Better Communication
Safety and Control in the Field on Foundation Fieldbus Networks
Increasing Efficiency -The benefits of fieldbus technology over conventional plant communication technologies are widely discussed, many greenfield plant designs are based on fully digital communication from the DCS right down to the devices in the field level. The inherent diagnostic and plant asset management capabilities of fieldbus technology are the main drivers of this evolution. With Control in the Field (CIF) and Safety Instrumented Functions (SIF) the Fieldbus Foundation offers two more options to increase business efficiency. Safety functionalities sharing the same fieldbus network with process control signals have been thoroughly tested and are starting to appear on the market. The workload of controllers and network traffic could be reduced while simultaneously optimizing loop response times by a consequent implementation of CIF.
CIF: Field Device Controls Field Device
From its very start, the ability to do real CIF has been an inherent feature of Foundation Fieldbus technology. In parallel to the usual sensor or actuator function blocks most of today's Foundation field devices have control function blocks embedded. A valve positioner team working with a flowmeter can autonomously control the fluid flow rate, the appropriate PID function block is not sitting in the far-away control system but in any of the two field devices. The control signals run in a close loop, there is no single point of failure above the field level. Even a malfunction of HMI and a loss of visibility into the process would not affect the correct fluid flow. A sequence of such close loops, arbitrated by the Link Active Scheduler (LAS), also residing in any field device of the Foundation Fieldbus segment, could maintain the process operation without interaction of the DCS.
This useful feature of Foundation technology has rarely been used in the past. To overcome this neglect an extensive study has been conducted by Industrial Systems and Control (ISC) in close cooperation with the renowned Industrial Control Centre at the University of Strathclyde, Scotland. The findings have recently been published as an ARC Advisory Group white paper under the title "The Business Value Proposition of Control in the Field."
ISC examined the differences in timing and sequencing between a fieldbus system using CIF versus a fieldbus system employing control in the host (DCS) by comparing a set of simulation scenarios. The goal was to establish typical latencies and sample rates that limit control performance. mprovements in response time of 10-30% were recorded, improvements in disturbance rejection reached up to 20%.
Shell Global Solutions International (SGSI) came to a similar conclusion: "Control in the field using Foundation fieldbus technology is recommended by SGSI for simple and cascading loops, not for complex loops. Major benefits identified by SGSI are reduced process controller loading, reduced network traffic enabling more loops per segment, as well as very fast loop response."
For plant operators implementing CIF these benefits would lead to lower CAPEX and OPEX as well as allow a greater flexibility in plant automation strategies.
SIF: Safety and Process Control Signals Sharing One Single Network
Under the title "Fieldbus for safety-related uses" recommendation NE 97 of Namur (User Association of Process Control Technology in Chemical and Pharmaceutical Industries) discusses the options of how to integrate process control signals and safety-related signals into one digital fieldbus network. Following this recommendation, both major fieldbus associations, Profibus and Fieldbus Foundation, released protocol stacks which provide for secure communication of safety-related signals up to SIL 3 on fieldbus networks. The specifications of Foundation Fieldbus Safety Instrumented Functions (FF-SIF) as well as technical guidelines, installation best practices and interoperability test kits evolved from an extensive testing and demonstration project conducted in cooperation with several major users (fig. 1).
The safety protocol stack, which contains all algorithms to ensure data integrity, is certified according to IEC 61508. Fieldbus devices with integrated safety stack can now communicate with the safety-DCS without fear of data errors, even when sharing the same network with standard process control signals. Additional specific diagnostic functions can be used to identify critical situations in the process and react accordingly without human interference.
Since data disruption is securely detected by the safety stack, the physical communication layer is regarded as "black channel." Consequently, all passive communication elements, such as cables, fieldbus power supplies and wiring blocks, are not included in the SIL calculation. To minimize the expenditure for SIL certification of fieldbus devices, NE 97 proposes to combine existing certified or proven-in-use sensor and actuator hardware with the certified safety communication stack. Since the safety stack is an add-on to the application layer 7 of the fieldbus protocol the same type of device could be used for both standard and safety-related communication by implementing a secure switching option. The first beta-version devices are appearing on the market today.
The optimal physical layer topology for safety purposes would have independent segments with an appropriate selection of devices, closely following the installation guidelines for fieldbus networks and safety systems (fig. 2). Irregularities in the black channel cannot lead to dangerous situations, thanks to the safety stack, however they could cause the application to switch into safe operation mode.
Irradiation of external noise due to bad shielding, faulty installation and even deteriorations over the live span of the plant can alter signals to such an extend that the safety stack might recognize a dangerous fault and react accordingly. Consequently, special care is needed in selecting the optimum isolation, diagnostic and redundancy features in order to secure a highly reliable signal transmission. Comprehensive fieldbus infrastructure systems such as FieldConnex by Pepperl+Fuchs offer these options and, even more, provide advanced diagnostics for real-time and online monitoring of the wiring network.
Quality loss of the digital signals, noise irradiation and cabling faults can be located exactly and immediately, integrated oscilloscope functions allow the analysis of individual fieldbus signals. By means of triggers and trend analysis even minute ageing influences can be detected in time to allow preventive measures. For maximum convenience of the plant operator these alarms can be integrated in some of the major DCS systems. Thus modern fieldbus infrastructure systems optimize the black channel to ensure maximum availability and reliability of the safety-related fieldbus.
In order to combine these requirements for safety systems with the power supply of field devices in explosion hazardous areas the high-power trunk concept is strongly recommended. Figure 3 shows the general topology: Field devices in the hazardous areas are connected to the fieldbus trunk by means of specific wiring blocks which provide the appropriate protection: FieldBarriers Ex ia for Zone 1 and Segment Protectors Ex ic resp. Ex nL for Zone 2. The trunk cable leading to the Fieldbus Power Supplies located in the safe area is protected by Increased Safety Ex e. Features for short-circuit and power surge protection complete a comprehensive Fieldbus Infrastructure System.
Conclusion
With the introduction of FF-Safety Instrumented Functions and the new focus on FF-Control in the Field, operators and planners of automated process plants have powerful tools to further increase plant efficiency and reduce both capital and operating expenditures.
References are available upon request.
The ARC White Paper is available as free download on www.fieldbus.org