Ge is420ucsch2a IS420UCSCH2A-C-V0.1-A safety controller operation

Description

Local processors in I/O modules can communicate data peer-to-peer with local processors in other I/O modules without the latency of communicating with the main controller. As an example, Power Load Unbalance is used on large steam turbines to quickly close control valves and intercept valves during a load rejection that might lead to rapid acceleration. One I/O module compares the turbine mechanical power (analog inputs) with the generator load (current transformer inputs) and quickly commands the valves to close via a peer-to-peer transmission to the I/O module that controls the valves.

The controller is a compact and flexible design for processing and network communications.

Features

• Frame rate: 10, 20, 40, 80, 160, or 320 ms

• Speed UCSBH1A: 600 MHz UCSBH3A: 1200 MHz • Ports: 5 Ethernet, 1 USB, 1 COM

• Configuration: Simplex, dual, triple • Power: 18 to 32 V dc

• No batteries

• Status LEDs

• Cooling 600 MHz (convection) 1200 MHz (redundant fans)

• Safety: IEC-61508 compliant

• Security: Achilles™ certified – Level 1

Environment

• Operating temperature: UCSBHIA: -30 to 65°C (-22 to 149 °F) UCSBH3A: 0 to 65°C (32 to 149 °F)

• Humidity: 5 to 95% non-condensing

For dual and triple redundant systems, a second and third controller can be mounted adjacent for a compact packaging arrangement. Local LEDs are provided on the controller to indicate the status of: Link, Act, Power, Boot, OnLine, Flash, DC, Diag, and On (USB).

Each controller has three 100 MB Ethernet interfaces for the I/O network so that each controller can communicate with up to three IONet networks. In redundant systems, this allows each controller to monitor redundant inputs directly and compare them for any potential discrepancies. Connectors are labeled to simplify maintenance. Controllers also have two Ethernet interfaces to the control network to communicate peer-to-peer with other Mark VIe-based control systems, as well as operator and maintenance stations. Controllers can be time synchronized between units or to a local or remote time source for accurate plant-wide sequence of events (SOE) monitoring.

Fault situation of DCS during production process
Each manufacturer’s DCS has its own characteristics, so the analysis and handling of its faults are not the same. However, in summary, the obstacles caused by DCS in the second or above categories of the unit can be divided into three categories:
(1) The system itself has issues, including design and installation defects, software and hardware failures, etc.
(2) Faults caused by human factors, including personnel caused misoperations, incomplete management systems, and implementation of execution links.
(3) DCS malfunction caused by external environmental issues in the system. Abnormal conditions are caused by factors such as high or low ambient temperature, humidity, dust, vibration, and small animals.
Examples of problems and faults with DCS itself
This type of fault is common in the production process, mainly including system design and installation defects, controller (DPU or CPU) crashes, network disconnection and other faults, operator station black screen, network communication blockage, software defects, low system configuration, and problems with interfaces with other systems and equipment.

Power and grounding issues:
(1) The DCS power supply system of a certain power plant uses ABB Symphony III power supply, but the cabinet installation is still carried out according to the grounding method of Type II power supply during infrastructure construction, which differs greatly from the grounding technical requirements of Type III power supply. Since the unit was put into operation, there have been multiple DCS module failures, signal jumps, and hardware burns, which are suspected to be related to the grounding system. Similarly, there were issues with the design, production, and installation of the DCS grounding grid during the infrastructure period of a certain power plant. After the operation of the DCS system, all temperature measurement points of thermal resistance thermocouples experienced periodic fluctuations.

(2) A factory’s control system on the turbine side failed due to loose power connections.Lesson learned: DCS does not have a good grounding system and reasonable cable shielding, which not only causes significant system interference, but also makes the control system prone to sending signals incorrectly and causing module damage. It can be seen that problems with UPS power supply and control system grounding will leave great hidden dangers for the safe and stable operation of DCS after the power plant is put into operation. Therefore, the power supply design of the DCS system must have reliable backup means, and the load configuration must be reasonable and have a certain margin; The grounding of the DCS system must strictly comply with the technical requirements of the manufacturer (if there are no special instructions from the manufacturer, it should be carried out in accordance with DLT774 regulations). All cables entering the DSC system control signal must use high-quality shielded cables, which must be laid separately from the power cables and have good single end grounding.