Honeywell EXPERION PKS, EPDOC-X512-en-516A User Manual

EXPERION PKS

RELEASE 516

UOC User Guide

EPDOC-X512-en-516A

August 2020

Disclaimer

This document contains Honeywell proprietary information. Information contained herein is to be
used solely for the purpose submitted, and no part of this document or its contents shall be
reproduced, published, or disclosed to a third party without the express permission of Honeywell
International Sàrl.

While this information is presented in good faith and believed to be accurate, Honeywell disclaims
the implied warranties of merchantability and fitness for a purpose and makes no express
warranties except as may be stated in its written agreement with and for its customer.

In no event is Honeywell liable to anyone for any direct, special, or consequential damages. The
information and specifications in this document are subject to change without notice.

Copyright 2020 - Honeywell International Sàrl

- 2 -

Contents 3

Chapter 1 - About this guide 12

1.1 Revision history 12

1.2 Related documents 12

1.3 Terms and definitions 15

Chapter 2 - Overview of UOC features 19

2.1 Native Experion Integration 19

2.2 ControlEdge 900 Form Factor 19

2.3 FTE Uplink Connectivity 20

2.4 Ethernet I/O Connectivity 20

2.5 ControlEdge 900 21

2.6 Field Device Manager 22

2.7 EtherNet/IP Connectivity to I/O, Devices, and Controllers 22

2.8 CEE Control Processing 22

2.9 Control Builder Strategy Configuration 22

2.10 I/O Points and I/O Reference Blocks 23

2.11 Simulation 23

2.12 Control Redundancy 23

2.13 Peer-To-Peer Communication 24

2.14 Alarms and Events 25

2.15 Time Synchronization 25

2.16 Security 25

2.17 Licensing 25

2.18 vUOC 26

Chapter 3 - Networking 29

3.1 Uplink FTE Network 29

3.2 Downlink I/O Network Topology 30

3.2.1 HSR Ring Topology with 900 I/O 31

3.2.2 Redundant Star (PRP) Topology with 900 I/O 34

3.2.3 DLR Ring Topology with EtherNet/IP and 900 I/O devices 35

3.2.4 Non-Redundant Star to 900 I/O and EIP Devices 38

3.2.5 EtherNet/IP in Experion 40

- 3 -

Chapter 4 - Installation 43

4.1 Hardware Considerations 43

4.2 Firmware Considerations 43

4.2.1 Converting PLC CPM to UOC CPM 44

4.2.2 Upgrading UOC CPM to New Firmware Version 48

4.2.3 Upgrading UOC EPM to new Firmware Version 48

4.2.4 Upgrading UOC UIOM to new Firmware Version 50

4.2.5 Firmware and Software Upgrade Considerations for vUOC 51

4.2.6 Additional Maintenance Activities in Firmware Manager 51

Chapter 5 - Configuration 52

5.1 Configuration Studio 52

5.2 Define and add assets in your enterprise model 52

5.3 Control Building 52

5.4 Specifying a Time Server 52

5.5 FTE Device Index 52

5.6 Creating UOC Platform block 53

5.6.1 Method 1: Using the File Menu 53

5.6.2 Method 2: Using the Project Assignment Panel 53

5.7 UOC Platform Block 54

5.8 Secondary UOC Platform Block 69

5.9 CEE Function Block 70

5.10 Configure UOC for Retention Startup 80

5.10.1 Introduction 80

5.10.2 Configure RETENTIONTRIG block 80

5.10.3 Loading Retention Trigger Block 97

5.11 Configure ControlNet for UOC 103

5.12 Configure ProfiNet for UOC 104

5.13 Configuring DLR for UOC 104

5.14 Convert a non-redundant UOC to a redundant controller 106

5.14.1 Prerequisites: 106

5.14.2 To convert a non-redundant UOC to a redundant controller 106

5.15 Convert a redundant UOC to a non-redundant controller 107

5.15.1 Prerequisites 107

5.15.2 To convert a redundant UOC to a non-redundant controller 107

- 4 -

5.16 Licensing Model 107

5.16.1 I/O Analog/Digital point(s) license 107

5.16.2 Composite Device Point(s) License 108

5.16.3 License Matrix 108

Chapter 6 - Load Configuration 110

6.1 About load operations 110

6.1.1 Loaded versus project database versions 110

6.1.2 Load initiation and load dialog box 110

6.1.3 Load action with Compare Parameters function 111

6.1.4 Load options for server history and server displays configuration 111

6.2 Initial load order guidelines 112

6.2.1 Component deletion considerations 112

6.3 Load components from Project 113

6.3.1 Loading UOC 113

6.3.2 Loading CEE 115

6.3.3 Loading I/OMs and CMs 117

6.4 Load With Contents command 117

6.5 Reloading components from project 117

6.6 Upload to the Monitoring database 118

Chapter 7 - ControlEdge 900 I/O Device Connectivity 119

7.1 CE900 IO in UOC 119

7.1.1 Model numbers 120

7.1.2 ControlEdge 900 IO Version Compatibility Matrix 120

7.2 UOC Configuration 121

7.3 Controller Rack 123

7.3.1 Rules 123

7.3.2 Creating Controller Rack 123

7.3.3 Method 1: Using the CE900_I/O library 123

7.3.4 Controller Rack Configuration 125

7.3.5 I/OM Status Summary 125

7.4 I/O Rack (EPM) 126

7.4.1 Rules 126

7.4.2 Creating I/O Rack 127

7.4.3 Hardware Information 127

7.4.4 Soft Failures and Alarms 127

7.5 I/O Module 128

- 5 -

7.5.1 Rules 128

7.5.2 I/O Module Creation 128

7.6 Channel 130

7.6.1 Rules and Behaviors 130

7.6.2 Channel Type Configuration 130

7.6.3 Channel Configuration and Status 133

7.6.4 Soft Failures and Alarms 135

7.7 I/O Module Configuration 139

7.7.1 Maintenance 139

7.7.2 Module Configuration/Monitoring Tabs 140

7.7.3 Common CE900 Module Configuration/Monitoring Tabs 141

7.7.4 CE900 UIO DI Channel NAMUR Configuration/Monitoring Tabs 145

7.7.5 CE900 UAI Module Configuration/Monitoring Tabs 146

7.7.6 CE900 DI32-24VDC Module Configuration/Monitoring Tabs 149

7.7.7 CE900 DO32-24VDC Module Configuration/Monitoring Tabs 151

7.7.8 CE900 DI16-VAC Module Configuration/Monitoring Tabs 153

7.7.9 CE900 DO08-VAC Module Configuration/Monitoring Tabs 155

7.7.10 CE900 DI16-DRYCT Module Configuration/Monitoring Tabs 156

7.7.11 CE900 DO08-RELAY Module Configuration/Monitoring Tabs 158

7.7.12 CE900 AO04 Module Configuration/Monitoring Tabs 160

7.7.13 CE900 AI16-100MS Module Configuration/Monitoring Tabs 162

7.7.14 CE900 AO08 Module Configuration/Monitoring Tabs 164

7.7.15 CE900 DI16-VACDC Module Configuration/Monitoring Tabs 166

7.7.16 UIO Namur Support 168

Chapter 8 - EtherNet/IP Device Connectivity 170

8.1 EtherNet/IP Device Configuration in UOC 170

8.1.1 Slot 0 Diagnostic Information 171

8.1.2 Slot 0 Configuration 172

8.1.3 Configuring the EtherNet/IP GenAdapter Block 173

8.1.4 Configuring the IP address of an EtherNet/IP device 179

8.1.5 Configuring I/O module blocks 179

8.1.6 Assigning EtherNet/IP devices to the CEE 181

8.1.7 Configuring I/O Ref blocks in CMs to access data from EtherNet/IP devices 181

8.2 Configuration Parameters for arrayed custom parameters 182

8.3 Configuration Parameters for scalar (non-arrayed) custom
parameters 186

8.4 Scaling support for Generic Device 187

- 6 -

8.4.1 Scaling Configuration Tab 187

8.4.2 Configuration 188

8.4.3 To view and modify the scaling parameters in EtherNet/IP generic device
instances 188

8.5 UOC and ControlLogix integration 189

Chapter 9 - UOC Node Redundancy Operation 191

9.1 Redundancy configuration restrictions 191

9.1.1 FTE Device Index 191

9.2 Partner controller compatibility 191

9.2.1 Redundancy compatibility result - RDNCMPT 192

9.3 UOC 1-slot I/O rack 194

9.4 Redundancy synchronization 194

9.4.1 Synchronization states - RDNSYNCSTATE 194

9.4.2 Enable Synchronization - ENBLSYNCCMD 195

9.4.3 Disable Synchronization - DSBLSYNCCMD 195

9.4.4 Auto-Synchronization State - RDNAUTOSYNC 195

9.4.5 Inhibit Sync Reason - RDNINHIBITSYNC 196

9.4.6 Initial Sync Progress - RDNSYNCPROG 198

9.4.7 Maximum Initial Synchronization Time - RDNISTIMEMAX 198

9.4.8 Last Synchronization Time - SYNCTIMEBEG 198

9.4.9 Last Lost of Sync Time - SYNCTIMEEND 198

9.4.10 Redundancy Traffic Rate 198

9.4.11 Conditions that result in loss of sync 199

9.4.12 Conditions that do not result in loss of sync 199

9.5 Switchover and secondary readiness 199

9.5.1 Become Primary command - BECMPRICMD 200

9.5.2 Initiate Switchover - SWITCHCMD 200

9.5.3 Max Switchover Time - RDNSOTIMEMAX 200

9.5.4 Conditions that result in switchover 200

9.5.5 Conditions that do not result in a switchover 201

9.5.6 Network switchover considerations 202

9.6 Redundancy history 202

Chapter 10 - Operation 203

10.1 UOC States And Transitions 203

10.2 UOC Front Panel Indications 206

10.2.1 Ethernet Port LEDs 206

10.2.2 Behaviors of Status and Redundancy Role LEDs 206

- 7 -

10.2.3 Status LED 207

10.2.4 Redundancy Role LED 211

10.3 UOC Startup 212

10.3.1 Actions During Boot 212

10.3.2 Restart After Power Loss 214

10.3.3 vUOC States and Startup Behaviors 214

10.4 Using Station displays 214

10.4.1 Identifying UOC 215

10.4.2 UOC Controller Point Detail Display (Redundant) 215

10.4.3 UOC Controller Point Detail displays (Non- Redundant) 219

10.4.4 vUOC Controller Point Detail displays 223

10.4.5 UOC-CPM (Local I/O) Racks 226

10.4.6 UOC-EPM Racks 227

10.4.7 UIO Racks 228

Chapter 11 - Troubleshooting 230

11.1 What to do when faults occur 230

11.2 Initial checks 230

11.3 Checking Control Builder error code reference 230

11.3.1 Checking faceplate LEDs 230

11.3.2 Using Firmware Manager to capture diagnostic data 231

11.3.3 Viewing release information log 231

11.3.4 Checking server point build log 231

11.3.5 Checking server point build error log 232

11.3.6 Checking error log 232

11.4 Fixing common problems 232

11.4.1 Loss of power 232

11.4.2 Power-On Self Test (POST) does not complete 232

11.4.3 Module does not complete startup 233

11.4.4 One or both FTE LEDs are OFF 234

11.4.5 FTE receive fault diagnostic 234

11.4.6 Controller does not synchronize with backup 236

11.4.7 Fatal ECC error 236

11.4.8 Isolated (lonely) Node 237

11.4.9 Duplicate Device Index detection 238

11.5 UOC Controller soft failures 239

11.6 Additional status and fault messages 245

11.6.1 Redundancy-related notifications 245

- 8 -

11.6.2 OPM-related notifications - RDNOPMSTATUS parameter 245

11.7 Online diagnostics 245

11.8 Fault classifications 246

11.8.1 Hard/Severe Failures 248

11.8.2 UOC Redundancy Communication Issues if CPM is not securely connected
to the rack 249

11.8.3 Soft Failures 249

11.8.4 Installation-Startup Failures 250

11.8.5 Hardware Watchdog Timer Expired 250

11.8.6 Communications Failure 250

11.9 Communications and system time faults during startup 250

11.9.1 Non-redundant UOC Controller 251

11.9.2 Redundant Primary UOC Controller 252

11.9.3 Secondary UOC Controller 254

11.10 Gathering information for reporting problems to
Honeywell 257

11.11 Guidelines for requesting support 257

Chapter 12 - Control Execution Environment 258

12.1 Functional Highlights 259

Chapter 13 - vUOC 260

13.1 Introduction 260

13.1.1 vUOC controllers with Private Path and Downlink I/O adapters 260

13.1.2 Flat Network Downlink I/O Topology 261

13.1.3 VLAN Tagged Network Downlink I/O Topology 262

13.1.4 Network Downlink I/O Topology 263

13.2 Guidelines for integration of virtual controllers 264

13.3 Creating Network Connections 265

13.3.1 Creating a Standard vSwitch 266

13.4 Defining Port Groups 272

13.4.1 Adding a Port Group to a Standard vSwitch 272

13.5 Physical network support for VLAN topologies 276

13.5.1 First level Switch configurations 276

13.5.2 Downstream Switch configurations 278

13.5.3 I/O Device Port configurations 280

13.5.4 Control Edge 900 IO and Switch Configurations 281

13.6 Download 282

- 9 -

13.7 vUOC Deployment 282

13.7.1 Reconfigure Network Assignments 289

13.8 vUOC Provisioning (first-time start up only) 290

13.9 vUOC Configuration and Usage 293

13.10 vUOC and Virtualization Host Maintenance 293

13.11 vUOC and Virtualization Host Availability 296

13.11.1 Turning on Fault Tolerance protection for vUOC 296

13.11.2 Disabling Fault Tolerance protection for vUOC 298

Chapter 14 - Performance and Capacity Considerations 300

14.1 Key Specifications 300

14.2 Managing Processing Load 302

14.2.1 Relevant Parameters 302

14.2.2 Overall Load Limits 303

14.2.3 Cycle Overruns 304

14.2.4 CPU Free 304

14.2.5 Redundancy Throughput 305

Chapter 15 - Security Guidelines for UOC 306

15.1 General 306

15.2 Organizational Security 306

15.3 Physical Security 306

15.4 Communication Hardening 307

15.5 Securing Connection to Uplink Network 307

15.6 Securing Connection to Downlink Network 307

15.7 Maintenance, Configuration and Operation 308

15.8 Third Party Configuration Files 308

15.9 Third Party Firmware Files 308

15.10 Private Redundancy Network Path 308

15.11 Patch Management 309

15.12 Backup/Recovery Capability 309

Chapter 16 - Configuring a Secure Connection for Experion Integration 310

16.1 Secure Communications 310

16.1.1 Secure Communication System Planning 312

16.1.2 Configure and Setup Steps 312

16.1.3 Advanced Technical Information 313

- 10 -

16.1.4 Certificate Management 313

16.1.5 Secure Communications using IPSec 313

16.1.6 Secure Commuincations Using TLS 314

16.1.7 Secure Boot 314

16.2 Obtaining and Installing the software 314

16.3 Overview of an IPSec deployment 315

16.4 Set Enrollment Information 316

16.5 Creating the Certificate Authority 316

16.6 Creating a certificate for Engineering Station and Console 320

16.6.1 Creating a certificate 321

16.6.2 Importing certificate and private key on target machine 322

16.7 Configure ControlEdge UOC for use with IPSec 329

16.7.1 Installing Certificate Manager Configuration Console 329

16.7.2 Setup certificates and IPSec policy in UOC 338

16.8 Configuring IPSec to secure traffic to the UOC 347

16.8.1 Configure and Activate Security Policies 347

16.8.2 Enable IPSec policy on PCs 347

16.8.3 Disable IPSec policy on Engineering Station/Console 351

16.8.4 Enable IPSec policy rules in the UOC 351

16.8.5 Disable IPSec policy rules in the UOC 353

16.9 Backup and Restore of CA 355

16.9.1 Backup 355

16.9.2 Restore 361

16.10 Renewal and revocation of certificates 365

16.10.1 CA Root certificate 365

16.10.2 Renewing the CA Root certificate 366

16.10.3 PC certificates 367

16.10.4 Revocation 367

16.10.5 UOC certificates 370

16.10.6 Revocation 370

16.11 Troubleshooting 370

16.11.1 How to reset UOC for IPSec configuration? 370

16.11.2 How to reset IPSec configuration on Windows? 371

16.11.3 Diagnosing IPSec with Network Analysis Software 371

16.11.4 If CMCC upload a large number of policies, the read data from the
transport connection can not be received 371

- 11 -

CHAPTER

1

ABOUT THIS GUIDE

1.1 Revision history

Revision Date Description

A August 2020 Initial release of the document.

1.2 Related documents

The following list identifies publications that may contain information relevant to the information
in this document. You can find these documents on https://www.honeywellprocess.com/en-

US/support/pages/all-documentation.aspx.

- 12 -

Document Description

Firmware
Manager User
Guide_EPDOC­X470.pdf

This document describes the tool used for loading
firmware to hardware modules of the UOC system and for
uploading diagnostics information from them.

Hardware
Planning and
Installation
Guide_HWDOC­X430-en-H.pdf

This document describes hardware components and
related installation practices for the ControlEdge 900
family of controller hardware.

Virtualization
Planning and
Implementation
Guide_EPDOC­X147-en-A.pdf

This guide provides high-level guidance on how to
implement a virtualized Experion environment.

EtherNet_IP_
Users_Guide_
EPDOC-X399­en-511A.pdf

This document provides an overview of the use of
EtherNet/IP™ communications with level 1 Experion
control systems and offers practical guidance to perform a
successful integration of EtherNet/IP with Experion.

Fault_Tolerant_
Ethernet_
Overview_and_
Implementation_
Guide_EPDOC­XX37-en-511.pdf

This guide contains basic installation instructions and
configuration requirements for an FTE network and its
components. Detailed network planning and requirements
information is not included as this type of information is
site-specific.

Fault_Tolerant_
Ethernet_
Installation_and_
Service_Guide_
EPDOC-XX36­en-511A.pdf

This document provides instructions for installing and
servicing the Fault Tolerant Ethernet Mux driver.

Network_and_
Security_
Planning_Guide_
EPDOC-XX75­en-511B.pdf

This document contains networking and security-related
information applicable to Experion. It provides information
about the recommendations to assist you in planning,
setting up, and maintaining a secure environment for your
system.

Switch_
Configuration_
Tool_Users_
Guide_EPDOC­X246-en-

This guide describes the user interface of the Switch
Configuration Tool and provides an overview for
configuring switches using the tool. It describes the tasks
to create new switch configuration, open an existing switch
configuration, generate text files from the switch

Chapter 1 - About this guide

- 13 -

Document Description

511A.pdf configuration, and load the new switch configurations to

the switches. It also briefly describes creating and saving
projects using the tool.

Control Builder
Components
Theory_EPDOC­XX16-en­511A.pdf

This guide provides detailed information on the
functionality of Control Builder and the function block
libraries it is used to configure. It does not cover
ControlEdge hardware modules such as the Control
Processor Module (CPM) or Input / Output Modules
(I/OMs).

Control Building
User’s Guide_
EPDOC_XX19_
en-511A.pdf

The procedures in this guide are intended to give you the
ability to perform basic tasks within the Control Builder
application such as configuring hardware devices,
continuous control strategies, and sequential control
strategies. Only representative forms are shown to
illustrate a procedure/concept.

Control Builder
Parameter
Reference
Guides_EPDOC­XX18-en­511A.pdf

This guide provides information about parameters
associated with configuration forms of function blocks in
Control Builder.

Control_Builder_
Components_
Reference_
EPDOC-XX15­en-511.pdf

This document provides a brief technical reference of
function blocks configured through Control Builder.

Engineering Data
Builder (EDB)
User’s Guide­EPDOC-X417­en-511A.pdf

The Engineering Data Builder (EDB) add-in is a
productivity enhancement tool integrated with the Control
Builder.

EDB add-in deploys customized, reusable, and extensible
spreadsheets, allowing project engineers to save time in
updating configuration.

Virtualization
with the
Premium
Platform
EPDOC-X455­en-B.pdf

This guide gets you started with the Honeywell Premium
Platform for Experion Virtualization Solutions.

Chapter 1 - About this guide

- 14 -

Term Definition

AI Analog Input

AO Analog Output

CA Certificate Authority

CBR Class Based Recipe

CDA Control Data Access

It is the Experion system communication infrastructure and data
access interface schema that provides application integration
with Experion system objects.

CEE Control Execution Environment

CIP Common Industrial Protocol

An industrial communication protocol now maintained as a
standard by the Open Device Venders Association (ODVA).

Cleartext Data that is stored or transmitted unencrypted

CM Control Module

CMCC Certificate Manager Configuration Console

Consolidate
Connections

A single connection used to group multiple I/O modules, instead
of one connection per I/O module.

Also referred to as Assembly connections, Rack connections,
Gateway connections.

ControlEdge
900

A family of controller hardware which can be assembled to create PLC or UOC
systems.

CPM Control Processor Module (also commonly referred to as

controller)

DI Digital Input

DLR DLR is a link layer protocol for establishing a form of ring

redundancy on an Ethernet network.

DO Digital Output

Downlink Shorthand term use to refer to one of two possible types of I/O

and device network that a UOC controller connects to.

EDB Engineering Data Builder

EDS Electronic Data Sheets

Chapter 1 - About this guide

1.3 Terms and definitions

- 15 -

Term Definition

Files which define the communication properties of devices
capable of connecting to EtherNet/IP networks.

EtherNet/IP EtherNet/IP™

EPM Expansion Processor Module

Ethernet communications module connecting distributed racks
of ControlEdge 900 I/O modules to the CPM.

ETAP EtherNet/IP™ Tap

A type of switch that allows a device incapable of supporting the
DLR redundancy protocol to form a non-redundant connection
into a DLR ring.

Expansion
I/O rack

I/O rack with EPM installed

FDM Field Device Manager

FTE Fault Tolerant Ethernet

GTAC Global Technical Assistance Center

HART Highway Addressable Remote Transducer

HMI Human Machine Interface

HPS Honeywell Process Solutions

HSR HSR (High Availability Seamless Redundancy) is a link layer

protocol for establishing a form of ring redundancy on an
Ethernet network. HSR is referred to as “Ring-HSR” in the UOC
platform block configuration form.

HW Hardware

IIS Internet Information Services

IKE Internet Key Exchange

I/O Input/Output

IP Internet Protocol

IPSec Internet Protocol Security

LEAP Lean Engineering of Automation Projects

Local I/O
rack

I/O rack with Control Processor Module installed (non­redundant)

NIC Network Interface Controller

NTP Network Time Protocol

Chapter 1 - About this guide

- 16 -

Term Definition

NVS Non-Volatile Storage

ODVA Open Device Venders Association

OTP One Time Password

OWD Open Wire Detected

PC Personal computer

PCCC Programmable Controller Communications and Commands

PCDI Peer Control Data Interface

PLC Programmable Logic Controller

Peer Server
Responder

Data sourcing service provided by the Experion Process Server
node which allows controllers like the UOC to access any data
presented by the Server’s data points via peer communication
over the supervisory network.

PRP Parallel Redundancy Protocol is a link layer protocol for

establishing a form of dual-path redundancy on an Ethernet
network.PRP is also referred to as “Star-PRP”.

PSM Power Status Module

PSU Power Supply Unit

PTP Precision Time Protocol PTP

IEEE-1588

It is a standardized internet networking protocol used for
synchronizing computer clock times in a distributed network of
computers. PTP provides higher precision than NTP. The UOC
supports time synchronization by either NTP or PTP on its uplink,
FTE network.

P&ID
Diagram

A diagram representing the Process and Instrumentation Design
of a plant or plant unit.

PWA Printed Wiring Assembly

RCM Recipe Control Module

Redundancy
Box

A network switch that allows another device to connect into a
ring topology even if the device itself cannot natively handle the
ring redundancy protocol.

Redundant
Controller
Rack

ControlEdge 900 rack capable of hosting a redundant pair of
CPMs.

Redundancy Module used with a CPM within a 1 I/O Slot Rack to implement

Chapter 1 - About this guide

- 17 -

Chapter 1 - About this guide

Term Definition

Module
(RM)

Dual Rack Redundancy.

SCM Sequence Control Module

SD Card Secure Digital Card

SW Software

TCP Transport Control Protocol

TLS Transport Layer Security

UI/O Universal Input/Output Module

UCM Unit Control Module

It is a container that represents a piece of or logical grouping of
physical equipment. A Recipe may be configured to acquire a
UCM before its procedure can be executed. A UCM can also be
used as an auxiliary resource.

UOC Unit Operations Controller

This is a term used to refer to the CPM when used as a controller
in the Experion PKS Distributed Control System.

Uplink Shorthand term used to refer to the supervisory Ethernet

network that the UOC controller connects to within an Experion
system.

UPS Uninterruptable Power Supply

Users Human Actors

User Goals What users are hoping to achieve at a high level and why. Independent of

system implementation. Should be able to be linked to stakeholder business
goals and SRS use cases.

User Scenarios Specific examples that elaborate on user goals in a context. Told in the form of

stories. Independent of system implementation.

vUOC Virtual Unit Operations Controller

- 18 -

CHAPTER

2

The Unit Operations Controller (UOC) is a high value, low cost, rack-based process controller that
can be applied to any process control application in any industry. Its form factor, cost profile and
licensing model make it especially well-suited to industries that prefer to limit the scope of a single
controller to a single process unit, and to industries that require powerful batch enablers.

The UOC is paired with a virtualized controller called the virtual Unit Operations Controller
(vUOC).The vUOC provides a set of functions parallel to those of the UOC except that they are
deployed within a server hosted virtual machine.

Summary descriptions of UOC and vUOC features are presented within this section. Additional
details may be found elsewhere within this document and within the overall Experion document
set.

OVERVIEW OF UOC FEATURES

2.1 Native Experion Integration

UOC integrates natively into the Experion DCS in a fashion parallel to that of existing controllers
such as the C300 and C200E. It uses the same CEE (Control Execution Environment) control
solver as those controllers. Experion Fault Tolerant Ethernet provides redundant, level 2
communications to the UOC. Engineering Station, Direct Station and Flex Station nodes all
provide view of UOC parameter and alarm data via Experion native Control Data Access (CDA)
protocol. Communication, monitoring, displays, trending, historizing, advanced applications, batch
applications, configuration and field device management all work with the UOC controller in a
fashion equivalent to that of existing CEE controllers.

2.2 ControlEdge 900 Form Factor

UOC control algorithms and I/O communications processing run in a family of rack-resident
modules called ControlEdge 900. ControlEdge can be used to deploy high density control and I/O
installations meeting all environment and agency certification requirements with no restriction as
to cabinet type.

In addition to the UOC, components of the ControlEdge HW family can be used to deploy the
ControlEdge PLC, without the need to deal with a completely different component family.

The main components of UOC HW are listed here.

- 19 -

Component Description

CPM Control Processor Module

Referred to as UOC-CPM.

Host processor of control and communications supporting
redundant and non-redundant configurations. Provides two
uplink Ethernet ports for connectivity to FTE. Provides two
downlink Ethernet ports for connectivity to an I/O and device
network.

EPM Expansion Processor Module

Ethernet communications module connecting distributed racks
of ControlEdge 900 I/O modules to the CPM.

UI/OM Universal Input / Output Module

16 channel I/O module with universal channels which can be
configured as AO, DI or DO. Channels configured as AO support
HART protocol.

I/O Racks Five possible non-redundant racks which hold an EPM or a non-

redundant CPM together with 1, 4, 8 or 12 I/O Modules. Three of
the racks accommodate non-redundant power supplies. The 8
and 12 slot racks are available with redundant power supplies
and a power status module.

Redundant
CPM Rack

Redundant controller racking supporting two power supplies and
two CPM slots.

Power
System

AC or DC power supply modules and power status module.

Chapter 2 - Overview of UOC features

2.3 FTE Uplink Connectivity

Detailed information on the installation, planning and general characteristics of ControlEdge 900
HW components can be found in ControlEdge 900 Platform Hardware Planning and Installation
Guide_HWDOC-X430.pdf.

UOC connects to a redundant FTE supervisory network via its uplink Ethernet ports (port #1& port
#2). UOC hosts a full featured firewall allowing it to securely connect directly to level 2, FTE­qualified, third party switches. UOC deployments do not require connectivity to FTE through a
separate firewall.

Beginning with Experion R510.2, the vUOC connects to a redundant FTE supervisory network via
its uplink Ethernet ports (virtual switches). A software-based firewall is included allowing a secured
connection directly to Level 2, FTE- qualified, third party switches.

2.4 Ethernet I/O Connectivity

UOC connects to an I/O and device network via its two downlink Ethernet ports (port #3 & 4).

- 20 -

Multiple application-dependent typologies are supported with two configurable options:

Module Type Model Number

UI/O module 900U01-0100

UAI module 900A01-0102

DI 24VDC module 900G32-0001

DO 24VDC module 900H32-0102

DI High Voltage AC 900G03-0102

DO High Voltage AC 900H03-0102

AI16-100MS (High Level Analog Input, 16 Channels) 900A16-0103

AO04-500MS (Analog Output, 4 Channels) 900B01-0101

AO08-500MS (Analog Output, 8 Channels) 900B08-0202

DI16-DRYCT (DI - 16ch Dry Contact Type) 900G01-0102

DI16-VACDC (DI - 120/240 VAC, 125 VDC (16ch-Iso)) 900G04-0001

DO08-RELAY (Digital Output Relays, 8 Channels) 900H01-0102

l When only ControlEdge 900 I/O racks are connected, a native ring redundancy based on the

High Availability Seamless Redundancy (HSR) protocol may be used, a star redundancy based
the Parallel Redundancy Protocol (PRP) may be used or a non-redundant star may be used.

l When ControlEdge 900 I/O racks are used together with 3rd party EtherNet/IP devices, a ring

redundancy based on Device Level Ring (DLR) may be used or a non-redundant star may be
used.

2.5 ControlEdge 900

ControlEdge PLC supports various input/output modules. The following I/O modules are included:

Chapter 2 - Overview of UOC features

Additional I/O modules will be made available in future releases of the Experion PKS.

NOTE : For Module AI16-100MS, the Model Number should be 900A16-0103 and the
firmware version should be 1.39 for the 100 ms scan rate support.

For below IO modules, there can be Model number mismatch between the IO module hardware
and the IO module reports.

- 21 -

Module Description

Model
Number

Module Number report by the IO
Module

Analog Output, 0 to 20mA, (4
channel)

900B01­0301

900B01-0101

Digital Input, Contact type, (16
channel)

900G01­0202

900G01-0102

Digital Output, Relays (8
channel)

900H01­0202

900H01-0102

Chapter 2 - Overview of UOC features

2.6 Field Device Manager

UOC supports integration with Experion Field Device Manager (FDM) for management of smart
field instruments. The FDM can view and manipulate the digital HART variables of field
instruments through the analog channels of UOC’s UI/OM.

The ability of UOC itself to access digital HART variables via a Field Device Server hosted on the
Engineering Station will be introduced in a future release.

2.7 EtherNet/IP Connectivity to I/O, Devices, and Controllers

UOC supports control through third party I/O and devices connected by the EtherNet/IP protocol
on its Ethernet downlink.

A set of EtherNet/IP devices come preinstalled and ready for instantiation within Experion Control
Builder. This includes Rockwell Allen Bradley’s ArmorPoint I/O, ArmorBlock I/O, PowerFlex Drive
and E3 Relay.

Support for other EtherNet/IP I/O and EtherNet/IP device types can be integrated by projects
personnel without dependence on a new Experion release through the use of Experion Control
Builder’s Parameter Definition Editor (PDE).

Also supported are User Defined Type (UDT) blocks which enable UOC to communicate over its
downlink via EtherNet/IP with Rockwell Allen Bradley’s ControlLogix.

2.8 CEE Control Processing

UOC hosts the well-proven Control Execution Engine (CEE) strategy solver used in existing
Experion controllers. CMs (Control Modules) are fully supported for continuous control strategies.
SCMs (Sequential Control Modules), UCMs (Unit Control Modules), RCMs (Recipe Control Modules)
and CBRs (Class Based Recipes) are fully supported for batch control strategies.

2.9 Control Builder Strategy Configuration

Like all CEE controllers, UOC’s control strategies are configured using Experion Control Builder.

Control Builder offers a rich set of tools for the creation of strategies to control continuous,
discrete and batch processes. Strategies may be created as individual instances or as replicable
templates. Bulk creation of UOC control strategies is supported through Experion’s Engineering
Data Builder (EDB) add-on to Control Builder. EDB allows application engineers to create large
configurations using an efficient, spreadsheet-driven workflow.

- 22 -

2.10 I/O Points and I/O Reference Blocks

UOC supports binding of I/O to control through a mechanism that allows the configuration of one
to be independent of the other. UOC I/O points may be introduced into the system independent of
UOC control strategies. UOC control strategies may be configured and tested independent of their
corresponding I/O.

This independence is achieved through two kinds of function blocks supported by Control Builder
and by CEE.

l I/O Points

o

I/O Points are Experion tagged blocks representing the device connected to the UOC
through an input or output channel of an I/O module.

o

They are typically tagged with the same name (up to 40 characters) that labels the
device in a P&ID diagram.

o

They serve as a connection target that binds a control strategy to an I/O channel.

o

They allow the binding to be made by name, without constraining the strategy to work
with the particular channel of a particular I/O Module.

o

They allow the configuration of the I/O Module to be separated from the configuration
of the control strategy.

o

They can be created before or after the corresponding control strategy.

o

In addition to I/O channels, they can be used to represent key parameter data which
do not correspond to actual I/O channels.

Chapter 2 - Overview of UOC features

l I/O Reference Blocks

o

I/O Reference Blocks are basic blocks instantiated in Control Modules to make an I/O
signal available for connection to algorithm blocks.

o

They are bound to I/O Points though named references independent of particular
channels in particular I/O Modules.

o

They support a simulation mode that allows for strategy checkout to be done in the
absence of I/O Modules.

o

They complement I/O Points by serving as the reference end of the connection to the
I/O Point.

o

In addition to referencing I/O channels, they can be used to reference key parameter
data which do not correspond to actual I/O channels.

UOC’s I/O Points and I/O Reference Blocks provide key enablers of the Lean Execution of
Automation Projects (LEAP) methodology supported by Experion.

2.11 Simulation

UOC may be used for both control and strategy-check-out simulation without the need to deploy a
special purpose simulation application. Simulation behaviors of strategies are controlled through
the SIMMODE parameter of I/O Reference blocks within the Control Module under test.

2.12 Control Redundancy

UOC optionally supports redundant control operation. Single Rack Redundancy is provided
through a single rack scheme where the partner CPMs are placed in the same rack along with
power supplies. The power supplies in a single rack scheme do not provide REDUNDANT power:
The left power supply provides power to the CPM mounted in the left slot. Likewise, the right power

- 23 -

Responding Node

Initiating Node

UOC vUOC

C300

C200E C200

UOC

ü ü ü ü ü

vUOC

ü ü ü ü ü

C300

ü ü ü ü ü

ACE

ü ü ü ü ü

C200E

ü ü ü ü ü

C200 Note

1

Note

1

ü ü ü

Chapter 2 - Overview of UOC features

supply provides power to the CPM mounted in the right slot.

Switchover from the active primary to the backup controller may be commanded manually. If a
fault occurs, the failed primary is detected automatically by virtue of comprehensive diagnostics,
leading toautomatic switchover. Switchover occurs within 500 milliseconds in order to ensure a
seamless transition, preserving all configuration data and live data, and with no disturbance to
outputs.

Dual Rack Redundancy is provided through 2 separate 1 I/O slot racks each with a power supply
and a Redundancy Module . Refer to the ControlEdge 900 Platform Hardware Planning and
Installation Guide_HWDOC-X430.pdf for additional information.

2.13 Peer-To-Peer Communication

UOC supports multiple forms of peer-to-peer communication across its uplink FTE connection.

l Control Data Access (CDA)

UOC uses Experion native CDA protocol for communication with peer partners as well as level 2
server and station nodes. Parameter reads are supported under a cyclic publication paradigm.
Parameter writes are supported under an acyclic store paradigm.

Within CMs and SCMs, the configuration of peer references is transparent to the application
engineer. They are specified by configuring fully qualified parameter names such as
“TT101.DATAACQ.PV” in expressions, inputs pins or selected output pins, without concern as to
whether the parameter is in the same UOC or in a different controller.

UOC’s CDA peer connections may also be used to reference data from SCADA points by virtue of
Experion Peer Server Responder capability.

The Experion node types with which UOC supports CDA peer-to-peer communication are listed in
the following table. This set will be expanded in future releases.

NOTE1: The C200 controller can respond to CDA peer communications from a UOC or vUOC
but cannot initiate them.

l Exchange Blocks

- 24 -

UOC supports a library of blocks which enable communication with third party PLCs and devices
via protocols which were originated by Rockwell Allen Bradley and now support transport over
Ethernet. Blocks within the EXCHANGE library allow initiation of and response to read and write
requests for flags, numeric and string arrays. EXCHANGE blocks support two protocols: the
Common Industrial ProtocolTM(CIP) and Programmable Controller Communication Commands
(PCCC).

l PCDI Blocks

UOC supports a library of blocks called Peer Control Data Interface (PCDI) which enable
communication with third party PLCs and devices via the Modbus TCP/IP protocol. Blocks within
the PCDI library allow initiation of read and write requests through a device proxy block to flag,
numeric and string arrays in a Modbus-capable peer controller.

2.14 Alarms and Events

UOC supports a comprehensive set of alarm and event reporting capabilities that integrate
seamlessly with Experion enablers for the display and historization of alarms and events.
Supported notification types include high, low and rate of change process alarms, state change
process alarms, state change system events, diagnostic events and batch events.

Chapter 2 - Overview of UOC features

2.15 Time Synchronization

UOC maintains an internal clock which is synchronized with external wall clock time.
Synchronization can be maintained over the uplink network using either the Network Time
Protocol (NTP) or the Precision Time Protocol (PTP). All alarms and events reported by UOC are
issued with synchronized time stamps.

2.16 Security

UOC has built in enablers to provide for the secure and robust operation of its control and I/O
configurations. This includes an uplink firewall that limits message types to those appropriate to
the mission of the FTE network. It includes a downlink firewall that limits message types to those
appropriate to the missions of 900 I/O and EtherNet/IP communication. UOC also supports
mechanisms of signed firmware and secure boot which insure only Honeywell authorized
firmware to be executed within the device.

2.17 Licensing

UOC systems are delivered under a licensing model which allows HW and SW components to be
deployed in the manner that most naturally fits the process control problem to be solved. Indirect
cost penalties for good design practices are avoided. The bulk of the cost associated with deploying
a UOC system is proportional to the count of Analog and Digital I/O points put into service. There is
little additional cost if a good design dictates the deployment of small, per unit controllers. Similarly,
there is little additional cost if the design dictates the deployment of small, modularized control
strategies.

For more information on Licensing refer to Licensing Model section.

- 25 -

Chapter 2 - Overview of UOC features

2.18 vUOC

As noted above, the virtual UOC provides a set of functions nearly equivalent to those provided by
the ControlEdge 900 based UOC. It is well suited to supervisory batch applications, lab applications
and control strategy checkout before strategies are deployed to a ControlEdge UOC

Differences between the two are driven by the nature of their hosting platforms and, to a certain
extent, by particular strengths that their respective deployments provide. Key differences are
highlighted by the following table.

- 26 -

Attribute UOC vUOC Comment

Host
Platform

l Runs on the

purpose­built,
industry
hardened,
ControlEdge
CPM

l Runs as a

virtual
machine on
general
purpose PC
servers

Base Period l 50 ms l 50 ms or

500 ms

A second vUOC variant
supports a slower base
cycle in addition to the
50 ms base cycle
parallel to the UOC.
The slower variant
allows the vUOC to be
applied as a very large
batch supervisor
managing UOCs or
C200Es serving as
equipment controllers.

User
Memory
Capacity

l 32 MB l 32 MB in

the 50 ms
variant

l 128 MB in

the 500 ms
variant

The 500 ms variant of
the vUOC supports a
user memory database
4 X that of the UOC as
an additional enabler
of large supervisory
batch configurations.

Control
Redundancy

l Transparent

redundancy
support
based on
proprietary
enablers

l Not

currently
supported

The vUOC has no
native redundancy
enablers, but as an
alternative, it can
optionally be deployed
in virtual platforms
that provide high
availability solutions.

Support In
VEP

l Runs on

purpose­built HW and
cannot run
within HPS’
Virtual
Engineering
Platform

l Can run

within HPS’
Virtual
Engineering
Platform

One of the key
deployments of the
vUOC is as a simulator
within VEP to support
early application
development.

Chapter 2 - Overview of UOC features

- 27 -

Attribute UOC vUOC C300

SIM­C300

ACE

SIM­ACE

Hosting on Server No Yes No Yes Yes Yes

Direct I/O Connectivity Yes Yes Yes No No No

Deployment as Controller Yes Yes Yes No Yes No

Deployment as Simulator Yes Yes No Yes No Yes

Simultaneous Control and
Simulation

Yes Yes No No No No

Chapter 2 - Overview of UOC features

Users familiar with the Experion portfolio of controllers and simulators may be tempted to interpret
the vUOC in terms of things they are already familiar with. There are indeed similarities that can be
noted.But there are also significant differences which prevent vUOC from being equated with
previous offerings. This point is highlighted by the following table.

- 28 -

CHAPTER

3

NETWORKING

3.1 Uplink FTE Network

UOC and vUOC are deployed within Experion systems by connecting their uplink Ethernet ports to
a Level 2 FTE network. Of the two parallel tree networks that comprise an Level 2 FTE installation,
the ETH1 port connects to the A or Yellow tree while ETH2 connects to the B or Green tree.

FTE connectivity is summarized in the following diagram which shows a non-redundant UOC rack
and a virtual machine server for a vUOC in the context of the following Experion nodes.

l Experion Process Server

l Experion Direct Station (ES-C)

l Experion Flex Station (ES-F)

l ACE

l Terminal Server

l Domain Controller

Figure 3.1 UOC Network Connectivity (Uplink FTE Network)

- 29 -

Chapter 3 - Networking

UOC utilizes an existing FTE network, native to Experion PKS. It has a dual connection to Level 2
Yellow and Green FTE switches. No third party firewalls are required.

The number of levels of FTE switches above the UOC may be one, as shown in the diagram above,
two or three.

vUOC’s deployment within an FTE network follows Experion guidance for virtual machines. For
further information, see the vUOC section in this document.

Like existing CEE controllers, UOC requires the presence of a Process Server to function within an
Experion system.

When connecting to FTE, the UOC CPM gets its IP address from the Experion BOOTP service
running on the Engineering Station node. Its IP address is constructed by combining the CPM’s
FTE Device Index with the subnet base address configured through Control Builder and known to
the BOOTP server. Rotary switches of the UOC CPM are located on the module and are used to set
the FTE Device Index. They must be set before the module is inserted into its slot.

ATTENTION

Ensure that the Device Index is set before you place a module in a rack.

Note that, in the special circumstance that a PLC CPM received from the factory is being converted
to a UOC CPM, considerations on IP addressing are different initially. For further information on
converting a PLC CPM to a UOC, see the Converting PLC CPM to UOC CPM section.

Care must be taken in the assignment of FTE device indices to a UOC’s rotary switches. In a
redundant controller rack, the left hand UOC must be assigned an odd numbered device index
while the right hand UOC must be assigned an odd + 1 device index. The odd + 1 position is
reserved and must not be used for other than redundant partner. Non-redundant UOCs must
always be assigned odd numbered device indices. For more information on how to set the FTE
device index see the FTE Device Index section.

The L2 FTE switches to which UOC connects are managed switches which must be configured
using the FTE Switch Configuration Tool. Any ports to which UOCs connect must be configured as
“Other Auto” using this tool. For further information on the FTE Switch Configuration Tool, see the
Switch Configuration Tool Users Guide_EPDOC-X246-EN-511A.pdf.

Except for specific considerations noted within this document, all FTE installation and
maintenance practices for the UOC and vUOC must be done in a fashion consistent with Experion
and FTE guidelines. For further information, see Fault Tolerant Ethernet Overview and

Implementation Guide EPDOC-XX37-en-511A.pdf, Fault Tolerant Ethernet Installation and Service
Guide EPDOC-XX36-en-511A.pdf, and Network and Security Planning Guide EPDOC-XX75-en­511A.pdf.

3.2 Downlink I/O Network Topology

UOC supports direct connectivity to an I/O network through its downlink Ethernet ports, ETH3 and
ETH4.

The table below provides a description of various downlink topologies supported.

- 30 -