01 June 2006
Until now, the only ways to protect plant-critical segments were expensive duplication of an entire segment’s hardware, complex software voting schemes, and restricting the number of devices per segment.A new fault tolerant fieldbus highway provides a cost-effective and simple strategy to eliminate this shortfall. Called Trunksafe™, this fault tolerant fieldbus system maintains communications between the DCS and field devices without interruption in the event of either an open-circuit or short-circuit cable fault. The system is provided by MooreHawke, a Division of Moore Industries-International, Inc. (miinet.com/products/sg_fieldbus.shtml)Designed for important and plantcritical (those that if lost, will cause process unit or plant shutdown) fieldbus segments, the system substantially increases segment availability since no single point failure will shut down the network. In addition, more than one critical application can be confidently, and economically, implemented on a fieldbus segment. For example, four critical spurs can be driven with one failsafe segment, with only a quarter of the traditional system hardware required. The system is comprised of tworedundant fieldbus DC power conditioners integrated with a speciallyengineered device coupler. (See figureon next page.) In operation, two redundant Foundation Fieldbus H1 interface cards are connected to two legs of a fieldbus trunk, and wired out into the field. The power on each leg is properly conditioned by the power conditioner, and run to the device coupler which continuously powers the fieldbus devices.Completely compliant with IEC 61158- 2 (the international standard for fieldbus implementation), the entire fieldbus segment is terminated at both ends, with power conditioners feeding the segment, and one of the two H1 cards is communicating with field devices. No modification is required to the fieldbus devices or to DCS-level software with segment-powered H1 cards.Redundant power conditionersBoth of Trunksafe’s power conditioners continuously monitor their respective segment cable legs. In the event of a field cable failure (short-circuit or opencircuit), the power conditioner immediately prevents the Foundation Fieldbus H1 interface from communicating on that side of the trunk. At the same time, power isdisconnected from the H1 fieldbus interface. This alerts the DCS to transfer segment communications to theredundant fieldbus interface, and normal system communications will continue over the remaining secure side of the trunk. The DCS detects the failure of one of the H1 cards and issues a system level alarm. Individual hard-wired alarms may be taken from the power conditioners as well.Automatic segment terminationThe Trunksafe device coupler simultaneously detects the absence of voltage on the incoming trunk, andactivates its ‘Smart Automatic Segment Termination’ (a patented feature) on the redundant leg. This maintains normal fieldbus communications on the healthy leg. Internal blocking circuitry prevents current flow out of the device coupler so that a trunk short-circuit on one side cannot affect the trunk on the other side. This allows the system to maintain all fieldbus communication functions in spite of any single system fault. Each unit automatically resets when the cable integrity is restored.The system device couplers provide electronic and fully auto-resetting spur short-circuit protection that prevents segment failure caused by single device faults. On detection of excess current on a spur, the device coupler switches spur current to a nominal trickle-level, rather than limiting the fault current to a fixed(and always higher) level. No matter how many spur faults arise, no additional loading will sit on thesegment to draw down the power supply. This is a significant advantage to ‘current-limiting’ designs on competing units which hold a fault permanently on the segment at a higher than normal current level. This often results in segment failure caused by higher voltage drop across the cable as a result of overloading the segment power supply. With removal of the short, Trunksafe automatically reconnects the spur to thefieldbus segment.Physical layer diagnosticsThe fault tolerant fieldbus system delivers diagnostic capabilities at every level. LEDs on the power conditioner alert users to potential problems including host or field cable open- or short-circuit and low DC output voltage to power conditioner modules. LEDs on the diagnostic module alert for low DC input voltages and high segment noise (greater than 75mVpp) on each spur. Each power conditioner also has a contact closure output, which can be wired as a general alarm.LEDs on the device couplers provide instant indication of power status on each trunk, power status on each spur, short-circuit status on each spur, and the status of auto-termination (ON/OFF). In the near future, the system will offer digital communications diagnostics so fault conditions can be detected at the control system.With Trunksafe, highly critical process loops can use Foundation fieldbus technology without worrying aboutsimple cable failures. This allows full access to the advanced diagnostics and uninterrupted measurement and control communications. More importantly, users can see real cost reductions, while simultaneously increasing system availability. Designers no longer need to restrict highly critical loops to individual segments.—Mike O’Neill, MooreHawke U.K.
Print this page | E-mail this page
This isn't a paywall. It's a Freewall. We don't want to get in the way of what you came here for, so this will only take a few seconds.
Register Now