01 September 2004
PLC and DCS collaborate in an alarming situation
PLC hardware and firmware is generally more simple and robust than PC-based.
By Kris Willoughby
A landfill facility for storing regulated waste went up at the Idaho National Engineering and Environmental Laboratory (INEEL).
Since the new facility was in a location where operators would not be continuously present, an alarm-reporting system was a must. Officials installed a system to report alarm conditions, such as abnormal temperatures, sump overflows, and pump failures, to a nearby and continuously staffed control room.
To provide the alarm-reporting capability, a programmable logic controller (PLC) went into service at the new facility. This PLC continuously monitored alarm conditions. It linked via modem to another PLC at a remote station in the existing control room. The remote station PLC had several outputs wired to an existing distributed control system (DCS).
A spreadsheet allows operators to easily reconfigure the system, assigning each alarm signal from the landfill to one of three groups (alarm windows) that would then report to the DCS. The software allows operators to change the alarm-reporting assignments using random access memory (RAM), without revising any PLC ladder logic.
A PLC-based system provides a cost-effective, reliable means of reporting alarms for this project. Well-designed PLC hardware and software lends itself to a variety of similar applications.
Waste includes soil, liquids
This facility includes a landfill, two evaporation ponds, a decontamination (decon) building, and an administration/operations trailer (AOT). The purpose of this facility is to provide long-term disposal for waste regulated under the Comprehensive Environmental Response, Compensation, and Liability Act (CERCLA), also known as Superfund. The waste includes soil, liquids, and various debris, with polychlorinated biphenyls (PCBs) and/or radioactive contamination.
Several sump pumps and transfer pumps were in the facility for leak collection and for transferring liquids. Sensors and transmitters monitor temperatures, pressures, flows, and liquid levels. Three PLCs had programs to control the process equipment and monitor the instrumentation at the landfill, ponds, and decon building.
These PLCs monitor about 80 alarm conditions, which include sump overflows, pump failures, sensor failures, abnormal building temperatures, and intrusions into buildings.
Lost to the new facility
To provide the required alarm-reporting capability, the users installed additional PLCs in the AOT building and in the control room. The PLC in the AOT building networked to the ponds, landfill, and decon building PLCs using a fiber optic Ethernet. It also linked to a control room inside the adjacent Idaho Nuclear Technology Engineering Complex (INTEC).
The PLC in the AOT building linked to the remote station inside INTEC using a pair of modems and a dedicated telephone connection. The dedicated telephone connection consisted of two twisted pairs of copper wire. A transmit-and-receive pair connected to each modem. This was a full duplex connection, which allowed data to travel simultaneously in both directions between the modems. The modems for this communication link were industrial grade lease line modems, operating at 1200 baud. They continuously transmitted signal carriers to each other; no dialup was necessary over the dedicated telephone circuit.
The alarms from the new facility connected to an existing DCS, located in the control room inside INTEC. The DCS came from a different manufacturer than the one that provided the PLCs in the new facility. The new PLC system and the existing DCS system were not directly compatible, and it would have been expensive to provide a direct data link between the two systems. Therefore, four hard-wired contacts connected the remote station PLC to the inputs for the DCS. Three of the contacts report alarm conditions in the new facility to the DCS, with a fourth set up to notify the DCS if communication is lost to the new facility.
Network diagram for ICDF alarm-reporting system
Filters through the masks
In order to report alarm conditions from the INEEL CERCLA Disposal Facility (ICDF) facility, several data collection and processing steps are used. The PLC in the AOT building reads alarm data from the three PLCs located in the ponds, landfill, and decon facilities. This PLC also provides a few local alarms from the AOT building. All of the alarm data filters use alarm masks to determine whether or not an alarm condition has occurred and whether that state needs to pass on to the control room. The RAM of this PLC stores alarm masks and current alarm conditions.
After the alarm data filters through the masks, the PLC in the AOT building determines whether or not active alarms are in the filtered alarm data. If the filtered results indicate active alarms, then one or more alarm conditions needs documentation as such. In this case, the PLC activates a bit in an alarm status word, instructing the remote station to activate the appropriate alarm window at the DCS.
The PLC in the AOT building writes an updated alarm status word, including the three alarm window status bits, to the remote station PLC once per second. To allow for the detection of a communication failure, the status word also includes a heartbeat bit that toggles (changes from "1" to "0" or from "0" to "1") every three seconds.
A special feature, commonly known as reflash, was a part of the program on the PLC in the AOT building. This feature was provided to prevent the operators from missing new information if an alarm window is active at the DCS and its corresponding alarm data has changed (i.e., individual alarm signals are activating or inactivating in the window). If the window's alarm statuses change, and the alarm window remains active, the alarm window will inactivate for several seconds. Then it will return to its active state. This advises the operators that alarm conditions have changed in the active window.
The software design for the remote station in the existing control room works such that the controller receives an update of the alarm status from the PLC in the AOT building about once per second. It opens or closes each of its three hard-wired contacts to the DCS, based on the updated alarm status information in its memory.
The PLC in the AOT building sends a heartbeat bit in the status word that contains its alarm information. The PLC in the AOT building toggles the heartbeat bit about once every three seconds. If the remote station detects that this bit has stopped changing for five seconds or more, it activates an alarm at the DCS, indicating that communication has been lost with the PLC in the AOT building.
To make the system highly fail-safe, the user programmed each of the four contacts in the remote station to energize when in the normal state (with no alarms present), and to de-energize when alarms are present. If a power failure or processor fault occurs, all four of the contacts revert to the de-energized (alarm) state.
DCS offers audible and visual
The alarm-reporting system maps alarms in the ICDF complex to each of the three alarm windows. This configuration is adjustable and can occur by completing a spreadsheet and obtaining mask values for the RAM of the AOT PLC controller.
The spreadsheet has a column for each alarm window. For each alarm signal, a "1" goes in the column corresponding to the alarm window to which the individual alarm signal reports. A "0" goes in all of the other columns.
The spreadsheet provides alarm masks based on these entries. The system provides hexadecimal-coded words for direct entry into RAM registers of the AOT building PLC. Ten words of alarm mask data go forth for each alarm window. One can edit alarm mask values while the PLC is running; there is no need to stop the PLC program or modify its ladder logic to change the masks.
Users installed and configured the alarm-reporting system after facility construction was complete and the necessary telephone and network connections were in place. The system reports level alarms to the first alarm window, flow alarms to the second alarm window, and signal failures and network communication failures to the third alarm window. The DCS in the existing control room provides audible and visual notification to operators in the event of alarm window activation or a loss of communication.
A variety of approaches could provide an alarm-reporting system for this new facility. PC hardware could have been a part or all of the system, and alarms could have transmitted via the local network or a wireless link. A number of different systems from various manufacturers could have provided the features included in this design.
The hardware selected for this application provided a highly reliable, fail-safe means of reporting alarms. PLC hardware and firmware is generally more simple and robust than the hardware and operating systems provided with PCs. The dedicated telephone connection and the modems used to link the AOT building PLC to the remote station PLC provided a highly reliable communications link. If the local area network (LAN) had served this purpose, then the alarm-reporting messages would have shared resources with other network traffic, and the more complex communications hardware (i.e., switches, routers, and backbones) would have had more failure modes.
Configurable masks in RAM provided easy reconfiguration of alarm-reporting assignments. A specifically designed spreadsheet allowed operators to generate new alarm masks and edit the masks in the RAM of the AOT building PLC. The PLC program does not have to stop to edit the masks. This PLC's RAM is battery-backed, so the configuration information will not be lost during a power outage.
This system prevents most failures from resulting in missed alarms. Communications failures, power outages, and processor faults would not cause missed alarm information if they occurred.
Various design features of this system could be beneficial to other similar alarm-reporting systems, such as those used for municipal utilities, remote monitoring stations, and other unattended sites.
|Sample sections of mask configuration spreadsheet
Mask bit values and hexadecimal values are automatically generated. The shaded bits in the alarm list correspond to the shaded bits in the mask.
Behind the byline
Kris Willoughby is an ISA member and a registered PE. He works in Idaho as an engineer scientist for Bechtel. He is also an electrical and instrumentation & control engineer. Write him at firstname.lastname@example.org.
RAM Random access memory is a type of computer memory that temporarily stores data. It allows the central processing unit to have fast access so it can read or change any of its memory locations.
Baud is the measure of the rate at which digital data is transmitting, in bits per second
Mask is a machine word or register that specifies which parts of another machine word or register are the subject of the operation
Mask-programmed memory is computer memory that dedicates solely to the storage of a particular set of data. A mask that contains a particular pattern of bits enables the manufacture of the memory.
LAN Local area network is a communications mechanism by which computers and peripherals in a limited geographic area can connect. LANs provide a physical channel of moderate to high data rate—1–20 megabit—that has a consistently low error rate, typically 10–9.
Hexadecimal notation is a numbering system that uses zero through nine and A, B, C, D, E, and F with 16 as a base. The hex number system is very useful in cases where computer words are composed of multiples of four bits.
Return to Previous Page