Sunteți pe pagina 1din 46

Fault Tolerant Ethernet (FTE)

The communication network of Experion PKS

FTE

Confidential and Proprietary

TOPICS
Honeywell Process Solutions are based on process control. What is process control?

What is a Distributed Control System (DCS)?


What is Fault Tolerant Ethernet (FTE)? How does FTE work? How is FTE implemented?

FTE

Confidential and Proprietary

What is process control?


A process transforms material from input to output.

Example: heating water

Field instruments measure properties of materials/processes

Examples: flow, pressure, temperature, level transmitters Examples: fuel control valve, damper actuator

Actuators regulate amount of something used in the process A controller continually reads data from a transmitter and calculates actuator adjustments to maintain a property value.
controller

transmitter

input
actuator

PROCESS

output

FTE

Confidential and Proprietary

Requirements of process control


Performance: must be faster than the process. Determinism: must always take the same time.

Read the Process Value (PV) Calculate Move the actuator

Fault tolerance: redundancy; must fail to a known state.

Govt regulations- safety, emissions, etc.


control loop

Security: must have access restrictions/controls.


controller

transmitter

input
actuator

PROCESS

output

FTE

Confidential and Proprietary

Characteristics of real process plants


The process shown below is very simple, and the controller shown below is very simple. In a real plant, many properties of the product are measured:

Temperature, pressure, viscosity, size, weight, color, etc. Fuel consumption, up/down time, corrosion, wear, etc.

and many properties of the process equipment are measured:

controller

control loop transmitter

input
actuator

PROCESS

output

FTE

Confidential and Proprietary

Characteristics of real process plants


Paper mill: a series of processes that transform trees into paper.

Makes many different products (toilet paper to computer paper). Must control each process plus interactions between processes.

10s-100s of field devices / process; 1000s of control loops total

FTE

Confidential and Proprietary

Characteristics of real process plants


Paper mill: a series of processes that transform trees into paper.

Makes many different products (toilet paper to computer paper). Must control each process plus interactions between processes.

10s-100s of field devices / process; 1000s of control loops total


Cant control the plant with 1000s of simple controllers!

FTE

Confidential and Proprietary

TOPICS
Honeywell Process Solutions are based on process control. What is process control?

What is a Distributed Control System (DCS)?


What is Fault Tolerant Ethernet (FTE)? How does FTE work? How is FTE implemented?

FTE

Confidential and Proprietary

What is a Distributed Control System (DCS)?


A DCS is an integrated set of modules with distributed functions.

Multi-loop controllers (10s-100s) that connect to field devices


Via direct Input/Output modules and industrial buses

Multi-loop Controller Direct I/O Module

FTE

10

Confidential and Proprietary

What is a Distributed Control System (DCS)?


A DCS is an integrated set of modules with distributed functions.

Multi-loop controllers (10s-100s) that connect to field devices Supervisory coordinating controllers

Supervisory Controller

Multi-loop Controller Direct I/O Module

FTE

11

Confidential and Proprietary

What is a Distributed Control System (DCS)?


A DCS is an integrated set of modules with distributed functions.

Multi-loop controllers (10s-100s) that connect to field devices Supervisory coordinating controllers Multi-loop operator stations and engineering stations

Supervisory Controller

Operator Stations Engineering Station

Multi-loop Controller Direct I/O Module

FTE

12

Confidential and Proprietary

What is a Distributed Control System (DCS)?


A DCS is an integrated set of modules with distributed functions.

Multi-loop controllers (10s-100s) that connect to field devices Supervisory coordinating controllers Multi-loop operator stations and engineering stations Servers for system data management
Supervisory Controller Operator Stations Engineering Station

System Server

Multi-loop Controller Direct I/O Module

FTE

13

Confidential and Proprietary

What is a Distributed Control System (DCS)?


A DCS is an integrated set of modules with distributed functions.

Multi-loop controllers (10s-100s) that connect to field devices Supervisory coordinating controllers Multi-loop operator stations and engineering stations Servers for system data management Control network for intercommunication
System Server
Supervisory Controller Operator Stations Engineering Station

Control Network
Multi-loop Controller Direct I/O Module

FTE

14

Confidential and Proprietary

What is a Distributed Control System (DCS)?


A DCS is an integrated set of modules with distributed functions.

Multi-loop controllers (10s-100s) that connect to field devices Supervisory coordinating controllers Multi-loop operator stations and engineering stations Servers for system data management Control network for intercommunication + External connections
www
System Server
Supervisory Controller Operator Stations Engineering Station

Remote Users

[to production management equipment]

Remote Server

Control Network
Multi-loop Controller Direct I/O Module

Other Industrial Devices

FTE

15

Confidential and Proprietary

What is a Distributed Control System (DCS)?


A DCS, throughout the whole system, must provide:

Performance: control must be faster than the process. Determinism: control must always take the same time. Fault tolerance: redundancy; must fail to a known state. Security: must have access restrictions/controls.
Supervisory Controller Operator Stations Engineering Station

Remote Users

www

System Server

[to production management equipment]

Remote Server

Control Network
Multi-loop Controller Direct I/O Module

Other Industrial Devices

FTE

16

Confidential and Proprietary

What is a Distributed Control System (DCS)?


A DCS is designed, sold, maintained as a system, including:

System capacity and performance specifications System configuration, simulation, and management Alarms and status of the entire system System releases (with on-line installation) System maintenance and support (including 3rd party equipment)
www
System Server
Supervisory Controller Operator Stations Engineering Station

Remote Users

[to production management equipment]

Remote Server

Control Network
Multi-loop Controller Direct I/O Module

Performance Determinism Fault tolerance Security


FTE
17 Confidential and Proprietary

Other Industrial Devices

How is a DCS different from a PLC system?


DCS Mfr sells a complete system of integrated components. Mfr supports the system. On-line repair/ maintenance is the norm. System management built-in. Users expect to evolve/upgrade/expand a system over 10/20/30 years.
Remote Users

PLC system Mfr sells some components; an SI acquires others and engineers the system. Mfr supports the components and the SI. Off-line repair/ maintenance is the norm. System management designed per project. System is a one-off project (like a house). Upgrades / expansions are new projects.
Operator Stations Engineering Station

www

System Server

Supervisory Controller

[to production management equipment]

Remote Server

Control Network
Multi-loop Controller Direct I/O Module

Performance Determinism Fault tolerance Security


FTE
18 Confidential and Proprietary

Other Industrial Devices

Honeywell DCS Evolution


Honeywell DCS architecture before Experion PKS

Controllers designed by Honeywell Servers and stations had become PC-based Proprietary 5 Mbps control networks

Interfaces/gateways required to non-Honeywell equipment Near performance limits


System Server
Supervisory Controller Operator Stations Engineering Station

Remote Users

www

[to production management equipment]

Remote Server

Control Network
Multi-loop Controller Direct I/O Module

Performance Determinism Fault tolerance Security


FTE
19 Confidential and Proprietary

Other Industrial Devices

TOPICS
Honeywell Process Solutions are based on process control. What is process control?

What is a Distributed Control System (DCS)?


What is Fault Tolerant Ethernet (FTE)? How does FTE work? How is FTE implemented?

FTE

20

Confidential and Proprietary

Why FTE?
Needed a next generation control network for Experion PKS

>10x performance, + determinism, security, fault tolerance Reduce cost of communication infrastructure and support Reduce cost of connection to PCs and IT networks + Industry trend to industrial Ethernet + Industry bus protocols migrating to Ethernet
FF H1 FF HSE Profibus ProfiNet DeviceNet/ControlNet Ethernet/IP Modbus Modbus/TCP Etc.

Ethernet preferred

Ethernet equipment perceived as not industrial enough No suitable fault tolerance approach
FTE provides the required fault tolerance, using Cisco switches to provide determinism and security.
FTE
21 Confidential and Proprietary

Experion PKS
FTE is the control network of Experion PKS.

Analogous to TPS LCN/UCN and PlantScape ControlNet.

Remote Users

www

System Server

Supervisory Controller

Operator Stations Engineering Station

[to production management equipment]

Remote Server

FTE
Multi-loop Controller Direct I/O Module

Performance Determinism Fault tolerance Security


FTE
22 Confidential and Proprietary

Other Industrial Devices

What is Fault Tolerant Ethernet (FTE)?


FTE is the control network of Experion PKS. Dedicated to the control mission

Analogous to TPS LCN/UCN and PlantScape ControlNet. Fault-tolerant Fast performance Deterministic Secure

Not an IT network, but leverages IT technology to lower cost of:

FTE network infrastructure Connection to IT networks Connection to 3rd party Ethernet devices Maintenance and support

3 Cisco switches qualified for R200

100/1000 Mbps; single and multi-mode optical fiber up to 70 km


Security and determinism functions required for control mission Preferred supplier by many customers

FTE
.

23

Confidential and Proprietary

What is FTE?
An FTE network has redundant switches and cables.

Topology: 2 parallel trees joined at the top to form one network. An FTE node connects to both trees. An Ethernet node (non-FTE) connects to either tree.

A tree

B tree

Switches

FTE FTE
24

Ethernet

FTE FTE
Confidential and Proprietary

Ethernet

FTE

What is FTE?

With Ethernet nodes

An FTE network has redundant switches and cables.

1 communication path between Ethernet nodes

A tree

B tree

Switches

FTE FTE
25

Ethernet

FTE FTE
Confidential and Proprietary

Ethernet

FTE

What is FTE?

With FTE & Ethernet nodes

An FTE network has redundant switches and cables.

1 communication path between Ethernet nodes 2 communication paths between an FTE node and an Ethernet node

A tree

B tree

Switches

FTE FTE
26

Ethernet

FTE FTE
Confidential and Proprietary

Ethernet

FTE

What is FTE?

With FTE & Ethernet nodes

An FTE network has redundant switches and cables.

1 communication path between Ethernet nodes 2 communication paths between an FTE node and an Ethernet node

A tree

B tree

Switches

FTE FTE
27

Ethernet

FTE FTE
Confidential and Proprietary

Ethernet

FTE

What is FTE?

With FTE nodes

An FTE network has redundant switches and cables.

1 communication path between Ethernet nodes 2 communication paths between an FTE node and an Ethernet node 4 communication paths between FTE nodes

A-A

A tree

B tree

Switches

FTE FTE
28

Ethernet

FTE FTE
Confidential and Proprietary

Ethernet

FTE

What is FTE?

With FTE nodes

An FTE network has redundant switches and cables.

1 communication path between Ethernet nodes 2 communication paths between an FTE node and an Ethernet node 4 communication paths between FTE nodes

A-B

A tree

B tree

Switches

FTE FTE
29

Ethernet

FTE FTE
Confidential and Proprietary

Ethernet

FTE

What is FTE?

With FTE nodes

An FTE network has redundant switches and cables.

1 communication path between Ethernet nodes 2 communication paths between an FTE node and an Ethernet node 4 communication paths between FTE nodes

B-B

A tree

B tree

Switches

FTE FTE
30

Ethernet

FTE FTE
Confidential and Proprietary

Ethernet

FTE

What is FTE?

With FTE nodes

An FTE network has redundant switches and cables.

1 communication path between Ethernet nodes 2 communication paths between an FTE node and an Ethernet node 4 communication paths between FTE nodes

B-A

A tree

B tree

Switches

FTE FTE
31

Ethernet

FTE FTE
Confidential and Proprietary

Ethernet

FTE

TOPICS
Honeywell Process Solutions are based on process control. What is process control?

What is a Distributed Control System (DCS)?


What is Fault Tolerant Ethernet (FTE)? How does FTE work? How is FTE implemented?

FTE

32

Confidential and Proprietary

How Does FTE Work?

FTE path status

Each FTE node continually issues short diagnostic messages to test each path to every other node, and builds a status table. Below is a nodes status table. The first 2 nodes are FTE nodes, and the last 4 nodes are singly-connected Ethernet nodes.

A bad link displays as SILENT.

If the B cable to the FTE-GUS node fails, A>B and B>B SILENT. If the crossover cable fails, A>B and B>A SILENT on all nodes.

FTE

33

Confidential and Proprietary

How Does FTE Work?


Domain Controller
Station APC PHD Server

Security and Determinism


CDA = Control Data Access DSA = Distributed Systems Architecture
PKS Server Station

Plant Automation System Levels

Management
Level 3
Station PKS Server Station Station ACE

Layer 3 Switch

Station PKS Server

Station

Station ACE

Operation
Level 2
Switch A Switch B

Control
Level 1

This diagram shows levels of the plant automation system (level 0 field devices is not shown). FTE is the Experion PKS network for the control and operation levels (1 and 2 ).

FTE

37

Confidential and Proprietary

How Does FTE Work?


Domain Controller
Station APC PHD Server

Security and Determinism


CDA = Control Data Access DSA = Distributed Systems Architecture
PKS Server Station

Plant Automation System Levels

Management
Level 3
Station PKS Server Station Station ACE

Layer 3 Switch

Firewall hides all but servers


Station PKS Server Station Station ACE

Operation
Level 2
Switch A Switch B

Control
Level 1

Firewall hides/secures Level 2 and Level 1-- Only L2 PKS Servers are visible PKS server on L3 consolidates and makes available L2 data / alarms for applications via DSA

FTE

38

Confidential and Proprietary

How Does FTE Work?


Domain Controller
Station APC PHD Server

Security and Determinism


CDA = Control Data Access DSA = Distributed Systems Architecture
PKS Server Station

Plant Automation System Levels

Management
Level 3
Station PKS Server Station Station

Layer 3 Switch

Firewall hides all but servers


Station Station Station ACE

L1 & L2: Broadcast, Multicast, Unicast Storm Suppression ACE PKS Server

L1 & L2: Bandwidth Allocation


L2: CDA Traffic Prioritized High
Operation
Level 2
Switch A Switch B

L1: Restricted to CDA and FTE Traffic Only


Control
Level 1

Firewall hides/secures Level 2 and Level 1-- Only L2 PKS Servers are visible PKS server on L3 consolidates and makes available L2 data / alarms for applications via DSA FTE switches provide: Port Filtering between L2 and L1 to allow only CDA and FTE messages for control L2 bandwidth allocation to ensure that L2 supervisory traffic is not disrupted L1 bandwidth allocation to ensure that L1 control is not disrupted Broadcast, Multicast, Unicast storm suppression to maximize FTE network availability
FTE
39 Confidential and Proprietary

TOPICS
Honeywell Process Solutions are based on process control. What is process control?

What is a Distributed Control System (DCS)?


What is Fault Tolerant Ethernet (FTE)? How does FTE work? How is FTE implemented?

FTE

40

Confidential and Proprietary

Basic FTE Configurations


An FTE network interconnects clusters of nodes.
typically associated with the same process unit.

A cluster is a group of nodes with high intercommunication,

Experion Stations

aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa Application Redundant Control aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa Servers Environment Engineering aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa Tools aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa C200 aaaaaaaaaaaaaaaaaaaa
F T E F T E F T E F T E F T E F T E F T E F T E

FTE FTE
41 Confidential and Proprietary

Basic FTE Configurations


A minimum FTE network is one pair of cluster switches; larger networks could have several cluster switch pairs connected to backbone switches.
Firewall Backbone Switches
History, Advanced Control

To Plant Information Network (PIN)

Cluster Switches

UNIT #1 CLUSTER

UNIT #2 CLUSTER

UNIT #3 CLUSTE R

UNIT #4 CLUSTE R

FTE

42

Confidential and Proprietary

How Is FTE Implemented?


Cabling: CAT5 STP copper; single and multi-mode fiber optic. Cisco switches: 24/48 STP ports + 2 GBIC ports; 10 GBIC ports.

Switches are expandable up to 436 ports; can mix switch types GBICs: plug-in converters for 0.5 / 10 / 70 km fiber optic

FTE software and dual Network Interfaces per PC node


Typically CAT5 STP, but often fiber optic, single or multi-mode -1000 Mbps - up to 70km GBICs Cluster Switches Typically CAT5 STP - 100 Mbps - up to 100m Backbone Switches
Media Converters

Software Dual NIC card


FTE
Ethernet
Confidential and Proprietary

FTE FTE

Ethernet

FTE

FTE

43

Main Configuration Rules

Switches: 24/48 ports, expandable up to 432 ports FTE network:

up to 200 FTE nodes (dual-connected)


Up to 99 of those can be C200 controllers

+ up to 511 Ethernet nodes (singly-connected)


Firewall/router: required to connect to other networks

FTE network is a separate IP subnet Private IP addresses; only servers are visible externally Required for CE Mark

Cable: shielded twisted pair (STP) or fiber optic recommended for best noise immunity and performance

FTE

44

Confidential and Proprietary

Honeywell Network Services


Honeywell network experts can do it all-for FTE and for all networks in the plant.
Planning, design, installation, integration

Cabling, testing, training, documentation Special needs, e.g., video surveillance

Network security assessment, engineering, management

Authorization, authentication, encryption, activity logging,

1st

intrusion detection, virus protection Firewall engineering, configuration, testing and management

Remote Network Administration

Systems (servers, workstations) Network (switches, routers, firewalls, etc.)

FTE

45

Confidential and Proprietary

Honeywell Network Services


Honeywell network experts can do it all-for FTE and for all networks in the plant.
Remote Monitoring 24/7

Networks (Switches, Routers, VPNs, Firewalls) Systems (PlantScape, TPS, PHD, any type of PC) Applications on PCs (are they running/responding) Proactive tracking of system, server, network performance Work load Characterization & Capacity Planning

Network and System Performance Management

1st

Procurement and support of PCs and network equipment

FTE
.

46

Confidential and Proprietary

Fault Tolerant Ethernet (FTE)---- FTE is the control network of Experion PKS. Dedicated to the control mission

Analogous to TPS LCN/UCN and PlantScape ControlNet. Fault-tolerant Fast response Deterministic Secure

Not an IT network, but leverages IT technology to lower cost of:

FTE network infrastructure Connection to IT networks Connection to 3rd party Ethernet devices Maintenance and support

FTE
.

47

Confidential and Proprietary

Cisco products in FTE


Products being qualified for R200

2950G-24 2950G-48 3550-12G GigaStack GBIC 1000BASE-T GBIC 1000BASE-SX GBIC 1000BASE-LX GBIC 1000BASE-ZX GBIC

Potential additional products for qualification or certification

3550-24-FX 2955C-12 Other 2950 models with Enhanced Image

FTE

48

Confidential and Proprietary

Thank You!