Documente Academic
Documente Profesional
Documente Cultură
Operation,
System Build,
Configuration,
Programming,
Troubleshooting,
& Maintenance
Disclaimer
It is not intended that the information in this publication covers every possible detail about
the construction, operation, or maintenance of a control system installation. You should
refer to your own (or supplied) system safety manual, installation instructions and
operator/maintenance manuals.
Documentation Feedback
Your comments will help us to serve your documentation needs better. If you discover any
errors or have any suggestions on how to improve this publication send your comments to
our product support group: icstsupport@ra.rockwell.com
Warning
Radio Frequency Interference
Most electronic equipment is influenced by radio frequency interference (RFI). Caution
should be exercised with regard to the use of portable communications equipment around
such equipment. Signs should be posted in the vicinity of the equipment cautioning against
the use of portable communications equipment.
Maintenance
Maintenance must be performed only by qualified personnel. Otherwise personal injury or
death, or damage to the system may result.
Company Background
ICS Triplex has been manufacturing and supplying safety critical shutdown and control
systems since 1969.
The Regent Triple Modular Redundant (TMR) system was introduced in 1986. It
incorporated Hardware-Implemented Fault Tolerance (HIFT). The Regent system has been
field-proven in hundreds of installation world-wide.
The Regent + Plus product family was introduced in 1995 and provided additional features
and lower cost to the marketplace.
The Trusted TMR system was introduced in 1997. The Trusted system is compatible with
legacy Regent and Regent + Plus systems allowing a direct migration path for existing
systems.
AADvance was released in 2008. AADvance is a flexible and scalable system designed to
enhance Trusted, not replace it. AADvance components can be configured as simplex, dual
or triplicated. Systems may be small and standalone, or large and distributed.
Applicability
This Training Manual applies to release 1.3.
Table of Contents
Issue Record
Issue
Date
Comments
1.6
June 2011
1.7
July 2012
Table of Contents
Chapter 1: Introduction
Course Goals .................................................................................................................... 1-1
Who This Course is Intended For .................................................................................... 1-2
Recommended Prerequisites ............................................................................................ 1-2
Course Length .................................................................................................................. 1-2
Table of Contents
Table of Contents
Appendix 2: Glossary
Purpose .......................................................................................................................... A2-1
Objectives...................................................................................................................... A2-1
Glossary ........................................................................................................................ A2-2
Table of Contents
10
Chapter 1
Introduction
Course Goals
To teach users of the AADvance system:
Introduction
Recommended Prerequisites
Course Length
4 days
The majority of the course is hands-on. Students implement
working solutions using actual hardware and software.
1-2
Chapter 2
System Overview
Purpose
To provide an overview of the AADvance system and its
components.
Objectives
System Overview
Features
The main features of AADvance are:
2-2
System Overview
2-3
48 simplex
modules, 24 dual,
or 16 triplicated.
There can be a mix
within a system.
2-4
System Overview
2-5
Flexible Configurations
The AADvance system is flexible and scalable. Configurations
range from non-redundant fail safe to triplicated fault tolerant.
Individual modules are designed as fail safe. Redundant
modules are implemented for fault tolerance.
Processor Modules
A single processor module meets SIL 2 requirements.
Redundant processor modules (two or more) meet SIL 3
requirements. High demand applications also require the use of
redundant processor modules.
Input Modules
Individual input modules meet SIL 3 requirements. Redundant
modules are implemented for fault tolerance.
Output Modules
Individual output modules meet SIL 2 requirements in a
normally de-energized application and SIL 3 requirements in a
normally energized application. Redundant (dual) modules meet
SIL 3 requirements in a normally de-energized application and
provide fault tolerance in a normally energized application.
Triplicated output
modules are not
necessary and are
not supported.
2-6
System Overview
2-7
2-8
Dual Architecture
Redundant I/O modules provide fault tolerance. Duplicated
output modules also meet SIL3 requirements for energise to trip
outputs.
Input modules will degrade to 1oo1D (fail safe configuration)
on the first detected fail danger fault with no time limit to
repair.
Processor modules will degrade to 1oo1D on a module fault and
must be replaced within the MTTR (Mean Time To Repair)
assumed in the PFD (Probability of Failure on Demand)
calculations in order to maintain the SIL 3 rating.
A failed output module used for a SIL3 energise to trip must be
replaced within the MTTR assumed in the PFD calculations.
There is no time limit in normally energized applications.
This configuration is also known as 1oo2D.
Termination
assemblies can
span across I/O
base units.
System Overview
2-9
2-10
Mixed Architecture
There can be a mixture of architectures and SILs within one
system. Figure 2-7 shows non-redundant and dual I/O
configurations with dual processors. Triplicated inputs and/or
processors may also be included.
System Overview
2-11
Distributed Architecture
It is possible to locate I/O modules in separate systems and link
the data using a network connection certified for safety
applications. The systems share variables using bindings, as
covered in Chapter 10.
2-12
System Overview
2-13
Chapter 3
System Components
Purpose
To provide an overview of the AADvance system and its
components.
Objectives
System Components
3-1
System Components
Hardware
The current release of AADvance consists of a 9110 processor
module, 9401 & 9402 24V isolated digital input modules (8 &
16 channel), 9431 & 9432 4 20mA isolated analog input
modules (8 & 16 channel), 9451 24V digital output module and
9481 & 9482 isolated analog output modules (3 & 8 channel).
Other components required to complete the systems are a 9100
processor base unit, 9300 I/O base units for connecting the I/O
modules to the processor, 9310 bus extension cable and
termination assemblies for connecting the I/O modules to field
devices.
The hardware is modular. A processor base unit supports up to
three processor modules. I/O base units support up to three I/O
modules. I/O base units mate directly with the processor base
unit and other I/O base units. I/O base units provide the intermodule communications buses and route power from the
processor base unit to the I/O modules. The system becomes
one interconnected mechanical and electrical assembly once
assembled.
Item
Description
Ethernet Connection
Software
AADvance can be a distributed system where each node
(referred to as a configuration) has at least a single processor
module and its associated I/O. Each node is a stand alone
system configured using IEC 61131-3 languages. Data may
easily be transferred between nodes using bindings. Programs
may be simulated offline for testing. AADvance runs a certified
for safety operating system.
System Components
3-3
Processor Module
The 9110 processor module communicates with the network,
handles I/O scanning and solves application logic. It
incorporates the following features:
Rated for applications up to SIL
2 (non-redundant) and SIL 3
(dual & triple)
IEC 61508 certified
Handles full range of IEC
61131-3 languages
Application processor,
communications co-processor
and math co-processor
Two Ethernet and two serial
ports (RS485) per processor
MODBUS, CIP and AADvance
safety network protocols
Built in diagnostic testing and
independent watchdog
Removal and replacement
without system interruption in
dual or triple configurations
System self-discovery at startup
3-4
Battery
A replaceable battery is used to retain
the following during a power loss:
Figure 3-3:
Processor Battery
1)
2)
3)
System Components
3-5
LEDs
There are 10 LEDs on the front of the module. The meaning of
each LED is described in Table 3-2.
Indicator
Healthy
Ready
Run
System
Healthy
Force
AUX
3-6
Status
Description
Provides an indication of the modules fault and power status
Off
No power
Green
Module online with no fault
Red
Power up / reset in progress; module fault or unlocked; module
offline
Provides an indication of the modules education and synchronization status
Off
No power
Flashing Green
Education and/or synchronization in progress
Green
Processor educated and synchronized with partner(s)
Amber
Module is in the Recovery Mode
Red
Processor not educated or synchronized with partner(s)
Provides an indication of the modules resource status. Should be the same for all
educated and synchronized processors.
Off
No power
Green
Resource present and running
Amber
Resource present but not running, or module is in the Recovery
Mode
Red
Resource not present; module not educated or synchronized
Provides an indication of the global health of the system. Will be the same for all
educated and synchronized processors.
Off
No power
Green
No system or module fault(s) reported
Red
A system or module has a fault(s)
Provides an indication whether any variables are being locked/forced in the system.
Should be the same for all educated and synchronized processors.
Off
No power
Green
No variables locked/forced
Amber
At least one variable locked/forced, or or module is in the Recovery
Mode
Any
Under user control
Amber
Under user control or module is in the Recovery Mode
Serial 1 & 2
Ethernet 1 & 2
System Components
3-7
3-8
Module power is
connected to the
processor base unit
and connects
through the I/O
base units to power
all I/O modules.
Lettering
Description
E1-1, E1-2
E2-1, E2-2
E3-1,E3-3
S1-1, S1-2
S2-1, S2-2
S3-1, S3-2
FLT
KEY
Earth Symbol
Ground Connection
System Components
3-9
3-10
Indicator
Healthy
Ready
Run
Channel
Status
Description
Provides an indication of the modules general status
Off
No power
Green
Module online with no fault
Red
Module online with fault(s)
Provides an indication of the modules ability to report values to a running resource
Off
No power or unlocked
Green
Module locked and ready to report channel values
Red
Module locked but not ready to report channel values
Provides an indication that the module is reporting channel values to a running resource
Off
No power or unlocked
Green
Module reporting channel values
Red
Module not reporting channel values
Amber
Manual intervention (i.e., pressing the processor reset button) is
required before values can be reported
Provides the status of each input channel
Off
Channel is off (switch open)/de-energized or when RUN is not GREEN
Green
Channel is on (switch closed)
Amber
Field fault (open circuit or short circuit)
Red
Channel fault
System Components
3-11
0 to 3.8mA
>22.0mA
3-12
Indicator
Healthy
Ready
Run
Channel
Status
Description
Provides an indication of the modules general status
Off
No power
Green
Module online with no fault
Red
Module online with fault(s)
Provides an indication of the modules ability to report values to a running resource
Off
No power or unlocked
Green
Module locked and ready to report channel values
Red
Module locked and not ready to report channel values
Provides an indication that the module is reporting channel values to a running resource
Off
No power or unlocked
Green
Module reporting channel values
Red
Module not reporting channel values
Amber
Manual intervention (i.e., pressing the processor reset button) is
required before values can be reported
Provides the status of each input channel
Off
RUN is not Green
Green
Channel input is within normal range
Amber
Field fault (transmitter fault, open circuit, short circuit)
Red
Channel fault
System Components
3-13
3-14
Indicator
Healthy
Ready
Run
Channel
Status
Description
Provides an indication of the modules general status
Off
No power
Green
Module online with no fault
Red
Module online with fault(s)
Provides an indication of the modules ability to report values to a running resource
Off
No power or unlocked
Green
Module locked and ready to report values
Red
Module locked but not ready to report values
Provides an indication that the module is reporting channel values to a running resource
Off
No power or unlocked
Green
Module is being driven and reporting channel values
Red
Module is not being driven and not reporting channel values
Amber
Manual intervention (i.e., pressing the processor reset button) is
required before the module can be driven and report channel values
Provides the status of each output channel
Off
Channel is off/de-energized or when RUN is not GREEN
Green
Channel is on/energized
Amber
Field fault
Red
Channel fault
System Components
3-15
The 9300 I/O module base unit connects the processor to I/O
modules. You can install up to three modules on a base unit.
Termination
assemblies can
span across base
units.
3-16
The base unit will also allow you to fit the same number of
termination assemblies in different combinations. For, example,
you can fit three simplex termination assemblies; or one dual
and one simplex together, or one triple termination assembly.
The combination will depend entirely on your required
configuration.
System Components
3-17
3-18
System Components
3-19
3-20
System Components
3-21
3-22
System Components
3-23
3-24
System Components
3-25
3-26
System Components
3-27
3-28
System Components
3-29
3-30
System Components
3-31
Chapter 4
System Build
Purpose
To summarize how to assemble an AADvance system.
Objectives
System Build
4-1
System Build
Note: This chapter is a condensed version of the AADvance
System Build Manual, which system integrators are
highly encouraged to read.
AADvance is a modular system. Base units snap together using
mating connectors and retaining clips.
The base units provide the interconnections for module power,
processor and I/O data. Once connected, the base units form a
single mechanical assembly.
The insertion and removal of modules will not disturb the
electrical connections with field devices.
AADvance modules are suitable for wall mounting or for
installation within an enclosure. The system is designed to meet
its electromagnetic compatibility criteria without further
protection from an enclosure.
AADvance can be panel or DIN rail mounted (using TS35
35mm x 7.5mm standard symmetric rails).
Use the following steps to assemble a system.
1) Mount a processor base unit
2) Mount the I/O base units
3) Mount termination assemblies
4) Mount I/O expansion cables (optional)
5) Wire the field connections
6) Connect power and ground
7) Mount the processor and I/O modules
8) Ensure adequate power and heat dissipation
4-2
Environmental Limits
The design of each installation must ensure that the operating
environment is within the tolerances of the equipment.
Consideration must be given to proper control of:
Temperature
Humidity
Vibration and shock
EMI / RFI
Temperature
Operating temperature: -20 to 70C (-4 to 158F)
Note: Processors limited to 60C (140F)
Storage & transport temperature: -40 to 70C (-40 to 158F)
Humidity
The system is designed to operate in the range of 10 to 95%
relative humidity, non-condensing. It is important to avoid
changes of humidity and temperature that could produce
condensation. Condensation on any type of electrical equipment
can result in equipment failures or improper operation.
Vibration and shock
The modules are designed to withstand a 15g peak shock and
vibration to 0.5g sinusoidal sweep between 10Hz to 150Hz.
Care must be taken to isolate the system from any sources of
extreme mechanical shock or vibration.
EMI / RFI
The modules have been designed to meet the requirements of
EN500081/82 and EN55011/55022.
System Build
4-3
Dimensions (H x W x D)
233 x 126 x 18 mm
(9- x 5 x in)
166 x 42 x 118 mm
(6- x 1- x 4- in)
4-4
Weight g (oz)
460 (16)
133 (5)
430 (15)
280 (10)
340 (12)
280 (10)
340 (12)
340 (12)
290 (10.5)
133 (5)
260 (10)
360 (13)
40 (1)
50 (2)
670 (24)
Varies
System Build
4-5
Free Space
The system requires a free space at least 140mm deep (from
front to back) between the rear panel of an enclosure and the
inside of an enclosure door.
Allow sufficient free space around the base units. Every
application needs space on at least three sides, as follows:
4-6
System Build
4-7
1) Mount a 9300 I/O base unit onto the DIN rail and slide it
towards the 9100 processor base unit.
2) Ensure the joining connectors are fully mated.
3) Secure the base unit by pushing the bottom retaining
lever as far to the left as it will go until it latches in the
locked position.
4) Insert the plastic retaining clips into the top and the
bottom slots.
Note: Base plates mounted flush on a panel wall will need to
be connected before mounting.
4-8
System Build
4-9
4-10
System Build
4-11
4-12
System Build
4-13
Module Power
Power supplies should be installed in a position where the 24V
dc supply wiring can be kept reasonably short. Figure 4-9
shows an arrangement with one power supply unit for a nonredundant, fail safe controller.
4-14
Field devices
require an
additional source of
power.
High Availability
I/O (1715) use the
same hardware but
ratings are different
these are
calculated as worst
case using different
methods.
Power Requirement
8W
3.3 W
4.0 W
3.3 W
4.0 W
3.0 W
3.6 W
Varies
System Build
4-15
Power is distributed
to the I/O modules
through the base
units.
4-16
Wiring Attribute
Conductor cross section,
stranded maximum
Conductor cross section,
solid maximum
Stripping length
Size
2.5 mm (12 AWG)
2
System Build
4-17
Grounding
AADvance systems may have up to three separate ground
systems:
4-18
Security Dongle
The system uses a dongle to control security. The dongle must
be connected in order to download programs, make online
changes, or perform locking (forcing). The dongle is supplied
with the processor base unit.
System Build
4-19
Serial Connections
Each processor has two serial RS485 connections. The system
supports both 2 wire (half duplex) and 4 wire (full duplex)
configurations, with multi-drop supported in both
configurations.
The terminal blocks
can be removed for
easy access.
The pin-outs for the six serial connections on the processor base
unit are shown in Figure 4-17 and Table 4-6.
'Receive' and
'transmit') are with
respect to the
processor base unit.
Terminal
Function (4 wire)
TRX A
Receive data A
(inverting)
TRX B
Receive data B
(non-inverting)
0V
Instrument ground
TX A
Transmit data B
(non-inverting)
TX B
Transmit data A
(inverting)
Function (2 wire)
Transmit/receive data A
(inverting)
Transmit/receive data B
(non-inverting)
Instrument ground
Not used
Not used
4-20
Field Power
Field devices require an external source of power. This may be
the power source used for the controller or a separate power
source, depending on the application.
Each input circuit should be fused. Each output module group
(e.g., a module pair) should also have the field power fused. For
a typical system, it is recommended that you provide a single
breaker on the output of the field power source, followed by one
or more fused terminals.
System Build
4-21
Size
1.5 mm (16 AWG)
2
4-22
Digital Inputs
System Build
4-23
Note: Please refer to the System Build manual for more details
on normally de-energized inputs, recommended resistor
values and input voltage threshold settings, etc.
4-24
Analog Inputs
System Build
4-25
4-26
System Build
4-27
Digital Outputs
4-28
System Build
4-29
Cable Management
The field, power and other system wiring will be connected to
terminals along the top of the base units. It is recommended a
length of trunking be located above each set of base units for
cable management.
4-30
System Build
4-31
Module Polarization
Module polarization prevents the wrong module from being
inserted into the wrong base unit. Modules are supplied with
plugs already fitted, as shown in Figure 4-30.
Termination
assemblies are
supplied with the
pins already
inserted.
The legend for the polarization pins is shown in the lower left of
the processor base unit and on each I/O termination assembly,
as shown in Figure 4-31. The positions are numbered 1 through
6. The three pins are lettered A, B and C with A being on the
top. Each pin, shown in Figure 4-32, is fitted in the base unit so
that the index recess is next to the relevant numbered position
shown in Table 4-8, as shown in Figures 4-32 and 33.
Module
9110 Processor module
9401 Digital input module
9402 Digital input module
9431 Analog Input module
9432 Analog Input module
9451 Digital output module
9481 Digital output module
9482 Digital output module
Pin A
1
2
2
2
2
3
3
3
Pin B
1
1
1
1
1
1
1
1
Pin C
1
1
1
3
3
1
2
2
Figure 4-33 shows the pins inserted for a 9401 digital input
module and TAs.
T9801/2/3 TA
T9401
TA
System Build
4-33
4-34
System Build
4-35
Heat Dissipation
AADvance is designed to operate without forced air cooling.
Ensure that adequate ventilation is provided. Ambient
temperature within an enclosure should not exceed 60C
(140F), unless the enclosure does not contain the processors, in
which case the limit is 70C (158F).
Base plates and
modules must be
mounted vertically
to allow proper air
circulation through
the modules.
Heat Generated
8W
3.3 W
4.0 W
0.11 W
3.3 W
4.0 W
0.06 W
3.0 W
0.5 W
3.6 W
Varies
4-36
System Build
4-37
Parts List
Note: Parts may be added to this list in future releases. Please
consult Rockwell Automation for an updated list of available
parts.
Software Development Environment
9082
9083
9084
9085
9030
Processor Equipment
9100
9110
9193
9300
9401
9402
9431
9432
9451
9481
9482
9191
4-38
Termination Assemblies
9801
9802
9803
9831
9832
9833
9851
9852
9881
9882
Consumable Spares
9901
9902
9903
9904
9905
9906
System Build
4-39
dual processors
4-40
Chapter 5
Purpose
To review the steps required to develop programs.
Objectives
5-1
Workbench
The AADvance workbench is used to build control and safety
programs. These programs can be distributed across several
hardware platforms referred to as configurations.
Configurations communicate with each other through
networks. Configurations run resources which are groups of
programs (up to 250) that are compiled and downloaded.
This manual
describes software
functionality
included in release
1.31 (Build
1.20.508).
5-2
The name is used as the project folder name. Project file names
are always PRJLIBRARY.MDB.
5-3
Workbench Overview
The link architecture view graphically displays the resources of
a project and any links between them. This is the default view
of the workbench providing a main entry point to all editors.
5-4
5-5
Dictionary
The typical first step is to define variable (tag) names in the
dictionary. These names can then be connected to processor
variables, I/O modules, I/O channels and then used in programs.
However, it is not mandatory to define variables first. You can
create programs first and enter variable names in the program
editor. When doing so, the workbench will request basic
information on the variable (i.e., type, scope, direction,
attribute). While variables created this way will later appear in
the dictionary, you may need to define them in more detail in
the dictionary before compiling and running your program(s)
(e.g., MODBUS address, SOE, initial value, retain, etc).
Open the dictionary using the Project | Variables menu selection
or the dictionary button. Expand the tree on the left to see the
window displayed in Figure 5-4.
5-6
5-7
Data Types
Variables are unique identifiers of data which can be used in the
programs of a project. There are many different variables types,
such as:
5-8
You can define arrays (a set of elements of the same type) and
structures (a collection of elements of different types) using the
above data types. AADvance I/O are available as pre-defined
structures.
To enter a variable, double-click the ellipsis () line in the
right workspace area (shown in Figure 5-4). The dialog box
shown in Figure 5-7 will then be displayed (when in Row
Mode).
5-9
Variable Data
The variable data to be defined are shown in Table 5-1.
Name
Alias
Variable name
A name, used in LD editor, limited to 16 characters
Group
Type
()
Dimension
Attribute
Scope
Direction
Init. Value
Wiring
Comment
Retain
Address
Variable names:
5-10
The full structure for a digital input is shown in Figure 5-9. You
only need to assign one name for the structure (e.g., DI_1 in this
example); the system automatically assigns full names and data
types to all the variables within the structure.
5-11
You can add optional names in the TRUE and FALSE message
fields of Boolean variables, as shown in Figure 5-10. These
names / messages will be used for Sequence of Events / OPC.
5-12
5-13
Modbus Addressing
Variables can be assigned Modbus addresses using the Modbus
tab, as shown in Figure 5-12.
Refer to the
Configuration
Guide for more
details on Modbus.
5-14
5-15
The Base Address is the actual address of the variable sent over
the protocol.
Original Modbus implementations allocated 10,000 addresses to
each Modbus type, e.g. Holding registers were 40,001-50,000.
However, the address field that was actually sent by the
protocol was based at zero, i.e. 1 to 10000.
Later implementations, including AADvance, opened up the full
16-bit range to 65,535. If AADvance is communicating to a
system using the original implementation, ensure that the
addresses are in the range 1 to 10, 000.
5-16
Produce/consume
variables are noninterfering. A
failure of the
Ethernet/IP stack
will not interfere
with the safe
operation of the
controller.
At runtime, the
controller with the
consumption
variable pulls data
from the controller
with the production
variable.
Refer to the
Configuration
Guide and the
RSLogix online
Help system for
further information
on CIP.
5-17
5-18
5-19
This will open the Export dialog box, as shown in Figure 5-17.
5-20
From this dialog box, you may select the file location and name
(using the Browse button), file type and what fields should be
included. Click the Export button to create the actual file.
An example of an exported variables file opened in Excel is
shown in Figure 5-18.
5-21
5-22
Equipment Editor
I/O wiring enables you to define links between the variables
defined in the dictionary and the I/O channels of your system(s).
If the project tree view is not shown on the left of your screen
(as in Figure 5-2) select Window | Show Project Tree View.
Then select either the Equipment tab on the bottom of the
project tree view, the I/O wiring button, or the Window | (your
project name) Config1 view, to display the equipment view, as
shown in the Figure 5-21.
5-23
9110 Tab
5-24
5-25
5-26
5-27
TCI Tab
5-28
DiffServ
5-29
Variables Tab
Status variables
retrieve status
information;
control variables
set status
information.
5-30
5-31
5-32
5-33
5-34
HART Inputs
Figure 5-34 shows how HART structure variable names may be
assigned to analog inputs. This information can be utilized in
your application programs and passed to other systems via
OPC.
HART pass-through is available in release 1.31. This allows a
HART Asset Manager to access and maintain the field devices
through AADvance.
5-35
Creating Programs
Go to the link architecture view using the link architecture
button, as shown Figure 5-36.
5-37
5-38
Programming
Language
Summary
Safety Issues
Ladder Diagram
(LD)
Commonly used
for safety
applications
Function Block
Diagram (FDB)
Commonly used
for safety
applications
Structured Text
(ST)
Sequential
Function Charts
(SFC)
For sequential
operations
Can handle parallel
processes
Instruction List
(IL)
5-39
5-40
5-41
Note: If you enter a variable name that does not exist in the
dictionary, another dialog box will appear prompting
you for the necessary information. That variable will
then be added to the dictionary.
Enter another variable to the right of the first and select an
output element/variable within one of your available output
structures.
5-42
Connect Variables
Connect the two variables using the connection button (F4).
Mouse drag from one element to the other to connect them, as
shown in Figure 5-41.
5-43
5-44
Add Comments
Comment fields can be entered using the Comment button.
Comments make a program much easier to understand for
others who may have to modify it in the future.
Variable comments (from the dictionary) can be displayed using
the Options | Show I/O Variable Comments menu selection, as
shown in Figure 5-43.
5-45
5-46
Saving a Project
The project name is used to create a unique directory structure.
Saving the project saves it in the MS-Access database of the
project root directory. Other files related to the project are also
updated in this directory structure.
To save a project
From the File menu, choose Save Project, or use the save
button.
5-47
5-48
Chapter 6
Purpose
To review the steps required to simulate and test programs.
Objectives
6-1
Simulation
You can simulate (test) programs using the Debug | Simulation
menu choice, or the simulate button. (Your project must be
compiled before it can be simulated.)
When simulating, the button bars will change slightly and the
resource title bar will indicate that it is running code, as shown
in Figure 6-1.
6-2
6-3
6-4
6-5
6-6
Stopping Simulation
Stop the simulation using the Debug | Stop Simulation menu
selection or using the stop debug button.
6-7
6-8
Chapter 7
Downloading and
Monitoring Programs
Purpose
To review the steps required to connect, download and control
resources in the AADvance controller.
Objectives
7-1
7-2
Enter the IP address of the port(s) that have been configured for
the system, as shown in Figure 7-2.
7-3
7-4
7-5
Monitoring Programs
Step 1: Connect Using Debug
After downloading a resource, you may then go online with the
controller using the Debug | Debug Target menu selection or the
Debug Target button. The toolbar will change slightly for the
debug mode and the resource status will be shown (e.g., RUN),
as shown in Figure 7-5.
7-6
7-7
7-8
7-9
Locking (Forcing)
You can lock (force) I/O variables. Double click a variable to
open the locking dialog box, as shown in Figure 7-11. If
variables are being controlled (e.g., input sensors or a program
writing to outputs) you must lock a variable before you can
change its value.
When you click the Lock button, the dialog box will
automatically close. The variable will be locked in its last value.
You will need to open the dialog box again to change the
variables value.
The Force LED on
the processor(s)
will turn amber
when any variables
are locked.
7-10
7-11
7-12
Locking is normally
only used for
maintenance
purposes.
7-13
7-15
Spying Variables
You can also view and lock variables using a spy window. This
can be very useful when viewing variables that may not appear
together in the dictionary, equipment view, or a program
window. Highlight a variable and use the Debug | Spy menu
selection, or the Spy button, to view the information shown in
Figure 7-19.
7-16
7-17
Going Offline
Go offline by using the Debug | Stop Debug Target menu
selection, or the Stop Debug Target button.
Warning! Do not stop the resource running in the controller
that is controlling a process (i.e., do not use the
Stop Resource button or command)! Stopping the
resource will stop the running program(s) and shut
down your plant! There is no confirmation prompt
for the stop resource command on earlier
workbenches.
7-18
7-19
Chapter 8
Purpose
To describe how to create and use functions and function
blocks.
Objectives
8-1
8-2
8-3
Function and
Function Block
variables must be
defined in the
Parameters tab, not
the Variables tab!
8-4
Figure 8-7 shows the four variables defined for this function.
8-5
8-6
8-7
What you will create will eventually look like the example
shown in Figure 8-10.
8-8
The example above takes INT inputs, converts them to the type
DINT, uses pre-defined max and min blocks (that only work
with DINT variables) to select the middle of the three values,
converts the result back to a type INT, and writes to an INT
output.
Tip!
View the parameters tab (2nd tab) in the dictionary and add the
variables here (using the exact same names as you will use in
your function). Make sure they are type INT and add a short
name for each. Also, change the output to a type INT and add a
short name.
Figure 8-11 shows the four variables defined for this function.
8-9
8-10
8-11
Chapter 9
Online Changes
Purpose
To review how to change and update resources online.
Objectives
Online Changes
9-1
Modifying a Resource
Open an existing resource and make changes to it (e.g., change
a program). Rebuild (recompile) the project.
If you select Yes, the workbench will retrieve and display the
earlier source code version from your repository.
If you select No, the workbench will remain offline.
Note: 1) The version numbers shown in Figure 9-1 represent
the number of times the resource has been
built/compiled; they do not represent local or
repository version numbers (as covered in Chapter
11).
9-2
Online Changes
You can update the resource running in a controller online
without stopping the current resource or shutting your process
down. Use the Debug | On-line Change: Download, or the Online Change: Download button. The dialog box shown in Figure
9-2 will appear.
Online Changes
9-3
When you are online, you can see the differences between the
compiled resource versions in the workbench (your PC),
running (in RAM) and stored (in flash memory) using the
Debug | Diagnosis menu, Version Information tab, as shown in
Figure 9-3.
Version numbers
may differ if you
select something
other than the
default option in
Figure 9-2.
Figure 9-3: Viewing Version Information
9-4
Online Changes
9-5
Chapter 10
Bindings Between
Resources
Purpose
To summarize how bindings are used to transfer variables
between resources.
Objectives
10-1
Variable Bindings
Bindings are directional links between variables located in
different resources running in different configurations
(controllers). One variable is referred to as the producing
variable and the other as the consuming variable. The value
stored in the producing variable is transferred to the consuming
variable.
Bindings are shared over Ethernet using a proprietary protocol
certified for safety. A separate network is not necessary for
bindings, but is recommended (especially if there is high
network traffic). Redundant networks are also not necessary,
but are recommended, as shown in Figure 10-1.
10-2
10-3
Right click in the workspace area on the right and select Insert
Network. In the dialog box that appears, select an SNCP (Safety
Network Control Protocol) network, and give the network a
name, as shown in Figure 10-5.
Connect the configurations to the SNCP network by leftclicking and dragging from the network line up to the
configuration. Double-click the vertical line to open the
connection properties dialog box. Enter IP Addresses for each
configuration. Your project may now look similar to Figure 106.
10-5
10-6
Linking Resources
You need to first link resources before binding variables
belonging to them. Data links between resources are directional.
When in the Link Architecture view, use the Project | Internal
Binding List menu selection or the Internal Binding List button
to open the Binding List window shown in Figure 10-7.
10-7
10-9
10-10
If you have two actual controllers, you will need to change the
resource number of the second controller using the AADvance
Discover utility (as configurations require unique resource
numbers). Use the utility to also set the IP addresses.
10-11
10-12
Chapter 11
Purpose
To review version control, the repository, check in and check
out of program organization units, and file comparison features.
Objectives
Repository
Source files are stored in a repository. The repository path is set
when creating a project. The default location of the repository
will be on the C drive of the computer the workbench is
installed on, as shown in Figure 11-1.
The destination
folder is where your
local files are kept.
11-2
11-3
Recursive means
that item and all of
its sub-elements.
When you check out an item from the repository, that items
version number is incremented.
The output window
will generate
messages
reminding you of
this.
11-4
11-5
11-6
11-7
11-8
11-9
Chapter 12
Miscellaneous Workbench
Features
Purpose
To review miscellaneous workbench features.
Objectives
12-1
12-2
Input
Output
Boolean
8-bit unsigned short integer
16-bit integer (signed or unsigned)
32-bit real
Viewing Dependencies
Right click on a variable in the cross reference browser (in area
A of Figure 12-1) and select View Dependencies. The example
shown in Figure 12-2 indicates the dependencies used in the
earlier binding exercise.
12-3
Printing
You can print complete or partial documentation for your
project using the document generator. You can access the
document generator from the hardware architecture view, link
architecture view, dictionary view, or any of the language
editors using the File | Print menu selection or the print button.
The document generator window has three tabs, as shown in
Figure 12-3:
12-5
Passwords
The password access control described in the following pages is
relevant for release 1.3. Access control is expected to change in
a future release.
12-7
Users that do not have the password may still be able to open
the POU in read only mode depending upon how the resource in
which it is contained has its access control configured.
The security state of a POU is indicated by its icon color in the
resource, as shown in Table 12-1.
Icon
Security State
Yellow. The POU has no access control. All users have read and
write access in the POU. In the dictionary view, local variables and
parameters are visible and editable.
Red. The POU is locked. Users not having the POU password
cannot access the POU; these users do not have read or write
capabilities. In the dictionary view, local variables and parameters
are visible but not editable.
Blue. The POU is in read-only mode. Users not having the
resource password can view the POU; these users do not have
write capabilities. The read-only mode for the POU is inherited from
the resource to which it belongs. In the dictionary view, local
variables and parameters are visible but not editable.
Green. The POU is unlocked. User can access the POU; this user
has read and write capabilities. In the dictionary view, local
variables and parameters are visible and editable.
12-8
In read-only mode,
users not having the
password will have
read-only access.
Figure 12-8: Resource Properties Dialog Box
Security State
Gray. The resource has no access control. All users have read and
write access in the resource. POUs in the resource may have
individual access control.
Red. The resource is locked. Users not having the resource
password cannot access the resource or its POUs; these users do
not have read or write capabilities. These users can change
resource properties, wire and bind variables, modify the memory
for retain, and add devices to wired variables.
Cyan. The resource is in read-only mode. Users not having the
resource password can view the resource and its POUs; these
users only have read capabilities. These users can change
resource properties, wire and bind variables, modify the memory
for retain, and add devices to wired variables. POUs in the
resource may have individual access control.
Green. The resource is unlocked. User can access the resource
and its POUs; this user has read and write capabilities. However,
POUs in the resource may have individual access control.
12-9
Security State
The configuration has no access control. All clients can access the
target.
The configuration is not accessible; the target does not recognize
the password. IXL clients not having the target password cannot
access the target.
The configuration is accessible; the target recognizes the
password. IXL clients having the target password can access the
target.
12-10
12-11
12-12
Import
Import files using the File | Import | Exchange file menu
selection to bring up the dialog box shown in Figure 12-12.
12-13
Select the file name of interest and click the Open button. You
can then select the items of interest to import, as shown in
Figure 12-15.
Click the Next button to be presented with the final dialog box,
as shown in Figure12-16.
12-14
Export/Import Types
Configuration:
The entire configuration, resource, programs etc.
Entire Resource:
Overwrites existing resource of same name with resource,
programs, variables etc.
Resource Properties:
Cycle time, retain settings, compiler options etc.
Resource I/O Device Instances:
Module definitions
Resource Wired Variables:
Variables wired to module definitions (you must import the
I/O Device Instances first so the right boards are there to
wire to)
Resource External Bindings:
CIP setup NOT bindings between resources within one
project
POU:
Program
Variables:
Excel (2007 or later) or .csv of variable parameters
12-15
12-16
You may then copy the .vsc file to another computer for
restoring.
12-17
Restore
Use the File | Archive/Restore Project menu selection to display
the dialog box shown in Figure 12-20.
Select the Restore option. Click the ellipsis button in the Source
Archive File section to use the open dialog box, as shown in
Figure 12-21.
12-18
Find and select the .vsc file name of interest. Click the Open
button. This will take you back to the dialog box shown in
Figure 12-20.
It is not necessary to make a selection in the Repository Projects
pull down menu (shown in Figure 12-20).
Click the Restore button (shown in Figure 12-20). A dialog box
will confirm the success of the restore operation.
12-19
The project file of interest will not be shown yet as you must
first open the project from the repository. Click the Open from
repository button, to display the dialog box shown in Figure 1215.
12-20
12-21
12-22
Chapter 13
OPC
Purpose
To review the steps to implement OPC.
Objectives
OPC
13-1
OPC Server
The AADvance OPC Server is a Windows-based application
that allows OPC compatible clients, such as HMIs and SCADA
systems, to connect to one or more AADvance controllers to
access data, as shown in Figure 13-1.
13-2
Installation
The AADvance OPC server is installed from a separate CD.
OPC
13-3
13-4
Select Next. Check or browse for the project folder and the
project database PrjLibrary.mdb, as shown in Figure 13-4. The
password is the Project password, if one is set (see chapter 12).
13-5
Click the Restart OPC Service Now button. This will restart the
service and direct it to the new XML file. Click the Finish
button once that process is completed.
13-6
OPC
13-7
13-8
OPC
13-9
13-10
Chapter 14
Troubleshooting
Purpose
To review basic troubleshooting of the AADvance system.
Objectives
Troubleshooting
14-1
14-2
Troubleshooting
14-3
Fault Types
Note: Please refer to the Troubleshooting and Maintenance
Manual for more detailed troubleshooting information
and tips.
Faults are classified as follows:
System faults
Module faults
Channel faults
Field faults
System Faults
A system fault is indicated when a detected fault cannot be
isolated to a single module (e.g., a bus failure or backplane
fault) or the fault is not the result of a hardware failure that
needs a module replacement (e.g. a software fault, calibration
drift). When this type of fault occurs in the system, only the
System Healthy LED on the processor(s) will turn red.
Module Faults
A module fault is indicated when a fault is isolated to the
hardware of a specific module. The Healthy LED turns red on
the faulty module and the System Healthy LED on the
processor(s) also turns red.
Channel Faults
A channel fault is indicated when a faulty channel is isolated to
a specific channel of an I/O module. Channel faults are also
reported as module faults. The Channel LED will turn red, the
I/O module Healthy LED will turn red and the System Healthy
LED on the processor(s) will turn red.
14-4
Field Faults
A field fault is indicated when a fault condition is isolated to a
field condition or field device and not an I/O module itself (e.g.,
open or short circuit field connection, no field power, out-ofrange signal, etc). These faults are indicated by a Channel LED
turning amber and are not indicated as a channel, module or
system fault.
Troubleshooting
14-5
14-6
14-7
14-8
Diagnostic Collection
The processor keeps a system event log of 500 entries in a
rotating buffer. This covers several weeks of history in a quiet
system but it can fill rapidly with a chronic issue. In a future
release, the events will be added to the OPC Alarm and Events
output, so that the events may be collected by a HMI.
It is not usually necessary to read the processors event log. The
most likely system faults are also provided on diagnostic
variables. A module that consistently shows a red Healthy LED
almost certainly needs repair or replacement. However, a
second opinion is sometimes desirable.
A diagnostic collection tool is available that will collect the
processors event log as well as all diagnostic system data. This
is available in the Rockwell Automation knowledgebase as
article 68174. Within Rockwell Automation, it is on the ICS
Triplex product support website techsupport.icstriplex.com,
linked from the RAIN page A-Z as SSB Technology Support.
Installation
Run the installation program. You can leave the options at their
defaults. The installer offers to run the collection tool.
Communications Setup
14-9
recommended. Choose the appropriate serial port from the dropdown list.
For an Ethernet connection, ensure the computer is on the same
subnet as the systems Ethernet port that you are connected to.
Type the systems IP address into the setup window. After
successfully connecting, that IP address will be available for
next time by clicking the drop-down arrow.
Click OK. The program will start collecting diagnostic data. As
it receives data on module serial numbers and versions, it
displays these in the window.
These details will help identify the system the log only
contains the name of the application that is running, which may
not be enough information to identify the system.
Click OK. Two files are now saved. One file contains all the
diagnostic data and is encrypted, but it can be opened by
14-10
Troubleshooting
14-11
14-12
Chapter 15
Replacing Modules
Purpose
To review the procedure for replacing modules in an AADvance
system.
Objectives
Replacing Modules
15-1
Removing Modules
Modules can be removed on line without shutting anything
down or upsetting the process in redundant configurations only.
Pulling out a non-redundant module will most likely impact
your process.
Modules are removed by carefully pulling them out of the base
unit using the following procedure.
The module Run LED
will turn red when the
module is unlocked.
15-2
Installing Modules
Modules are installed by carefully pressing them onto the base
unit, as shown in Figure 15-1, using the following procedure.
1. Inspect the connectors on the back of the module for
bent or damaged pins.
2. Make sure the slot of the module locking screw is
vertical.
3. Place the new module on to the dowel pins on the base
unit.
4. Push the module until the connectors are fully mated.
5. Turn the locking screw located on the front of the
module turn clockwise.
When replacing a
processor, press its
Fault Reset button
once its Run LED
turns amber.
6. Wait for the module Run LED to turn amber. Press the
Reset button on a processor to enable the module to run.
Replacing Modules
15-3
15-4
Replacing Modules
15-5
Appendix 1
Purpose
To review how to configure the IP addresses of the six Ethernet
ports and set the resource number of the processor base unit.
Objectives
A1-1
A1-2
A1-3
A1-4
A1-5
A1-6
Appendix 2
Glossary
Purpose
To summarize common AADvance, workbench and industry
terms.
Objectives
Glossary
A2-1
Comment - Text included in a program that has no impact on the execution of that
program.
Configuration A software object made up of one or more resources.
Contact - Graphic component of an LD program. It represents the status of an input
variable.
COTS - Commercial Off The Shelf
Coverage - The percentage of faults that will be detected by automatic system diagnostics.
Cross References - Information calculated by the workbench relating to the dictionary of
variables, and where those variables are used in a project.
DCS - Distributed Control System
Diagnostics - Tests performed on equipment to detect faults.
Dictionary - Set of internal, input, output variables and defined words used in programs.
DIN - Deutsche Industrie-Norm (German Industrial Standard)
Discrepancy - A difference exists between one or more elements of a redundant system.
E/E/PES - Electrical (Relay) / Electronic (Solid State) / Programmable Electronic System
EMC - Electromagnetic Compatibility
EMI - Electromagnetic Interference
EPROM - Erasable Programmable Read Only Memory. A non-volatile storage medium
which is electronically programmed. The EPROM device may be erased by strong ultraviolet light.
EEPROM Electrically Erasable Programmable Read Only Memory.
ESD - Electrostatic Discharge, also Emergency Shutdown
EUC - Equipment Under Control
F&G - Fire and Gas
Glossary
A2-3
Fail Safe - The capability to go to a pre-determined safe state in the event of a specific
malfunction.
Fault Tolerance - Built-in capability of a system to provide continued correct execution of
its assigned function in the presence of a limited number of hardware and software faults.
FB - Function Block
FBD - Functional Block Diagram. One of the graphical IEC 61131-3 languages.
Field Devices - Equipment connected to the field side of the I/O terminals. Such
equipment includes field wiring, sensors, final control elements and those operator
interface devices hard-wired to I/O terminals.
Firmware - Special purpose memory units containing software embedded in protected
memory required for the operation of programmable electronics.
Function Block - Graphic component of the FBD language which represents a standard
elementary function from the IEC 61131 TOOLSET libraries.
Global - Range of variables or defined words. Such variables or words may be used in any
program of one project.
GUI - Graphical User Interface.
HMI - Human Machine Interface
Hot Replacement - The ability to remove and replace modules without removing power
or stopping system operation.
ICS - Industrial Control System, also Industrial Control Services (the original name of the
company).
IEC International Electrotechnical Commission
IEC 61131 - International standard defining programming languages, electrical parameters
and environmental conditions for programmable electrical systems.
IEC 61508 - An international standard that covers functional safety, encompassing
electrical, electronic and programmable electronic systems; hardware and software
aspects. This standard is focused for vendors.
IEC 61511 - An international standard that covers functional safety and Safety
Instrumented Systems for the process industry, encompassing electrical, electronic and
A2-4
Glossary
A2-5
A2-6
Project - Programming area which groups all the information (configurations, resources,
programs, variables, target code etc.).
Protocol - A set of rules governing data flow in a communication system. The protocol
governs such matters as the way a messages are is addressed and routed, how often it is
sent, how to recover from transmission errors and how much information is to be sent.
PST - Process Safety Time
RAM - Random Access Memory. A volatile (unless battery backed) form of read/write
memory. The time to access different locations is the same. It may be static (SRAM - data
held in a flip- flop) or dynamic (DRAM data held as a capacitive charge).
Real - Class of analog variables stored in a floating IEEE single precision 32-bit format.
Redundancy - The employment of two or more devices, each performing the same
function, in order to improve reliability and/or availability.
Resource The POUs and definitions making up a virtual machine.
RFI - Radio Frequency Interference
RIM - Regent Interface Module. Development term for Trusted TMR Interface Module.
RISC - Reduced Instruction Set Computer.
RRF - Risk Reduction Factor. 1/PFD
RS-232C, RS-422, RS-485 - Standard interfaces introduced by the Energy Industries
Association covering the electrical connection between data communication equipment.
RS-232C is the most commonly used interface. RS-422 allows for high transmission rates
over longer distances.
RTU - Remote Telemetry Unit
SFC - Sequential Function Chart. A IEC 61131-3 language that divides the process cycle
into a number of well-defined steps separated by transitions.
SIF - Safety Instrumented Function
SIL - Safety Integrity Level. One of four possible discrete levels for specifying the safety
integrity requirements of the safety functions to be allocated to the safety-related systems.
SIL4 has the highest level of safety integrity; SIL1 has the lowest.
SIS - Safety Instrumented System
Glossary
A2-7
A2-8
Glossary
A2-9
Appendix 3
Purpose
To review and reinforce the material.
Objectives
A3-1
7
9
10
11
12
13
14
15
16
17
18
19
20
21
www.CrosswordWeaver.com
ACROSS
DOWN
A3-2
10
11
12
13
14
15
16
17
18
19
20
21
22
www.CrosswordWeaver.com
ACROSS
DOWN
A3-3
PSV
1001
To Flare
HH
HH
PI
1001
LI
1001
ESS
ESS
SDC
1001
ESS
SDC
1003
ESS
SDV
1003
L
LL
SDC
1002
SDV
1001
ESS
SDV
1002
PS
1001A
PS
1001B
PS
1001C
Gas To Injection
Compression
LIT
1001
SDC
1004
ESS
SDV
1004
From
Manifold
V-1000
High Pressure Separator
Oil To LP
Separator
SDC
1005
ESS
SDV
1005
< 10%
Water valve
LI1001 LL
SDV1005
< 50%
Oil Valve
SDV1004
LI 1001 L
Gas valve
> 90%
SDV1003
Inlet valve 2
LI1001 HH
SDV1002
Inlet valve 1
PI1001 HH
A3-4
Setpoint
SDV1001
Description
Description
Tag
Tag
Water To
Hydrocyclone
s
X
X
X
X
Notes:
1. Use the tag names shown in the P&ID (balloons) for your actual I/O variable
names. If you do not understand the P&ID, please ask your instructor for
clarification.
2. Develop a function for two-out-of-three voting of the digital inputs.
3.
4. Test your project in the simulator before loading it into the controller.
5. If you have time, add a second configuration to your project with a digital input and
output module. Create bindings between the configurations so that when the
separator shuts down due to high pressure, an action takes place in the second
configuration. Test this modified project in the simulator (as we do not have a
second controller to use in class) and show it to your instructor.
A3-5
Appendix 4
Safety Manual
Considerations
Purpose
To summarize product specific safety issues related to system
implementation.
Objectives
A4-1
A4-2
A4-3
A4-4
A4-5
A4-6
A4-7
I/O Forcing
The AADvance Workbench supports forcing of individual
inputs and outputs. The Workbench uses the term locking to
describe forcing.
Forcing requires the program enable key to be fitted to the 9100
Processor Base Unit. Forcing is intended only for the purposes
of engineering, installation and commissioning activities. When
the system is in-service, maintenance overrides for safetyrelated inputs and outputs should be implemented using an
application program instead of forcing (e.g., external hard-wired
switches connected to conventional system inputs).
The Force LED on the front of the T9110 Processor Module
indicates when one or more I/O points are forced. The
application program can determine how many points are
currently forced. It is highly recommended that this information
be used to control an additional status display and/or for logging
purposes.
A4-8
A4-9
A4-10