 16-bit channels. For digital I/O, the chips support 26 direct I/O or 24 inputs, 15 outputs, plus 256 external I/O points. All I/O and integrated functions are pre-assigned.
The chip's kernel is programmed through conventional PLC ladder logic or function block languages, versus C or some other chip-level programming language. (You program the chip using Divelbiss' own PC-based EZ Ladder software, which conforms to the IEC-61131 standard plus extensions.) The chip can hold up to 51 instructions per function block. These are typical PLC instructions, including contacts, counters, times, drum sequencers, and functions for math, bit manipulation, closed loop control, and communications. Function block programming provides additional decision process capabilities, such as comparisons so that a counter, when reaching some pre-specified value, triggers an event. In test operations, PLC on a Chip can scan through 500 rungs of ladder logic in 2.5 msec. Not surprisingly, scan times are longer in control programs with a lot of math in the function blocks.
What you get in a small box
You could get these same PLC capabilities through a custom control chip. That's not only expensive, but dedicated chips and "one-offs" don't often conform to any sort of standard. "The ability for the OEM's customer to make changes doesn't exist, unless it's a simple menu thing," says Divelbiss. Another option is to go the "soft PLC" route. This is where you have PLC functionality in an industrialized personal computer. The debate over conventional PLCs and soft PLCs is legion.
Then there's the tried-and-true approach: Buy and install a box of industrial control. "The marketplace is going for small controllers. It's growing and it's diversifying," says Sy Stevens, product marketing manager for Rockwell Automation (Milwaukee, WI). "And as technology increases, obviously the size [of PLCs] decreases."
According to Divelbiss, the PLC on a Chip is much more than a smart relay, and much more than a relay replacer that basically consists of a timer and a counter. This chip, says Divelbiss, is more like a micro PLC.
Okay, let's look at that. Micro PLCs are targeted for small machine control, where space for additional electronics (read "control system") is at a premium and the operating environment (read "harsh") demands reliable performance. For instance, the 16 I/O, DC-powered Allen-Bradley MicroLogix 1000 measures 120 x 80 x 40 mm (4.72 x 3.15 x 1.57 in.). Execution speed for a typical 500-instruction program is 1.56 ms (throughput 1.85 ms). For communications, the PLC offers direct connections to programming devices or operator interfaces, as well as options for DH-485 networking, DeviceNet, and EtherNet/IP.
If PLC size is the overriding factor, the next step in terms of compactness is the nano controller. The Allen-Bradley Pico GFX-70 announced in January, for example, is aimed at simple logic, timing, counting, and real-time clock operations. Unlike other Allen-Bradley Pico controllers, this one includes a 70-mm (2.75-in.) backlit monochrome LCD display (a.k.a. human/machine interface, HMI) and keypad buttons for both control programming and control monitoring. The unit measures (with keys) 86.5 x 86.5 x 43 mm (3.41 x 3.41 x 1.69 in.) and weighs 130 g (0.287 lb). Mounting requires two 22.5-mm (0.886-in.) holes spaced 30 mm (1.18 in.) apart. The components for the power supply and I/O snap onto the back of the display. The processor can also be mounted to a panel or DIN rail for use without the HMI. The Pico communicates through GFX proprietary Pico-Link, a proprietary protocol based on CANopen, that lets up to eight Pico units be connected from up to 1,000 m (3,280 ft) away, providing up to 272 I/O points through Pico expansion I/O modules. However, admits Stevens, "If you're looking to get information from basically the shop floor to the top floor, you're not going to want to use a Pico. You want something like a MicroLogix, which can jump onto a major network."
One word: "embeddedness"
The cost of the PLC on a Chip ranges from about $20 (low-end chip; 5,000 quantity) to just over $40 (high-end chip; in trays of 60). Modules, separate boards with features such as connectors and critical circuits that facilitate implementation of the chips, cost more, but they're simpler to use. Low quantities of the 128 KB flash-memory version of the module, without the real-time clock, can go for as much as about $70. With CAN ports, the module can cost as much as $90. Compare this to the cost of the Pico GFX-70. These start at $525, while a standard Allen-Bradley Pico (without the HMI) can be had for $150 in large quantities.
The comparison is not exactly apples-to-apples. The Pico PLCs are handy, small, inexpensive, powerful, packaged units. However, they satisfy a completely different niche on the factory floor than the PLC on a Chip, which can be embedded into sensors, motor drives, machine and engine controls, remote control and monitoring system (such as SCADA systems)—you name it. Divelbiss envisions sprinkling these PLC chips all over a conveyor system. This way, you can have sensor capabilities and motor control—intelligent decision/control points—all over a materials handling system. The alternative approach would be to physically wire individual points or local controllers to whatever flavor of PLC out on the shop floor or that can be hung nearby.
SCADA Makes the World a Smaller Place
These benefits attracted the attention of McMinnville Water & Light, the small utility serving the 25,000 people living in and around McMinnville, Ore. The company’s old SCADA system was not monitoring its grid and evaluating the effects of corrective actions on power quality in real time. The dial-up data modems and leased phone lines that it was using to communicate with its six substations were too slow in transmitting crucial information between the PLCs and the operations staff. The system, moreover, was capturing only a portion of the pulses from meters used for calculating bills.
To improve the system’s response and reliability, the company installed a Snap Ethernet I/O control system from Opto 22 and strung a fiber-optic line to link the substations with the main office. “With our extended wide-area network, we can look at just about every field device connected to it without our having to leave our desks,” says Jon Spence, the technician at McMinnville who does all of the SCADA programming.
Technicians can now use real-time data to perform substation switching and see the effects immediately. With the old SCADA system, they had to wait as long as 24 hours until the system took its daily poll of the controllers to get the load and phase data. “And if a superintendent were to close a breaker, it could take as long as two minutes before he saw any change,” says Spence. “Now it takes a few seconds.”
Another reason for the success of SCADA over large areas has been the adoption of high-speed wireless communications. Greater bandwidth and better communications protocols have made it more practical. In fact, several water companies are running radio networks off their towers and setting up peer-to-peer radio networks to collect data, reports Steve Garbrecht, director of product marketing at Wonderware, a Lake Forest, Calif.-based automation software supplier and a unit of Invensys Systems Inc.
Satellites are also part of today’s mix of wireless communications. “Bandwidth is now available at a reasonable cost for locations that were not economically viable before,” notes George Quesada, product manager for oil and gas SCADA at automation vendor ABB Inc., in Calgary, Alberta.
SCADA by satellite
In fact, communicating by satellite is an important part of SCADA at Oil and Natural Gas Corp. (ONGC), based in Delhi, India. There, ABB’s SCADAvantage runs on almost 300 servers and covers all of India, possibly making the SCADA installation the largest in the oil and gas industry.
ONGS made the investment because gathering consolidated field data on production had been taking weeks or months. To make matters worse, the data contained inconsistencies, and the costs to obtain it were rising. It was necessary to find a way to streamline the data flow and to deliver information in real time. Real-time data is an important management tool today for reaching business objectives, says A.K. Balyan, Ph.D., director of infocom services.
To cover the territory, it was necessary to distribute the system in three tiers. The first is the more than 270 field installations handling the daily operations of onshore sites and offshore platforms. The second tier is the 13 regional centers that optimize activities, and the third is the central office in Delhi. The software replicates both the data and configuration information in real time and automatically recovers from any interruption in communications. Consequently, Balyan reports that there is no loss of data.
The Puerto Rico Aqueduct and Sewage Authority (PRASA) also transmits data by satellite, adding this mode of communication to its mix of media. The island’s rugged, mountainous terrain renders radio communications impractical to impossible in many regions. “So we use satellite cell phone technology instead,” explains Tony Matias, director of both PRASA’s western region and the company’s Integrated Preventive Maintenance Program.
Another complication is the complexity of Puerto Rico’s water system. Not only does the 5,300-employee company serve 1.2 million customers, but it also must manage 1,500 sites spread over the 100-by-25-mile island. For various reasons in the past, the water filtration plants were not located at altitudes that would permit distributing the water by gravity alone. Consequently, a network of 249 pumping stations pump most of the clean water coming from the 124 filtration plants to 227 reservoirs. About 600 pumping stations return sewage to 60 treatment plants.
Because of the terrain, corrective maintenance was a slow, manual process before SCADA. Whenever a pumping station would develop a problem, it would often take three to four days to discover it and to reestablish normal service. The automatic monitoring permitted by the SCADA has changed all of that. “A problem that used to take 72 hours to resolve now takes only five to six hours,” says Matias.
The system’s control hierarchy has three autonomous levels, each of which can work independently of the others if it loses its communications link temporarily. The various pumping stations and reservoir tanks associated with a plant report operating data to the plant’s control center, which passes it to one of the five regional centers. Each regional center relays information to headquarters in Hato Rey.
SCADA is the backbone of a five-year, $2.5 billion capital improvement program that was negotiated with the U.S. Environmental Protection Agency and the Department of Justice. Part of the deal was the development of a preventive maintenance program. “If we hadn’t selected SCADA software, we would have been forced to hire approximately 600 to 700 more employees just to monitor and collect the necessary information,” says Matias.
So far, PRASA has connected 212 sites to the SCADA monitoring system and expects to have all 1,500 sites connected by 2010. Matias is also developing the system further at the water plant in Maricao to do remote control. His goal is to tighten control with fewer people.
Strength through software
A strength of Wonderware’s platform is that it is component-object based. In other words, users can generate one template for monitoring and controlling a kind of asset, such as a pumping station, and use it wherever similar monitoring functions are needed. “If you want to change or add a parameter to a pump, you modify the template and deploy it to all of the running applications across the entire SCADA network simultaneously,” says Garbrecht.
Other flexible SCADA software exists, as PEMEX Exploration and Production (PEP) discovered when this agency of the Mexican government went looking for a way to tighten the coordination of its southern operations. It found LabView, a graphical programming language from National Instruments Corp. (NI), of Austin, Texas. This language not only comes with configuration-based SCADA tools, but also offers users the flexibility to develop links to PLCs and other industrial devices.
“A conventional SCADA package is configuration based, and a programming language is bolted onto it by way of scripts,” says Arun Veeramani, NI’s product manager for LabView. “If you have any customization, you invoke a script.” He claims that programmability of LabView removes the traditional boundaries between hardware such as programmable automation controllers and the SCADA application.
Removing these boundaries was important to PEP because the company had grown by acquisition and its various units contained a large number of disparate transmitters, PLCs, and other devices. Although the devices measured key data electronically in the field, the automation for collecting and distributing them was local. Coordination between the different management teams and their computer systems occurred manually by phone and e-mail.
This manual intervention allowed slight, but expensive errors to creep into the data. The southern region produces 1.52 million barrels of crude oil a day, which is 43 percent of Mexico’s total production. Because this volume is worth about $3 billion, measurement errors as low as 1 percent can translate easily into millions of dollars. “We needed an integrated and low-cost monitoring system that would enhance coordination between these teams and take advantage of existing measurement systems,” says Martin Fernandez Corzo, automation specialist at PEP.
As a first step, PEP engineers linked the 12 key remote workstations collecting information from the measurement devices, programming each to run an OPC (an open connectivity standard) server appropriate for the connected devices. “We developed a LabView DSC (for Datalogging and Supervisory Control) application for each of the stations that display the variables’ real-time values and historical trends,” explains Corzo. “These data are then connected to PEP’s intranet, so the variables can be published on the network through the LabView DSC Tag Engine.” The central station sorts through 3,000 tags to monitor all operating variables reported by the local stations.
Not only does the integration of these 12 stations allow management to make decisions more quickly, but it also improves the accuracy of the communications between the different supply and distribution centers. For this reason, management is considering how it might add more stations to the monitoring network, and make its world a much smaller and more profitable place.
Creating Dependable Automation
Talk about reliability in manufacturing and the word that probably springs to mind is “motor.” Certainly, motors and other rotating equipment must be kept moving. No work is done unless a motor turns. Not surprisingly, suppliers have invested in technology to improve the reliability of these workhorses of manufacturing. Other parts of the automation system have gone under the reliability microscope, as well. As automation becomes more software intensive, it is imperative that engineers pay attention to reducing computer down-time. From sensors to software, engineers have used their ingenuity and technology to create a dependable automation system.
How about avoiding emergency shutdowns and saving your company $300,000? One paper plant invested in technology that monitors rotating equipment. The result was avoiding an emergency shut down, saving $180,000 in lost production and replacement parts, and another $120,000 on “machine clothing (Fourdranier Wire—a belt of woven wire used on the wet end of a Fourdrinier Machine, which is used to form a web of paper.).”
Typing and copy paper is made on very large and complicated machine trains comprised of dryers, siphons, motors, ventilation systems and a wide range of rolls, drives and webs. These machines produce paper at 3,200 feet per minute, and operate in a hot, wet, dirty and dusty environment. They require downtime every six weeks for adjustment, cleaning and replacement of worn parts and critical components.
Capacity on these machines means a loss of $15,000 an hour if an unexpected machine fault requires a shutdown. “An emergency unscheduled outage to change one of these rolls will cost us at least 12 hours,” says the plant’s fine paper machines Vibration Analyst. “That’s just the downtime, not counting a messed-up journal, bringing repair people in, and ordering emergency replacement parts.”
Constantly checking
Tending the machines is a constant job. Vibration monitoring with the CSI 2130 Machinery Health Analyzer and analysis with the AMS Suite Machinery Health Manager from Emerson Process Management, an Austin, Texas, technology supplier, for each of the fine paper machines at this plant is scheduled monthly, but sometimes even that is not enough. So the company added a CSI 4500 Machinery Health Monitor for continuous monitoring.
As the Emerson team was testing network connections for the installation prior to commissioning on the machine, an inner race bearing fault was detected on the breast roll in the Fourdrinier section of the machine. The expert vibration analyst verified the fault with the CSI 2130 portable analyzer. “The pattern showed up plain as day.” The roll wasn’t due to be checked again until after the scheduled outage. This would have triggered an unscheduled shutdown. Instead, repairs were made during the planned outage and no production time was lost.
The Emerson system saved the company $180,000 in production and $120,000 in machine clothing replacement before it was even commissioned. This plant now has 46 CSI 4500 Machinery Monitors keeping track of about 600 sensors on hundreds of rolls turning from 160 revolutions per minute (rpm) up to 2000 rpm on each fine paper machine. The monitors continue to prove their value.
Adding sophisticated sensors and the analysis tools to gather and interpret the data is seen as a growing competitive advantage—and not just in process automation such as the paper plant just discussed. “In this more competitive environment, even automotive companies are starting to look at reliability, predictive maintenance and condition monitoring as a competitive advantage,” notes Preston Johnson, segment manager for the sound and vibration team at National Instruments Corp. (NI), the Austin, Texas, supplier of data acquisition and automation technology.
Johnson relates a story about an NI systems integrator in Michigan who repairs robots for automotive customers. It built a database of information collected from customers to help them reduce repair time. The integrator worked with NI to put sensors on robots in order to enhance the data acquisition by monitoring repair points. Many of the robots and conveyors needed parts monitored in hard-to-reach places, making remote data acquisition more beneficial than depending upon manual inspection.
Best sensors
Steve Garbrecht, director of product marketing at Wonderware, an Invensys-owned software supplier located in Lake Forest, Calif., maintains that the best sensors in a plant are not connected to any control or database. “You might have 20 to 40 people in a plant on a human-machine interface (HMI) terminal sharing information with each other and the system,” he says, “but there may be another 600 people who don’t use computers as part of their jobs. They are walking around the plant all day seeing things that should be investigated, but with no way to connect back into the system to send alerts to maintenance to check things out.”
In order to connect these resources in a plant, Wonderware recently acquired SAT Corp., manufacturers of the Intellitrack product line. These are handheld computers that connect wirelessly into the Wonderware HMI system. “Intellitrack brings these additional people into the process,” says Garbrecht. “They capture information from stranded assets (those that don’t have instrumentation or connections) whose failure could bring down an entire line. Maybe they see a pump leaking. They can enter the observation directly into the system so that someone is notified immediately to check it out.”
Making cement is a dirty, expensive manufacturing process. Bob Wright oversees the electrical operation of Ash Grove Cement’s century-old facility in Chanute, Kan., one of the leading cement manufacturer’s nine plants. Combined, the plants have an annual production capacity of nearly 9 million tons of cement. Like other companies in the cement industry, Ash Grove faces heightened competition, ever-fluctuating demand and intense pressure to efficiently increase productivity.
To maximize production, the Chanute plant manufactures cement all day, every day. Nearly 1,000 motors generate a combined 45,000 horsepower, driving the production of five tons of cement per minute. “The success or failure of our plant depends on our motors,” Wright says. “We need reliable equipment and ongoing maintenance to protect our motors, control production and operate efficiently.”
To resolve problems with an unreliable, antiquated motor-control system, Ash Grove invested in an unusual, yet effective, solution—installing a technologically advanced, low-voltage variable frequency AC drive to its existing 2,300-horsepower, medium voltage AC motors. Ash Grove not only updated its drive technology, it modernized its approach to maintaining capital investments. The result so far is an initial savings of $250,000 and 90 percent uptime. “Not too long ago, manufacturers had a ‘run-it-until-it-breaks’ mentality. But now, we have the tools to protect capital investments like our motors,” Wright says.
To produce the clinker used in the cement making process, Ash Grove uses limestone mined from on-site quarries, mixes it with other ingredients and heats the material up to 2,000 degrees Fahrenheit in a 150-foot-long rotating kiln. Still piping hot, the clinker, which ranges from marble-sized to three inches in diameter, goes through a cooling process before a mill filled with steel balls grinds it into powdery cement.
Spotting trouble
Workers at Ash Grove had trouble when it came time to service these three ball mills each month. For technicians to enter the mill for servicing, they used an antiquated 60-horsepower generator motor to rotate the mill inch-by-inch until it reached an exact position.
The process of manually positioning equipment, called “spotting,” became difficult because technicians had no effective way to accurately apply torque to the medium voltage motor directly from the power system—the technique used to slowly rotate the mill. “Along with the problems we had moving the bulky mill to a precise position, the cogging, or abrupt starting and stopping of the motor, can cause mechanical and electrical damage to equipment,” Wright says.
The issue interfered with the company’s goal of minimizing downtime while maximizing production. “Each hour we shut down operations to perform routine maintenance or resolve a fault translates to 300 tons of cement that could have been produced,” Wright explains.
Fed up with the frequency and expense of the problem, Wright shared his frustrations with his sales contact at Rockwell Automation Inc., Ash Grove’s automation supplier for the rest of the facility. “Traditionally, this situation called for a new spotting controller and gear motor or a medium voltage drive,” Wright says. “But Rockwell Automation engineers designed an AC drive solution that outperforms the other solutions at a fraction of the cost.”
Ash Grove replaced the generators that powered the mill spotting with preconfigured, 480-volt, 450 horsepower, AC variable frequency drives from Milwaukee-based Rockwell Automation. The Allen-Bradley AC drives power three existing 4,000-volt, 2,300-horsepower AC motors exclusively during the spotting process to efficiently rotate the ball mill and bring it to a controlled start and stop.
“With over 30 years of experience in the cement industry, I consider myself a DC devotee,” says Wright. “I never believed AC technology could produce 100 percent torque at zero speed until Rockwell Automation developed an AC motor control solution for a high-torque application.
“Rockwell Automation engineers helped us commission the drive and get everything up and running within an hour of their arrival,” Wright recalled. “This seamless, quick transition helped reduce the time between integration and actual machine operation.”
Hydrogen generating
H2Gen Innovations Inc., in Alexandria, Va., designs and manufactures small-scale, on-site hydrogen generation modules [HGM] that produce pure hydrogen from natural gas and water. The process that occurs inside one of these miniature chemical plants, known as steam methane reforming, is nothing new. It’s the size and automation of H2Gen’s machines that make them revolutionary. The company’s executive team is convinced the HGM, with its groundbreaking footprint and Siemens control system, will crack the age-old chicken-and-egg dilemma that has dogged the automotive fuel cell market for years.
Developers are reluctant to spend big money producing fuel cells until a reliable and economical hydrogen distribution solution is found. And investors are leery to bet on infrastructure until consumers are kicking the tires on hydrogen cars.
“Our hydrogen generators can be installed virtually anywhere, since they’re fed by the natural gas pipelines and water mains that are flowing below every boulevard in America,” explains Barney Rush, H2Gen’s chief executive officer, who is focused on serving markets that can benefit today from the company’s hydrogen generators and recycling machines. “We’ve got more than 15 of our hydrogen generators in the field supporting a variety of current customer needs, and new orders are on the rise.”
Kelly Leitch, director of field operations, says, “We used full design-for-manufacture-and-assembly for all the equipment. A 3D model was developed in the computer-aided-design application, with care to assure that everything was placed for building and for servicing. With the full 3D model, we also could design for the shipment container. We might go through 30 revisions before the first pipe is cut. It’s the same with the software. We develop the programmable logic controller (PLC) program in Siemens Step 7, targeting the S7-300 PLCs in parallel with the machine design. We can simulate machine operation, taking in either data from the real sensor or with manually entered values to test the system before the prototype is even built.”
Using Siemens HMI and Web-enabled monitoring, H2Gen engineers can see the same screen as the remote operators. “I was just at the airport in Houston talking with a customer,” relates Leitch, “and I was able to go into the system and see the screen he was looking at to help solve the problem.”
Reliable design
With machines located at customer sites where there may not even be a controls engineer, this care in the design of the machine and control system pays off in reliable operation. The push-button start style, ease-of-use and dependability of H2Gen’s devices are a hit with specialty steel makers, gas separators, food processors and other manufacturers that rely on hydrogen in production. Many companies have seen just how fragile, unpredictable and expensive trucked-in hydrogen supplies can be in the wake of big storms and volatile demand.
While the bulk of current demand for H2Gen’s hydrogen generators comes from manufacturers who’ve lost confidence in traditional hydrogen suppliers, leading automotive and energy companies are eyeing H2Gen solutions with growing interest.
“Our remote capability has really generated customer confidence in our solutions,” says Leitch. “Traditional chemical plants require three or four operators sitting in front of screens monitoring and running the operation around the clock. Siemens Step 7 software is robust enough to run the process automatically and alert us ahead of any potential issues.”
Many control and information systems run on a Windows operating system from Microsoft Corp., Redmond, Wash. Both the operating system and the application programs undergo periodic upgrades. Throwing complexity into the mix, the interrelationship of the operating system to the various applications running on top can be thrown out of kilter by seemingly innocuous changes in one or the other.
Shawn Gold, global program manager for open systems services at Honeywell Process Solutions, in Vancouver, British Columbia, Canada, oversees the company’s managed services program. There are several circumstances in which users face potential system degradation or even lock-up. “Operating system patches and keeping up with the latest anti-virus software are an added load for our customers, who often don’t have time to investigate all the changes. We constantly investigate the impact that anti-virus changes have on operating systems and on the entire system. We can also help the customer maintain up-to-date software.”
Then there is the potential problem of the computer system losing performance or stability due to the organic growth of the control system. “All control systems grow, for example, by adding additional input/output channels,” says Gold. “You need to watch the system to see if the growth has hit the tipping point that will degrade the performance of the system. We have programs to continuously monitor and manage these problems. We can check and download and install updates automatically. We can detect performance degradation well before it has an impact on the system. With an offline test bed, we can check out the impact of software changes before the customer has to deal with them.”
From sensors to software, potential reliability problems are everywhere. With monitoring and ingenuity, engineers are keeping their equipment running longer and in the manner for which it was designed