Loading...
TrustedTM
PD-T8110B/T8110
Trusted TM TMR Processor
Introduction
The TrustedTM Processor forms the main processing element in a TrustedTM system, providing overall system control and monitoring facilities.
A powerful, user-configurable module, the TrustedTM TMR Processor processes input and output data through a variety of analogue and digital I/O modules via a TrustedTM TMR Communications bus.
The range of applications for the TrustedTM TMR Processor vary in integrity level and include fire and gas control, emergency shutdown, monitoring and control, and turbine control.
Features
•Triple Modular Redundant (TMR), fault tolerant (3-2-0) operation
•Hardware Implemented Fault Tolerant (HIFT) architecture
•Dedicated hardware and software test regimes which provide very fast fault recognition and response times
•Automatic fault handling without nuisance alarming
•Time-stamped fault historian
•Hot replacement (no need to re-load programs)
•Full suite of IEC 1131-3 programming languages
•Front panel indicators that show module health and status
•Front panel RS 232 serial diagnostics port for system monitoring, configuration and programming.
•IRIG-B002 and 122 time synchronisation signals ( Available on T8110B only )
•Active and Standby processor fault and failure contacts
•Two RS422 / 485 configurable 2 or 4 wire connections ( Available on T8110B only )
•One RS485 2 wire connection ( Available on T8110B only )
•T3V Certified IEC 61508 SIL 3
Issue 18 Feb 08 |
PD-T8110B/T8110 |
1 |
TrustedTM TMR Processor T8110B/T8110
Issue Record
|
Issue |
|
|
|
|
|
|
|
Number |
Date |
Revised by |
Technical Check |
Authorised by |
Modification |
|
|
|
|
|
|
|
|
|
|
11 |
Oct 05 |
J W Clark |
|
|
Format |
|
|
|
|
|
|
|
|
|
|
12 |
Aug 06 |
N Owens |
I Vince |
P Stock |
Corrections |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
13 |
Sep 06 |
N Owens |
I Vince |
P Stock |
3.5 Scan Time Calc |
|
|
|
|
|
|
|
|
|
|
14 |
Nov 06 |
N Owens |
I Vince |
P Stock |
Specifications |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
15 |
Dec 06 |
N Owens |
I Vince |
P Stock |
I/O Definition |
|
|
|
|
|
|
|
|
|
|
16 |
Mar 07 |
N Owens |
I Vince |
P Stock |
Hot Swap |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
17 |
Sep 07 |
N Owens |
I Vince |
P Stock |
Max Scan Time |
|
|
|
|
|
|
|
|
|
|
18 |
Feb 08 |
N Owens |
A Holgate |
P Stock |
TTMRP_0 scaling |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Issue 18 Feb 08 |
PD-T8110B/T8110 |
2 |
TrustedTM TMR Processor T8110B/T8110
This page is intentionally blank
Issue 18 Feb 08 |
PD-T8110B/T8110 |
3 |
TrustedTM TMR Processor T8110B/T8110
Table of Contents |
|
|
1. |
Description................................................................................................................................... |
8 |
1.1. |
Overview ...................................................................................................................................... |
8 |
1.2. |
Hardware Implemented Fault Tolerant (HIFT) Clock................................................................... |
9 |
1.3. |
Power Distribution........................................................................................................................ |
9 |
2. |
Installation.................................................................................................................................. |
10 |
2.1. |
Module Insertion/Removal ......................................................................................................... |
10 |
2.2. |
PCBs and Connectors ............................................................................................................... |
10 |
2.3. |
Module Pinout Connections ....................................................................................................... |
11 |
2.3.1. |
External I/O Connector (PL1) .................................................................................................... |
11 |
3. |
Application ................................................................................................................................. |
12 |
3.1. |
Module Configuration................................................................................................................. |
12 |
3.1.1. |
Updater Section ......................................................................................................................... |
12 |
3.1.2. |
Security Section ......................................................................................................................... |
12 |
3.1.3. |
ICS2000 Section ........................................................................................................................ |
12 |
3.1.4. |
System Section .......................................................................................................................... |
12 |
3.1.5. |
ISaGraf Configuration section.................................................................................................... |
16 |
3.1.6. |
Chassis Section ......................................................................................................................... |
16 |
3.1.7. |
InterRange Instrumentation Group. (IRIG) ................................................................................ |
16 |
3.1.8. |
Additional User Serial Ports ....................................................................................................... |
17 |
3.2. |
Complex I/O Equipment Definition............................................................................................. |
18 |
|
I/O Complex Equipment ‘........................................................................................................... |
18 |
3.2.1. |
TTMRP’...................................................................................................................................... |
18 |
3.3. |
Inter-Module Bus........................................................................................................................ |
21 |
3.3.1. |
Processor Memory Voting Bus .................................................................................................. |
21 |
3.3.2. |
Inter-Module Bus Voting Bus ..................................................................................................... |
21 |
3.3.3. |
Processor Voting Bus ................................................................................................................ |
21 |
3.3.4. |
Front Panel Voting Bus .............................................................................................................. |
22 |
3.4. |
Isolation...................................................................................................................................... |
22 |
4. |
Operation ................................................................................................................................... |
23 |
4.1.1. |
System Overheads .................................................................................................................... |
24 |
4.1.2. |
On-Line Operator Inputs ............................................................................................................ |
24 |
4.2. |
Standby Processor..................................................................................................................... |
24 |
4.3. |
Module Management ................................................................................................................. |
24 |
4.4. |
Security ...................................................................................................................................... |
24 |
4.5. |
Front Panel ................................................................................................................................ |
25 |
4.6. |
Module Status LEDS.................................................................................................................. |
26 |
4.6.1. |
Reset Button .............................................................................................................................. |
27 |
Issue 18 Feb 08 |
PD-T8110B/T8110 |
4 |
TrustedTM TMR Processor T8110B/T8110 |
|
|
4.6.2. |
Maintenance Enable Keyswitch ................................................................................................. |
27 |
4.7. |
Composite Scan Time Estimation (pre TÜV release 3.5).......................................................... |
27 |
4.7.1. |
Central Modules......................................................................................................................... |
27 |
4.7.2. |
Input Modules ............................................................................................................................ |
28 |
4.7.3. |
Output Modules.......................................................................................................................... |
28 |
4.7.4. |
Application Execution................................................................................................................. |
29 |
4.7.5. |
Composite Scan Time ............................................................................................................... |
29 |
4.7.6. |
Example Calculation .................................................................................................................. |
30 |
4.8. |
Composite Scan Time Estimation (from TÜV release 3.5)........................................................ |
31 |
4.8.1. |
Input modules ............................................................................................................................ |
31 |
4.8.2. |
Output Modules.......................................................................................................................... |
31 |
4.8.3. |
Application Execution................................................................................................................. |
32 |
4.8.4. |
Communications ........................................................................................................................ |
32 |
4.8.5. |
Example Calculation .................................................................................................................. |
33 |
5. |
Fault Finding and Maintenance.................................................................................................. |
34 |
5.1. |
Testing and Diagnostics ............................................................................................................ |
34 |
5.2. |
Faults ......................................................................................................................................... |
34 |
5.3. |
Transfer between Active and Standby Processor Modules ....................................................... |
35 |
6. |
Specifications............................................................................................................................. |
36 |
Figures |
|
|
Figure 1 Module Architecture.................................................................................................................... |
8 |
|
Figure 2 Functional Block Diagram showing TrustedTM TMR Processor Communications ................... |
22 |
|
Figure 3 Block Diagram of Module Operation ........................................................................................ |
23 |
|
Figure 4 Module Front Panel .................................................................................................................. |
25 |
|
Tables |
|
|
Table 1 External I/O Connector Pin-Out................................................................................................. |
11 |
|
Issue 18 Feb 08 |
PD-T8110B/T8110 |
5 |
TrustedTM TMR Processor T8110B/T8110
Notice
The content of this document is confidential to ICS Triplex Technology Ltd. companies and their partners. It may not be given away, lent, resold, hired out or made available to a third party for any purpose without the written consent of ICS Triplex Technology Ltd.
This document contains proprietary information that is protected by copyright. All rights are reserved.
Microsoft, Windows, Windows 95, Windows NT, Windows 2000, and Windows XP are registered trademarks of Microsoft Corporation.
The information contained in this document is subject to change without notice. The reader should, in all cases, consult ICS Triplex Technology Ltd. to determine whether any such changes have been made. From time to time, amendments to this document will be made as necessary and will be distributed by ICS Triplex Technology Ltd.
Information in this documentation set may be subject to change without notice and does not represent a commitment on the part of ICS Triplex Technology Ltd.
The contents of this document, which may also include the loan of software tools, are subject to the confidentiality and other clause(s) within the Integrator Agreement and Software License Agreement.
No part of this documentation may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording, for any purpose, without the express written permission of ICS Triplex Technology Ltd.
Disclaimer
The illustrations, figures, charts, and layout examples in this manual are intended solely to illustrate the text of this manual.
The user of, and those responsible for applying this equipment, must satisfy themselves as to the acceptability of each application and use of this equipment.
This document is based on information available at the time of its publication. While efforts have been made to be accurate, the information contained herein does not purport to cover all details or variations in hardware or software, nor to provide for every possible contingency in connection with installation, operation, or maintenance. Features may be described herein which are present in all hardware or software systems. ICS Triplex Technology Ltd. assumes no obligation of notice to holders of this document with respect to changes subsequently made.
ICS Triplex Technology Ltd. makes no representation or warranty, expressed, implied, or statutory with respect to, and assumes no responsibility for the accuracy, completeness, sufficiency, or usefulness of the information contained herein. No warranties of merchantability or fitness for purpose shall apply.
Issue 18 Feb 08 |
PD-T8110B/T8110 |
6 |
TrustedTM TMR Processor T8110B/T8110
Revision and Updating Policy
All new and revised information pertinent to this document shall be issued by ICS Triplex Technology Ltd. and shall be incorporated into this document in accordance with the enclosed instructions. The change is to be recorded on the Amendment Record of this document.
Precautionary Information
WARNING
Warning notices call attention to the use of materials, processes, methods, procedures or limits which must be followed precisely to avoid personal injury or death.
CAUTION
Caution notices call attention to methods and procedures which must be followed to avoid damage to the equipment.
Notes:
Notes highlight procedures and contain information to assist the user in the understanding of the information contained in this document
Warning
RADIO FREQUENCY INTERFERENCE
Most electronic equipment is influenced by Radio Frequency Interference (RFI). Caution should be exercised with regard to the use of portable communications equipment around such equipment. Signs should be posted in the vicinity of the equipment cautioning against the use of portable communications equipment.
MAINTENANCE
Maintenance must be performed only by qualified personnel, otherwise personal injury or death, or damage to the system may be caused.
Caution
HANDLING
Under no circumstances should the module housing be removed.
Associated Documents
Product Descriptions (PD) provide product specific information.
The Safety Manual contains the recommended safety requirements for the safety system design.
The PD8082B – Toolset Suite provides specific guidance on system configuration and application generation.
The Operator and Maintenance Manual contains general guidelines on maintenance and diagnostic procedures.
For technical support email: support@icstriplex.com
Issue 18 Feb 08 |
PD-T8110B/T8110 |
7 |
TrustedTM TMR Processor T8110B/T8110
1. Description
Figure 1 Module Architecture
1.1. Overview
The TrustedTM TMR Processor is a fault tolerant design based on a TMR architecture arranged in a lock-step configuration. Figure 1 shows, in simplified terms, the basic structure of the TrustedTM TMR Processor module.
The module contains three processor fault containment regions (FCR), each containing a Motorola Power PC series processor and its associated memory (EPROM, DRAM, Flash ROM, and NVRAM), memory mapped I/O, voter and glue logic circuits. Each processor FCR has voted two-out-of-three (2- oo-3) read access to the other two processor FCRs memory systems to eliminate divergent operation
The module’s three processors store and execute the application program, scan and update the I/O modules and detect system faults. Each processor executes the application program independently, but in lock-step synchronisation with the other two. Should one of the processors diverge, additional mechanisms allow the failed processor to re-synchronise with the other two.
Each processor has an interface with the Inter-Module Bus which consists of an input voter, discrepancy detector logic, memory and an output driver. The output of each processor is connected by the module connector to a different channel of the triplicated Inter-Module Bus.
Communication between the TrustedTM TMR Processor and modules in other chassis is via either a TrustedTM Interface module, such as the TrustedTM TMR Interface to a Regent+Plus I/O chassis, or an Expander Interface to a Expander chassis.
Issue 18 Feb 08 |
PD-T8110B/T8110 |
8 |
TrustedTM TMR Processor T8110B/T8110
The functions of the four types of module memory are:
EPROM |
- Holds module bootstrap loader |
|
Flash ROM |
- Stores module firmware and the application program |
|
DRAM |
- |
Working memory with scaleable capacity |
NVRAM |
- |
Holds data such as event logs and retained program data. |
Note: The NVRAM provides data retention for up to 10 years.
The front panel comprises a Fault Containment Region (FCR D) separate from the other FCRs and contains non-critical simplex functions. These include the diagnostics port and maintenance enable keyswitch mounted on the front panel of the Processor. Other functions within the front panel FCR are the serial communications drivers and the IRIG-B interface. These are accessed though the I/O connector via adaptor units at the rear of the Processor. The Processor and front panel FCR participate in all module voting operations.
Two IRIG-B input standards are available to the Processor; IRIG-B002 and IRIG-B122. The standard used by the Processor is controlled by software setting a flag in the memory. The IRIG-B signals are used to synchronise systems and time-stamp entries in the Sequence of Events (SOE) log.
Three serial communications are available from the 4-channel UART. These are detailed as follows:
1. |
Channel 0 |
Front Panel Diagnostic Port (RS232) |
2. |
Channel 1 |
Not configured |
3.Channel 2 Communications Serial Port 2 (RS422/485)
4.Channel 3 Communications Serial port 3 (RS422/485)
The TrustedTM OPERATING SYSTEM (TrustedTM OS) is used in support of the Motorola Power PC series processor architecture. The real time kernel is a high speed, high functionality kernel made for faulttolerant distributed systems. The distributed communication is made transparent over all processors.
The kernel provides basic services (such as basic memory management), and interference free software environments which allow software of various integrity levels to reside and co-operate in a single processing environment.
An Application Program Interface (API) provides a consistent run-time interface for the services provided by the TrustedTM TMR Processor to the application program. The API also performs the same function to system-specific software executing within the TrustedTM TMR Processor.
1.2. Hardware Implemented Fault Tolerant (HIFT) Clock
Each of the Processor and front panel fault containment regions has its own HIFT clock, which are provided with a synchronisation reference signal from the fault-tolerant reference clocks.
1.3. Power Distribution
Each of the Processor and FCRs derive their internal voltages from dual redundant +24V dc power supplied via the module connector from the TrustedTM Controller chassis backplane.
Issue 18 Feb 08 |
PD-T8110B/T8110 |
9 |
TrustedTM TMR Processor T8110B/T8110
2. Installation
2.1. Module Insertion/Removal
CAUTION:
The module contains static sensitive parts. Static handling precautions must be observed. Specifically ensure that exposed connector pins ARE NOT TOUCHED. Under no circumstances should the module housing BE REMOVED.
Before installation, visually inspect the module for damage. Ensure that the module housing appears undamaged and inspect the I/O connector at the back of the module for bent pins. If the module appears damaged or any pins are bent, do not install the module. Do not try to straighten bent pins. Return the module for replacement.
Ensure that the module is of the correct type.
Record the module type, revision and serial number of the module before installation. To install the module:
1.Ensure that the field cable assembly is installed and correctly located.
2.Release the ejector tabs on the module using the release key. Ensure that the ejector tabs are fully open.
3.Holding the ejectors, carefully insert the module into the intended slot.
4.As soon as the front panel LEDS illuminate, push the module fully home by pressing on the top and bottom of the module fascia. The module should be inserted promptly to ensure that it connects to the Interface Adapter before reading the licenses.
5.Close the module ejectors, ensuring that they click into their locked position.
The module should mount into the chassis with a minimum of resistance. If the module does not mount easily, do not force it. Remove the module and check it for bent or damaged pins. If the pins have not been damaged, try reinstalling the module.
2.2. PCBs and Connectors
The TrustedTM TMR Processor comprises five separate PCB assemblies:
1.Three identical processor boards
2.One Riser board to provide the connection between the PCB assemblies
3.One module Main board that provides the Inter-Module bus connection and front panel facilities.
Issue 18 Feb 08 |
PD-T8110B/T8110 |
10 |
TrustedTM TMR Processor T8110B/T8110
2.3. Module Pinout Connections
2.3.1. External I/O Connector (PL1)
This connector provides a number of discrete input and outputs. These are provided to allow the TrustedTM TMR Processor status to be monitored by external hardware, and to allow the TrustedTM TMR Processor to monitor the power supply status signals. The connector also provides access to the communications ports and connections for IRIG-B input signals. To enable the communications ports and IRIG-B facilities to be accessed, the user must install the following:
1.Processor Interface Adaptor T8120 for the communications ports.
2.Processor Interface Adaptor Unit (IRIG-B) T8121 for both communications ports and IRIG-B facilities
Note: IRIG B and serial facilities are only available on the T8110B
PL1 is a 48-way DIN41612 E type connector.
|
|
Row |
|
Pin |
A |
C |
E |
2 |
Fault relay (NC) |
DIAG_RTN |
Failed relay (NC) |
|
|
|
|
4 |
Fault relay (common) |
DIAG_IN_1 |
Failed relay (common) |
6 |
Fault relay (NO) |
0V Port 1 |
Failed relay (NO) |
|
|
|
|
8 |
Not Connected |
Serial Port 1 B |
Not Connected |
10 |
5V_D |
Serial Port 1 A |
IRIG-B122+ |
12 |
DATA_OUT |
0V Port 2 |
IRIG-B122- |
|
|
|
|
14 |
ENABLE |
Serial Port 2 B TX |
Reserved |
16 |
DATA_IN |
Serial Port 2 A TX |
Reserved |
|
|
|
|
18 |
CLK |
Serial Port 2 B RX/TX |
IRIG-B002- |
20 |
0V |
Serial Port 2 A RX/TX |
IRIG-B002+ |
22 |
Chassis GND |
0V Port 3 |
Chassis GND |
|
|
|
|
24 |
Chassis GND |
Serial Port 3 B TX |
Chassis GND |
26 |
Chassis GND |
Serial Port 3 A TX |
Chassis GND |
|
|
|
|
28 |
24V PSU 1 LV Warning |
Serial Port 3 B RX/TX |
24V PSU 1 Fail |
|
|
|
Shutdown |
30 |
24V PSU 2 LV Warning |
Serial Port 3 A RX/TX |
24V PSU 2 Fail |
|
|
|
Shutdown |
32 |
24V Return |
24V Return |
24V Return |
Table 1 External I/O Connector Pin-Out
Issue 18 Feb 08 |
PD-T8110B/T8110 |
11 |
TrustedTM TMR Processor T8110B/T8110
3. Application
3.1. Module Configuration
The TrustedTM TMR Processor requires no hardware configuration.
Every TrustedTM system requires a System INI Configuration file. Details of how to design this are given in PD-8082B (TrustedTM Toolset Suite). The configuration has a processor assigned to the left slot of the processor chassis by default. The System Configurator allows the selection of options on ports, IRIG and system functions. The use of the System Configurator is described in PD-8082B. The options are described below.
3.1.1.Updater Section
If Auto Protect Network Variables is selected, this configures the TrustedTM System to use a reduced Modbus Protocol map. See product description PD-8151B (TrustedTM Communication Interface Module) for further details.
Inter Group Delay equates to the Modbus update cycle. This is the minimum period between successive Modbus update messages sent to each of the Communications Interface modules. The default value (as shown) is 50ms which provides a compromise between latency and performance. Adjustment is made in 32 integer ms increments, i.e. a value of 33 will equal 64ms as will 64.This may be increased or decreased as required, however since only one update message is sent per application scan, and an application scan may often be more than 50ms, there is little benefit in adjusting this variable.
3.1.2.Security Section
The above display is also used to configure a password allowing the user to interrogate a TrustedTM System using the Windows-based HyperTerminal facility or a similar terminal program. The password is configured by selecting the New Password button and entering the new password twice in the displayed dialogue box.
3.1.3.ICS2000 Section
This section only applies to TrustedTM systems connected via a Trusted to ICS2000 Interface Adapter to an ICS2000 system. This allows the data sources for the three mimic tables to be selected. Please refer to your TrustedTM supplier for further information.
3.1.4.System Section
WARNING
Changes made to the System Section may affect System performance, Fault Detection times and violate the process safety tolerances.
Entries to this section are typed directly into the SYSTEM Section text window.
Definitions
NIO Module = Native Input or Output (I/O) Module. This refers to all I/O modules resident in a TrustedTM chassis. It does not refer to I/O modules resident in other chassis types and communicating via a bridge interface module.
Dual I/O = Module using two voted circuits to connect to a field device. TMR I/O = Module using three voted circuits to connect to a field device.
Issue 18 Feb 08 |
PD-T8110B/T8110 |
12 |
Loading...