Sei sulla pagina 1di 20

POLITECNICO DI MILANO

DIPARTIMENTO DI CHIMICA, MATERIALI E INGEGNERIA CHIMICA " GIULIO NATTA " Ph.D. FLAVIO MANENTI, Assistant Professor of Chemical Engineering

ADDITIONAL MATERIAL for DCS ARCHITECTURE Courtesy of S. Cavagnaro and S. Garramone (Siemens)

3.1 I/O Modules, MTA Modules, Remote I/O Modules (Process Interface)
A large variety of different I/O modules (about 20) are available for use in the SPPA-T3000 and PCS7 DCS systems. These include analog and digital modules with different voltage and current ratings as well as modules for special applications and intelligent devices. Siemens I/O Devices benefits could be herein summarized: protection class IP 20, operation 0...60 C, Connection via Profibus DP, Transmission rate up to 12 Mbit/s, Optional redundancy, Hot swapping of individual devices, Modbus connectivity. The SIMATIC I/O modules and function modules can be connected via distributed I/O module or installed directly into the automation system. I/O modules are connected to the automation system via the PROFIBUS-DP field bus. The PROFIBUS-DP/PA permits data exchange between automation systems, distributed I/O and intelligent field devices with a minimum of installation requirements. There is a high degree of flexibility when designing the I/O architecture. I/O modules can be located centrally (in a central electronics room or equipment room) or they can be located remotely (in remote switch rooms, or out in the field closest to the device). Possible I/O architectures depend on the application and environment. T3000 can use distributed I/O modules of ET200M series. ET200M exists both not-fail-safe and compliant to IEC61508 (Safety Integrity Level 3). ET200M is a modular I/O station allowing control cabinets with high densitychannel applications.
Power Supply IO Devices

Interface Module for Profibus-DP IM153-2

Bus bar Plug-in bus

Fig.1ET200M

The ET 200M distributed I/O stations use modules exclusively from the SIMATIC S7-300 product family. The following types of module can be used: Standard S7-300 I/O modules, I & C modules with increased functionality, Ex input/output modules, Controller modules, HART modules, F modules for fail-safe applications. ET200M main features are: Protection level IP20, operating range -20...60C, Redundant connection (for H CPUs), I/O Module Redundancy (1 Sensor -> 2 Modules), Electrical isolation from the backplane bus, Modularly expandable with hot swap backplane bus on aluminium rail, Max. 12 I/O modules per station, No slot restrictions, 20 or 40 pin front connector in screw, spring-loaded or fast connect type (1.5mm2/0.75mm2), I/O Modules with comprehensive diagnostics (Missing sensor power / load voltage, Short-circuit, wire break detection, Substitution value applied due to Controller or Bus failure, Invalid parameters in module, Watchdog triggered, EPROM error, RAM error etc.) PCS7 can integrate all products coming from the Siemens Industry division (i.e. ET200S etc). These I/Os generally are not as performing as the ET200M (could be not redundable, etc.). ET200M direct use is limited to plant location in Ex Zone 2.

Piazza L. Da Vinci, 32 20133 Milano Tel. ++39-02 2399.3273 Fax ++39-02 7063.8173

Dept.: www.chem.polimi.it Polimi:: www.polimi.it

Web: www.chem.polimi.it/homes/fmanenti

Email: flavio.manenti@polimi.it Skype: flavio.manenti

POLITECNICO DI MILANO
DIPARTIMENTO DI CHIMICA, MATERIALI E INGEGNERIA CHIMICA " GIULIO NATTA " Ph.D. FLAVIO MANENTI, Assistant Professor of Chemical Engineering
Siemens set of I/O modules includes also a new ET200M HART Al module. It allows integrated engineering directly from the workbench, reduced commissioning and maintenance costs. It provides remote advanced diagnostics and parameterization of actuators status. It enables remote engineering, commissioning, and optimization of HART capable actuators; it operates on standard/existing wiring; 35-40 standard data items are in every HART device which can be displayed on the Workbench Examples: Device Status & Diagnostic Alerts, Process Variables & Units, Loop Current & Range, Basic Configuration Parameters Manufacturer & Device Tag. Incorporation of intelligent field devices: Selected features of the I/O modules with diagnostics capability include the display of channel-related faults, internal module monitoring, diagnostics alarms, storage of last value or connection of a default value on failure of the CPU or load power supply. The modules can detect channel faults and module internal faults, and automatically signal these events to the operator stations (OS). I/Os in hazardous area The S7-300 Ex input/output modules are available for the automation of process control applications. They isolate the intrinsically-safe circuits in the hazardous area from the non intrinsically-safe circuits of the automation system. Possible I/O architectures include: SIMATIC ET 200M is installed in the safe area. ET 200M can work in Ex 2 Zone. The actuators/sensors can be located in the hazardous area if appropriate EX I/O modules are used. In Ex 2 Zone is possible extraction/insertion of peripherals with related certification (e.g. Fire certificate). Homologation FM: Class I, Division 2 and Class I, Zone 2. SIMATIC ET 200iS can be directly installed in hazardous area zone 1 due to its intrinsically-safe design. Actuators/sensors can be located in zone 1 or zone 0. A connection via PROFIBUS-DP with series connected isolating transformer in the safe area has a transmission rate up to 1.5Mbit/s. These two systems permit hot swapping of individual modules (design with active bus modules for ET 200M; swapping without fire certification for ET 200iS). The PROFIBUS-PA is also capable of connecting directly to field devices inside hazardous areas. The DP/PA link and DP/PA coupler permit the combined use of PROFIBUS-PA and PROFIBUS-DP in this environment.

Fig.2FieldHWandBusinsideHazardousarea

Marshalled Termination Assemblies MTAs provide safe, fast and easy connection of the field level to ET200M I/O modules. Are available MTA execution both for standard I/O and fail-safe redundant I/O. Thanks to MTA cabling and commissioning costs are reduced excluding cabling errors. SUB D plugs for connection to preconditioned cables; 1:1 screw terminals to the field level; channel fuses with LED indication; redundant power feeder including power monitor board for diagnostics (Option); redundancy support for ET200M modules.

Piazza L. Da Vinci, 32 20133 Milano Tel. ++39-02 2399.3273 Fax ++39-02 7063.8173

Dept.: www.chem.polimi.it Polimi:: www.polimi.it

Web: www.chem.polimi.it/homes/fmanenti

Email: flavio.manenti@polimi.it Skype: flavio.manenti

POLITECNICO DI MILANO
DIPARTIMENTO DI CHIMICA, MATERIALI E INGEGNERIA CHIMICA " GIULIO NATTA " Ph.D. FLAVIO MANENTI, Assistant Professor of Chemical Engineering
Redundant ET200M

MTA

+ -

+ -

Fig.3MarshallingTerminalAssemblieswithredundantET200M

Considering the available set of I/O modules, their possibility related to redundancy, their flexibility in treating special devices with different communication protocol (HART compatibility) in different environment (warning on EX zone 0 and 1), their growing integration in the workbench operation and diagnostic the Siemens process interfaces seems to be aligned with respect to the market requirements.

3.2 Junction Boxes / Barriers


Junction boxes and, more in general, intermediate barriers to receive and send signals (between the field instrumentation, used to acquire the measurement, and the control room marshalling of the DCS) are indispensible for production plants operating at the large scale apart from their nature (refining, power generation, petrochemicals). Junction boxes and barriers have the aim to isolating safe and hazardous zones as well as to reduce the spread of cable down the field so as to locally centralize a set of signals (to make easier their management, distribution and transmission) and to send them to other cabinets (intermediate cabinets or DCS marshalling) via a single route. Also, Junction boxes and barriers have the possibility to switch the signal according to their distance from the instrumentation sending the measurement and the cabinet receiving the measurement:
FIELD MEASUREMENT JUNCTION BOX / BARRIER BARRIER (intermediate) DCS MARSHALLING

Fig.4Intermediatestepsforthesignaltransmission

According to the plant size, there could be several intermediate barriers. Consider that when the distance is inferior to about 100 m, the transmission is performed on copper; otherwise, the optical fiber is usually preferred. This is the traditional and well-established way to transmit signals from the operating field towards the DCS and no differences are highlighted in comparing the T3000 and PCS7 since they both use this kind of approach.

3.3 CPU
When the measurements and signals acquired by the field reach the cabinets placed in the technical or in the control room, these are received by I/O modules (Paragraph 3.1) positioned into racks (Paragraph 3.4) and managed by CPU slots also placed within the cabinets. According to the CPU capacity and to the number of variables received by I/O modules as well installed in the cabinet, the CPU may have the task either to manage only the information of the rack where they are installed (called the conventional CPU task) or to manage the information collected on I/O modules of more racks (called the extended CPU task) or again to manage all the information collected by the whole cabinet (called the largely extended CPU task):

Piazza L. Da Vinci, 32 20133 Milano Tel. ++39-02 2399.3273 Fax ++39-02 7063.8173

Dept.: www.chem.polimi.it Polimi:: www.polimi.it

Web: www.chem.polimi.it/homes/fmanenti

Email: flavio.manenti@polimi.it Skype: flavio.manenti

POLITECNICO DI MILANO
DIPARTIMENTO DI CHIMICA, MATERIALI E INGEGNERIA CHIMICA " GIULIO NATTA " Ph.D. FLAVIO MANENTI, Assistant Professor of Chemical Engineering
I/O MODULES CPU SLOTS

RACK 1-1

RACK 2-1

RACK 1-2

RACK 2-2

Fig.5PossibleCPUroleintotherackandthemarshalling:accordingtotheircapacityandtotheamountofI/Opoints,CPU slots could manage either a single rack (conventional CPU task), or a set of racks (extended CPU task), or the overall marshallingcabinet(largelyextendedCPUtask).

In addition, Fig. 5 shows that a certain redundancy is always required for CPU slots. Siemens has powerful and certified CPU products that can be used for extended CPU tasks (S7400 series). Moreover, Siemens offers an internally redundant CPU giving the possibility to have more available space on racks and within the marshalling. Siemens CPU can flexible manages different mixed I/O modules (Fail safe, not fail safe )

3.4 Racks
The racks originally contain CPU slots and I/O modules. Nowadays, according to the CPU capacity, some racks can be filled up by I/O modules only by progressively loosing their role in the information collection and management hierarchy and being relegated to a mere

Piazza L. Da Vinci, 32 20133 Milano Tel. ++39-02 2399.3273 Fax ++39-02 7063.8173

Dept.: www.chem.polimi.it Polimi:: www.polimi.it

Web: www.chem.polimi.it/homes/fmanenti

Email: flavio.manenti@polimi.it Skype: flavio.manenti

POLITECNICO DI MILANO
DIPARTIMENTO DI CHIMICA, MATERIALI E INGEGNERIA CHIMICA " GIULIO NATTA " Ph.D. FLAVIO MANENTI, Assistant Professor of Chemical Engineering 3.6 Information hardware and network
Siemens has a wide set of information hardware (CPU, I/O modules, remote I/O) and transmission devices (fieldbus and ethernet) that respect fail-safe and non-fail-safe requirements at each tier considered in terms of performances, redundancy, and certification (German Technical Inspectorate TV). PROFIBUS is the most widespread fieldbus used in the world. It supports the fail-safe technology (called the PROFISAFE) to prevent the major potential faults, the drive integration, and the HART communication. Moreover, Siemens proposes appealing configuration options to assure the 1-failure safe standard for the information network. The common approach to ensure the 1-failure safe standard is to double the bus (fieldbus, automation tier, client tier). Siemens proposes the so-called PA ring redundancy (Paragraph 3.8), a closed loop for the information so as to have the certainty of information transmission even in the case of one failure since all the units supplied by the closed loop can receive information from their left and/or their right-hand side without being influenced by it. Operations on the loop are also guaranteed by intelligent switches (automatic field distributors).

3.7 Servers
The server tier represents the most evident difference between the PCS7 and the T3000. T3000 has a single integrated server (application server). Conversely, a conventional DCS structure comprises several servers dedicated for instance to HMI, Engineering, Historian, Diagnostics, Automation, Web.
Classic DCS
Thin Clients Operator Terminals Thin Clients

SPPA-T3000

Web Server (Java)


System SW

Engineering D ata

oma Diagnost ics Data

Historian Data

Aut

-in

Built Web server


(Jav a /xml)
S

Sys te m SW System SW Sys tem SW

IO Device

Piazza L. Da Vinci, 32 20133 Milano Tel. ++39-02 2399.3273 Fax ++39-02 7063.8173

Dept.: www.chem.polimi.it Polimi:: www.polimi.it

Web: www.chem.polimi.it/homes/fmanenti

Email: flavio.manenti@polimi.it Skype: flavio.manenti

POLITECNICO DI MILANO
DIPARTIMENTO DI CHIMICA, MATERIALI E INGEGNERIA CHIMICA " GIULIO NATTA " Ph.D. FLAVIO MANENTI, Assistant Professor of Chemical Engineering Engineering:T3000Integratedengineeringandoperationaremadeeasysinceitisnotnecessaryto change machines to work on different applications with consequent high speed configuration and modification. The whole spectrum of information is available at a glance without having to look for it in different applications (e.g., Chronological Archive of Event is inside it). A wide library of macrosisavailable.Consequently,eachapplicationisbuiltcontemporarilybyexploitingthebenefits ofobjectorientedprogrammingwithintheT3000developmentenvironment.
To mention only some features (Paragraph 3.7.1) we acknowledge the: rather handy on-line change of configuration right from the Workbench, straightforward automation and display design, fast on-line undo of last configuration changes with quick roll-back. PCS7 needs cross references, whereas T3000 directly leads to logics and references thanks to its object oriented approach.

Diagnostics(seealsoParagraph3.7.4):T3000hasbuiltin diagnosticswithoutanyrequirementsof additional equipment for optimized maintenance strategies; no special computer equipment or location for troubleshooting; contextsensitive online diagnostic information at a glance; comprehensivestatusofallcomponentsfromanyview. Alarm (see also 3.12): The T3000 allows setting the alarms according to a peruser basis. T3000 allowseasytroubleshootingbycustomizedtripreports,alarmsummarydisplaysandeventreports areavailableT3000keepsintoaccountthatthefinaluserofaDCSistheoperator. Archive:InT3000isimplementedarchivingforpermanentplantchangeandassetmanagement. Field:Integratedprocessinterfaceforfielddevicecommunication. Programming: T3000 is easy to understand and configure. PCS7 has a specific package for HW configuration(S7). Maintenance:T3000beingbasedonasinglelanguagemakeseasierfollowingtheoperations. GUI:thisfeatureseemstobequitegoodaccordingtothefieldpersonnelexperiences.Drag&Drop is possible for T3000 not for PCS7. As far as it is necessary to build an object with different attributes, T3000 is deemed more demanding when implementing customized graphics. The last releaseshowedagoodefforttoimprovethispointbytheavailabilityofaprototypeeditor,usedto create and edit userdefined Pictograms and Faceplates that allow implementing an easier customizationstartingfromexistingsymbols/object(linkingittovariable). Reporting: T3000 has all functions at a glance and the operator can create a set of variables and statistics (e.g., for startup are available twoyears of historical data as opposite to conventional oneyearoflessvalues).Therearepredefinedreportmodulesandthecustomizationiseasy. Training:Reducedtrainingeffortsandreducedcomponentsvariety.
3.7.1 HMI / Workbench T3000 has a flexible workbench layout according to the customers ergonomic needs. Workbench is designed to integrate all views for plant operations, modifications, tuning, configuration, diagnostics or optimization. The Workbench can be launched from any screen via an Internet browser, and it is possible to access Plant Displays, the Point View, Function Diagrams or Diagnostics depending on assigned role and access rights. The working procedures are simplified when plant personnel needs comprehensive information about any individual device or function, the Point View offers all information, including real-time values, configuration data, parameters, etc., related to each individual object at the click of a mouse. The Point View displays not only information, but also provides the ability to perform operations, point forcing or modifications from every workplace. Layout of header & footer and menu structure of Workbench is flexible and customizable. The following areas in the Workbench can be customized:

Piazza L. Da Vinci, 32 20133 Milano Tel. ++39-02 2399.3273 Fax ++39-02 7063.8173

Dept.: www.chem.polimi.it Polimi:: www.polimi.it

Web: www.chem.polimi.it/homes/fmanenti

Email: flavio.manenti@polimi.it Skype: flavio.manenti

POLITECNICO DI MILANO
DIPARTIMENTO DI CHIMICA, MATERIALI E INGEGNERIA CHIMICA " GIULIO NATTA " Ph.D. FLAVIO MANENTI, Assistant Professor of Chemical Engineering Repositionofelementsintheheader&footer,e.g.alarmindicatororsystemerrormessages(e.g. connectiontolicensecontainerlost); VisibilityofWorkbenchmenuitems IndicatorsinWorkbenchheaderorfootertopresentinformation TheWorkbenchprovidesthefollowingadditionalinformationoneachscreen: Theidentification(letter)ofthepreselectedscreen Systemerrorandsysteminformationmessages(e.g.licensenotification) Signoflifesignalthatflasheswithaconstantrate(200ms)inacustomizablecolortoindicatethat thescreenisstillupdated
Faster access to dedicated plant displays is ensured by customizable short cuts in workbench header & footer, pictograms can be added as short cut to the workbench header & footer to provide faster access to corresponding plant displays. The operator can click on the pictogram and then the associated plant display opens to provide further information. So important information is directly available to the operator (Use case: Critical Safety Functions CSF). Furthermore new users can login and logout without closing the workbench. Active diagrams are continuously updated in the workbench during transition of user; the workbench will close all views and diagrams for which the new user has no access permission; all other views and diagrams stay open as they are and they will be updated only with the new access permission (buttons get grayed out or enabled). The operator can access quicker to more plant information: one click access to a group of displays with assigned screen arrangement:

Plantdisplayscanbeassignedtogroupdisplays. Groupdisplayscanbeopenedfromtheplantdisplayhierarchy. Assignedplantdisplaysareopenedonassignedscreens. Sharingofinformationisfaster:temporaryvisibilityofdisplaysonanotherWorkbench(ThinClient) Sharing of displays is used for plant displays, trend displays, user specific plant displays, overview diagrams, and function diagrams (including also modifications e.g. changed trend configuration, zoom,scrollposition).TheusercansenddisplaycopiesinthesameformattoaselectedWorkbench (ThinClient).
The virtual keyboard can increase flexibility in workplace design; provides input where no HW keyboard can be installed; provides the possibility to input characters and numbers via a pointing device (e.g. mouse). Hardware and virtual keyboard can also be used in parallel. In the editing of plant displays and function, diagrams becomes more comfortable and efficient; Undo/Redo functions make possible to returns to a previous state by undoing or redoing the effects of one or more graphic changes (up to 50). There is the possibility to access the workbench from anywhere in the plant due to automatic roaming (mobile workbench) for local commissioning, diagnostics and maintenance. Operators can define conditions to monitor analog and binary process values:

Temporarythreshold:monitoranalogvalue Analogvaluecomparison:monitordeltaoftwoanalogvalues Binaryvaluecomparison:monitorbinaryvalue Limitviolationsareindicatedbyseparateindicators.


Up to 300 defined alarm conditions can run in a parallel way per Operator Working Place. Comfortable flexible event and operator action monitoring in one display: Virtual alarm printer as logbook for event and operator action monitoring. The logbook, in contrast to the alarm sequence display, combines all of the following event types in chronological order:

Binarysignalsincludingalarms Operatoractions(processoperations)

Piazza L. Da Vinci, 32 20133 Milano Tel. ++39-02 2399.3273 Fax ++39-02 7063.8173

Dept.: www.chem.polimi.it Polimi:: www.polimi.it

Web: www.chem.polimi.it/homes/fmanenti

Email: flavio.manenti@polimi.it Skype: flavio.manenti

POLITECNICO DI MILANO
DIPARTIMENTO DI CHIMICA, MATERIALI E INGEGNERIA CHIMICA " GIULIO NATTA " Ph.D. FLAVIO MANENTI, Assistant Professor of Chemical Engineering
The logbook provides monitoring capabilities. Acknowledgment of alarms is a function of the alarm sequence display. Logbook provides functions for comprehensive event analysis. The analysis mode of the logbook provides the possibility to temporary freeze the display update. Additional filter criteria can be defined to focus on the events to be analyzed:

Tagname Typeofevent ThecontentofthelogbookcanbeexportedtoaCSVfile.


3.7.2 Operations The access to all information available at a glance for reliable plant operation is easy via Point View. It is easy to generate user-specific alarm displays and reports. All the functions needed for plant operations and information access are comprehensively integrated in the T3000 Workbench. Real-time data displays, high-speed and highresolution process graphics, alarm screens and many other views simplify the review and analysis of live and historical process data. T3000 offers an overview of the plant and business status to operators, shift supervisors, maintenance and service personnel to perform their tasks from almost any workplace. The T3000 Workbench is designed to integrate all views for plant operations, modifications, tuning, configuration, diagnostics, and optimization. There is also the possibility to customize displays for consistent, user-friendly and user-specific operation. Every modification can be made easily from anywhere to configure online, change displays and modify settings. Accelerated analysis helps ensure trouble-free plant operation during critical situations. Actually, a quick and comprehensive overview is essential in these cases. T3000 provides a sophisticated alarm system designed to enable operators to control any situation. The alarm information, as well as the way in which it is displayed, can be also customized. The trip report facilitates troubleshooting following a plant incident. Reports can be generated automatically, and can easily be adapted to meet any requirement. Also, these reports can be stored in standard printer format or in a commercial spreadsheet format, such as PDF or CSV format files, for further processing in an office environment or at a later time. In addition, there is the possibility to reconstruct and analyse start-ups, trip events and plant equipment malfunctions. The information can be used for process optimization and improvement of production in alignment with business goals. Applications such as plant management, production planning, expert systems and optimization programs can access the archived data via standard interfaces. 3.7.3 Engineering Plant owners, producers and engineers have to manage a huge amount of project data and plant information. To be competitive in this business, it is essential to increase productivity and to reduce project preparation and maintenance time while minimizing costs. T3000 allows to collect, store and manage information for the whole lifetime of a plant due to its built-in data consistency and integrated engineering concepts. The traditional engineering and design process is characterized by a number of sequential steps to implement the control configuration and create the plant displays it may result in a less flexible and more time consuming approach. T3000 offers an integrated engineering approach for the implementation of control configuration and plant display design. Every process element is represented by a related software component that represents not only the traditional automation functionality, but also functionality for operating and monitoring, alarming, engineering and diagnostics. Integrated engineering assigns the respective application data down to a single process object performing control and display information cohesively. The engineering can be optimized and scheduled according to technological plant process requirements regardless of whether the control logic or the HMI representation is engineered. The engineering process becomes optimized and can be tailored to meet individual business process requirements. Secure and instant changes under any plant condition allow immediate, cost-effective conversion of design, from task definition to implementation. Plant displays and functional diagrams can be switched to Configuration Mode directly from any user interface and can be modified by any user who has the appropriate access rights. Comprehensive checks and logic testing are possible before activating any changes. Changes can be activated immediately, without further mapping, code generation or download procedures. Fast online undo of last configuration changes: When modifying configurations, an image of the previous version is automatically saved in the system. If the new configuration does not work satisfactorily, the previous configuration can be restored with a simple click. This functionality is independent of redundant or non-redundant Automation

Piazza L. Da Vinci, 32 20133 Milano Tel. ++39-02 2399.3273 Fax ++39-02 7063.8173

Dept.: www.chem.polimi.it Polimi:: www.polimi.it

Web: www.chem.polimi.it/homes/fmanenti

Email: flavio.manenti@polimi.it Skype: flavio.manenti

POLITECNICO DI MILANO
DIPARTIMENTO DI CHIMICA, MATERIALI E INGEGNERIA CHIMICA " GIULIO NATTA " Ph.D. FLAVIO MANENTI, Assistant Professor of Chemical Engineering
Server designs. Roll-back provides a significant advantage for maintenance and service of the system without the need for processor swap / switch-over. Faster and easier changes, even for large data volumes: A list interface is provided for processing large amounts of configuration data. Simple selection, sorting or handling instructions are executed by this integrated interface. For complex operations, the selected data scope can be exported and processed by conventional methods (e.g., MSEXCEL) and then re-imported into T3000. 3.7.4 Diagnostic T3000 is designed to provide integral, continuous monitoring of system components and equipment. Status overviews are generated of each component in the Diagnostics View. Troubleshooting and reports used for preventive maintenance can help reduce system downtime, optimize the repair and maintenance processes and reduce operation costs. Relevant diagnostics information can be transmitted to the unit (and to the enterprise level) and can be used to create or optimize maintenance strategies. Embedded Component Services is the object-oriented basis for the Diagnostic system. The data (diagnostics, archive, etc.) is merely an instance of the object, without any administration, configuration or engineering effort. Navigation is seamless and data integrity is enabled, thus making it easy to use. Quick and easy fault analysis can support higher system availability T3000 self-diagnostic features and intuitive representation can enable plant personnel to quickly determine where a problem has occurred. With contextsensitive online help, the user is guided and supported when he/she is resolving any problem. Fault detection and maintenance efforts can be minimized. The T3000 Diagnostic system supports the user with information collected from different components within the T3000 system for:

Investigationsoffailureconditionsincasesofdisturbancesinthesystem Statusinformationondemand Maintenancepurposes T3000SystemSoftwareadministrationpurposes


The diagnostic mechanisms can be divided into:

Eventdrivendiagnostics:importanteventsarereportedautomaticallybythediagnosticsystem.The eventdriven diagnosticleadstoveryfastfaultdetection,butitalsogeneratesthehighestsystem load.EventdrivendiagnosticismainlyusedforI&Cfaultdetection. Dialog driven diagnostic: the dialog driven diagnostic enables the user to access components by selection.Informationaboutsystemconfigurationandreleasescanbereported.Thesereportscan supportdetailedinspectionsonfaultsreportedbytheeventdrivendiagnostic.Furthermore,trace functionalityisavailabletosupervisethedatainsideandbetweenthedifferentcomponents.
The T3000 Diagnostic System handles the following main functions:

FaultAnalysis.Itprovides: AutomaticdetectionandreportingofDCSfaultsforfaulttracking Processingofthedetectedfaultswithcompressedrepresentationingraphicalform UserguidancetotheoriginofthefaultbydevicestructureorbyselectionofI&CAlarms Displayofthedetectedcomponentsingraphicalandtextualrepresentation DisplayofStatusInformation: Theinformationisshowninagraphicalmannerbyusingthetopology,thehierarchicalstructure andtheconfigurationofthecompleteControlSystem Displayoftherackdispositionandthehardwareandsoftwarereleases

Piazza L. Da Vinci, 32 20133 Milano Tel. ++39-02 2399.3273 Fax ++39-02 7063.8173

Dept.: www.chem.polimi.it Polimi:: www.polimi.it

Web: www.chem.polimi.it/homes/fmanenti

Email: flavio.manenti@polimi.it Skype: flavio.manenti

POLITECNICO DI MILANO
DIPARTIMENTO DI CHIMICA, MATERIALI E INGEGNERIA CHIMICA " GIULIO NATTA " Ph.D. FLAVIO MANENTI, Assistant Professor of Chemical Engineering Onlinedocumentation UsageofSystemresources Conditionofwearandtearparts StateReport: Displayslistsofcomponentspecificinformation Overviewofsystemstatuslikeforcedsignalsandavailabilitydowntosingledevices.
3.7.5 Archive / Historian Archived data can be defined individually and clearly presented in one report for comfortable analysis. The definition and generation of reports with graphical trends (up to 10 signals) and table-oriented data is possible. 3.7.6 Synchronization A good DCS system should keep information always available for any kind of application or service that requires it. The common DCS architecture is based on data duplication on different machines running for different application. In this case conflicts are possible on time stamping and consequently on synchronization, validation and consistency of large data processing. These problems are strongly perceived inside complex and large automation systems. The single application server of T3000 overcomes this problem. The GPS Satellite Clock 6842 from Hopf Elektronik is used as the time server for the T3000 system.

3.8 Redundancy
The architecture of the T3000 process control system features a good availability of plant operation even if individual functions have failed. In T3000, the availability is assured by redundancy at different levels.
Thin Clients

Server Products

Technology Server

Application Server

Automation Servers

IO Devices

Piazza L. Da Vinci, 32 20133 Milano Tel. ++39-02 2399.3273 Fax ++39-02 7063.8173
*

Dept.: www.chem.polimi.it Polimi:: www.polimi.it

Web: www.chem.polimi.it/homes/fmanenti

Email: flavio.manenti@polimi.it Skype: flavio.manenti

POLITECNICO DI MILANO
DIPARTIMENTO DI CHIMICA, MATERIALI E INGEGNERIA CHIMICA " GIULIO NATTA " Ph.D. FLAVIO MANENTI, Assistant Professor of Chemical Engineering

Fig.9Applicationserver

Each controller board runs 2 CPUs 3GHz. The distributed redundancy and scalability for the Application Server is possible: the Application Server software runs in a fault tolerant application environment on two servers simultaneously; the scalability is allowed as follows:

Onepairofserverforupto10,000IO Twopairsofserversforupto30,000IO Maximumoftwopairsofserversperunit


Servers can be installed in different locations:
Thin Client

Thin Clients
WEB-Server Projectcontainer Diagnosticcontainer Alarmcontainer PlantDisplay -Server

..
Application Highway

drServer CoServer2 CoServer1 CoServer1


Link 1 GB/s

second drServer CoServer2


Link 1 GB/s

optional:

Server1

Server1

Application Servers

Trend-DisplayServer Java Runtimecontainer Archive-container Report-container OPC-Server OPC-client

Automation Highway

Automation Server

AutomationServer ..

Fig.10Differentlocationsandduplicationforsafeserverredundancy

The automation servers have master-slave redundancy: several increasingly flexible configurations are possible with different redundancy levels from single set-up to completely redundant set-up (Redundant automation server, in case of fail-safe redundant master systems in divided rack with redundancy connection, redundant profibus DP, redundant distributed I/O Interface, redundant failsafe I/O devices 2oo(1oo2D), discrepancy analysis, SIL 1-3, AK6). 3.8.3 Networks A Ringed Automation and Application Highway is available together with ethernet network with fast redundancy switch-over. The diagnostic of ring switch is also possible (if Siemenss switch). Profibus field bus is in redundant configuration.

Piazza L. Da Vinci, 32 20133 Milano Tel. ++39-02 2399.3273 Fax ++39-02 7063.8173

Dept.: www.chem.polimi.it Polimi:: www.polimi.it

Web: www.chem.polimi.it/homes/fmanenti

Email: flavio.manenti@polimi.it Skype: flavio.manenti

POLITECNICO DI MILANO
DIPARTIMENTO DI CHIMICA, MATERIALI E INGEGNERIA CHIMICA " GIULIO NATTA " Ph.D. FLAVIO MANENTI, Assistant Professor of Chemical Engineering
Redundancy Manager (RM) (= OSM) Redundant optical network

10 Mbit/s

100 Mbit/s

Optical Switch Module with 6 interfaces (OSM)

Fig.11Intelligentswitchesandnetworkring

3.8.4 Process Interfaces Interface modules to the I/O devices can be redundant; also the special modules FUM can be redundant.
Completely redundant set-up
S7400FH
ET 200M

PROFIBUS-DP

F-IO ET200M redundant F-IO

Fig.12Completelyredundantprocessinterfaces

3.8.5 DMR, TMR, QMR As far as redundancy is concerned, this term is used within the Siemens documentation as a synonym for duplicate hardware. With reference to CPUs, computers, servers, networks, connections, and cards the available Siemens documentation explains the redundancy feature in terms of having the possibility to install two devices instead of a single one. Actually, the term redundancy is rather more complicate and calls for achieving a higher degree of system integration, which first of all has to address and then solve the arbitration problem. Only in one place, the available documentation suggests the possibility to install a maximum of three redundant Application Servers. Nonetheless, a note specifies that this limited redundancy is only supported if the external BB-System provides redundant signals. The DMR (dual module redundancy) is cited only once and the description does provide neither a significant explanation nor a detailed justification for its implementation. Conversely, TMR and QMR, i.e. triple and quadruple module redundancies, are neither discussed nor available within the DCS domain. Only within the field of PLCs, it is possible to find a reference to a QUADLOG Safety PLC for potentially dangerous applications, such as emergency shutdown, burner management, and fire and gas detection, which is capable of equaling the TMR and QMR solutions in terms of safety certification. Siemens has proposed an alternative approach to redundancy that consist in the Flexible Module Redundancy (FMR), which consists in With FMR you are able to implement individual, fault-tolerant architectures, which are exactly matched to the requirements of the application. Due to the fault-tolerant architecture of FMR, several faults can be tolerated. As shown in the example of a plant with ET 200M distributed I/O system, a mixture of different redundancy levels can be implemented in one application. You can achieve a mix of single, dual and triple redundancy architectures (1oo1, 1oo2, 2oo3). At present, however the available documentation seems to show that FMR has been implemented only in the SIMATIC PCS 7. Once again, the documentation available for the SIMATIC PCS 7 appears to be more detailed and differentiated than the SPPA-T3000 one.

Piazza L. Da Vinci, 32 20133 Milano Tel. ++39-02 2399.3273 Fax ++39-02 7063.8173

Dept.: www.chem.polimi.it Polimi:: www.polimi.it

Web: www.chem.polimi.it/homes/fmanenti

Email: flavio.manenti@polimi.it Skype: flavio.manenti

POLITECNICO DI MILANO
DIPARTIMENTO DI CHIMICA, MATERIALI E INGEGNERIA CHIMICA " GIULIO NATTA " Ph.D. FLAVIO MANENTI, Assistant Professor of Chemical Engineering 3.9 Connectivity
Connectivity is an essential feature of DCS. In a certain sense, connectivity means the possibility of the DCS to use external tools, packages, and add-ons, means the possibility to send to and take from it information via internet and web connections, means the possibility to transfer information via wireless devices. In this context, connectivity is the possibility of the DCS to speak with the external world, being it a software package, a field instrumentation, or a remote client. Thus, connectivity is the possibility to acquire additional information and to share this information even outside its traditional area. On the other hand, this enlarged opportunity to receive and share information unavoidably leads to the need of additional security tools to tackle possible problems in both the directions of input (i.e. viruses coming from external tools and clients) and output (i.e. leaks of sensitive information dealing with the automation, the production, or the economical picture of the plant). The wireless and the web-based connectivity are discussed hereinafter (Paragraphs 1.9.1 and 1.9.2) whereas the OPC connectivity in terms of general directives and of the need to have compatible data is described in a dedicated Paragraph (1.21). 3.9.1 Wireless A WLAN infrastructure could provide local access to I&C components. Wireless infrastructure allows flexible access to T3000 workbench from anywhere in the plant due to automatic roaming. The access is implemented under embedded Cyber Security concept with intrusion detection and prevention. It allows local commissioning, diagnostics and maintenance (e.g. Loop check of wiring, Actor/Sensor diagnostic and configuration, Local manometer feedback after DCS set point change). Other possible area of intervention: Revamping / Expansions, Storage tanks; Utilities: water treatment, Interconnecting lines, Manifolds; Further Alarm Emergency Evidence).

Fig.13Wireless

T3000 R&D is testing Wireless HART certification. For green field project it is expected that 30% of measure could be Wireless with a possible project cost reduction of about 7%. For existing plants it could be usable for monitoring of process variables impossible to reach with cabling solution and for project not financially justifiable with cable solution. To avoid dependence by supplier choices EPC trend is to self organize in order to write technical design specification and related documentation for wireless technology. 3.9.2 Web-based T3000 is the worlds first state of the art Web-Based Control System. It allows intervention on the I&C system by remote working more then simple monitoring. It allows also connecting the process control system with other company management resources.

Piazza L. Da Vinci, 32 20133 Milano Tel. ++39-02 2399.3273 Fax ++39-02 7063.8173

Dept.: www.chem.polimi.it Polimi:: www.polimi.it

Web: www.chem.polimi.it/homes/fmanenti

Email: flavio.manenti@polimi.it Skype: flavio.manenti

POLITECNICO DI MILANO
DIPARTIMENTO DI CHIMICA, MATERIALI E INGEGNERIA CHIMICA " GIULIO NATTA " Ph.D. FLAVIO MANENTI, Assistant Professor of Chemical Engineering
PCS7 as a more traditional platform has a dedicated web server from which is possible to monitor only published DCS pages The PCS7 is a so called web enabled systems. It is not possible the remote working on other application that are on different machines. Looking at security, the possibility to access the T3000 system is always shielded by a double firewall. T3000 has a security-zone architecture. Other security improvements are developed according to the permitted access configuration. For external thin client or external OPC the access follow a secured Virtual Private Network Gateway; for mobile thin client a Wi-Fi Protected Access via dedicated access point Gateway on the control system network. Native solutions for T3000 IT security are:

Router/Firewall Thinclientlocking VPNGateway VPNGatewayWLAN CommunicationbyOPC

Intranet Firewall/ VPN Router

Internet

VPN Tunnel Thin Client Terminal Server Firewall OPC Tunnel Siemens Remote Service

DMZ

HMI level

Application Automation

Fig.14Webbasedarchitecture

The whole architecture of the system is web based following the three tiers standard for web applications. The software applications are written in web native Java language. Visualization and execution are possible via simple web browser.

Piazza L. Da Vinci, 32 20133 Milano Tel. ++39-02 2399.3273 Fax ++39-02 7063.8173

Dept.: www.chem.polimi.it Polimi:: www.polimi.it

Web: www.chem.polimi.it/homes/fmanenti

Email: flavio.manenti@polimi.it Skype: flavio.manenti

POLITECNICO DI MILANO
DIPARTIMENTO DI CHIMICA, MATERIALI E INGEGNERIA CHIMICA " GIULIO NATTA " Ph.D. FLAVIO MANENTI, Assistant Professor of Chemical Engineering
Fig.15Tiersinwebbasedarchitectures

3.10

ESD

An Emergency ShutDown System (ESD) is designed to minimize the consequences of emergency situations, related to typically uncontrolled flooding, escape of hydrocarbons, or outbreak of fire in hydrocarbon carrying areas or areas which may otherwise be hazardous inside a chemical plant (e.g., refinery, oil & gas, hydrocarbon processing units). Traditionally risk analyses have concluded that the ESD system needs a high Safety Integrity Level (SIL), typically SIL 2 or 3. Basically an ESD system consists of field-mounted sensors, valves and trip relays, system logic for processing of incoming signals, alarm and HMI units. The system is able to process input signals and activating outputs in accordance with the cause and effect charts defined for the installation. Typical features of an ESD System are:

shutdownofpartsystemsandequipment; isolatehydrocarboninventories; isolateelectricalequipment; preventescalationofevents; stophydrocarbonflow; depressurize/blowdown; emergency ventilation control (this feature may alternatively belong to the fire/gas detection and protectionsystem.Seealsoparagraph1.13); closewatertightdoorsandfiredoors(thisfeaturemayalternativelybelongtothefire/gasdetection andprotectionsystem.Seealsoparagraph1.13).
Also in this case, the only available documentation on ESD systems refers to the SIMATIC PCS 7 solution, whilst, at our knowledge, neither case-studies nor reference applications or plants are reported on the T3000 side.

3.11

F&G

The Fire and Gas (F&G) systems are design to protect industrial plants from fires and gas dispersions that can lead to accidents such as (U)VCE (Unconfined Vapor Cloud Explosions). These accidents may happen during the extraction, processing and transportation of crude oil and derived hydrocarbon products (either liquid or gaseous). A F&G control system must identify in a reliable way fires and gas dispersions also under adverse conditions such as during a black-out. To limit the negative outcomes, these systems are able to activate some proper countermeasures, such as the extinction of a fire or the ventilation/aspiration of a gas. Therefore, this Safety Integrated System (SIS) must be certified according to safety rules such as EN 54 and NFPA 72. Consequently, the F&G detection system provides early and reliable detection of fire or gas, where such events are likely to occur, alerts personnel and initiates protective actions automatically or manually upon operator activation. Basically the system consists of field mounted detection equipment and manual alarm stations, a system logic unit for processing of incoming signals, alarm and HMI units. Typical features of a F&G System are:

alertpersonnel releasefirefightingsystems emergencyventilationcontrol stopflowofminorhydrocarbonsourcessuchasdieseldistributiontoconsumers isolatelocalelectricalequipment(maybedonebyESD.Seealsoparagraph1.12) initiatingESDandPSDactions isolateelectricalequipment closewatertightdoorsandfiredoors

Piazza L. Da Vinci, 32 20133 Milano Tel. ++39-02 2399.3273 Fax ++39-02 7063.8173

Dept.: www.chem.polimi.it Polimi:: www.polimi.it

Web: www.chem.polimi.it/homes/fmanenti

Email: flavio.manenti@polimi.it Skype: flavio.manenti

POLITECNICO DI MILANO
DIPARTIMENTO DI CHIMICA, MATERIALI E INGEGNERIA CHIMICA " GIULIO NATTA " Ph.D. FLAVIO MANENTI, Assistant Professor of Chemical Engineering
Once again, there is some documentation on F&G systems as far as the SIMATIC PCS 7 is concerned, whilst, at our knowledge, neither case-studies nor reference applications or plants are reported on the T3000 side.

3.12

Alarm Management

The alarm management belongs to the Application Server. Siemens maintains that this solution is independent of hardware and therefore can keep pace with innovations. This solution is valuable since it facilitates both redundancy and scalability. Such an approach is deemed positive and gives and can produce a real advantage with respect to other competitors that adopt a more classic and hardware oriented solution.

3.13

Availability (Redundancy/Modularity/Integrability)

In general is intended that in case of faults, there is no need to stop and replace a general whole unit. Redundancy levels increase system robustness and safety. Test and/or maintenance procedures can be performed on an isolated section of the plant. The architecture down to CPU is common from PCS7 and T3000. For both Siemens DCS platforms the modularity is at good level according to redundancy level and to possibility of swap modules without stop operations. Also test and maintenance procedures on this tier seem possible. Some concern may arise looking at modularity of the main item of T3000 platform: the application server. Also accepting the numerous benefits coming from the new architectural concept regarding this item, since it centralize in one machine all functionalities, it can look as a weak point of the systems since the modularity could seem inferior respect to traditional DCS architecture, especially in the oil refinery field, characterized by strong inertia with respect to hardware innovations. Due to the strategic position of the application server inside the whole T3000 platform, it represents the main point of intervention to improve the whole system availability. Operation that needs the switching off of this item, probably possible only during a planned unit shutdown, it have to be looked as a field of improvement of the system (see as possible unconfirmed example the insertion of new CPU inside automation highway) because its possible impact. Due to the possibility for T3000 to interchange thin clients and to resort at very robust and reliable fault tolerant server Stratus as application server the availability of the whole system improves up to 99,999 respect to the needs of different machines with specific critical (HMI, Alarm management, Event management, process control of critical plant units) or not critical function (Trend, Historian, Diagnostic, ERP communication, process control of not critical plant units ) typical of traditional architecture. In the traditional DCS architecture the watchdog system related to the hot swap of redundant servers is often considered a true further source of fault. Summarizing these considerations on the integrated structure of T3000, we can say that it has a simplified structure, an improved reliability and it is easier to control and manage. In the T3000 platform, complete integration of all subsystems generates minimal system architecture reducing components and internal interfaces, less administration efforts, and, probably, reduced costs.

3.14

Scalability

This feature allows upgrading the plant units with a certain number of signals without particular impacts on the system. Modern production plants evolve in a competitive landscape with increasing environmental constrains. For such reason they continually need investment to survive aimed to keep technologically updated all the plants. With this point of view scalability is an extremely important feature to reduce time and cost impact of this plant change. Siemens DCS allow use of distributed I/O that can improve possibility to scale-up plants, reducing space occupation inside marshalling cabinets into the technical room (instead of undesired building revamping ...). The possible of reducing multi-cables is a further benefit to scalability following use of optical fiber to carry signals out of remote I/O. ET200M can manage up to 12 I/O modules. Siemens offers an in-build redundant CPU giving the possibility to have more available space on racks and within the marshalling. Siemens CPU can be used for extended CPU tasks (managing of information related to I/O placed on different racks). For reason related to O&M and safety CPU usually manages information related to certain plant unit (look at Number of I/O per CPU). For such reason they are often intrinsically scalable.

Piazza L. Da Vinci, 32 20133 Milano Tel. ++39-02 2399.3273 Fax ++39-02 7063.8173

Dept.: www.chem.polimi.it Polimi:: www.polimi.it

Web: www.chem.polimi.it/homes/fmanenti

Email: flavio.manenti@polimi.it Skype: flavio.manenti

POLITECNICO DI MILANO
DIPARTIMENTO DI CHIMICA, MATERIALI E INGEGNERIA CHIMICA " GIULIO NATTA " Ph.D. FLAVIO MANENTI, Assistant Professor of Chemical Engineering
From server point of view In T3000 is possible to run application software on different fault tolerant application servers simultaneously (distance up to 100m), to use more server for different units with performance benefit (up to 60 CPU per unit; up to 35 clients per unit, up to 40000 HW I/O and 10000 SW I/O per unit). Client/Operator stations are easily increasable according to other HW. T3000 licenses regard I/O number with respect to PCS7 where licenses are related to any application.

3.15

Flexibility

Flexibility is the capacity to adapt to future plant configuration changes. Possible future revampings usually lead to an additional set of I/Os and connected set of CPUs. Other then simple scalability of the system is necessary to consider to connect that CPU to SCADA. In PCS7 and traditional DCS this connection has to be implemented from CPU to different servers, in T3000 only to the application server. Hence, engineering should be faster. On the other hand, a revamping need the development of new graphics and eventually of new macros often tailored to customer specific requirements and T3000 customization looks like a heavier process. The platform is not so open to usual system integrator, there would be need of personnel with more specific competences; only in the last release it is possible to use a prototype editor to accelerate customization, to create and to edit user-defined pictograms and faceplates starting from existing symbols/object. PCS7 allows the use of different application (HW configuration S7 like; WinCC). PCS7 allow an easier customization but need more work, T3000 requires more expertise (Java, Macro, template, Object Oriented Programming, ...) but it is quick to configure. In PCS7, it is possible to build symbols and link it to a variable, whereas T3000 needs a different procedure (object-oriented approach). From the HW point of view, both the DCS allow management of different modules in the same CPU and allow management of different communication protocol. According to Siemens material, PCS7 seems to have the possibility to manage different I/O cards, whereas T3000 that could manage directly only ET200M. Flexibility is good also looking at the wide possibilities to connect to external application via OPC or for T3000 via Technological Server. The Technological Server used in T3000 gives the opportunities to implement add-on packages. The benefit is that it need to be processed and developed inside Siemens software (it could mean to develop in house add-on or to establish some agreement with ready to market external solutions). A possible stiffness is in regarding the impossibility of using and managing wireless field signals.

3.16

Service, Maintenance, follow-up

Prompt answers are always needed in service, maintenance, and follow-up operations. T3000 is conceived to extend as possible the use of standard HW components and to allow easy plug-out/plug-in substitution. New and old HW can operate in parallel. It is reduced the spare part variety and is easier to maintain. JAVA XML HW independent software design allow for easy HW and OS maintenance. T3000 introduces a new concept of never goes obsolete modernization of plant by service contract skipping complete modernization reducing related costs. T3000 allows decentralized remote control and maintenance. Conversely, PCS7 allow monitoring but not remote controlling. Siemens has specific tools for performance monitoring (KPI) and for planning of interventions in a predictive way to shorten lead-time and improve the intrinsic safety. Ongoing activities have to be developed to evaluate Prompt Availability, base location of service engineers, time of intervention for PCS7 and T3000 in case of different required services (in certain situation, it could be required intervention of experts from Germany). Considering some external sources, Siemens demonstrated lacks in service quality and it should be necessary to build up a more convincing service structure, and/or implement some specific training campaign for people inside the refinery team that could be ready to interact.

3.17 Capability of acceptance and management of proprietary and third party add-ons (integrability)
The OPC protocol allows exchanging data in input and output between the DCS (T3000) and other third-party applications. The advantage of the OPC protocol is that it has been originally proposed by Microsoft but it is not

Piazza L. Da Vinci, 32 20133 Milano Tel. ++39-02 2399.3273 Fax ++39-02 7063.8173

Dept.: www.chem.polimi.it Polimi:: www.polimi.it

Web: www.chem.polimi.it/homes/fmanenti

Email: flavio.manenti@polimi.it Skype: flavio.manenti

POLITECNICO DI MILANO
DIPARTIMENTO DI CHIMICA, MATERIALI E INGEGNERIA CHIMICA " GIULIO NATTA " Ph.D. FLAVIO MANENTI, Assistant Professor of Chemical Engineering
proprietary. Conversely, it is an open protocol and practically all the major DCS vendors have adopted this solution. Actually, there are thousands of OPC servers available on the market. The main features of an OPC client are:

Master OnlytalkstoOPCservers Createsdemand,doesnotfulfillit


The main features of an OPC server are:

Slave Actsasadatasource OnlyrespondstoOPCClientrequests Fulfillsdemand,doesnotcreateit


The main advantage of OPC is that it is a well established and recognized protocol in the process industry, which is based on a server-client approach that allows integrating and connecting programs and tools developed by third parties with a rather negligible effort and without the need for Siemens of modifying the source code of the solution to be implemented and linked to the DCS. For this reason the OPC solution allows integrating in principle any third party solutions. Matrikon is the de facto main supplier of OPC products and is the worlds leading provider of open data connectivity products for industrial application. Also Siemens has adopted the Matrikon solution for its OPC server. In June 2010, Honeywell acquired Matrikon (for US$ 142 million). At present, Matrikon is undergoing reorganization as a division of Honeywell Process Solutions. However, there should not be any threats for the update and development of new solutions in the field of OPC servers in the future, since Matrikon has been, up to now, practically the only OPC solution provider for all the PLC and DCS vendors and therefore Matrikons main core business comes really from the commercialization of OPC solutions. The T3000 architecture is quite robust and safe in terms of connections with both Intranets and Internet. This is achieved by means of a Firewall/VPN router and by VPN tunneling. Also the possibly-weak OPC protocol is actually quite safe through the tunneling approach that appears to be strong enough in terms of cyber security. In addition, the Terminal Server works outside the firewall domain (i.e. inside the demilitarized zone). The integration of third party solutions and tools may be implemented by means of either OPC protocol or by the proprietary Siemens Technological Server. The differences from OPC and Technological Server (SIMIT SIMBAPRO/OTS) have been analyzed.

3.18

Availability of ancillary software

Siemens has several packages that can be fully integrated on its DCS systems such as SIMIT for process simulation, P3000 for process optimization, M3000 for MES and enterprise resource planning purposes, and D3000 for diagnostics to quote a few. Since there are no significant differences between PCS7 and T3000 about ancillary software and their implementation/application, a detailed discussion on a wide set of software can be found in Paragraph Errore. L'origine riferimento non stata trovata. dealing with the differences between the power generation field and the oil refinery field. In fact, if ancillary software does not change according to what kind of DCS is selected, its requirements and scopes can dramatically change if we look at the technological differences between power and oil refinery fields, at what the market is asking for, and at the final customer expectations between these fields. Thus, the present discussion is largely deepened in Paragraph Errore. L'origine riferimento non stata trovata. where the most important applications and the scopes of each related tools are not only discussed, but also compared between the two worlds of power and oil refinery. To quote an example, SIMIT is the process simulator developed and proposed by Siemens for both the solutions PCS-7 and T3000. SIMIT is a well established tool in the power generation field, but it has certain shortcomings if one would use it in the oil refinery field. Actually, SIMIT contains models for tanks, pumps, valves and few other units and this is good to simulate a power plant. Conversely, a traditional refinery involves tens and tens of process units that could be significantly different and SIMIT cannot be used for oil refinery simulation as it is currently conceived. Also, SIMIT has not thermodynamic libraries, whereas a refinery tool needs different sets of equations of state; there are not component and property libraries, whereas refinery simulators require many predefined

Piazza L. Da Vinci, 32 20133 Milano Tel. ++39-02 2399.3273 Fax ++39-02 7063.8173

Dept.: www.chem.polimi.it Polimi:: www.polimi.it

Web: www.chem.polimi.it/homes/fmanenti

Email: flavio.manenti@polimi.it Skype: flavio.manenti

POLITECNICO DI MILANO
DIPARTIMENTO DI CHIMICA, MATERIALI E INGEGNERIA CHIMICA " GIULIO NATTA " Ph.D. FLAVIO MANENTI, Assistant Professor of Chemical Engineering
components and the possibility to custom additional components. All these points are detailed in Paragraph Errore. L'origine riferimento non stata trovata.. Ancillary software and tools investigated in Paragraph Errore. L'origine riferimento non stata trovata. deal with steady-state and dynamic process simulators, operator training simulators, performance monitoring tools, key

Piazza L. Da Vinci, 32 20133 Milano Tel. ++39-02 2399.3273 Fax ++39-02 7063.8173

Dept.: www.chem.polimi.it Polimi:: www.polimi.it

Web: www.chem.polimi.it/homes/fmanenti

Email: flavio.manenti@polimi.it Skype: flavio.manenti

POLITECNICO DI MILANO
DIPARTIMENTO DI CHIMICA, MATERIALI E INGEGNERIA CHIMICA " GIULIO NATTA " Ph.D. FLAVIO MANENTI, Assistant Professor of Chemical Engineering

3.19

QUOTED REFERENCES

[1] Signor, S., F. Manenti, M.G. Grottoli, P. Fabbri and S. Pierucci, Sulfur Recovery Units: Adaptive Simulation and Model Validation on an Industrial Plant. Industrial & Engineering Chemistry Research, 2010. 49(12): p. 5714-5724. [2] Manenti, F., From reacting to predicting technologies: A novel performance monitoring technique based on detailed dynamic models. Chemical Product and Process Modeling, 2009. 4(2). [3] Prett, D.M. and R.D. Gillette, Optimization and constrained multivariable control of a catalytic cracking unit. Proceedings of the Joint Automatic Control Conference, 1980. [4] Cutler, C.R. and B.L. Ramaker, Dynamic matrix control - A computer control algorithm. Proceedings of the Joint Automatic Control Conference, 1980. [5] Qin, S.J. and T.A. Badgwell, A survey of industrial model predictive control technology. Control Engineering Practice, 2003. 11(7): p. 733-764. [6] Bauer, M. and I.K. Craig, Economic Assessment of Advanced Process Control - A Survey and Framework. Journal of Process Control, 2008. 18: p. 2-18. [7] Santos, L.O., P. Afonso, J. Castro, N.M.C. Oliveira and L.T. Biegler, On-line implementation of nonlinear MPC: an experimental case study. Control Engineering Practice, 2001. 9(8): p. 847-857. [8] Dones, I., F. Manenti, H.A. Preisig and G. Buzzi-Ferraris, Nonlinear Model Predictive Control: a SelfAdaptive Approach. Industrial & Engineering Chemistry Research, 2010. 49(10): p. 4782-4791. [9] Vettenranta, J., S. Smeds, K. Yli-Opas, M. Sourander, V. Vanhamaki, K. Aaljoki, S. Bergman and M. Ojala, Dynamic Real Time Optimization Increases Ethylene Plant Profits. Hydrocarbon Processing, 2006. 10: p. 5966. [10] Manenti, F. and M. Rovaglio, Integrated multilevel optimization in large-scale poly(ethylene terephthalate) plants. Industrial & Engineering Chemistry Research, 2008. 47(1): p. 92-104.

Piazza L. Da Vinci, 32 20133 Milano Tel. ++39-02 2399.3273 Fax ++39-02 7063.8173

Dept.: www.chem.polimi.it Polimi:: www.polimi.it

Web: www.chem.polimi.it/homes/fmanenti

Email: flavio.manenti@polimi.it Skype: flavio.manenti