Noble Denton Global 1200 Dp2 Fmea

14701 St Marys Lane, Suite 425 Houston, Texas, USA 77079 281-558-7180, www.nobledenton.
com
Global Industries Ltd
Global 1200 DP2 FMEA
Prepared by
NOBLE DENTON MARINE, INC.

C
B A
02/04/10
07/21/09 07/16/09
Updated to reflect customer comments

Issued for Customer Review Issued for Internal Review
BA
BA BA BH BH MS MS
Rev
Date
Description
By
Check
Approved
Report No. H8675

Distribution: Larry McClure, Global Industries Ltd
Internal Job #: 094586
Global Industries Ltd Global 1200 Pre-trial DP2 FMEA
Executive Summary
Project Noble Denton was contracted by Global Industries LTD. to perform and generate a dynamic positioning (DP) failure mode and analysis (FMEA) report. This report is the Pre-trial DP FMEA. Global 1200 The Global 1200 is a DP Class 2, Derrick pipelay vessel being constructed by Keppel Sing Marine. This 162m long vessel has one 880kW tunnel thruster, five 2400kW retractable azimuth thrusters, and two 4500kW main azimuth thrusters. These thrusters interface with a dual redundant Converteam DPS21 DP control system with 6 position references. Electric power is provided by three 3760kW and three 4320kW generators that supply a split 6.6kV main switchboard. Background DP Class 2 vessels are required by classification society and industry standards to be capable of maintaining position and heading despite any single failure of any active system or component, or of any unprotected passive system or component. Classification societies and many potential clients require this to be proven by an FMEA and test program. Increasingly, annual trials are also expected. Summary of Analysis Results The following table shows the important findings for each system group. Single point failures (SPF) are single faults that can cause loss of position or heading. DPO faults could be SPF except for expected intelligent human intervention. Accuracy estimates the accuracy of the information the analysis is based on. More detailed information can be found in each systems summary section.
DP SPF DPO Accuracy Worst Case Failure 0 4 Medium Main Azimuth 0 3 Medium DD Azimuth 0 3 Medium Tunnel 0 1 Medium Electric 0 0 Medium VMS 0 2 Medium Support 0 0 Medium Total 0 14 Medium
Not yet confirmed. Loss of half 6.6kV switchboard.
Testing DP FMEA testing has not yet been performed to verify the analysis and information it was based on.
Conclusion The vessel appears to meet ABS & IMO standards for a DP2 vessel, if properly configured, operated and maintained, but its acceptance is pending successful test & survey.
H8675 Rev C
Page 2 of 80
February 4, 2009
Recommendations
No information was received that indicated the ESB automatic changeover could be disabled. Recommendation if there is not an auto/manual changeover switch is to install a mechanical interlock in the ESB between the auxiliary switchboard #1 incoming breaker and the auxiliary switchboard #2 incoming breaker to the ESB. This will prevent the auto change over logic from working and in the event of failure the duty engineer can inspect the failed equipment before changing power source to the backup supply.
H8675 Rev C
Page 3 of 80
February 4, 2009
Table of Contents
1. INTRODUCTION ............................................................................................................................................................ 6 1.1 1.2 1.3 1.4 1.5 1.6 1.7 2. PURPOSE .................................................................................................................................................................... 6 METHOD .................................................................................................................................................................... 6 APPLICABLE STANDARDS .......................................................................................................................................... 7 LIMITATIONS ............................................................................................................................................................. 8 REPORT FORMAT ....................................................................................................................................................... 8 ABBREVIATIONS USED .............................................................................................................................................. 9 VESSEL OVERVIEW.................................................................................................................................................. 10
DP SYSTEM ................................................................................................................................................................... 14 2.1 2.2 2.3 DP SYSTEM DATA ................................................................................................................................................... 14 DP SYSTEM DESCRIPTION ....................................................................................................................................... 15 SUMMARY OF DP SYSTEM ANALYSIS ...................................................................................................................... 22
3.
MAIN AZIMUTH THRUSTERS ................................................................................................................................. 24 3.1 3.2 3.3 3.4 3.5 AZIMUTH SYSTEM DIAGRAM................................................................................................................................... 24 MAIN AZIMUTH SYSTEM DATA ............................................................................................................................... 25 MAIN AZIMUTH SYSTEM DESCRIPTION ................................................................................................................... 25 MAIN AZIMUTH SYSTEM FMEA TABLE .................................................................................................................. 28 SUMMARY OF MAIN AZIMUTH SYSTEM ANALYSIS.................................................................................................. 32
4.
DROP DOWN AZIMUTH THRUSTERS ................................................................................................................... 33 4.1 4.2 4.3 4.4 DROP DOWN AZIMUTH SYSTEM DATA .................................................................................................................... 34 DROP DOWN AZIMUTH SYSTEM DESCRIPTION ........................................................................................................ 34 DROP DOWN AZIMUTH SYSTEM FMEA TABLE ....................................................................................................... 38 SUMMARY OF DROP-DOWN AZIMUTH SYSTEM ANALYSIS ...................................................................................... 43
5.
BOW TUNNEL THRUSTER........................................................................................................................................ 45 5.1 5.2 5.3 BOW THRUSTER SYSTEM DATA .............................................................................................................................. 45 BOW THRUSTER SYSTEM DESCRIPTION ................................................................................................................... 46 SUMMARY OF BOW THRUSTER ANALYSIS ............................................................................................................... 48
6.
ELECTRICAL POWER SYSTEMS ............................................................................................................................ 50 6.1 6.2 6.3 6.4 6.5 6.6 ELECTRICAL POWER DISTRIBUTION DIAGRAM ........................................................................................................ 50 ELECTRICAL GENERATOR CONTROL DIAGRAM ....................................................................................................... 51 ELECTRIC POWER SYSTEM DATA ............................................................................................................................ 52 ELECTRIC POWER SYSTEM DESCRIPTION ................................................................................................................ 53 ELECTRIC POWER FMEA TABLE ............................................................................................................................. 60 SUMMARY OF ELECTRIC POWER SYSTEM ANALYSIS ............................................................................................... 60
7.
POWER & VESSEL MANAGEMENT SYSTEM ...................................................................................................... 62 7.1 7.2 7.3 7.4 POWER AND VESSEL MANAGEMENT SYSTEM DIAGRAM ......................................................................................... 62 POWER AND VESSEL MANAGEMENT SYSTEM DATA ............................................................................................... 62 POWER & VESSEL MANAGEMENT SYSTEM DESCRIPTION ....................................................................................... 62 SUMMARY OF POWER & VESSEL MANAGEMENT SYSTEM ANALYSIS ...................................................................... 66
8.
AUXILIARY SUPPORT SYSTEMS............................................................................................................................ 68 8.1 8.2 8.3 DIESEL FUEL OIL SYSTEM ....................................................................................................................................... 68 LUBRICATING OIL SYSTEMS .................................................................................................................................... 71 HYDRAULIC OIL SYSTEMS ....................................................................................................................................... 71 Page 4 of 80 February 4, 2009
H8675 Rev C
Global Industries Ltd Global 1200 Pre-trial DP2 FMEA 8.4 8.5 8.6 8.7 8.8 8.9 COOLING WATER SYSTEMS ..................................................................................................................................... 72 COMPRESSED AIR SYSTEMS .................................................................................................................................... 75 FIRE PROTECTION SYSTEMS .................................................................................................................................... 76 EMERGENCY SHUTDOWN SYSTEMS ......................................................................................................................... 77 HVAC SYSTEMS ..................................................................................................................................................... 78 COMMUNICATION SYSTEMS .................................................................................................................................... 78
H8675 Rev C
Page 5 of 80
February 4, 2009
1.
1.1 1.1.1
INTRODUCTION
Purpose Noble Denton was contracted by Global Industries LTD. to perform and generate a dynamic positioning (DP) failure mode and analysis (FMEA) report. This report is the pre-trial DP FMEA. DP Class 2 vessels are required by classification society and industry standards to be capable of maintaining position and heading despite any single failure of any active system or component, or of any unprotected passive system or component. Classification societies and many potential clients require this to be proven by an FMEA report and FMEA test program. This report is the initial design review, based on customer provided documentation. Further information will be required to increase the reliability of the analysis. Method DP control systems maintain and correct position and heading by using the vessels thrusters to balance the wind, wave and current forces based on its position, heading and environmental sensors. For DP Class 2 operations, a vessel is not allowed to have a single failure that may cause the vessel to lose position or heading due to excessive thrust (drive off), insufficient thrust (drift off) or control errors (large deviations). There must be sufficient generators, main engines, thrusters, power supplies, controllers and reference systems online and redundantly configured for the vessel to remain in position if any item of equipment or section of the power distribution network should fail. The failure mode and effect analysis verifies these by examining the vessel design and identifying systems whose failure could affect the vessel's station keeping capability. These systems typically include: DP Control System, Thrusters and Thruster Control Systems, Electrical Power Generation, Distribution and Control Systems, Auxiliary Support Systems Vessel Management & Alarm Systems Fuel Oil Distribution, Purification & Transfer Systems Lubricating Oil Systems Hydraulic Oil Systems Fresh & Salt Water Cooling Systems Compressed Air & Pneumatic Control Systems Fire Protection Systems (e.g. CO2) Emergency Stop Systems Heating, Ventilation & Cooling Systems DP Communication Systems
Page 6 of 80 February 4, 2009
1.1.2
1.1.3
1.2 1.2.1
1.2.2
H8675 Rev C
1.2.3
Each of these systems control functions or components are examined to identify how they can fail (failure mode) and the effect of each type of failure on the system and on DP positioning keeping capability during DP Class 2 operation (failure effect). The analysis only examines individual failures and assumes that the systems are properly configured for operation in DP class 2, all equipment is available and working correctly (except for the failure mode being examined), and the vessel is operating within its worst case failure environmental limits. The information for the analysis is based on examination of the documentation provided by the shipyard and vendors. Initially, the analysis is only as accurate and complete as the information provided. After FMEA testing and survey, the FMEA report will be updated to reflect the actual installation and function at the time of survey and testing. Any future changes to the vessel should be evaluated for their effect on DP redundancy and the document updated as necessary. Applicable Standards The vessel keel date is 2005, so the applicable DP class rules are ABS Steel Vessel rules 2005. American Bureau of Shipping, Steel Vessel Rules, Part 4 Chapter 3 Section 5 15.1.1 Class notations and degree of redundancy:
DPS-2 For vessels which are fitted with a dynamic positioning system which is capable of automatically maintaining the position and heading of the vessel within a specified operating envelope under specified maximum environmental conditions during and following any single fault excluding a loss of compartment or compartments.
1.2.4
1.3 1.3.1 1.3.2
1.3.3
American Bureau of Shipping, Steel Vessel Rules, Part 4 Chapter 3 Section 5 15.5.2(a) DPS-2 Power Generation System:
Generators and their distribution systems are to be sized and arranged such that, in the event of any section of bus bar being lost for any reason, sufficient power is to remain available to supply the essential ship service loads, the critical operational loads and to maintain the vessel position within the specified operating envelope under the specified maximum environmental conditions. Essential services for generators and their prime movers, such as cooling water and fuel oil systems, are to be arranged such that, with any single fault, sufficient power remains available to supply the essential loads and to maintain position within the specified operating envelope under the specified maximum environmental conditions.
1.3.4
I.M.O. MSC/Circ. 645 Section 2.2.2:

For equipment Class 2, a loss of position is not to occur in the event of a single fault in any active component or system. Normally static components will not be considered to fail where adequate protection from damage is demonstrated, and reliability is to the satisfaction of the Administration. Single failure criteria include: 1. Any active component or system (generators, thrusters, switchboards, remote controlled valves, etc.). 2. Any normally static components (cables, pipes, manual valves, etc.) which is not properly documented with respect to protection and reliability.
1.3.5
I.M.O. MSC/Circ. 645 Section 3.2.3

For equipment class 2, the power system should be divisible into two or more systems such that in the event of failure of one system at least one other system will remain in operation. The power system may be
H8675 Rev C
Page 7 of 80
February 4, 2009
Global Industries Ltd Global 1200 Pre-trial DP2 FMEA run as one system during operation, but should be arranged by bus-tie breakers to separate automatically upon failures which could be transferred from one system to another, including overloading and shortcircuits.
1.4 1.4.1
Limitations The FMEA typically considers the failure of mechanical, electrical and control system hardware. The FMEA does not assess the structure of the vessel (a passive element that is already monitored), the efficiency of the co-ordination of the electrical protection scheme (requires regular testing and evaluation of the effect of system changes), deficiencies in component manufacturing or design, software design or inadequate maintenance. It is assumed that equipment design, system protection settings and maintenance practices are of sufficient standard to inhibit cross migration of any fault current and to efficiently identify losses of redundancy. The FMEA does not verify the quality of control software. It is also assumed that computer networks have been designed and tested to avoid common problems such as programming errors, program vulnerabilities and broadcast faults. The findings of the analysis can be invalidated by incorrect or incomplete design information or any modification that could affect the vessel's station keeping capability. Any such modification should be reviewed to evaluate its effects on system redundancy and documented in a revised FMEA. For Class 2 operations, the ships DP operators and engineers must be aware of the consequences of the failure of any single item of equipment, have chosen a redundant configuration and operate the vessel within the worst case failure environmental limits. It is possible to operate fully redundant vessels in a non-redundant manner and the ships crew must be careful not to negate redundant systems. The vessel should be operated at all times bearing in mind the thruster capacity after worst-case failure. Report Format An Executive Summary is provided at the beginning of this report to give a convenient overview of the purpose, subject, method, findings and conclusion of the analysis. The report body begins with an introduction to the project and its terms of reference and an overview of the vessel. This is followed by sections covering the DP control system, the thruster systems, the electric power system, the vessel management system (if it has active DP effects), and the auxiliary support systems. The sections deal with systems that have a direct effect on the dynamic positioning system and the vessels ability to maintain a set heading and position. Each section contains a simplified system diagram, a data table that quickly summarizes system information, a description of the systems components and how it operates, failure mode and effect analysis tables and a final subsection summarizing the findings of the system analysis.
1.4.2
1.4.3
1.4.4
1.5 1.5.1 1.5.2
H8675 Rev C
Page 8 of 80
February 4, 2009
1.5.3
The failure mode and effect analysis tables list the possible types of failure (failure modes) for each system and analyze the system effect, operator indication and DP effect of each failure mode. Failure modes with similar effects are lumped together as a general failure mode to make the table less unwieldy. Single point failures are highlighted in red, failure modes that may require DP intervention are high lighted in yellow and assumptions or unknowns are entered in red text for easy identification. Each sections final subsection summarizes the analysis results. It discusses significant failure modes (single point failure & DPO intervention), hidden failures that can reduce redundancy and identifies dangerous system configurations that effect system redundancy. It identifies failure modes in other systems that can affect the system, presents the worst case system failure and examines the reliability of the information the analysis was built on. This is all summarized in a final table that lists the number of identified single point failures, failures requiring DPO intervention, maintenance concerns raised by the analysis of hidden faults and rates the reliability of the system information. The information in the executive summary is taken directly from these tables. Abbreviations Used The following abbreviations are used in the document:
ABS A/C BT AMC AVC COS DC DG DGPS DMS DNV DP DPC DSB ECR EG ER ESB FMEA FO FW FWC Fwd GPS HO HPU HT HVAC IJS American Bureau of Shipping Air Conditioning Bow Tunnel Thruster Advanced Micro Controller Automated Vessel Control Common Operating System Direct Current Diesel Generator Set Differential Global Positioning System Data Management System Det Norske Veritas Dynamic Positioning Dynamic Positioning Cabinet Distribution Switchboard Engine Control Room Emergency Generator Engine Room Emergency Switchboard Failure Mode and Effect Analysis Fuel Oil Fresh Water Fresh Water Cooling Forward Global Positioning System Hydraulic Oil Hydraulic Power Unit High Temperature Heating, Ventilation and Cooling Systems Independent Joystick JB Ladar LO LT MCC MV MRU MSB OS OT P PCV PLC PROM PS RAM ROM ROV s S SB SBC SCR Sec Stbd SW SWC TCV TW UPS Junction Box Laser Ranging and Detection (laser radar) Lubrication Oil Low Temperature Motor Control Centre Medium Voltage (1100kV) Motion Reference Unit Main Switchboard DP Operator Station DP Operator Terminal Port Pressure Control Valve Programmable Logic Controller Programmable Read Only Memory Pressure Switch Random Access Memory Read Only Memory Remote Operated Vehicle second(s) Starboard Switchboard Single Board Computer Silicon Controlled Rectifier Section Starboard Seawater Seawater Cooling Temperature Control Valve Taut Wire Uninterruptible Power Supply
1.5.4
1.6
H8675 Rev C
Page 9 of 80
February 4, 2009
Abbreviations used in the text but not listed here are usually manufacturer model, part identification, metric notation (m, kV, etc.), common marine terminology or the ships equipment identification. 1.7 1.7.1 Vessel Overview Profile
1.7.2
Layout
H8675 Rev C
Page 10 of 80
February 4, 2009
1.7.3
Vessel
Length Breadth Depth Draft
162m
unknown 16m 6.6m
Type Tonnage Speed Built
Derrick Pipelay 8000 unknown 2005
Builder Owner Class Flag
Kepper SingMarine Global Offshore International ABS +AMS +ACCU, +DPS-2 USA
1.7.4
Propulsion
# T1 T2 T3 T4 T5 T6 T7 T8 Type & Location Port Main Azimuth Stbd Main Azimuth Port Stern Azimuth Stbd Stern Azimuth Port Bow Azimuth Stbd Bow Azimuth Center Bow Azimuth Bow Tunnel Fixed
Variable
Pitch Fixed
Speed Variable
Model Wrtsil FS3500NU
Drive 4.5MW Electric Motor Converteam MV7000
Fixed
Variable
Wrtsil FS1510/1530MNR
2.4MW Electric Motor Converteam MV3000
Wrtsil FT175M-D
880kW Electric Motor Converteam MV3000
1.7.5
Electric
DG 1 2 3 4 5 6 EG Switchboard 6.6kVac Port Generator Hyundai 4700Kva .8pf Diesel MAN 8L32/40 MAN 9L32/40 CAT 3508B Controllers HS7 AVR, SYMAP sync controller, AMC HS7 AVR, SYMAP sync controller, AMC CAT AVR, SYMAP
6.6kVac Stbd 480Vac
Hyundai 5300Kva .8pf Leroy Somer 1250Kva .8pf
1.7.6
Automation
Dynamic Positioning System Independent Joystick System Propulsion Control Systems Vessel Management Systems Converteam DPS-21 Converteam Converteam MTC Converteam AVC
1.7.7
Power Generation split

FO Redund Type DG1 DG2 2 split QCV Indep LO Indep Comp Air Start Air Only FWC 2 split SWC 2 split ESD IND 6.6kV User Set 480V 3 split 208V/DC Common MSB Cntrl 2 split PMS FS 2 split
2 Elect Pump
Mech Air Manual
Common Common Common supply from system system compressor ind. Mech. 3 Elect Mech to Air Pumps Pumps
IND IND
Feeds bus 1 Feeds bus 2
Pumps fed All Battery Must be from port Chargers fed supplied side and from from emergency emergency Battery
FS1
H8675 Rev C
Page 11 of 80
February 4, 2009

DG3 DG4 DG5 DG6 2 Elect Pump Air & Manual Mech Mech Mech Mech receivers 2 split by normally Common Common closed valves system ind. system Mech. 3 Elect Pumps Pumps IND IND IND IND Feeds bus 3 Feeds bus 4 Feeds bus 5 Feeds bus 6 bus Pumps fed from stbd side and emergency bus distribution Charger 1 board. Must be supplied from Battery Charger 2 FS2
1.7.8
Thruster Redundancy Overview

HO Redund Type T1 T2 T3 T4 T5 T6 T7 T8 Indep Elect Elect Elect Elect Elect Elect Elect N/A LO Indep Elect Elect Elect Elect Elect Elect Elect Elect Service Air Comnon Commo n piping controls T1-T7 shaft brakes & T3/T7 quick connect clutch Loss of service air should have no affect on running thrusters FWC 2 split SWC 2 split ESD Indep Elect Comm on System 2 elect. Pumps Comm on System 2 parallel coolers Elect Elect Elect Elect Comm on System 2 elect pump Comm on System 2 parallel coolers Elect Elect Elect 6.6kV 2 split Port Stbd Port Stbd Port Stbd C/O switch Port 480V 2 split Port Stbd Port Stbd Port Stbd P&E Port 208V 2 split DB9 DB10 DB9 DB10 DB9 DB10 DB9 N/A 24V 4 split DC4 DC6 DC4 DC7 DC5 DC7 DC5 N/A FS / UPS 4 split FS11 UPS4 FS12 UPS5 FS13 UPS4 FS14 UPS5 FS15 UPS6 FS16 UPS7 FS17 UPS6 FS18 UPS7
1.7.9
DP System Redundancy Overview

Gyro Process System Split Unit 1 Unit 2 Unit 3 Unit 4 Unit 5 TW Unit 6 Use Median Power 3 UPS 1 UPS 2 UPS 3 I/O 2 CC1 CC2 CC3 Wind Use Median Power 2 CC1 CC2 I/O 2 CC1 CC2 VRU Use Median Power 2 CC1 CC2 I/O 2 CC1 DGPS CC2 Acoustic CyScan UPS 3 Ship Sup UPS 1 Port 480V Stbd 480V CC2 CC2 CC1 CC1 CC2 IJS Controller UPS 3 Modbus IJS Work Station Ship Sup Ship Sup Modbus Modbus UPS 2 Type 4 Position References Weighting Power 2 UPS 1 I/O 2 CC1 DP Controller (CC1 & CC2) Diagnostic & Changeover Power 2 UPS 1 I/O 2 Dual Ethernet DP Work Station User Selected Power 2 UPS 1 UPS 2 I/O 2 Dual Ethernet
H8675 Rev C
Page 12 of 80
February 4, 2009
1.7.10 Safe Mode of Operation

System DP IJS Thrusters 6.6kV 480V 120/240V UPS/DC Power VMS/PMS Fuel Lube Oil Cooling ESD HVAC Environment Maintenance Redundancy Requirements All system sensors control computers, work stations, Ethernets and thrusters healthy and selected. Minimum of two independent position reference sensors selected. Healthy and ready. All thrusters running and healthy. All support services engaged. Sufficient thrusters selected to maintain redundancy in the available operating environment. See DP Ops Manual for details. Split bus, and DC control power to each side of the bus fed from different battery chargers. Switchboards split and fed from their transformers. EG ready to start. No ground faults. Auxiliary switchboard #2 CB Q103 to the emergency switchboard is to be closed and Auxiliary switchboard #1 CB Q3 to the emergency switchboard is to be open. This disables the automatic changeover circuit, but still allows the EG to auto start and connect to the bus Bus ties open and buses fed from their transformers. No ground faults. Batteries charged and power supplies healthy. Converteam operator stations and field stations healthy & ready Operate split, sample, settle, purify, stagger filling to allow detection of problems Maintain pipes, sample, and purify. Maintain pipes, connections & coolers, no heavy lifts or hot work near common FWC or SWC piping during DP2 operations All power sources ready with no wire break alarms. Running & effective. Operate within worst case environment envelope Regular maintenance and testing in accordance with the manufacturers recommendations for the equipment operating environmental and conditions. This is the foundation of future redundancy.
H8675 Rev C
Page 13 of 80
February 4, 2009
2.
DP SYSTEM
Cyscan Wind 1 Wind 2 DGPS 1 DGPS 2 Gyro 1 Gyro 2 Gyro 3 VRU 1 VRU 2 Tautwire 1 Tautwire 2 Survey Box Acoustics
Legend
Net A Net B Net C/ Modbus MTC Net Serial to CC03 Serial to CC02 Serial to CC01 Serial to WS03
AFT WH CCO1 (DP) CCO2 (DP)
FWD. WH Printer 1 Remote Access Printer 2 Helideck mon syst WS08 (MTC) WS05 (IJS) WS06 (MTC) WS07 (MTC) WS01 (DP) WS02 (DP) WS03 (PME) WS04 (IJS) Controller (IJS)
ECR WS10 (MTC) WS09 (MTC)
NS01 (Net A)
NS03 (Net A)
NS05 (Net A)
NS02 (Net B)
NS04 (Net B)
NS06 (Net B)
FS18 (T8)
FS17 (T7)
FS16 (T6)
FS15 (T5)
FS14 (T4)
FS13 (T3)
FS12 (T2)
FS11 (T1)
FS01 (PMS)
FS02 (PMS)
UPS 1
UPS 2
UPS 3
UPS 4
UPS 5
UPS 6
UPS 7
Ship Supply
2.1
DP System Data
DP Control System IJS Control System Converteam DPS-21 Converteam DP UPSs DP Switch Seven 4.5kVA, 230V 60Hz with earthed neutral Converteam Internal Switch logic, selection switches at each MTC panel L1 GPS with Spotbeam/Inmarsat, WAAS & IALA L1 GPS with Spotbeam, WAAS & IALA Position relative to reflective targets Position relative to beacons 480V vessel supply Position relative to angle of cable.
Position References DGPS 1 Veripos DGPS LD3 DGPS 2 Laser Acoustics Tautwire 1 Tautwire 2 CyScan MK-2 Sonardyne Fusion USBL Converteam A series DP UPS 3 DP UPS 1 DP UPS 1
H8675 Rev C
Page 14 of 80
February 4, 2009
Global Industries Ltd Global 1200 Pre-trial DP2 FMEA System References Gyro 1 Gyro 2 Gyro 3 Wind Sensor 1 Wind Sensor 2 VRU 1 VRU 2 Power Supplies
UPS 1
DP UPS 1 TSS Meridian Standard DP UPS 2 DP UPS 3 Gill Instruments Ultrasonic TSS DMS-10 Input Main-PDB7(P) Emergency.- EPDB1 CC01 CC02 CC01 CC02 Wind force correction Pitch/Roll correction Output CC01, WS01, WS06 supply 1A, WS07 supply 2B, WS08 supply 1A and 2A, WS03, DP Printer 1, Gyro 1, CyScan, DP Alert System, NS01 Wind 1, VRU 1 CC02, WS02, WS06 supply 2B, WS07 Supply 1A, WS08 supply 1B and 2B, DP printer 2, Gyro 2, DGPS 1, NS02 Wind 2, VRU 2 CC04, WS04, WS05, Gyro 3, DGPS 2, WS13, AVC alarm/events printer, Helideck HMS system interface cabinet WS09 supply 1A, FS11(T1), FS13(T3), NS05, Port Aft Winch LCP 1 and 2 WS09 supply 2B, FS06, FS12 (T2), FS14 (T4) NS06 WS10 supply 1A, FS15(T5), FS18(T8), NS03, FS01, FS17(T7) supply 1 WS10 supply 2B, FS16(T6), NS04, FS02, FS17(T7) supply 2 TW1, TW2, Acoustics Heading Reference
CC01 24Vdc
UPS 2
CC01 AC Input (UPS 1) Main-PDB7(S) Emergency- EPDB1
CCO2 24Vdc
UPS 3
CC02 AC Input (UPS 2) Main-PDB7(P) Emergency- EPDB1
UPS 4 UPS 5 UPS 6 UPS 7 Ship AC Supply
Main-PDB1 Emergency- EPDB2 Main-PDB2 Emergency.- EPDB2 Main-PDB1 Emergency- EPDB2 Main-PDB2 Emergency- EPDB2 PDB7(port and starboard)
Other: Sources Converteam DP FMEA document DV5P01C01 Ver. 5 06 Aug 08 Converteam ESDI-1R42974 different sheets have different revision numbers no date Converteam ESAS-1R-42951 Rev. 8 sheet 1 12-11-08 Converteam DP Functional Design Specification document DV1P2C1 14-Oct-08
2.2 2.2.1
DP System Description Redundancy Concept: The DP Control system is essentially a two split system that relies on software and hardware fault detection and elimination to enhance its redundancy. It has two control computers, operator stations and Ethernet networks. It lacks the extra wind sensor and VRU required for automatic fault resolution. Overview: The Global 1200 uses a dual redundant Converteam DPS-21 dynamic positioning control system. The system consists of two DP work stations, two DP control cabinets, two IJS
2.2.2
H8675 Rev C
work stations, one IJS control cabinet, six manual thruster control stations, two alarm printers, six network switch boxes, eight thruster field stations, seven uninterruptable power systems, seven system references, and six position references. The DP and IJS controllers and workstations are located on the bridge with four MTC stations. The remaining two MTC stations are located in the ECR. The vertical reference units are located at the ships center of gravity, while the DGPS antennas, CyScan, and wind sensors are located on the bridge top. The Tautwire systems are located on the main deck, and the field stations are located near their respective thruster. 2.2.3 DP Controller: The heart of the system is the marine controller inside the Control Cabinet. The marine controller receives and analyzes the system and position reference information, communicates with the work stations, and monitors and commands the thrusters. One controller is in command and the second controller is in standby. Each controller calculates independently and the standby computer takes over if the primary computer should fail. If there is a mismatch between the computers sensor and/or thruster selection/availability the controller will generate a mismatch alarm. Work Stations: The operator consoles display the system settings and status, and relay the operator commands to the DP control computers. Each workstation consists of: a HMI PC, a touch screen LCD monitor and an operator panel. The operator panel includes a DP joystick, a moment control potentiometer, glide-pad, pushbuttons and LEDs to provide manual control for the DP system. Only one of the consoles is used for active control but the second console can be used for display. The standby console is updated by the console in command and can take control if that console fails. Command can be transferred between consoles. Two star-shaped Ethernet networks connect the two operator consoles, and the two controllers. Ethernet: A dual Ethernet link exists between the workstations, control cubicles and the field stations; only one of these pairs of Ethernet links is active at any one time, the other link being in standby mode. The combined network is relatively immune to simple hardware failures but can still fail due to incorrect software settings or data overload. It is assumed that Converteam has designed the system so it is immune to common network faults. System Sensors: The system sensors monitor the vessels heading, pitch/roll and wind speed/direction. These sensors are used to maintain heading, display vessel motion and estimate wind load. The system sensors consist of two TSS DMS-10 vertical reference units, two Gill Instruments Wind Observer 2 ultrasonic wind sensors and three TSS Meridian gyrocompasses. While this meets the 2005 ABS rules, IMO and IMCA recommend 3 VRUs and 3 wind sensors. ABS rules started requiring 3 wind sensors in 2008 and require a 3rd VRU if they correct all position references. This vessel is grandfathered from the latest ABS requirements, but 2008+ vessels must have them and some oil companies already require 3 sensors of each type. System Sensor Handling: DP system monitors all enabled system sensors with three references (gyro) the system will automatically reject the mismatched sensor. When there are only two system sensors enabled (wind and VRU) the system uses the average of both inputs for system calculations unless it detects sensor faults. The DPS-21 rejects a wind sensor on loss of serial, jump, freeze or fast drift but requires operator correction for slow drift. The DPS-21 rejects a VRU for jump, freeze, or lost signal but not drift. The DPS-21 rejects a gyro on large jump and
2.2.4
2.2.5
2.2.6
2.2.7
H8675 Rev C
with three sensors selected will deselect a gyro on drift or freeze. If two sensors disagree then the system generates a mismatch alarm and DPO must decide which sensor is the faulty one and deselect it. Converteam two sensor systems depend on operator action to resolve system sensor faults but industry recommendations are to have automatic rejection of a faulty sensor. Based on this, we recommend the installation of an extra wind sensor and VRU to allow automatic rejection of a faulty sensor. 2.2.8 Position Reference Sensors: The position reference sensors monitor the position of the vessel in absolute or relative terms. The vessel has four relative position reference systems consisting of a CyScan that uses the distance and angle from a reflective target to establish position, a Sonardyne hydro-acoustic relative position reference system that determines distance from under water beacons by acoustic delay, and two Tautwire systems that use the angle of the attached cable from the bottom of the seabed to the release mechanism to establish position. The vessel has two absolute position reference systems consisting of two Veripos DGPS systems that combines the global positioning satellite position reference signals with radio correction signals to establish position. One Veripos is equipped with a switch that can be changed between Spotbeam and Inmarsat differential corrections, the second Veripos utilizes Spotbeam. Position Reference Handling: The DP system weighs the value of each selected position reference automatically according to the variance of its position or operator weighting. Sensors are rejected for the following reasons: frozen information, sudden jumps in position, large position variance, and large variance compared to the calculated position and slow drift. The table below shows the position reference systems and groups them by common vulnerability. Equipment in the same row are interfaced to the same CC while the equipment in the same column are based on the same principle and are subject to common mode failures. The minimum redundant configuration can be checked by ensuring that at least 2 sensors do not share the same column or row.
DGPS1 DGPS2 CyScan HPR Taut 1 Taut 2
2.2.9
2.2.10 DP Switch: The DP/IJS/Manual mode selection is done through internal software. Each station has a Control Here PB. Pressing this button at the station in control causes the buttons light to start flashing at all available consoles. Control is taking at the new station by pressing its control here PB. If the DP system fails, control is automatically offered to the IJS. On loss of both the DP and IJS control is automatically offered to the MTC. 2.2.11 Thruster Interface: Eight field stations each provide analogue and digital I/O to each one of the vessels thrusters. At the heart of each field station is the AMC processor. Each field station communicates thruster ready and feedback signals to the DP system, thruster data to the AVC over the Ethernet network, communicates with the IJS over dedicated serial links, and outputs hard wired reference signals to the thruster steering and pitch controls. Reference signals to the Converteam variable speed drives is via Ethernet (DP) or modbus (IJS). IJS or MTC control is still available in the unlikely event of a dual Ethernet failure.
H8675 Rev C
Page 17 of 80
February 4, 2009
2.2.12 DP Power: The most important services are supplied from seven, 230Vac uninterruptible power supplies that are protected against over-voltage.
DP UPS 1 Main Supply Emergency Supply PDB7(P) EBDB1 WS01 CC01 Wind 1 Gyro 1 CyScan DP Printer 1 DP Alert NS01 DP UPS 2 PDB7(S) EBDB1 WS2 CC02 Wind 2 Gyro 2 DGPS 1 DP Printer 2 NS02 DP UPS 3 PDB7(P) EBDB1 DGPS 2 CC04 WS04 WS05 Gyro 3 DGPS 2 DP UPS 4 PDB1 EBDB2 FS11 T1 FS13 T3 NS05 DP UPS 5 PDB2 EBDB2 FS12 T2 FS14 T4 NS06 DP UPS 6 PDB1 EBDB2 FS15 T5 FS18 T8 FS17 T7 NS03 DP UPS 7 PDB2 EBDB2 FS16 T6 FS17 T7 NS04
Loads
2.2.13
Independent Joystick: A Converteam independent joystick system is available for use if the dynamic positioning system fails. It is supplied and controlled by a dedicated processing unit that in turn is powered by UPS 3 fed from both main and emergency 208V. It allows automatic heading control, automatic wind compensation and control of all available thrusters from a joystick after failure of the DP system. It communicates with each field station and reference systems via individual RS485 serial links. DP Control System FMEA Table:
# Fault Effect Indication Position Reference Systems Loss of one position reference. DGPS failed alarm DGPS 1 & 2 failed alarms DP Effect
2.2.14
1a
DGPS 1 or 2 failed Radio interference
No immediate effect on position keeping. Other position references still available. No immediate effect on position keeping. Other position references still available. Possible DPO Intervention. If only three reference systems then Vessel averages away from position until the DGPS are deselected. With four or more reference systems DGPS will be rejected. No immediate effect on position keeping. Other position references still available. No immediate effect on position keeping. Other position references still available.
1b
Loss of all radio based position references.
1c
Faulty IALA, delayed signal, low # of satellites
Both DGPS wrong together. Quick drift or jumping can be detected by the DP system.
Position reference alarms
1d
CyScan failed
Loss of one position reference. CyScan incorrect and rejected by DP system for high variability or quick jump. CyScan failed alarm
1e
Multi target
H8675 Rev C
Page 18 of 80
February 4, 2009
Global Industries Ltd Global 1200 Pre-trial DP2 FMEA # 1g Fault False Target Effect CyScan incorrect and rejected by DP system for high variability or quick jump. Lose of one position reference Tautwire incorrect and rejected by DP system for high variability or quick jump Loss of one position reference. Indication DP Effect No immediate effect on position keeping. Other position references still available. No immediate effect on position keeping. Other position references still available. No immediate effect on position keeping. Other position references still available. No immediate effect on position keeping. Other position references still available. No immediate effect on position keeping. Other position references still available. No immediate effect on position keeping. Other wind sensor still available. No immediate effect on position keeping. Loss of direct wind compensation. Position keeping may be rougher. DPO must select the good wind sensor, if it can be identified, or position may be lost. No immediate effect on position keeping. Loss of one gyroscope. Other gyroscopes ok. System defaults to selected or next gyro. If a second fault occurs the DPO must be ready to select the good gyro. No loss of heading. Loss of gyro redundancy. No loss of heading. Loss of gyro redundancy No immediate effect on position keeping. Loss of redundant sensor.
1h
Tautwire Failed Tautwire incorrect data Acoustic Failed Acoustic incorrect data
Tautwire failed alarm Tautwire failed alarm Acoustic beacon failed alarm
1i
1j
1k
Acoustics incorrect and rejected Acoustic beacon by DP system for based on fault failed alarm bit set in telegram System Sensors Loss of one wind sensor. Wind failed alarm Wind 1, and 2 failed alarms Wind direction mismatch alarm.
2a
Wind sensor failed Ultrasonic interference and some weather conditions wind sensor incorrect data Gyroscope 1 failed Gyroscope 2 failed Gyroscope 3 failed Heading jump Heading mismatch VRU failed
2b
Loss of all wind sensors
2c
Incorrect wind compensation. Loss of one gyrocompass. IJS auto heading control not available. Loss of one gyrocompass. Loss of one Gyrocompass DP system rejects a large jump. DP system rejects selected gyro Loss of one VRU. Secondary VRU continues to operate
2d 2e 2f 2g 2h 2i
Gyro failed alarm
Gyro rejected alarm
VRU failed alarm
2j
A VRUs data is incorrect
The VRUs are used to correct the CyScan, Acoustics & DGPS position reference data for VRU difference vessel movement. False alarm corrections cause false position data. DP system rejects data out of a certain window DP Controllers
DPO must select the good MRU, if it can be identified, or position may be lost.
H8675 Rev C
Page 19 of 80
February 4, 2009
Global Industries Ltd Global 1200 Pre-trial DP2 FMEA # 3a Fault In command DP controller AMC failed Standby DP controller AMC failed MAE 99-04 serial link panel failed In command DP controller 24Vdc PSU failure Standby DP controller 24Vdc PSU failure Effect Standby controller detects fault and takes command. No disruption of in command controller. Standby no longer available Loss of equipment associated to failed serial link panel. Standby controller detects fault and takes command. Loss of some sensors and PME equipment No disruption of in command controller. Standby no longer available. . Loss of some sensors and PME equipment Indication Controller failed and command transfer alarm Controller failed alarm. loss of connected sensors and/or PMEs with DP alarms. Controller, sensor, PME failed and command transfer alarms Controller, sensor and PME failed alarms DP Effect No immediate effect on position keeping. Loss of DP controller. No immediate effect on position keeping. Loss of DP controller. No immediate effect on position keeping. Possible loss of sensor and/or PME redundancy. No immediate effect on position keeping. Loss of DP controller, sensor, and PME redundancy. No immediate effect on position keeping. Loss of DP controller, sensor, and PME redundancy.
3b
3c
3d
3e
4a
DP workstation display failed
Operator Workstations Display not available. Panel and other workstation displays Display not still ok. Changes can still be available but input to this workstation from panel information the panel but should be done still good. with care. No response to operator joystick or turning moment commands. System does not respond to panel commands.
No immediate effect on position keeping. Reduced workstation redundancy. Other workstation available for control. DP system continues operating normally. No immediate effect on position keeping. Reduced workstation redundancy. Other workstation available for control. DP system continues operating normally. No immediate effect on position keeping. Reduced workstation redundancy. Standby workstation available for control. DP system continues operating normally. No immediate effect on position keeping. Control also available at plug-in operator terminals. No immediate effect on position keeping. .Control can be assumed at remaining DP workstation. No immediate effect on position keeping. Loss of backup system
4b
DP workstation panel failed
4c
DP workstation glide pad failed
Changes can still be input to this workstation from LCD Touch screen.
System does not respond to glide pad commands Audible alarm at the redundant work station, frozen or dead display Display turns black Workstation network alarms
4d
DP workstation CPU/Ethernet Failures DP workstation LCD Failed Independent Joystick failed
Loss of one operator console. Control offered to standby work station. No operator Display, panel and glide pad still operational IJS not available as backup. The IJS should be tested before entering DP.
4e
4f
H8675 Rev C
Page 20 of 80
February 4, 2009
Global Industries Ltd Global 1200 Pre-trial DP2 FMEA # Fault DP workstation 24Vdc PSU Effect Failure detected by controller. Loss of workstation panel control offered to standby work station Indication Flashing visible alarm on LCD and audible alarm DP Effect No immediate effect on position keeping. Reduced workstation redundancy. Standby workstation available for control. DP system continues operating normally. No loss of heading or position. DP system compensates with remaining thrusters. No immediate effect on position keeping. DPO must quickly determine if the problem is loss of feedback or lost thruster control. In this case the problem is feedback and DP control does not deteriorate despite the alarm. DPO action required. DPO must quickly determine if the problem is loss of feedback or lost thruster control. In this case the problem is lost control, position keeping deteriorates and environmental current changes value. The DPO must recognize these signs and deselect the thruster. If the thruster continues thrusting after deselect it must be stopped. No loss of heading or position. DP system compensates with remaining thrusters. No loss of heading or position. DP system compensates with remaining thrusters. No immediate effect on position keeping. Communication continues on remaining link to that device. No immediate effect on position keeping. Communication transfers to healthy network. Communication redundancy lost. No immediate effect on position keeping. Limited operating time until failure. No loss of DP after
4g
Thruster Field Stations 5a Field station Processor failure Loss of associated thruster. Lost or incorrect feedback. System model is not disrupted because thruster feedback is not used in force calculations. (System assumes commands are followed and alarms on the difference). DP alarm and deselect.
5c
Analogue module input
Thruster DP feedback alarm
5d
Analogue module output failure
Lost or incorrect command. System model begins being corrupted because the force calculations assume commands are followed. The force difference between the expected and the actual thrust begins building into the model as environmental current. Loss of thruster ready. Thrust command set to zero. Thruster follows command. Loss of associated thruster.
Thruster DP feedback alarm
5e
Digital input module failure Field Station 24Vdc PSU failed
Loss of ready DP alarm and deselect. DP alarm and deselect.
5f
Ethernet 6a Loss of one link. Loss of redundant link to one field station, workstation or controller. Loss communications failed network. Redundant network continues to function. Ethernet link failed alarm
6b
Network A or B switch failed
Ethernet link failed alarms
DP Power 7a DP UPS 1 or 2 Charger fault UPS on battery backup for a minimum half hour. UPS input alarm
H8675 Rev C
Page 21 of 80
February 4, 2009
Global Industries Ltd Global 1200 Pre-trial DP2 FMEA # 7b Fault DP UPS 1 or 2 output failed DP UPS 4, 5, 6 or 7 Charger fault Effect DP degraded to simplex mode. Loss of one workstation, some sensors and PMEs. UPS on battery backup for a minimum half hour. Loss of two thruster field stations, one feed to the MTC desks, and power feedback signals from one of the switchboards Indication Many alarms. DP Effect No immediate effect on position keeping. Loss of redundancy. No immediate effect on position keeping. Limited operating time until failure. No loss of DP after No loss of heading or position. DP system compensates with remaining thrusters and sensors.
7c
UPS input alarm
7d
DP UPS 4, 5, 6 or 7 output failed
Many alarms.
2.3 2.3.1
Summary of DP System Analysis Significant Failure Modes: The analysis found no single point failures and three failure modes that may require DPO intervention: 2c Faulty wind compensation - Drastic error in the selected wind sensor may cause loss of position due to incorrect wind compensation. DPO must quickly identify and select the healthy wind sensor. 2m - False VRU correction data - Converteam DP systems use the VRU data to correct the position references for the motion of the vessel rather than using mathematical filtering. This allows fast accurate results when the VRUs are correct but causes all references to appear to move if the VRU is wrong. DPS-21 rejects a VRU for jump, freeze or lost signal but not drift. As the position references are dependent on the accuracy of the selected VRU and the VRUs have known failure modes, Converteam systems that use VRUs to correct position reference systems need three VRUs to allow automatic correction of a VRU fault. 5d Thruster field station analog output module failure - Expected and actual thrust dont match because the thruster does not perform as expected. This endangers the DP model and the thruster has to be deselected or stopped. Hidden Failures: The analysis identified failures that could reduce system redundancy:
Failure DP software not updated Battery failure Problem Software may resolve hidden faults that were discovered on similar systems on other vessels No battery backup when charger fails. Solution Regularly check for new software revisions and install proven solutions. Regular battery maintenance and regular testing under load.
2.3.2
2.3.3
Maloperation: Converteam equipment is protected against accidental maloperation by requiring vital push buttons to be pressed twice to operate. Light objects that may bounce, such as a phone receiver, should be kept from above these buttons. Configuration Analysis: When only three reference systems are being used the DPO must ensure proper weighting between position references to ensure redundancy as DGPS 1 & 2 are really a single reference.
2.3.4
H8675 Rev C
2.3.5 2.3.6
Related Failures: This system is affected by thruster, power and some auxiliary support system faults. These failures are examined in the appropriate sections. Worst Case Failure: The worst case failure is loss of position or heading due to an unrecognized VRU fault. While it was once considered possible for a DPO to correct these faults, greater experience has lead to the industry requiring three of these sensors to allow automatic correction of these faults. Accuracy: The analysis is based on the Converteam documentation and the shipyard power one lines. Failure modes not included in this analysis include software fault causing loss of position and network faults causing loss of communication. These problems have occurred in operation on other vessels but are rare but should be included in the Converteam analysis. Analysis has not yet been confirmed by survey or testing. DP System Summary: Single Point Failures DPO Intervention Required Maintenance Issues Analysis Accuracy 0 4 2 Medium
2.3.7
2.3.8
H8675 Rev C
Page 23 of 80
February 4, 2009
3.
3.1
MAIN AZIMUTH THRUSTERS

Azimuth System Diagram
H8675 Rev C
Page 24 of 80
February 4, 2009
3.2
Main Azimuth System Data

Type Propeller Pitch Speed Range Deployment Steering Steering HPU Source Gear Box Lower VSD Drive Power Drive Auxiliary Power Drive Motor Drive Motor cooling Other: Sources: Azimuth Thruster 5 blade, 3.6m Ni Al. Bronze Fixed 0 to 170 RPM Permanent (bolted) 360, 2 rpm, 2 2 480V pumps. Type
90, Reduction, Azimuth
Manufacturer/Model Nozzle Pitch Control Speed Control Deployment Control Steering Control Steering Cooling Cooling
Wrtsil FS3500 NU Yes. LIPS HR N/A Converteam MV7000 VSD N/A Wrtsil Lip Controller Oil Coolers supplied FWC system Lubrication
LO FW cooler
Forced (elect pump, header tank) 220 and 24vdc 220V, 24Vdc primary and backup T1=Port 6.6kV switchboard T2= Starboard 6.6kV switchboard Fresh water cooled, Internal glycol
Main 6.6kVareduced to 1680V, Auxiliary 480V 4500kW Electric motor 2 Electric pumps Thruster FWC Sys. T1 and T2, Air Brake
VSD control Power Thruster Controller Power Drive Power source
VSD cooling
Wrtsil FS3502-571 NU Installation Manual Rev. 1 5-9-2007 Converteam PV1P01C02S01_B_Propulsion System Functional Requirements T1 & T2.doc
3.3 3.3.1
Main Azimuth System Description Redundancy Concept: These two thrusters provide most of the stern surge sway and yaw power. The thrusters have independent power and separate control circuits, but share the aft FWC system with each other and the two other aft thrusters. The aft FWC system has 2 independent electric pumps and 2 coolers but the common piping means that proper protection of this system is vital to redundancy. Location: Thruster one is located in the propulsion room aft PS while thruster two is located in the propulsion room aft SB. The MV7000 cabinets and auxiliary equipment are located near the thrusters. Each thruster has manual controls in the forward Bridge, DP control room and in the ECR. 6.6kV supply transformer: Each thrusters drive power is supplied from a dedicated 5.8MVA, water-cooled, 6.6kV/1680V transformer. The transformer has an auxiliary service that is supplied from the auxiliary switchboard associated with the thruster. The transformers are cooled with water from the thruster FWC system. The transformer supply breaker is tripped by transformer winding over temperature or secondary over current. The VSD monitors the transformer for faults. The VSD controls the starting and stopping of the transformer auxiliary services
3.3.2
3.3.3
H8675 Rev C
3.3.4
VSD Control: The Propeller speed is used to control the magnitude of thrust from each thruster because the blade pitch is set. The VSD controls the propeller speed by varying the motor speed from zero to 600rpm. The VSD is under Converteam field station command except during local emergency operation. The VSD is monitored from the associated Converteam field station. The field station monitors alarm and status contacts plus the analog feedback signals. It sends command signals, speed commands and a power limit signal to the VSD via Ethernet. LIPs receive motor and brake control contacts from the VSD. The LIPS controller provides the VSD with a start permissive contact. VSD Support: Each of the Converteam supplied MV7000 variable speed drive units is equipped with an independent (secondary) internal glycol cooling system. This cooling system is then cooled by an external (Primary) FW cooling system. Each VSD is supplied with power from a fresh water cooled transformer fed from the main switchboard. The drive hardware is controlled by a Programmable Electronic Controller (PEC), which is linked to the dual redundant network for communication with the DP, VMS and MTC. A single MODBUS serial link to a GE Quick panel MMI provides local alarms and monitoring. Drive Motor: Each azimuth thrusters shaft rotation power is supplied by a vertically mounted 4.5mW, 12-pole, 0-600 rpm electrical motor that is connected to the thruster by a flexible coupling. The motor has self-contained greased roller bearings and is cooled by the thruster FWC system. The drive motors are protected by RTDs that are monitored by the VSD and have leak detectors for alarm. Each motor has a pneumatic shaft brake. Wrtsil speed feedback is also taken from the motor shaft. Thruster FWC: Each thrusters motor, lube oil and hydraulic oil system is cooled from the aft thruster FWC system. Both azimuths share the same cooling system but they are protected against failure by using redundant pumps. Failure of the running pump causes the vessel management system to start a standby pump. The fresh water is cooled by two parallel seawater coolers. Lower gearbox: The lower gearbox rotates for azimuth steering, changes the vertical shaft rotation to horizontal rotation and reduces the output propeller shaft speed (1:3.538). It is lubricated by 2 electric pumps arranged in a primary/secondary arrangement and cooled by the aft Thruster FWC system. The gears are supported by roller bearings; the output shaft has a triple lip seal, the input shaft a lip seal and other parts are sealed by O-rings. The lube oil pumps are started/stopped/monitored from Wrtsil/Converteam and feed from the auxiliary switchboard. The associated Converteam field station monitors lube oil alarms. Propeller: Each propeller is a five-bladed, 3.6m diameter, fixed-pitch unit. Each propeller sits in a thruster nozzle bolted to the lower gearbox housing. The nozzles are constructed of mild steel grade A, with stainless steel in way of propeller to end of trailing edge. Aluminum anodes provide cathodic protection of the lower gearbox, propeller and nozzle.
3.3.5
3.3.6
3.3.7
3.3.8
3.3.9
3.3.10 Steering Hydraulics: Each lower gearbox is rotated by an electrically controlled hydraulic system to control the direction of thrust (propeller blade pitch is fixed). The position of the lower gearbox is set by hydraulic motors that can turn the lower gearbox using gear drives and the
H8675 Rev C Page 26 of 80 February 4, 2009
toothed rim of the lower section. The hydraulic pressure to change the motors positions is supplied by a positive displacement hydraulic pump driven by an electric motor. Two proportional solenoid control valves control the volume and direction of the pump flow to the hydraulic motors. One is used to control the volume of flow, or speed of the motors, while the second valve is used to control the direction of flow, or motor rotation. When the proportional valves are in the zero position the steering motors are hydraulically locked and will not suffer from rotation creepage providing the hydraulic oil system is in good condition. Other hydraulic valves regulate pressure and release overpressures. An oil cooler supplied with fresh water from the fresh water cooling system cools the steering hydraulic oil. Steering position is given via mechanical feedback and electrical transducers supply the steering feedback for display and control. The electrical steering pump are setup primary and secondary when steering pressure is low the standby pump will start. 3.3.11 Wrtsil Steering Control: The LIPS controller can be used to control steering locally, but is normally controlled from the Converteam field station associated with that thruster. It compares the direction command, from the system selected for control, with the actual direction given by the steering control feedback. The difference between the two is used to determine the direction and rate of desired change. The rate of change is used to control the proportional control valve. As the thruster nears the required position, the required rate of change lowers and stops when the thruster is within tolerance of the command. The Converteam field station uses separate steering feedback pots but they are not independent as they share a same mechanical feedback link. Separate pots allow a single failed pot to be corrected but a failed feedback link must be protected against by good maintenance, calibration and watch keeping. The associated Converteam field station monitors the Wrtsil controller for alarm and status contacts and analogue steering feedback. It sends command contacts and an analogue steering command to Wrtsil. This allows the controller to react to loss of steering command with a major fault alarm. In this case, typical thruster control logic expects the field station to identify the thruster as not ready for DP and stop the drive motor. This will be verified during trials. 3.3.12 Field Station: The field station associated with each thruster provides the control access for the DP, MTC and IJS systems. If DP control is selected, then the DP system controls and monitors the thrusters over the dual Ethernet network. If IJS control is selected, then the IJS system controls and monitors the thrusters over its dedicated serial link interface. The MTC consoles contain the protected thruster emergency stop buttons and allow individual, group or joystick thruster control. Each field station receives control power from a Converteam supplied 220V UPS. Converteam protects their equipment from supply over-voltages. 3.3.13 Thruster Control: The VSD is normally controlled by the DP system but can be controlled from the MTC stations on the Bridge, or the MTC ECR in an emergency or for maintenance. Communication between the field station and DP is via dual Ethernet. MTC communicates utilizing an independent Ethernet system, while the IJS uses serial communication (Modbus). The motor drive does an internal systems and auxiliary status check and if healthy and in remote, it sends a ready to start signal to the MTC. When the drive is started it becomes available for control at each control station (MTC, IJS, DP) after the thruster is selected for control by a station it begins following the field station commands. The field station communicates with the
H8675 Rev C
Page 27 of 80
February 4, 2009
DP system to determine the system in control (MTC, DP or IJS) and sends that systems speed command to the VSD. 3.3.14 Redundancy/Commonality: Both thrusters have aft thruster FWC and SWC systems piping in common. Service Air 3.4 Main Azimuth System FMEA Table
Failure Effect Indication Converteam MV7000 Signals Shorted over temperature fault signal from XFMR to VSD Open over temperature warning signal from XFMR to VSD Open water leak detection signal from XFMR to VSD Open cooling fan status signal from XFMR to VSD Open RTD signal from XFMR to VSD Open RTD signal from MOTOR to VSD Failed net A FSVSD Failed net B FSVSD Open E-Stop signal to VSD Thruster not ready alarm on DP. Thruster deselected from DP. Manual & DP feedback indicates zero thrust Hidden fault. Possible automatic S/D without warning on overheating No loss of heading or position. Loss of one thruster. DP Effect
1a
Motor shut down
1b
High temperature warning not available
No loss of position or heading. Thruster continues to operate
1c
alarm on false water leak detection False loss of cooling fan alarm power reduced Loss of temperature monitoring Loss of temperature monitoring No redundancy in communication No redundancy in communication Unable to remotely EStop VSD Depending on the source, effects could range from a flicker in speed to an incorrect speed setting to full RPM.
False water leak alarm
No loss of position or heading. Thruster continues to operate No loss of position or heading. Thruster continues to operate No loss of position or heading. Thruster continues to operate No loss of position or heading. Thruster continues to operate No loss of position or heading. Thruster continues to operate No loss of position or heading. Thruster continues to operate No loss of position or heading. Thruster continues to operate
1d
VSD system fault alarm
1e
1f
1g 1h
VSD system fault alarm VSD system fault alarm Local VSD alarm E-Stop Wire break detected alarm. VMS alarm VSD system fault alarm DP feedback DP command. Possible RPM feedback alarm on DP.
1i
1j
Incorrect DP Speed Command.
DPO Intervention. DP assumes requested thrust is achieved faulty command causes inaccuracy in model. DPO to E-Stop thruster if station keeping endangered.
1k
Loss of Speed Feedback to VSD.
Motor shut down
Thruster not ready alarm on DP. Thruster deselected from DP. Manual & DP feedback indicates zero thrust Possible DP feedback alarm. Wrtsil- LIPS Controller
No loss of heading or position. Loss of one thruster.
1l
Incorrect Speed Feedback to VSD.
The thruster still follows DP commands. No effect on DP
2a
Open motor start allowed LIPS to VSD Open motor off signal VSD to LIPS
Unable to restart VSD
No loss of heading or position. Thruster continues to operate restart unavailable No loss of heading or position. Thruster continues to operate.
2b
No panel indication
No indication on local control
H8675 Rev C
Page 28 of 80
February 4, 2009

Failure 2c Open release brake signal VSD to LIPS Effect Unable to remotely engage brake Indication Brake does not engage remotely local operation available Thruster not ready alarm on DP. Thruster deselected from DP. Manual & DP feedback indicates zero thrust Thruster not ready alarm on DP. Thruster deselected from DP. Manual & DP feedback indicates zero thrust Thruster not ready alarm on DP. Thruster deselected from DP. Manual & DP feedback indicates zero thrust Thruster not ready alarm on DP. Thruster deselected from DP. Manual & DP feedback indicates zero thrust. Thruster not ready alarm on DP. Thruster deselected from DP. Manual & DP feedback indicates zero thrust VMS alarm thruster steering standby pump running Thruster not ready alarm on DP. Thruster deselected from DP. Manual & DP feedback indicates zero thrust DP feedback DP command. Possible thruster azimuth feedback alarm on DP. Thruster not ready alarm on DP. Thruster deselected from DP. Manual & DP feedback indicates zero thrust VMS thruster minor steering failure alarm Thruster not ready alarm on DP. Thruster deselected from DP. Manual & DP feedback indicates zero thrust VMS thruster controller power failure alarm No indication until failure has a control effect. Thruster not ready alarm on DP. Thruster deselected from DP. Manual & DP feedback indicates zero thrust Thruster not ready alarm on DP. Thruster deselected from DP. Manual & DP feedback indicates zero thrust DP Effect No loss of heading or position. Thruster continues to operate.
2d
Open thruster healthy signal to FS
Motor shut down
2e
Open local control select signal to FS
Motor shut down
2f
Open remote control select signal to FS
Motor shut down
2g
Open control accepted signal from FS
Motor shut down
2h
Open remote in control signal to FS Open steering pressure available at primary pump signal to FS Failed steering command from FS
Motor shut down
2i
Primary steer pump stopped and standby pump started.
2j
Motor shut down
2k
Incorrect steering command from FS
Depending on the source, effects could range from a flicker in azimuth to an incorrect azimuth setting. LIPS controller detects fault and motor shut down False minor failure alarm
DPO Intervention. DP assumes requested azimuth is achieved faulty command causes inaccuracy in model. DPO to E-Stop engine if station keeping endangered.
2l
Incorrect steering command from LIPS Open minor failure alarm signal to FS Open major failure alarm signal to FS Open power failed alarm signal to FS Open brake engaged signal to FS Open LO primary pump psi ok signal
No loss of heading or position. Loss of one thruster. No loss of heading or position. Thruster continues to operate. No loss of heading or position. Loss of one thruster. No loss of heading or position. Thruster continues to operate. No loss of heading or position. Thruster continues to operate. No loss of heading or position. Loss of one thruster.
2m
2n
False major failure alarm. Motor shut down
2o 2p
False power fail alarm No brake engaged signal available
2q
Motor shutdown
2r
Open LO secondary pump psi ok signal
Motor shutdown
H8675 Rev C
Page 29 of 80
February 4, 2009

Failure Loss of steering control feedback. Effect Indication Thruster not ready alarm on DP. Thruster deselected from DP. Manual & DP feedback indicates zero thrust. DP feedback = command but indication feedback. Position keeping deteriorates and/or current changes. LIPS Controller feedback indication incorrect. LIPS Controller feedback indication incorrect. DP Effect No loss of heading or position. Loss of one thruster.
2s
Motor shut down
2t
Incorrect steering control feedback. Loss of steering indication feedback to LIPS. Incorrect steering indication feedback to LIPS.
Actual thrust value is wrong because the feedback reference is wrong. LIPS controller Feedback not correct. No effect on DP LIPS controller Feedback not correct. No effect on DP
DPO intervention required. Loss of one thruster. DP system compensates with remaining thrusters.
2u
No immediate effect on position keeping.
2v
Thruster Auxiliary equipment interface Stuck CW steering solenoid vv Thruster not ready alarm on DP. Thruster deselected from DP. Manual & DP feedback indicates zero thrust Thruster not ready alarm on DP. Thruster deselected from DP. Manual & DP feedback indicates zero thrust Thruster common alarm No indication until failure has a control effect Thruster not ready alarm on DP. Thruster deselected from DP. Manual & DP feedback indicates zero thrust Thruster not ready alarm on DP. Thruster deselected from DP. Manual & DP feedback indicates zero thrust VMS alarm thruster standby pump running No loss of heading or position. Loss of one thruster.
3a
Motor shut down
3b
Stuck CCW steering solenoid vv Open shaft speed encoder signal to LIPS Open brake engage signal from LIPS Open activate CW FU solenoid signal
Motor shut down
3c
Unable to engage brake
No loss of heading or position. Thruster continues to operate. No loss of heading or position. Thruster continues to operate. No loss of heading or position. Loss of one thruster.
3d
3e
Unable to turn azi in clockwise direction
3f
Open activate CCW FU solenoid signal Failed primary steering pump psi ok signal to LIPS Open start steering pump1 command signal from LIPs Open start steering pump2 command signal from LIPS Open stop steering pump1 command signal from LIPS Open stop steering pump2 command signal from LIPS Open steering pump1 running indication to LIPS Open steering pump2 running indication to LIPS
3g
Standby pump starts and primary pump stopped Unable to start steering pump Unable to start steering pump No immediate effect, unable to stop pump remotely No immediate effect, unable to stop pump remotely False pump stopped indication local False pump stopped local indication
No loss of heading or position. Thruster continues to operate. No loss of heading or position. Thruster continues to operate. No loss of heading or position. Thruster continues to operate. No loss of heading or position. Thruster continues to operate. No loss of heading or position. Thruster continues to operate. No loss of heading or position. Thruster continues to operate. No loss of heading or position. Thruster continues to operate.
3h
VMS failed to start alarm
3i
3j
No indication until failure has a control effect No indication until failure has a control effect LIPS pump stopped local indication LIPS pump stopped local indication
3k
3l
3m
H8675 Rev C
Page 30 of 80
February 4, 2009

Failure 3n Open steering pump1 running indication to FS Open steering pump2 running indication to FS Open steering feedback to LIPS from thruster Open primary LO pump start command signal from LIPS Open secondary LO pump start command signal from LIPS Open primary LO pump running signal from LIPS Open secondary LO pump running signal from LIPS Open primary LO pump running signal from FS Open secondary LO pump running signal from FS Failed Azimuth angle feedback to FS Effect False pump stopped indication at VMS False pump stopped indication at VMS Indication VMS pump stopped indication DP Effect No loss of heading or position. Thruster continues to operate. No loss of heading or position. Thruster continues to operate.
3o
VMS pump stopped indication Thruster not ready alarm on DP. Thruster deselected from DP. Manual & DP feedback indicates zero thrust No indication until failure has a control effect
3p
Motor shut down
3q
No immediate effect, unable to stop pump remotely No immediate effect, unable to stop pump remotely False pump stopped indication local False pump stopped local indication False pump stopped indication at VMS False pump stopped local at VMS Loss of feedback to DP system with eventual DP feedback alarm.
No loss of heading or position. Thruster continues to operate.
3r
No indication until failure has a control effect
3s
LIPS pump stopped local indication LIPS pump stopped local indication
No loss of heading or position. Thruster continues to operate. No loss of heading or position. Thruster continues to operate. No loss of heading or position. Thruster continues to operate. No loss of heading or position. Thruster continues to operate.
3t
3u
VMS pump stopped indication
3v
VMS pump stopped indication DP thruster feedback alarm, no effect on station keeping as feedback is not used in DP thrust calculations
3w
Lipstronic VMS alarm interface signals 4a Open clogged steering oil return filter alarm signal Open clogged steering oil pressure filter alarm signal Open steering oil high temperature alarm signal Open low steering oil tank level alarm signal Open LO primary pump clogged filter 1 signal Open LO primary pump clogged filter 2 signal Open LO high temp alarm signal Open LO secondary pump clogged filter signal False clogged steering oil return filter alarm False open steering oil pressure filter alarm False steering oil high temperature alarm False low steering oil tank level alarm False filter clogged alarm False filter clogged alarm False high temp alarm False filter clogged alarm VMS alarm thruster clogged return filter VMS alarm thruster clogged pressure filter VMS Alarm thruster steering oil high temperature VMS Alarm thruster low steering oil level VMS alarm Primary LO pump clogged filter 1 VMS alarm Primary LO pump clogged filter 2 VMS Alarm thruster LO oil high temperature VMS alarm Secondary LO pump clogged filter No loss of heading or position. Thruster continues to operate. No loss of heading or position. Thruster continues to operate. No loss of heading or position. Thruster continues to operate. No loss of heading or position. Thruster continues to operate. . No loss of heading or position. Thruster continues to operate . No loss of heading or position. Thruster continues to operate No loss of heading or position. Loss of one thruster. . No loss of heading or position. Thruster continues to operate
4b
4c
4d
4e
4f
4g
4h
H8675 Rev C
Page 31 of 80
February 4, 2009

Failure Effect Indication Power Failures 5a 5b 230V Main Power supply fail 24Vdc backup power fail Internal power failure Loss of redundant power supply Loss of redundant power supply Power fail alarm Power fail alarm Thruster not ready alarm on DP. Thruster deselected from DP. Manual & DP feedback indicates zero thrust No loss of heading or position. Thruster continues to operate. No loss of heading or position. Thruster continues to operate. No loss of heading or position. Loss of one thruster. DP Effect
5c
Motor shut down
3.5 3.5.1
Summary of Main Azimuth System Analysis Significant failure modes: The azimuth thruster failure mode and effect analysis table found no single point failures, and three failure modes that require DPO intervention to correct. These failure modes reflect a control fault that causes incorrect thrust magnitude or direction. The wrong thrust force or angle is significant, because it moves the vessel. The DP operator must be familiar with these failure modes, able to identify them and intervene by deselecting or stopping the thruster if position keeping is endangered. Hidden Failures:
Failure Mechanical feedback link Alarm failures Problem Thrust control lost but difficult to detect. No advance notification of impending failures Solution Regular calibration and maintenance is needed. Regular testing is needed.
3.5.2
Battery failure
No battery backup when charger fails.
Regular battery maintenance and regular testing under load.
3.5.3 3.5.4 3.5.5
Configuration Analysis: Both main thrusters are required for DP2 operation. Related Failures: This system is affected by power, Converteam and some auxiliary support system faults. These failures are examined in the appropriate sections. Worst Case Failure: An incorrect speed command will cause wrong thrust with eventual feedback alarms. Large changes of force can cause loss of heading and position unless the DPO quickly recognizes the fault and deselects the thruster. Accuracy: The analysis is based on shipyard drawings and manufacturer documentation. The analysis has not yet been confirmed by survey and testing. Azimuth Thruster Summary:
Single Point Failures DPO Intervention Required Maintenance Issues Analysis Reliability 0 3 7 Medium
3.5.6 3.5.7
H8675 Rev C
Page 32 of 80
February 4, 2009
4.
DROP DOWN AZIMUTH THRUSTERS
H8675 Rev C
Page 33 of 80
February 4, 2009
4.1
Drop Down Azimuth System Data

Type Propeller Pitch Speed Range Deployment Steering Steering Source Gear Box Upper Lower Drop Down Azimuth Thruster 5 blade, 2.5m NiAl Bronze Fixed 0 to 258 RPM Retractable
360, 2 rpm, 2
Manufacturer/Model Nozzle Pitch Control Speed Control Deployment Control Steering Control Steering Cooling Cooling
Wrtsil FS3500 NU Yes. LIPS HR N/A Converteam MV3000 VSD Hydraulic Wrtsil LIPS controller Oil Coolers supplied FWC system Lubrication
HPU 2 480V pumps. Type 90, Reduction Cooler
Spray lube/Oil bath (elect pump, header tank)
Surrounding seawater Splash lube/Oil Bath (elect pump, header tank) 90, Reduction, Azimuth 220V and 24Vdc VSD Drive Power Main 6.6kV reduced VSD control Power to 720V , Auxiliary 480V 220V, primary 24Vdc backup Thruster Controller Drive Auxiliary Power Power Drive Motor Drive Motor cooling Other: Sources: 2400kW Electric motor 2 Electric Pumps Drive Power source T3,5,7=Port 6.6kV switchboard T4,6,7= Starboard 6.6kV switchboard Fresh water cooled, Internal glycol
VSD cooling
T3& T4 Aft, T5 7 FWD, T7 switching Wrtsil 00345M1C33-7 Design Specification Document Rev. 02 Wrtsil DAAK004483 Thruster installation Document Rev. 01 Converteam PV1P1C2S2_D_ Propulsion system control T3-T7
4.2 4.2.1
Drop Down Azimuth System Description Aft Redundancy Concept: T3 and T4 provide 1/3 of the stern surge, sway and yaw power. These thrusters have independent power and separate control stations from each other, but share the aft FWC system with all aft thrusters and each shares power sources with a main azimuth thruster, creating a two split system if the FWC and supplying SWC system are properly protected. Fwd Redundancy Concept: T5 7 provide most of the bow surge, sway and yaw power. T5 and 6 have independent power and separate control stations from each other. T7 is meant to be able to be switched between port or starboard power but share 220V, 24V and FS UPS power with port thruster T5. All three thrusters share the same FWC system. Location: There is a total of five drop down azimuth thrusters. Two are located on the port side. T3 is located in the aft thruster/pump room and T5 is located in the thruster room PS. Two are located on the starboard side T4 in the aft thruster/pump room and T6 is in the thruster room SB. T7 is located close on the centerline in the forward thruster room. The MV3000 cabinets and
4.2.2
4.2.3
H8675 Rev C
Page 34 of 80
February 4, 2009
auxiliary equipment are located near the thrusters. Each thruster has manual controls in the forward Bridge and DP control room. 4.2.4 6.6kV supply transformer: Each thrusters drive power is supplied from a dedicated, 3.1MVA, water-cooled, 6.6kV/7200V transformer. The transformer has an auxiliary service that is supplied from the auxiliary switchboard associated with the thruster. The transformer is cooled with water from the thruster FWC system. The transformer supply breaker is tripped by transformer winding over temperature or secondary over current. The VSD monitors the transformer for faults. It starts and stops the transformer auxiliary services VSD Control: The Propeller speed is used to control the magnitude of thrust from each thruster because the blade pitch is set. The VSD controls the propeller speed by varying the motor speed from zero to 1000rpm. The VSD is under Converteam field station command except during local emergency operation. The VSD is monitored from the associated Converteam field station. The field station monitors alarm and status contacts plus the analog feedback signals. It sends control signals, speed commands and a power limit signal to the VSD via Ethernet. LIPs receive motor and brake control contacts from the VSD. The LIPS controller provides the VSD with a start permissive contact. VSD Support: Each of the Converteam supplied MV3000 variable speed drive units is equipped with an independent (secondary) internal glycol cooling system. This cooling system is then cooled by an external (Primary) FW cooling system. Each VSD is supplied with power from a fresh water cooled transformer fed from the main switchboard. The drive hardware is controlled by a Common Drive Controller (CDC) which is linked by MODBUS to the Converteam field stations AMC for communication with the DP, IJS, MTC and VMS. An Ethernet link to a door mounted HMI display provides local alarms and monitoring. Thruster Clutch: The clutch is of the quick connect type and is automatically engaged and disengaged during the deployment/retraction sequence of the thruster. The clutch is controlled by a 5 port 2 position solenoid controlled pneumatic valve. Loss of air pressure or control power will not cause clutch to change states. Thruster Brake: A disc-type brake is fitted on the propeller shaft to prevent shaft from turning when thruster is not in operation. The brake is engaged by energizing a pneumatic controlled solenoid. Loss of pneumatic air will cause brake to be disengaged. The only two ways of controlling the brake is automatically during remote steering control or manually during local steering control. When in remote the Lipstronic control system automatically controls the brake. The brake can be engaged when remote control is in service, the propeller motor off contact (from VSD) is closed and the drive motor shaft RPM is below 50. If all these conditions are met the engage/release brake contact (from VSD) closing will engage the brake. Loss of any of the previous conditions will cause the brake to automatically release. The Converteam field station receives a contact from the thruster indicating brake position. When in local control, the brake can be engaged when local control is in service, the propeller motor off contact (from VSD) is closed and the drive motor shaft RPM is below 50. If all these conditions are met then pressing the brake standby/off pushbutton will engage the brake. The brake will be released when in local control by either of two scenarios. Both scenarios require local control in service and the
4.2.5
4.2.6
4.2.7
4.2.8
H8675 Rev C
thruster fully deployed. The first scenario also requires pressing the standby/off pushbutton while the second scenario would require the propeller motor off contact (from VSD) to be open. A lamp on the local control panel indicates brake position. During change from remote to local control the brake will not change states. During change from local to remote the brake will engage when permissives stated above are met for engaging break in remote. 4.2.9 Drive Motor: Each azimuth thrusters shaft rotation power is supplied by a horizontally mounted 2.4mW, 12-pole, 0-1000 rpm electric motor that is connected to the thruster by a flexible coupling. The motor is water cooled by the thruster FWC system. The motor has self-contained, greased, roller bearings. The drive motors are protected by RTD monitored by the VSD and have leak detectors for alarm. Each motor has a pneumatic shaft brake. Wrtsil speed feedback is also taken from the motor shaft.
4.2.10 Thruster FWC: Each thrusters motor and hydraulic power unit is cooled from the thruster FWC system. Both azimuths share the same cooling system but they are protected against failure by using redundant pumps. Failure of the running pump causes the vessel management system to start a standby pump. The fresh water is cooled by two parallel seawater coolers. 4.2.11 Thruster Retraction System: The thruster is retracted and deployed using the thrusters hydraulic steering system. The retraction/deployment can be controlled locally from the control cabinet or remotely from the vessel management system. Permissives that must be met before deployment/retraction are steering pumps running, azimuth in park position and the drive motor off. During deployment/retraction the steering mode is disabled. Using the vessel management system to send a signal to the system when the vessel is travelling more than 4 knots will prevent deployment/retraction of the thruster. The thruster motor must be stopped to enable retractions with the steering pumps still on; pressing the Retract pushbutton automatically causes the thruster to turn until it reaches the parked position. A lamp at the control cabinet will light indicating the thruster is in the parked position. Then the locking hooks are unlocked the brake is engaged and the clutch is released. While retracting the Retract lamp will flash and warning horn will sound. Once fully retraced the locking hooks will lock and the thruster will lower till it reaches the locking hooks. The process can be reversed by pushing the Deploy button or stopped completely by pressing the emergency stop button causing the thruster to hydraulically lock. To restart the operator should press either the Retract or Deploy pushbutton. If there is a failure during retraction the system will send a retraction failed signal to the vessel management system. 4.2.12 Upper Gearbox: The power of the prime mover is transmitted through a floating shaft and quick connect clutch to the input shaft of the upper gearbox of the thruster. The secondary shaft of the upper gearbox is connected to the primary shaft of the lower gearbox through a vertical intermediate shaft. It is lubricated by an electric pump and cooled by the aft Thruster FWC system. The lube oil pump is started/stopped/monitored from Wrtsil/Converteam and feed from the auxiliary switchboard. The associated Converteam field station monitors lube oil alarms. 4.2.13 Lower gearbox: The propeller gearbox is fitted with a spiral bevel gear set. The crown wheel and the pinion are independently supported on both sides in order to minimize deflections and to
assure optimal teeth contact under all load conditions. The propeller gearbox is bolted to the thrusters support pipe. The lower gearbox rotates for azimuth steering, changes the vertical shaft rotation to horizontal rotation and reduces the output propeller shaft speed (1:3.738). It is lubricated by an electric pump and cooled by surrounding seawater. The lube oil pump is started/stopped/monitored from Wrtsil/Converteam and feed from the auxiliary switchboard. The associated Converteam field station monitors lube oil alarms. 4.2.14 Propeller: Each propeller is a five-bladed, 2.5m diameter, fixed-pitch unit. Each propeller sits in a thruster nozzle bolted to the lower gearbox housing. The nozzles are constructed of mild steel grade A, with stainless steel in way of propeller to end of trailing edge. Aluminum anodes provide cathodic protection of the lower gearbox, propeller and nozzle. 4.2.15 Steering Hydraulics: Each lower gearbox is rotated by an electrically controlled hydraulic system to control the direction of thrust (propeller blade pitch is fixed). The position of the lower gearbox is set by two geared hydraulic motors. The steering gear is connected to the steering pipe and rotated round its vertical axis. The hydraulic pressure to change the motors positions is supplied by a positive displacement hydraulic pump driven by an electric motor. Two proportional solenoid control valves control the volume and direction of the pump flow to the hydraulic motors. One is used to control the volume of flow, or speed of the motors, while the other is used to control the direction of flow, or motor rotation. When the proportional valves are in the zero position the steering motors are hydraulically locked and will not suffer from rotation creepage, provided the hydraulic oil system is in good condition. Other hydraulic valves regulate pressure and release overpressures. An oil cooler supplied with fresh water from the fresh water cooling system cools the steering hydraulic oil. Steering position is given via mechanical feedback and electrical transducers supply the steering feedback for display and control. The electrical steering pumps are setup primary and secondary, and when steering pressure is low the secondary pump will start. 4.2.16 Wrtsil Steering Control: The LIPS controller can be used to control steering locally, but is normally controlled from the Converteam field station associated with that thruster. It compares the direction command, from the system selected for control, with the actual direction given by the steering control feedback. The difference between the two is used to determine the direction and rate of desired change. The rate of change is used to control the proportional control valve. As the thruster nears the required position, the required rate of change lowers and stops when the thruster is within tolerance of the command. The Converteam field station uses separate steering feedback pots but they are not independent as they share the same mechanical feedback link. Separate pots allow a single failed pot to be corrected but a failed feedback link must be protected against by good maintenance, calibration and watch keeping. The associated Converteam field station monitors the Wrtsil controller for alarm and status contacts plus the analog steering feedback signal. It sends command contacts and an analogue steering command to Wrtsil. This allows the system to react to loss of steering command with a major fault alarm. In this case, typical thruster control logic expects the field station to identify the thruster as not ready for DP and stop the drive motor. This will be verified during trials. 4.2.17 Field Station: The field station associated with each thruster provides the control access for the DP, MTC and IJS systems. If DP control is selected, then the DP system controls and monitors
the thrusters over the dual Ethernet network. If IJS control is selected, then the IJS system controls and monitors the thrusters over its dedicated serial link interface. The MTC consoles contain the protected thruster emergency stop buttons and allows for individual, group or joystick thruster control. Each field station receives control power from a Converteam supplied 220V UPS. Converteam protects their equipment from supply over-voltages. 4.2.18 Thruster Control: The VSD is normally controlled by the DP but can be controlled from the MTC stations on the bridge, or the MTC ECR in an emergency or for maintenance. Communication between the field station and DP is via dual Ethernet, MTC communicates utilizing an independent Ethernet system, while the IJS uses serial communication (Modbus). The motor drive does an internal system and auxiliary status check and if healthy and in remote, it sends a ready to start signal to the MTC. When the drive is started it becomes available for control at each control station (MTC, IJS, DP) after the thruster is selected for control by a station it begins following the field station commands. The field station communicates with the DP system to determine the system in control (MTC, DP or IJS) and sends that systems speed command to the VSD. 4.2.19 T7 Auto changeover logic: T7 is designed to automatically change over on a loss of main power to the 6.6kV incomer supply. Upon loss of power the T7 logic will check to ensure that both incomer breakers are healthy and that neither CB lockout is active. If both breakers are healthy then the logic will trip the CB that lost incoming power, then verifies both breakers are open before initiated the pre-charge circuit. After the pre-charge circuit is charged the alternate CB will be closed and T7 will be under DP control. The logic is setup to prevent a wire break from activating the changeover. The process will take a minimum of 30 seconds to complete based on the CB motor limitation. 4.2.20 Redundancy/Commonality: Thrusters have service air in common. 4.3 Drop Down Azimuth System FMEA Table
Failure Effect Indication Converteam MV3000 Signals Open water leak detection signal from XFMR to VSD Open cooling fan status signal from XFMR to VSD Open RTD signal from XFMR to VSD Open water leak detection signal from Motor to VSD Open RTD signal from MOTOR to VSD Thruster not ready alarm on DP. Thruster deselected from DP. Manual & DP feedback indicates zero thrust VSD system fault alarm No loss of heading or position. Loss of one thruster. DP Effect
1a
Motor shut down
1b
False loss of cooling fan alarm power reduced Loss of temperature monitoring
No loss of position or heading. Thruster continues to operate No loss of position or heading. Thruster continues to operate No loss of heading or position. Loss of one thruster.
1c
VSD system fault alarm Thruster not ready alarm on DP. Thruster deselected from DP. Manual & DP feedback indicates zero thrust VSD system fault alarm
1d
Motor shut down
1e
Loss of temperature monitoring
H8675 Rev C
Page 38 of 80
February 4, 2009

Failure Failed Modbus Link FS-CDC Effect Indication Thruster not ready alarm on DP. Thruster deselected from DP. Manual & DP feedback indicates zero thrust Local VSD alarm E-Stop Wire break detected alarm. VMS alarm VSD system fault alarm DP feedback DP command. Possible RPM feedback alarm on DP. DP Effect No loss of heading or position. Loss of one thruster.
1f
Motor shut down
1g
Open E-Stop signal to VSD
Unable to remotely EStop VSD Depending on the source, effects could range from a flicker in speed to an incorrect speed setting to full RPM.
1h
DPO Intervention. DP assumes requested thrust is achieved faulty command causes inaccuracy in model. DPO to E-Stop engine if station keeping endangered.
1i
Motor shut down
Thruster not ready alarm on DP. Thruster deselected from DP. Manual & DP feedback indicates zero thrust Possible DP feedback alarm. Thruster not ready alarm on DP. Thruster deselected from DP. Manual & DP feedback indicates zero thrust Wrtsil- LIPS Controller
1j
Incorrect Speed Feedback to VSD.
The thruster still follows DP commands. No effect on DP
1k
Fail cooling water leak
Motor shut down
2a
Open motor start allowed LIPS to VSD Open motor off signal VSD to LIPS Open release brake signal VSD to LIPS
Unable to restart VSD
No loss of heading or position. Thruster continues to operate restart unavailable No loss of heading or position. Thruster continues to operate. No loss of heading or position. Thruster continues to operate.
2b
No panel indication
No indication on local control Brake does not engage remotely local operation available Thruster not ready alarm on DP. Thruster deselected from DP. Manual & DP feedback indicates zero thrust Thruster not ready alarm on DP. Thruster deselected from DP. Manual & DP feedback indicates zero thrust Thruster not ready alarm on DP. Thruster deselected from DP. Manual & DP feedback indicates zero thrust Thruster not ready alarm on DP. Thruster deselected from DP. Manual & DP feedback indicates zero thrust VMS alarm thruster steering standby pump running Thruster not ready alarm on DP. Thruster deselected from DP. Manual & DP feedback indicates zero thrust
2c
Unable to remotely engage brake
2d
Open thruster healthy signal to FS
Motor shut down
2e
Open local control select signal to FS
Motor shut down
2f
Open remote control select signal to FS
Motor shut down
2g
Open remote in control signal to FS Open steering pressure available at primary pump signal to FS failed steering command from FS
Motor shut down
2h
Primary steer pump stopped and standby pump started.
2i
Motor shut down
H8675 Rev C
Page 39 of 80
February 4, 2009

Failure Effect Depending on the source, effects could range from a flicker in azimuth to an incorrect azimuth setting. LIPS controller detects fault and motor shut down Loss of Brake Engaged Indication Loss of remote brake engage function Indication DP feedback DP command. Possible thruster azimuth feedback alarm on DP. Thruster not ready alarm on DP. Thruster deselected from DP. Manual & DP feedback indicates zero thrust No indication until failure has a control effect. No indication until failure has a control effect. Thruster not ready alarm on DP. Thruster deselected from DP. Manual & DP feedback indicates zero thrust Thruster not ready alarm on DP. Thruster deselected from DP. Manual & DP feedback indicates zero thrust Thruster not ready alarm on DP. Thruster deselected from DP. Manual & DP feedback indicates zero thrust. DP feedback = command but indication feedback. Position keeping deteriorates and/or current changes. LIPS Controller feedback indication incorrect. LIPS Controller feedback indication incorrect. False clutch disengaged indication remotely No indication until failure has a control effect. DP Effect DPO Intervention. DP assumes requested azimuth is achieved faulty command causes inaccuracy in model. DPO to E-Stop engine if station keeping endangered.
2j
Incorrect steering command from FS
2k
Incorrect steering command from LIPS Open brake engaged signal to FS Open Brake engage cmd signal from FS Open UGB LO PSI available signal to FS Open LGB LO PSI available signal to FS
No loss of heading or position. Loss of one thruster. No loss of heading or position. Thruster continues to operate. No loss of heading or position. Thruster continues to operate. No loss of heading or position. Loss of one thruster.
2l 2m
2n
Motor shutdown
2o
Motor shutdown
2p
Loss of steering control feedback.
Motor shut down
2q
Incorrect steering control feedback. Loss of steering indication feedback to LIPS. Incorrect steering indication feedback to LIPS. Open Clutch engaged signal to FS Open Speed < 4kts signal
Actual thrust value is wrong because the feedback reference is wrong. LIPS controller Feedback not correct. No effect on DP LIPS controller Feedback not correct. No effect on DP Loss of clutch engaged indication. Motor Shutdown Unable to deploy or retrace thruster
DPO intervention required. Loss of one thruster. DP system compensates with remaining thrusters.
2r
2s
2t
2u
Thruster Auxiliary equipment interface Stuck CW steering solenoid vv Thruster not ready alarm on DP. Thruster deselected from DP. Manual & DP feedback indicates zero thrust Thruster not ready alarm on DP. Thruster deselected from DP. Manual & DP feedback indicates zero thrust Thruster common alarm No indication until failure has a control effect VMS low air pressure alarm No loss of heading or position. Loss of one thruster.
3a
Motor shut down
3b
Stuck CCW steering solenoid vv Open shaft speed encoder signal to LIPS Open brake engage signal from LIPS Loss of air pressure
Motor shut down
3c
No loss of heading or position. Thruster continues to operate. No loss of heading or position. Thruster continues to operate. No loss of heading or position. Thruster continues to operate.
3d
Unable to engage brake Unable to change air pressure for draft compensation
3e
H8675 Rev C
Page 40 of 80
February 4, 2009

Failure Open FU CW command signal Effect Unable to turn azi in clockwise direction Indication Thruster not ready alarm on DP. Thruster deselected from DP. Manual & DP feedback indicates zero thrust Thruster not ready alarm on DP. Thruster deselected from DP. Manual & DP feedback indicates zero thrust VMS alarm thruster standby pump running DP Effect No loss of heading or position. Loss of one thruster.
3f
3g
Open FU CCW command signal Failed primary steering pump psi ok signal to LIPS Open start steering pump1 command signal from LIPs Open start steering pump2 command signal from LIPS Open stop steering pump1 command signal from LIPS Open stop steering pump2 command signal from LIPS Open steering pump1 running indication to LIPS Open steering pump2 running indication to LIPS Open steering pump1 running indication to FS Open steering pump2 running indication to FS Open steering feedback to LIPS from thruster Open UGB LO pump start command signal from LIPS Open LGB LO pump start command signal from LIPS Open UGB LO pump running signal from LIPS Open LGB LO pump running signal from LIPS Open UGB LO pump running signal from FS
3h
Standby pump starts and primary pump stopped Unable to start steering pump Unable to start steering pump No immediate effect, unable to stop pump remotely No immediate effect, unable to stop pump remotely False pump stopped indication local False pump stopped local indication False pump stopped indication at VMS False pump stopped indication at VMS
No loss of heading or position. Thruster continues to operate. No loss of heading or position. Thruster continues to operate. No loss of heading or position. Thruster continues to operate. No loss of heading or position. Thruster continues to operate. No loss of heading or position. Thruster continues to operate. No loss of heading or position. Thruster continues to operate. No loss of heading or position. Thruster continues to operate. No loss of heading or position. Thruster continues to operate. No loss of heading or position. Thruster continues to operate.
3i
3j
3k
No indication until failure has a control effect No indication until failure has a control effect LIPS pump stopped local indication LIPS pump stopped local indication
3l
3m
3n
3o
3p
VMS pump stopped indication Thruster not ready alarm on DP. Thruster deselected from DP. Manual & DP feedback indicates zero thrust No indication until failure has a control effect
3q
Motor shut down
3r
No immediate effect, unable to stop pump remotely No immediate effect, unable to stop pump remotely False pump stopped indication local False pump stopped local indication False pump stopped indication at VMS
3s
3t
LIPS pump stopped local indication LIPS pump stopped local indication
No loss of heading or position. Thruster continues to operate. No loss of heading or position. Thruster continues to operate. No loss of heading or position. Thruster continues to operate.
3u
3v
H8675 Rev C
Page 41 of 80
February 4, 2009

Failure 3w Open LGB LO pump running signal from FS Failed Azimuth angle feedback to FS Open Engage clutch cmd signal to Clutch Open Disengage clutch cmd signal to Clutch Open clutch engaged fdbk signal from clutch Open clutch disengaged fdbk signal from clutch Effect False pump stopped local at VMS Loss of feedback to DP system with eventual DP feedback alarm. Unable to engage brake Unable to disengage brake Loss of Brake Engaged Indication Loss of Brake disengaged Indication Indication VMS pump stopped indication DP thruster feedback alarm, no effect on station keeping as feedback is not used in DP thrust calculations No indication until failure has a control effect No indication until failure has a control effect No indication until failure has a control effect. No indication until failure has a control effect. DP Effect No loss of heading or position. Thruster continues to operate.
3x
No loss of heading or position. Thruster continues to operate. No loss of heading or position. Thruster continues to operate. No loss of heading or position. Thruster continues to operate. No loss of heading or position. Thruster continues to operate. No loss of heading or position. Thruster continues to operate.
3y
3z
3aa
3ab
Lipstronic VMS alarm interface signals 4a Open clogged steering oil return filter alarm signal Open clogged steering oil pressure filter alarm signal Open steering oil high temperature alarm signal Open low steering oil tank level alarm signal Open LO UGB pump clogged filter 1 signal Open LO UGB pump clogged filter 2 signal Open LO high temp alarm signal Open LO LGB pump clogged filter 1 signal Open LO LGB pump clogged filter 2 signal Open minor failure alarm signal to FS Open major failure alarm signal to FS Open power failed alarm signal to FS False clogged steering oil return filter alarm False open steering oil pressure filter alarm False steering oil high temperature alarm False low steering oil tank level alarm False filter clogged alarm False filter clogged alarm False high temp alarm False filter clogged alarm False filter clogged alarm False minor failure alarm False major failure alarm. Motor shut down VMS alarm thruster clogged return filter VMS alarm thruster clogged pressure filter VMS Alarm thruster steering oil high temperature VMS Alarm thruster low steering oil level VMS alarm Primary LO pump clogged filter 1 VMS alarm Primary LO pump clogged filter 2 VMS Alarm thruster LO oil high temperature VMS alarm Secondary LO pump clogged filter VMS alarm Secondary LO pump clogged filter VMS thruster minor steering failure alarm Thruster not ready alarm on DP. Thruster deselected from DP. Manual & DP feedback indicates zero thrust VMS thruster controller power failure alarm Deployment System Failures 5a Loss of Retracted feedback to FS Loss of remote indication Remote panel flashes No loss of heading or position. Thruster continues to operate. No loss of heading or position. Thruster continues to operate. No loss of heading or position. Thruster continues to operate. No loss of heading or position. Thruster continues to operate. No loss of heading or position. Thruster continues to operate. . No loss of heading or position. Thruster continues to operate . No loss of heading or position. Thruster continues to operate No loss of heading or position. Loss of one thruster. . No loss of heading or position. Thruster continues to operate . No loss of heading or position. Thruster continues to operate No loss of heading or position. Thruster continues to operate. No loss of heading or position. Loss of one thruster. No loss of heading or position. Thruster continues to operate.
4b
4c
4d
4e
4f
4g
4h
4i
4j
4k
4l
False power fail alarm
H8675 Rev C
Page 42 of 80
February 4, 2009

Failure 5b 5c 5d 5e Loss of Retracted feedback to LIPS Loss of Deployed feedback to FS Loss of Deployed feedback to LIPS Loss of Parked feedback to FS Loss of Parking position reached signal to LIPS Open retraction failed signal Loss of Retract cmd signal from FS Loss of Retract cmd from LIPS Loss of Deploy cmd signal from FS Loss of Deploy cmd from LIPS Loss of enable steering cmd from LIPS Loss of enable retraction cmd from LIPS Effect Loss of local and remote indication Loss of remote indication Loss of local and remote indication Loss of remote indication Loss of local and remote indication Alarm indicating retraction failure Cant retract thruster remotely from bridge Cant retract thruster remotely or locally from LIPS Cant deploy thruster remotely from bridge Cant deploy thruster remotely or locally from LIPS No immediate effect, if system changed to retraction mode, then cant switch back No immediate effect, if system changed to steering mode, then cant switch back Indication Local and remote panel flashes Remote panel flashes Local and remote panel flashes Remote panel flashes DP Effect No loss of heading or position. Thruster continues to operate. No loss of heading or position. Thruster continues to operate. No loss of heading or position. Thruster continues to operate. No loss of heading or position. Thruster continues to operate. No loss of heading or position. Thruster continues to operate. No loss of heading or position. Thruster continues to operate. No loss of heading or position. Thruster continues to operate. No loss of heading or position. Thruster continues to operate. No loss of heading or position. Thruster continues to operate. No loss of heading or position. Thruster continues to operate. No loss of heading or position. Thruster continues to operate.
5f
Local and remote panel flashes VMS and Local alarm retraction failed No indication until failure has a control effect No indication until failure has a control effect No indication until failure has a control effect No indication until failure has a control effect
5g 5h
5i
5j
5k
5l
5m
No indication until failure has a control effect Power Failures
6a 6b
230V Main Power supply to LIPS fail 24Vdc backup power to LIPS fail Internal LIPS power failure 480V AUX Power to MV3000 Failure
Loss of redundant power supply Loss of redundant power supply
Power fail alarm Power fail alarm Thruster not ready alarm on DP. Thruster deselected from DP. Manual & DP feedback indicates zero thrust VMS alarm thruster Aux power failed alarm
No loss of heading or position. Thruster continues to operate. No loss of heading or position. Thruster continues to operate. No loss of heading or position. Loss of one thruster. No loss of heading or position. Loss of one thruster.
6c
Motor shut down
6d
Cooling pump stops
4.4 4.4.1
Summary of Drop-Down Azimuth System Analysis Significant failure modes: The azimuth thruster failure mode and effect analysis table found no single point failures, and three failure modes that require DPO intervention to correct. These failure modes reflect a control fault that causes incorrect thrust magnitude or direction. The wrong thrust force or angle is significant, because it moves the vessel. The DP operator must be
H8675 Rev C
Page 43 of 80
February 4, 2009
familiar with these failure modes, able to identify them and intervene by deselecting or stopping the thruster if position keeping is endangered. 4.4.2 Hidden Failures:
Failure Mechanical feedback link Alarm failures Deployment system command signals Battery failure Problem Thrust control lost but difficult to detect. No advance notification of impending failures No advanced notification of lose of ability to deploy or retract thruster No battery backup when charger fails. Solution Regular calibration and maintenance is needed. Regular testing is needed. Regular testing is needed. Regular battery maintenance and regular testing under load.
4.4.3 4.4.4 4.4.5
Configuration Analysis: All five thrusters are required for DP2 operation. Related Failures: This system is affected by power, Converteam and some auxiliary support system faults. These failures are examined in the appropriate sections. Worst Case Failure: An incorrect speed command will cause wrong thrust with eventual feedback alarms. Large changes of force can cause loss of heading and position unless the DPO quickly recognizes the fault and deselects the thruster. Accuracy: The analysis based on manufacturer and shipyard drawings and documents and has not yet been confirmed by survey and testing. Surveyor to confirm final arrangement and logic of the T7 auto change over circuit. Drop Down Azimuth Thruster Summary: Single Point Failures DPO Intervention Required Maintenance Issues Analysis Reliability 0 3 18 Medium
4.4.6
4.4.7
H8675 Rev C
Page 44 of 80
February 4, 2009
5.
BOW TUNNEL THRUSTER

DP
Network A Network B
IJS
ModBus
MTC
Independent Network
220V UPS
Converteam Field Station (located in MV3000 drive cubicle) 480V Aux

ModBus
CDC 620V
880kW Electric Motor
Drive Power RTD Signals
Converteam MV3000
FWC
Head Tank
M LO Tank
6.6Kv SBD
5.1
Bow Thruster System Data

Type Propeller Pitch Speed Range Deployment Gear Box Lower VSD Drive Power Drive Auxiliary Power Drive Motor Drive Motor cooling Other: Sources: Transverse Tunnel Thruster 4 blade, 1.75m NiAl Bronze Fixed 0 to 375rpm Permanent Type Reduction Main 6.6kV reduced to 720V Auxiliary 480V 880kW Electric motor 2 Electric Pumps T8 Converteam PV1P1C2S3_C_ Propulsion system control T8 Wrtsil Transverse Thruster Installation Manual Page 45 of 80 February 4, 2009 Manufacturer/Model Nozzle Pitch Control Speed Control Steering Cooling Surrounding seawater VSD control Power Thruster Controller Power Drive Power source VSD cooling Wrtsil FT175M N/A N/A Converteam MV3000 VSD Propeller direction Lubrication Forced lube/Oil Bath (elect pump, header tank) 220V and 24Vdc N/A Port 6.6kV switchboard Fresh water cooled, Internal glycol
H8675 Rev C
5.2 5.2.1 5.2.2
Bow Thruster System Description Redundancy Concept: T8 provides 10% of the bow sway and yaw power. The bow tunnel has port main power but appears to reflect T6 control power. Location: The tunnel thruster is in the forward thruster frame 55. The MV3000 cabinets and auxiliary equipment are located near the thrusters. Each thruster has manual controls in the forward Bridge, DP control room and in the ECR. 6.6kV supply transformer: The thrusters drive power is supplied from a dedicated, 1.1MVA, water-cooled, 6.6kV/7200V transformer. The transformer has an auxiliary service that is supplied from the auxiliary switchboard associated with the thruster. The transformer is cooled with water from the thruster FWC system. The transformer supply breaker is tripped by transformer winding over temperature or secondary over current. The VSD monitors the transformer for faults. It starts and stops the transformer auxiliary services. The transformer is wound phase-shifted from thrusters 1-7 and provides a small amount of harmonic distortion cancellation depending on loads. VSD Control: The Propeller speed and direction of rotation is used to control the magnitude of thrust from this thruster because the blade pitch is set. The VSD controls the propeller speed by varying the motor speed from zero to 1200rpm. It changes the rotation of the motor to change the direction of thrust. The VSD is equipped with separately mounted air cooled breaking resistors for faster propeller reversal. The VSD is controlled and monitored from the associated Converteam field station. The field station monitors alarm and status contacts, analog feedback. It sends command signals, speed commands and a power limit signal to the VSD via Modbus. VSD Support: The Converteam supplied MV3000 variable speed drive unit is equipped with an independent (secondary) internal glycol cooling system. This cooling system is then cooled by an external (Primary) FW cooling system. Each VSD is supplied with power from a fresh water cooled transformer fed from the main switchboard. The drive hardware is controlled by a Common Drive Controller (CDC) which is linked by MODBUS to the Converteam field stations AMC for communication with the DP, IJS, VMS and MTC. An Ethernet link to a door mounted HMI display provides local alarms and monitoring. Drive Motor: The tunnel thrusters shaft rotation power is supplied by a vertically mounted 88kW, 12-pole, 0-1200rpm electric motor that is connected to the thruster by a flexible coupling. The motor is water cooled by the thruster FWC system. The motor has self-contained, greased, roller bearings. The drive motors are protected by RTD monitored by the VSD and have leak detectors for alarm. Thruster FWC: The thrusters motor is cooled from the fwd thruster FWC system. The bow tunnel thruster and the forward azimuths share the same common cooling system but it is protected against failure by using redundant pumps. Failure of the running pump causes the vessel management system to start a standby pump. The fresh water is cooled by two parallel seawater coolers.
5.2.3
5.2.4
5.2.5
5.2.6
5.2.7
H8675 Rev C
Page 46 of 80
February 4, 2009
5.2.8
Gearbox: The rolled mild steel center tunnel section provides seating for a vertically mounted electric motor. It also contains a wearing ring to prevent corrosion. The pinion and shaft are one piece while the gear wheel is bolted to the propeller shaft. The thruster contains spherical roller bearings used to absorb loads. The pinion shaft is sealed using a radial lip seal. The propeller shaft is sealed using three supported radial lip seals. Gearbox support: Lubrication system consists of header tank pressurized by the service air system, an electric pump, and a CJC filter. The header tank is used to ensure oil pressure is greater that static water pressure to prevent water leakage in the event of seal failure. The system contains a pressure filter that sends a high pressure alarm to the VMS at 2.5bar and a low pressure alarm at .3bar. The system is also equipped with a high temperature alarm. Pump can be set to filter only mode which allows it to be run continuously. System cooled by surrounding seawater. The lubrication pump running is not essential to thruster operation. The manufacturer does state that it needs to be operated a minimum of 20 hours every 200 operating hours.
5.2.9
5.2.10 Propeller: The propeller has four 1.75m fixed pitch blades and is made out of NiAl Bronze. The propeller is designed to rotate up to 350 times per minute. 5.2.11 Field Station: The field station associated with the thruster provides the control access for the DP, MTC and IJS systems. If DP control is selected, then the DP system controls and monitors the thrusters over the dual Ethernet network. If IJS control is selected, then the IJS system controls and monitors the thrusters over its dedicated serial link interface. The MTC consoles have the protected thruster emergency stop buttons and allow individual, group or joystick thruster control. Each field station receives control power from a Converteam supplied 220V UPS. Converteam protects their equipment from supply over-voltages. 5.2.12 Thruster Control: The VSD is normally controlled by the DP but can be controlled from the MTC stations on the Bridge, or the MTC ECR in an emergency or for maintenance. Communication between the field station and DP is via dual Ethernet, MTC communicates utilizing an independent Ethernet system, while the IJS uses serial communication (Modbus). The motor drive does an internal systems and auxiliary status check and if healthy and in remote, it sends a ready to start signal to the MTC. When the drive is started it becomes available for control at each control station (MTC, IJS, DP) after the thruster is selected for control by a station it begins following the field station commands. The field station communicates with the DP system to determine the system in control (MTC, DP or IJS) and sends that systems speed command to the VSD. 5.2.13 Redundancy/Commonality: Utilizes the same FWC piping as T4 and T6. T8 uses the same seawater coolers as T4 and T6. Service Air system is common to thrusters T1-T7. 5.2.14 Bow Thruster System FMEA Table:
Failure Effect Indication Converteam MV3000 Signals 1a Open RTD signal from MOTOR to VSD Loss of temperature monitoring VSD system fault alarm No loss of position or heading. Thruster continues to operate DP Effect
H8675 Rev C
Page 47 of 80
February 4, 2009

Failure Failed Modbus Link FS-CDC Effect Indication Thruster not ready alarm on DP. Thruster deselected from DP. Manual & DP feedback indicates zero thrust Local VSD alarm E-Stop Wire break detected alarm. VMS alarm VSD system fault alarm Thruster not ready alarm on DP. Thruster deselected from DP. Manual & DP feedback indicates zero thrust DP Effect No loss of heading or position. Loss of one thruster.
1b
Motor shut down
1c
Open E-Stop signal to VSD
Unable to remotely EStop VSD
1d
Fail cooling water leak signal
Motor shut down
1e
Depending on the source, effects could range from a flicker in speed to an incorrect speed setting to full RPM.
DP feedback DP command. Possible RPM feedback alarm on DP.
DPO Intervention. DP assumes requested thrust is achieved faulty command causes inaccuracy in model. DPO to E-Stop engine if station keeping endangered.
1f
Motor shut down
Thruster not ready alarm on DP. Thruster deselected from DP. Manual & DP feedback indicates zero thrust Possible DP feedback alarm.
1g
Incorrect Speed Feedback to VSD. Fail Ethernet A or B to FS Fail Independent Link from MTC
The thruster still follows DP commands. No effect on DP No effect redundant network still communicating No effect. DP has control
No loss of heading or position. Loss of one thruster. No loss of position or heading. Thruster continues to operate No loss of position or heading. Thruster continues to operate
1h
DP Thruster Ethernet Failure alarm Communication Failure alarm
1i
Thruster Auxiliary equipment interface 2a Fail LO Pump No Effect. LO Pump not essential to thruster operation Possible Pump Failure alarm at VMS No loss of heading or position. Thruster continues to operate.
Thruster VMS alarm interface signals 3a 3b Open LO high temp alarm signal Open LO pressure switch. False high temp alarm False low pressure alarm. VMS Alarm thruster LO oil high temperature VMS alarm thruster LO pressure low Power Failures 4a 480V AUX Power to MV3000 Failure Cooling pump stops VMS alarm thruster Aux power failed alarm No loss of heading or position. Loss of one thruster. No loss of heading or position. Loss of one thruster. . No loss of heading or position. Thruster continues to operate
5.3 5.3.1
Summary of Bow Thruster Analysis Significant failure modes: The azimuth thruster failure mode and effect analysis table found no single point failures, and one failure mode that requires DPO intervention to correct. This failure mode reflects a control fault that causes incorrect thrust magnitude or direction. The wrong thrust force or angle is significant, because it moves the vessel. The DP operator must be familiar with these failure modes, able to identify them and intervene by deselecting or stopping the thruster if position keeping is endangered.
H8675 Rev C
Page 48 of 80
February 4, 2009
5.3.2
Hidden Failures:
Failure Alarm failures Problem No advance notification of impending failures Regular testing. Solution
Battery failure
No battery backup when charger fails.
Regular battery maintenance and regular testing under load.
5.3.3 5.3.4 5.3.5
Configuration Analysis: Thruster is required for DP2 operation. Related Failures: This system is affected by power, Converteam and some auxiliary support system faults. These failures are examined in the appropriate sections. Worst Case Failure: An incorrect speed command will cause wrong thrust with eventual feedback alarms. Large changes of force can cause loss of heading and position unless the DPO quickly recognizes the fault and deselects the thruster. Accuracy: The analysis is based on shipyard drawings and manufacturer documentation. The analysis has not yet been confirmed by survey and testing. Bow Thruster Summary: Single Point Failures DPO Intervention Required Maintenance Issues Analysis Reliability 0 1 3 Medium
5.3.6 5.3.7
H8675 Rev C
Page 49 of 80
February 4, 2009
6.
6.1
ELECTRICAL POWER SYSTEMS

Electrical Power Distribution Diagram
MAN 9L32/40 4230kW MAN 9L32/40 4230kW MAN 9L32/40 4230kW MAN 8L32/40 MAN 8L32/40 3760kW 3760kW MAN 8L32/40 3760kW
G
DG1 630A
G
DG2
G
DG3 630A 630A
G
DG4 630A
G
DG5 630A
G
DG6 630A
6.6kV
Pre Xfmr 5850kVA charge 6600/ 2x1680V
Xfmr 4000kVA 6600/510V
Xfmr 5850kVA 6600/ 2x1680V
Xfmr 1150kVA 5500/720V
Xfmr 1150kVA 6600/720V
C/O Switch Xfmr 1150kVA 6600/720V
Xfmr 1150kVA 6600/720V
Xfmr 1150kVA 5500/720V
Xfmr 4000kVA 6600/510V
Pre Xfmr charge 5850kVA 6600/ 2x1680V
MV7000 IGBT PWM
Pre Charge
MV3000 IGBT PWM
MV3000 IGBT PWM
MV3000 IGBT PWM T5 2400 KW MV3000 IGBT PWM T7 2400 KW
MV3000 IGBT PWM T6 2400 KW
MV3000 IGBT PWM
Pre Charge
MV7000 IGBT PWM
T1 4500 KW
T8 880 KW
T3 2400 KW 6600/720V 5500kVA
T4 2400 KW 6600/720V 5500kVA Pre charge
T2 4500 KW
Pre charge
Pre Pre charge charge
Pre charge
Link
C/O Switch 690V Pipelay/Crane Switchboard 690V/505V 1800kVA 480V Pipelay/Crane Switchboard
Shore Conn. Box
480V Auxiliary Switchboard 1 (Port)
480V Auxiliary Switchboard 2 (Starboard)
Group Starter 1
480V FPDB3
480V FPDB1
480V PDB3
480V PDB1 EG
480V ODB3
480V HPDB1
480V ODB1
2 out of 3 Interlock
480V ODB2
480V HPDB2
480V ODB4
480V PDB2
480V PDB4
480V FPDB2
480V FPDB4
Group Starter 2
G
CAT 3508B 1000kW
208-120V section Bus Bar A
208-120V section Bus Bar B Auto Change Over
480V Emergency Switchboard
Auto Change Over
208/120V Emergency Switchboard
H8675 Rev C
Page 50 of 80
February 4, 2009
6.2
Electrical Generator Control Diagram
H8675 Rev C
Page 51 of 80
February 4, 2009
6.3
Electric Power System Data

Main System Main Engines Engine Cooling Engine Fuel Engine Lube Speed/Hz Control Generators Voltage Control Main Switchboards Manufacturer DG1-6 Breakers Bus Tie /Interconnectors Emergency DG EG Control Emergency Switchboard 690V Mission Switchboard 480V Mission Switchboard 480V Auxiliary Switchboards 208V Panels 24V Systems Other: Sources: Kepper Sing Marine H340-101.1 Rev 4 Hyundai Generator Specification Sheets Converteam PV1P01C03_B_MV Switchboard Functional Specification IPT Switchboard A drawing, Switchboard B drawing, and Changeover drawing Converteam AV1P03C01_A_Power Management System Caterpillar 07S161-3508B-1, 07S161-2508B-2, 07S161-3508B-3 drawings. MAN Project Guide for 32/40 Engine Plants Document Hyundai Operating Instructions Synchronous Generators Manual Emergency Switchboard and Auxiliary Switchboard information submitted to ABS document titled P69508ESP_S10 & S13_34327281.pdf Dated 21/01/09 6.6kV, 60Hz, neutral resistance earthing MAN 8L32/40, MAN 9L32/40 Other Systems Engine Start 690Vac,480Vac,120Vac,110Vdc Pneumatic
Split FWC system with mechanical pumps, and header tank 2 Day tanks DG1-3 Fwd, DG4-6 Aft, redundant electric pumps, filters, Cross connects Self-contained, forced Engine Power Control 24vdc
Heinzmann Electronic Governor controlled by raise/lower switch located on switchboard, automatically by Symap protection relay unit, or PMS system. Hyundai HS7 6.6kV, 0.8pf, 3ph, 60hz, DG1-3 4.2mW, DG4-6 3.7mW Hyundai 6GA2491 controlled remotely at switchboard or from PMS via Symap protection relay unit. Two switchboards connected in a ring bus configuration with tie links that can be split into open ring configuration IPT Main Bus ? ABB 630A, Symap protection relay unit, manual or automatic control, 110v control power ABB 1250A, Symap protection relay unit, manual or automatic control, 110v control power Caterpillar 3508B electronic controlled diesel powered with radiator cooling and a Leroy Somer Generator rated for 1000kW, 3 phase, 480V. AVR controlled remotely at emergency switchboard, Symap protection relay unit MAS IPT IPT MAS Main Breaker Protection Main Breaker Protection Main Breaker Protection Main Breaker Protection UV trip coil, interlock, current trips UV trip coil, interlock, current trips UV trip coil, interlock, current trips UV trip coil, interlock, current trips
Floating Wye, ground detection, molded case circuit breakers Ground protection, over/under voltage protection.
H8675 Rev C
Page 52 of 80
February 4, 2009
6.4 6.4.1
Electric Power System Description Redundancy Concept: Generally two split with battery backup for vital control systems. This concept is violated by T7s dioded control power, ESB switch and DC power supplies. The vital DC power supplies (DG 4/5, DG 6/7) should be separated. Additional information is required to confirm the combined power doesnt threaten both sides of the power split. The isolated DG excitation and speed controls appear to be interconnected through PMS adjustment. Location: There are two main 6.6kV switchboards and two 480V Auxiliary switchboards with one of each located in the port and starboard switchboard rooms. Three main diesel generator sets (DG1-3), and a fuel day tank are located in the forward engine room. Three main diesel generator sets (DG4-6), and a fuel day tank are located in the aft engine room. The Transformers used to supply reduced voltage to each thrusters VSD is located near the respective thruster. The 690V and 480V Pipelay/Crane switchboards are located in the mission switchboard room. The emergency switchboard, emergency generator, emergency day tank, and emergency transformers are located in the Emergency Generator Room. Transformers used to supply reduced voltage to the Auxiliary and Pipelay/Crane switchboards is assumed to be located in one of the following three places port, starboard or mission switchboard room. Secondary 208/120V and 24Vdc panels are distributed throughout the vessel. Main DG Engines: There are two types of MAN diesel engines that supply shaft rotation power to each main generator. Diesel generators 1-3 shaft rotation is powered by 9 cylinder, 4 stroke, 720rpm, 4.3mW MAN 9L32/40 engines. Diesel generators 4-6 shaft rotation is powered by 8 cylinder, 4 stroke, 720rpm, 3.8mW MAN 8L32/40 engines. Diesel generators 1-3 are normally supplied with marine diesel fuel from the port day tank using 1 of 2 electrical pumps arranged in a main/standby configuration. Diesel generators 4-6 are normally supplied with marine diesel fuel from the starboard day tank using 1 of 2 electrical pumps arranged in a main/standby configuration. Each engine has a duplex filter and MDO cooler. All the engines have pneumatic starters. Each engines protection and speed control systems are supplied from a 24V distribution board. The battery charger system is fed from the emergency 208V distribution board. The MAN protection will shut down the engine on overspeed, low lube oil pressure, High turbocharger lube oil temperature, or loss of control power. Main DG Engine Support: Each cooling system consists of two individual mechanically driven pumps per engine, two coolers in parallel and cooled by seawater, and a header tank. The cooling water flow is controlled by the engines internal temperature control valves and will not fail on loss of compressed air. Each system has low level and high temperature alarms and the water quality is maintained by chemical dosage. Each system cools its engines lube oil, jacket water, generator, pre-heating system, cylinders and its MDO. The lubrication system consists of an internal sump, a mechanically driven pump, filters, cooler and control valves. The engine is equipped with a pre-lube and preheating system. Main DG Start: If the MAN start permissives are met, then an engine can be started locally from the engine control panel, remotely from the ECR panel by pressing the start request button for one second. For PMS control the PMS must send a request start/stop authority to the SaCos system which then must close its release start/stop authority external.
6.4.2
6.4.3
6.4.4
6.4.5
H8675 Rev C
6.4.6
Main DG Speed Control: Engine speed controls the alternating current frequency from the driven generator. The engine speed is controlled by balancing the engine load and the fuel supply to achieve the desired speed. The engine is supplied with a Heinzmann Electronic Governor that can be controlled from the switchboard using a raise/lower switch, SYMAP can control the governor to assist in synchronization, or raise/lower contacts being closed from the power management system. Main DG Synchronization Control Modes: There are two synchronization control modes. When the generator control section is placed in local synchronization to a live bus it is controlled by a common check sync relay. When the generator control section is placed in remote, the synchronization is done automatically via the SYMAP and initiated from the PMS. The synchronization relay monitors the generator frequency and the bus frequency and adjusts the bias voltage until the offline generators frequency and phase are identical to the bus. No adjustment of speed is necessary to connect to a dead bus. Main DG Generators: The main generators are self exiting brushless, ten-pole, synchronous, Hyundai HSJ7 generators. All the Generators are rated at 6.6kV, 60Hz, 3phase, wye connection. They differ in kW rating as Generators 1-3 are rated at 4230kW and Generators 4-6 are rated at 3760kW. Each generators windings are cooled by ambient air forced by a shaft-mounted fan and cooled by the engines cooling system. The generator bearings are self-contained. The generators are protected by RTD monitored by the vessel management system and have leak detectors for alarm Main DG Voltage Control: The output voltage of each generator is controlled by the voltage and current in its exciter field poles. Each generators excitation is controlled by a thyristor voltage regulator. It measures the output voltage and current and adjusts the field excitation to maintain the correct voltage level over the normal operating load range. The excitation unit supplies a load-dependent field current slightly higher than would be required for producing the rated voltage. The generators AVR can accept external 0-10Vdc signal for remote control of the voltage set point, this input is assumed to be used to control voltage remotely by hand at the switchboard, or by the PMS using the SYMAP protection unit.
6.4.7
6.4.8
6.4.9
6.4.10 Main DG Breaker Controls: The ABB 630A breaker has three main breaker contacts. It is operated by an electric motor and can be tripped by loss of voltage to the under-voltage coil or by activation of the protections in the SYMAP protection unit. Once an engine is up to speed and the generator up to voltage, the breaker can be closed if certain conditions are met; the Generator switch is in local and the sync check relay indicates the generator is in synchronization with the bus then the breaker can be closed by pushing the close push button. If a generator has been started from standby mode by the AVC then if the under-voltage coil is live and the SYMAP synchronization contacts close the generator is in synchronization with the bus and the breaker automatically closes to the bus. The breaker can be opened by placing the Generator switch to local and pressing the open button, pressing the breaker trip directly or by operation of the breaker protections. 6.4.11 Main DG Breaker Protection: Each generator is protected by its breakers SYMAP BC protection relay and an under-voltage relay. The SYMAP BC unit trips the breaker on overloads
and short circuits. The protection relays monitors the incomer voltage and current. The protection relay unit provokes an under-voltage trip of the breaker if it loses 110V power, overvoltage (120% for 5s), under-voltage (<85% for 5s), over-frequency (105% for 1.5s), underfrequency (<95% for 1.5s), reverse power (10% for 5s), negative phase sequence (10% for 10 seconds) and Over-Excitation. These failures do not require resetting of the breaker at the switchboard and can be closed again after the fault clears. The following protection comes from the lockout relay which will require the breaker to be reset at the switchboard. These failures are phase over-current, generator differential protection, loss of field excitation, directional sensitive earth fault, NER protection and SYMAP failure. The generator incomer air spaces are assumed to be separated from each other and from the bus air spaces in order to avoid a short circuit bypassing all protection systems. 6.4.12 Bus tie/Interconnector breaker control: The ABB 1250A breaker has three main breaker contacts. It is operated by an electric motor and can be tripped by loss of voltage to the under-voltage coil or by activation of the protections in the SYMAP protection unit. The breaker can be closed if certain conditions are met; the Bus tie/Interconnector panel is in local and the sync check relay indicates the two buses are in synch then the breaker can be closed by pushing the close push button. If a breaker closure request has been started by the PMS, then if the under-voltage coil is live and the SYMAP synchronization contacts close, the two buses are synchronized and the breaker automatically closes to the bus. The breaker can be opened by placing the Generator switch to local and pressing the open button, pressing the breaker trip directly or by operation of the breaker protections. The bus tie must be open for DP2 operations. 6.4.13 6.6kV Switchboard: The main switchboard (MSB) was manufactured by IPT and supplied by Converteam. The 6.6kV electrical system is split into two switchboards with each switchboard divided into three sections. It utilizes an open ring main system and provides breakers to isolate each section of the board supplied by a generator. The main line is split into port and starboard sides with two 1250A breakers. A second tie line with two 1250A breakers completes the ring. 6.4.14 Transformer changeover switch: The 3-pole offload isolator switch comprising 2-off back-to back switches to achieve changeover, permits thruster 7 feeder to be fed from either the port or starboard 6.6kV switchboard. The Changeover switch is housed in a free-standing enclosure that provides manual local control and operator selected remote control change over capability. It has status indications and interlocks to prevent closure of both feeders to the transformers. In order for switching to be effective, the emergency switchboard must be fed from the stbd bus as the port steering pump must be independent of the emergency switchboard pump. 6.4.15 Ship service transformers: There are two 6.6kV to 510V 4100kVA transformers with each one being supplied from separate sides of the bus. Each transformer feeds its associated auxiliary switchboard. The transformer has two cooling fans fed from group starter panels and are cooled by the auxiliary FWC system. The generators are protected by RTD, monitored by the vessel management system and have leak detectors for alarm. 6.4.16 Auxiliary Switchboard Description: The switchboard will operate with the auxiliary tie breakers open. The Auxiliary 480V switchboard is split into two separate boards. Switchboard #1 contains 9 sections. Section A20 contains the incoming breaker from the main port transformer
#1, controls and indications. Section A21 houses Bus A&B Tie breaker, indications and controls. Sections A22-A26 contain the outgoing feeders. Sections A27 and A28 contain port group #1 and #2 starter breaker, controls and indications. Switchboard #2 contains 9 sections. Section A29 contains the incoming breaker from the main starboard transformer #2, controls and indications. Section A30 houses Bus A&B Tie breaker, indications and controls. Sections A31A35 contain the outgoing feeders. Sections A36 and A37 contain starboard group #1 and #2 starter breaker, controls and indications. The switchboards are connected by bus-tie breakers that feed to bus A and B. A 400A shore power connection is connected to auxiliary switchboard #2 and electrically interlocked to prevent parallel operation with the two main feeds. 6.4.17 480V Auxiliary Switchboard Distribution:
480V Port (swbd. 1) Loads T1 Pre-Charge transformer T3 Pre-Charge transformer T5 Pre-Charge transformer Bilge/Fire Pump #3 T1 steering pump #1 T3 steering pump #1 T5 steering pump #1 T7 steering pump #1 Thruster (fwd) FWC pump #1 Thruster (fwd) SWC pump #1 Thruster (aft) FWC pump #1 Thruster (aft) SWC pump #1 ME (aft) SWC pump #1 ME (aft) SWC pump #2 T1 MV7000 Aux. Supply T3 MV3000 Aux. Supply T5 MV3000 Aux. Supply T8 MV3000 Aux. Supply Aux. cooling SWC pump #1 Aux. cooling FWC pump #1 Hydrophore (F.W) module #1 AHU #3 Seawater Chiller pump #1 Aft ER Supply Fan Start Air Compressor #1 Service Air Compressor #1 Service Air Compressor #3 480V Stbd. (swbd 2) Bus Loads T2 Pre-Charge transformer T4 Pre-Charge transformer T6 Pre-Charge transformer Bilge/Fire Pump #2 T2 steering pump #1 T4 steering pump #1 T6 steering pump #1 Incinerator Thruster (aft) FWC pump #2 Thruster (aft) SWC pump #2 Thruster (fwd) FWC pump #2 Thruster (fwd) SWC pump #2 ME (fwd) SWC pump #1 ME (fwd) SWC pump #2 T2 MV7000 Aux. Supply T4 MV3000 Aux. Supply T6 MV3000 Aux. Supply DP Control A/C (AC-2) Aux, cooling SWC pump #2 Switchboard (stbd) room A/C Hydrophore (F.W) module #2 ECR A/C (AC-3) Seawater Chiller pump #2 fwd ER Supply Fan Incinerator sludge tank Service Air Compressor #2 HVAC Control Panel 2 480V Emergency Swbd Loads 480V service transformer 1 cooling fan #1 480V service transformer 1 cooling fan #2 MDO feed pump #2 MDO supply pump #1 ME (aft) SWC pump #3 E-Gen. Room supply fan ER Aft Supply Fan T1 steering pump #2 T2 steering pump #2 T3 steering pump #2 T4 steering pump #2 T5 steering pump #2 T6 steering pump #2 T7 steering pump #2 Bilge/Fire Pump #1 Start Air Compressor #2 ME (fwd) SWC pump #3 MDO feed pump #4 Aux. cooling FWC pump #2 Sprinkler SW pump 480V service transformer 2 cooling fan #1 480V service transformer 2 cooling fan #2 Sliding WTD Dist. Board Emergency Dist. Board #1 Emergency Dist. Board #2
H8675 Rev C
Page 56 of 80
February 4, 2009

Fan Dist. Board #1 Fan Dist. Board #3 Heater Power Dist. Board #1 Oil Pumps Dist. Board #1 Oil Pumps Dist. Board #3 Power Dist. Board #1 Power Dist. Board #3 Group Starter 1 Power Dist. Board # 7 Fan Dist. Board #2 Fan Dist. Board #4 Heater Power Dist. Board #2 Oil Pumps Dist. Board #2 Oil Pumps Dist. Board #4 Power Dist. Board #2 Power Dist. Board #4 Group Starter 2 Power Dist. Board #7
6.4.18 480V Distribution Boards:

Fan Distribution Board 1 Propulsion Room Aft Port Supply Fan Thruster Room Supply Fan Pump Room Supply Fan Thruster/Pumps Room Supply Fan Propulsion Room Aft Port Exhaust Fan Fan Distribution Board 2 Thruster Room Exhaust Fan Pump Room/ER Workshop Exhaust Fan Thruster/Pumps Room Exhaust Fan Propulsion Room Aft Stbd. Exhaust Fan Propulsion Room Aft Stbd. Supply Fan Power Dist. Board 1 DG1 Power Stack DG2 Power Stack DG3 Power Stack T1 Jensen Filter T3 Jensen Filter T5 Jensen Filter T7 Jensen Filer Bilge Pump #1 UPS #4 UPS #6 Booster Pump(Foam) #1 Oil Pumps Dist Board 1 MDO Transfer Pump #1 L/O Separator Unit #4 L/O Separator Unit #5 L/O Separator Unit #6 MDO Feed Pump #1 Lube Oil Pump #1 Sludge Lube Oil Pump #1
MDO Separator Control #1
Power Dist. Board 2 DG4 Power Stack DG5 Power Stack DG6 Power Stack T2 Jensen Filter T4 Jensen Filter T6 Jensen Filter Bilge Water Separator Bilge Pump #2 UPS #5 UPS #7 Booster Pump(Foam) #2 Oil Pumps Dist Board 4 T2 Primary L/O Pump T2 Secondary L/O Pump T4 Upper Gearbox T4 Prop. Gearbox T6 Upper Gearbox T6 Prop. Gearbox
Oil Pumps Dist Board 2 MDO Transfer Pump #2 L/O Separator Unit #1 L/O Separator Unit #2 L/O Separator Unit #3 MDO Feed Pump #3 Lube Oil Pump #2 Sludge Lube Oil Pump #2 Power Dist Board 7 (Aux 1 feed)
Oil Pumps Dist Board 3 T1 Primary L/O Pump T1 Secondary L/O Pump T3 Upper Gearbox T3 Prop. Gearbox T5 Upper Gearbox T5 Prop. Gearbox T7 Upper Gearbox T7 Prop. Gearbox Group Starter 2
Group Starter 1
Power Dist Board 7 (Aux 2 feed)
H8675 Rev C
Page 57 of 80
February 4, 2009
Global Industries Ltd Global 1200 Pre-trial DP2 FMEA T1 Motor Cooling Fan #1 T1 Motor Cooling Fan #2 T1 Transformer Cooling Fan #1 T1 Transformer Cooling Fan #2
690V Mission Transformer 1 Cooling Fan #1 690V Mission Transformer 1 Cooling Fan #2
UPS #1 UPS #3 Tautwire Isolation Transformer 1
T2 Motor Cooling Fan #1 T2 Motor Cooling Fan #2 T2 Transformer Cooling Fan #1 T2 Transformer Cooling Fan #2
690V Mission Transformer 2 Cooling Fan #1 690V Mission Transformer 2 Cooling Fan #2
UPS #2 Converteam deployment machine Tautwire Isolation Transformer 2
6.4.19 EG Engine: The emergency generators (EG) engine is a Caterpillar 3508B with electric motor start, a mechanical fuel pump connected to a dedicated diesel day tank, self-contained forced lubrication system and a forced air radiator, providing cooling for a self-contained, forced fresh water cooling system. The engine will shut-down on over-speed, high jacket water temp., low lube oil pressure, aftercooler temp high, and high crankcase pressure. 6.4.20 Emergency Generator: The EG is a Leroy Somar LSA50.1M6 480V, 1000kW, 60Hz, 0.8PF, floating three wire, synchronous generator 6.4.21 EG Control & Protection: The emergency generator is started by the engine mode switch and normally a bus voltage relay. The engine mode switch has three settings: Off, Manual, and Auto. Normally, the ESB is supplied from an incomer breaker and the engine mode switch is in Auto. On loss of incomer power, a bus under voltage relay opens and starts after a short time delay then closes a contact used to initiate remote start of the EG. Once the generator is up to voltage and speed, and the switchboard is dead, the EG breaker closes and restores power to the ESB. Placing the engine mode switch in Manual will start the engine and allow manual operation of the breaker, if the bus is dead. Placing the engine mode switch in the off position, will stop the DG and trip its breaker. 6.4.22 ESB Description: The emergency switchboard contains four sections section A10 contains the controls, indications and breaker incomer for the emergency generator. Section A11 contains the controls, indications and main incoming breakers. Sections A12 and A13 contain the emergency outgoing feeder breakers. Emergency switchboard feed from Auxiliary switchboard 1 and 2 with auto changeover control. The emergency switchboard can be supplied 480V by either the auxiliary port or starboard switchboard. The incoming breakers are automatically controlled by a Symap control module located inside section A10. When the Symap control detects a dead bus it automatically starts the emergency generator and connects it to the emergency bus. When main power on either incomer is detected the Symap will open the EG breaker and close the incomer breaker and stop the EG after the cool down time is fulfilled. The Symap has interlock logic that prevents both the EG breaker and any incomer breaker being closed at the same time. The ESB has an on-off switch that can be used to test the EG while main power is supplying the ESB. There is an ESB mode off-on switch that is not fully defined. The assumption is that this will inhibit the auto changeover of the main incomer breakers. Surveyor to verify and define ESB
mode function The auto changeover logic can create a fault that would cause total blackout of the vessel, so in DP2 operations the incomer breakers auto changeover circuit must be placed in manual or disabled, but still allow the EG to automatically start and connect to the bus on loss of power. 6.4.23 Emergency Distribution boards 480V & 208-120V:
480V EDB #1 UPS #1 UPS #2 UPS #3 480V EDB #2 UPS #4 UPS #5 UPS #6 UPS #7 208 Emergency DC1 Battery Charger DC2 Battery Charger DC3 Battery Charger DC4 Battery Charger DC5 Battery Charger DC6 Battery Charger DC7 Battery Charger EG Battery Charger #2 208 Swbd Bus A DC4 Battery Charger DC6 Battery Charger 208 Swbd Bus B DC5 Battery Charger DC7 Battery Charger
6.4.24 24V System Description: There are seven DC panels used to provide 24Vdc power throughout the vessel. DC 1 and 2 located on the navigational Bridge and provide power to the navigation electronics. DC 3 provides power to the phone systems. DC 4 and 5 are located in the engine room forward and provide redundant power to DG1-3. DC 4 provides backup power to T1 and T3 Lipstronic control cabinets while DC 5 provides backup power to T5 and T7 Lipstronic control cabinets. DC 6 and 7 are located in the engine room forward and provide redundant power to DG4-6. DC 6 provides backup power to T2 Lipstronic control cabinets while DC 7 provides backup power to T4 and T6 Lipstronic control cabinets. There are breakers in place to allow either DC 4 or 5 to provide power to both DC distribution panels. The same breaker configuration is provided to allow either DC 6 or 7 to provide power to both DC distribution panels. The battery chargers will generate an alarm on failure and a light is illuminated, indicating batteries are discharging. The distribution boards display voltage, current, power available indicator and ground fault. 6.4.25 Redundancy: 6.6kV, 480V auxiliary and emergency switchboard bus ties are open. This is vital to vessel redundancy
H8675 Rev C
Page 59 of 80
February 4, 2009
6.5
Electric Power FMEA Table #

1a
Failure
Port 6.6kV MSB Dead.
Effect
Distribution Loss of all T1, T8, T3, T5. Auxiliary SB #1 and associated equipment. T7 will automatically change over to Starboard bus. Loss of all T2, T6, T4 Auxiliary SB #2 and associated equipment. Loss of ESB. Loss of some redundant services, some systems on battery power and loss of some ventilation. Loss of all T1, T8, T3, T5. Auxiliary SB #1 and associated equipment. T7 will automatically change over to Starboard bus. Loss of all T2, T6, T4 Auxiliary SB #2 and associated equipment. Loss of ESB. Both port and starboard switchboards will supply power to the emergency switchboard. Two different sources of power without common reference could cause blackout and loss of DP Auto changeover to secondary supply.
Indication
Vessel alarms. DP UPS alarm. T1, T8, T3, T5 not ready alarm on DP. T7 power changes to starboard MSB Vessel alarms. DP UPS alarm. T2, T4, T6 not ready alarm on DP Vessel alarms. DP UPS alarm. Loss of some lights. Vessel alarms. DP UPS alarm. T1, T8, T3, T5 not ready alarm on DP. T7 power changes to starboard MSB Vessel alarms. DP UPS alarm. T2, T4, T6 not ready alarm on DP Loss of ESB and possible loss of auxiliary port and starboard switchboard and loss of all thrusters.
DP Effect
No loss of heading or position. Remaining thrusters compensate. Loss of T1, T3, T5, T8. No loss of heading or position. Remaining thrusters compensate. Loss of T2, T4, T6. No loss of heading or position.
1b
Stbd. 6.6kV MSB Dead.
1c
ESB Dead
1d
Port Main 6.6kV/480V transformer fault
No loss of heading or position. Remaining thrusters compensate. Loss of T1, T3, T5, T8. No loss of heading or position. Remaining thrusters compensate. Loss of T2, T4, T6. SPF: Loss of heading and position do to loss of all thrusters. Invalid
1e
Stbd. Main 6.6kV/480V transformer fault ESB incomer auto change over (electric lock) failure. Info
1f
only. Invalid configuration. See Section 6.6.1

1g Emergency 480/208V transformer fault Loss of battery charger supply.
Information Only Section 6.6.1
configuration. See
Vessel alarms.
No immediate effect.
1h
Battery system maintains load for minimum of 30 minutes.
Vessel alarms
6.6 6.6.1
Summary of Electric Power System Analysis Significant failure modes: The electric power system failure modes and effects analysis table found no single point failures and no DPO intervention failures if the equipment is properly configured, but it did note two configuration errors that can cause vulnerability to loss of DP.
H8675 Rev C
Failure 1f Has the potential to allow two different 480V power sources to be combined causing catastrophic failures if device protections are not correctly set. Failure 1d can be avoided if at least one of the source breakers is open this is normally done with a mechanical interlock. Emergency 480V switchboard automatic switching presents threat to redundancy because it is capable of transferring fault to both switchboards. If a short or other fault occurs in the emergency switchboard or switching mechanism the feeder breaker protection must be reliably capable of tripping before the voltage dip on the main switchboard bus causes loss of other equipment because the switch will transfer the fault to the second switchboard bus upon loss of the first supply. This must be proved by engineering calculation or by testing during trials. 6.6.2 6.6.3 Hidden Failures: The analysis identified some failures that could reduce system redundancy. These failures can be avoided by regular testing, calibration and maintenance. Configuration Analysis: The main switchboard and Auxiliary switchboard must be run split bus. Port switchboard 110Vdc control voltage must be supplied by Converteam battery charger 1 while starboard switchboard 110Vdc control voltage must be supplied by Converteam battery charger 2. The emergency switchboard must be normally fed from starboard power to ensure T7 redundancy. Auxiliary switchboard #2 CB Q103 to the emergency switchboard is to be closed and Auxiliary switchboard #1 CB Q3 to the emergency switchboard is to be open. This disables the automatic changeover circuit, but still allows the EG to auto start and connect to the bus Related Failures: These DGs can be affected by fuel system, fire protection and Engine Room ventilation shutdown faults. These failures are examined in the appropriate sections. Worst Case Failure: port bus Blackout this failure causes loss of T1, T3, T5, T8 and temporary reduction in thrust available until T7 incoming power has been changed to starboard side. Accuracy: The analysis is based on Converteam and shipyard drawings but the provided drawings conflicted with each other and have not yet been confirmed by survey or testing. Surveyor is to confirm final implementation of the T7 auto change over circuit, confirm where 24Vdc DB4-7 incoming power comes from conflicting information received based on Keppel Singmarine drawing H340-E101.01 Rev. 4 and verify fan and oil distribution board loads. Surveyor is to update documentation as necessary based on findings. Electric Power Summary: Single Point Failures DPO Intervention Maintenance Issues Analysis Accuracy 0 0 Medium
6.6.4 6.6.5 6.6.6
6.6.7
H8675 Rev C
Page 61 of 80
February 4, 2009
7.
7.1
POWER & VESSEL MANAGEMENT SYSTEM

Power and Vessel Management System Diagram
ECR A&E Printer AFT WH A&E Printer FWD. WH WS11 (AVC) WS12 (AVC)
CCO5 (PMS A)
CCO6 (VMS A)
CCO7 (PMS B)
CCO8 (VMS B)
WS13 (AVC)
WS14 (AVC)
A&E Printer
Legend
NS01 (Net A) NS03 (Net A) NS05 (Net A)
FS01 SWBD 1 FS02 SWBD 2 FS03 (DG1-3) FS04 (DG4-6) FS05 FS06 FS07 FS08 FS09 FS10
NS02 (Net B)
NS04 (Net B)
NS06 (Net B)
Net A Net B Serial (RS232)
FS18 (T8)
FS17 (T7)
FS16 (T6)
FS15 (T5)
FS14 (T4)
FS13 (T3)
FS12 (T2)
FS11 (T1)
7.2
Power and Vessel Management System Data

Supplier: Design: VMS Functions: PMS Subsystem: Redundancy: Other: Sources: Converteam Functional Specification 2007 Converteam PLC based vessel and power management system Monitors major systems such as power generation, thrusters, tank levels and support systems. Controls some field equipment. Monitors and controls power generation system. Provides load dependant start/stop, start inhibits, load reduction and limited blackout restart. Some hardware and communication systems duplicated.
7.3 7.3.1
Power & Vessel Management System Description Redundancy Concept: Minimum 2 split for important functions with hardware and software protections.
H8675 Rev C
7.3.2
Overview: The vessel management was supplied by Converteam. It is a PLC based vessel and power management system. The system consists of four control computers, four work stations, ten field stations dedicated to vessel management and eight thruster field stations shared with the DP/IJS systems. These devices are connected by a dual star Ethernet network. Fault immunity of this vital network is discussed under DP. Location: The Navigation Bridge has one operator workstation with an alarm and event printer. The Aft Bridge has two system control computers and one operator workstation with an alarm and event printer. The ECR has two system control computers and two operator workstations with one alarm and event printer. The field stations are located near the equipment they monitor and control. Workstations: The workstations have a number of operator mimic screens that allow the operator to monitor system operation and initiate system changes. Each workstation can control the system, but only one workstation can have control of the system at a time. Control of the systems can be transferred between the workstation and if a controlling workstation fails, control can be assumed at the remaining workstation. The workstations are monitored by self-diagnostic routines and have automatic shutdowns to prevent major control errors. Vessel Management Control Computers: One control computer is in command at a time and it performs the active control functions of the vessel management system. The standby control computer monitors the commanding control computer so it is ready to take command. The control computers are monitored by self-diagnostic routines and have automatic shutdowns to prevent major control errors. If the control computer in command fails, the standby control computer assumes command. Power Management Control Computers: One control computer is in command at a time and it performs the active control functions of the power management system. The standby control computer monitors the commanding control computer so it is ready to take command. The control computers are monitored by self-diagnostic routines and have automatic shutdowns to prevent major control errors. If the control computer in command fails, the standby control computer assumes command. Field Stations: The field stations provide the monitoring and control interface to the field equipment. Important redundant services are split between separate field stations. Field station outputs are designed to be failsafe. The channels are electrically separate to prevent propagation of field voltages or grounds to other devices. Failure of a status signal is arranged to create an alarm by using normally closed contacts for healthy states. The control computers are monitored by self-diagnostic routines and have automatic shutdowns to prevent major control errors. The interface of the thruster control and monitoring field stations is summarized in the appropriate thruster section. VMS Functions: The system is used to remotely start and stop pumps, thrusters, open and close valves, monitor equipment status, tank levels and generate plant alarms. The system interfaces with the watch call panels.
7.3.3
7.3.4
7.3.5
7.3.6
7.3.7
7.3.8
H8675 Rev C
Page 63 of 80
February 4, 2009
7.3.9
PMS Functions: The system is used to remotely start and stop generators, initiate the synchronization of generators and main bus ties, plus close major breakers and provide power information to DP for its power limiting function. The power management system is capable of supporting split or common bus operation, but split bus is required for power redundancy. The power management system will eliminate and replace failing DGs and start extra DGs based on the load levels required to maintain system redundancy. The PMS has a blackout restart function that, on detection of a dead bus, opens the bus tie and restarts or reconnects generators, attempts to close the bus tie sections and starts thrusters that were online prior to blackout. The following table summarizes the major power management functions: Power Management System Functions
Standby Selection Load Dependant Start Load Dependent Stop Minimum # of DG Fixed Target De-rating DG replacement DG trip Load Sharing Operator selects available, healthy DGs and sets their start priority. If a high priority DG fails to start, the next DG in priority is started. The operator also selects DG stop priorities but a DG that is already unloading has priority. The next standby main DG is started and synced if spinning reserve drops below operator set point (default =3760kW or 2820kVAR) Low spinning reserve alarm for a bus section in which these conditions persist. If the spinning reserve becomes excessive, the last DG started will be unloaded and stopped after a time delay. (default =10575kW or 7935kVAR) Excessive capacity alarm for a bus section in which these conditions persist Operator selected value that will override load dependant stop and start DGs to match selected number if there is no excess capacity. Otherwise, the operator must start the excess DG. If enough load is available operator can set individual DGs to maintain constant kW or kVAR. Allows the operator to reduce the full load rating of individual DGs If an online DG is unhealthy (hi temp, lo press, etc) and a standby is available, the system will start and sync the stand by and then unload and stop the unhealthy DG. A DGs breaker tripped on very high bearing or winding temperature kW load sharing and kVAR load sharing. On Complete 6.6kV bus power failure, the system sends command to open all bus tie and thruster breakers after receiving signal that the emergency bus has been restored it; starts main DGs and loads them on the bus. After a DG is on the bus it then closes all bus tie breakers in a pre-defined order, once the main 6.6kV and the Auxiliary 480V switchboards are restored, the system then starts all thrusters that were running prior to blackout. The blackout restart in progress signals will timeout after seven minutes. The operator will be responsible for restoring any loads that failed to start.
Blackout Recovery
7.3.10 Load Limitation: This is preformed by the DP system based on bus rather than DG overload. Low bus frequency triggers VSD torque reduction. 7.3.11 Power & Vessel Management System FMEA Table: # Failure
In command control computer failed
Effect
Control transfers to standby control computer
Indication
Control Computers
DP Effect
No immediate effect on DP.
1a
VMS alarm.
H8675 Rev C
Page 64 of 80
February 4, 2009
#
1b
Failure
Standby control computer failed Workstation failed Workstation monitor fails Workstation operator inputs failed Workstation frozen
Effect
Loss of system backup
Indication
VMS alarm.
DP Effect
No immediate effect on DP. No immediate effect on DP. No immediate effect on DP. No immediate effect on DP.
2a 2b 2c
2d
2e
Workstation malfunction
3a
One link failed
3b
Ethernet switch failed Workstation broadcasting noise Control computer broadcasting noise
3c
Workstations Control transfers or can be assumed at a VMS alarm. remaining workstation. Control can be assumed at Blank or frozen screen. a remaining workstation No alarm. System display still useful Possibly no alarm. Failure Control can be assumed at only apparent after system a remaining workstation does not respond. Display frozen, inputs useless & internal Possible Ethernet alarms. diagnostics frozen. Control can be assumed at a remaining workstation Internal error checking shuts down workstation. VMS alarms Control can be assumed at a remaining workstation Ethernet Problem detected. Communication continues VMS alarm for failed link. on redundant link. Shutdown on internal fault detection or loss of VMS alarms for failed power. Communication network. continues on remaining Ethernet switch. Problem detected. VMS alarms for both Workstation isolated from workstation links. both networks. Problem detected. Control computer isolated from both networks. Problem detected. FS isolated from both networks. Loss of that FS control and monitoring interface. Engineers must locally control some systems. Both networks shutdown by excessive data load. Engineers must locally control and monitor systems. VMS alarms for both CC links.
No immediate effect on DP. No immediate effect on DP.
3d
3e
Field station broadcasting noise
VMS alarms for both FS links.
No immediate effect on DP. Hidden failures more likely to occur. Duty engineers must be more vigilant. No immediate effect on DP. Hidden failures more likely to occur. Duty engineers must be more vigilant.
3f
Data overload
VMS alarms for both networks.
H8675 Rev C
Page 65 of 80
February 4, 2009
Failure
Effect
Loss of that FS control and monitoring interface. Engineers must locally control some systems. Internal error checking routines detect fault and shutdown one processor. Engineers must locally control some systems. Loss of DG or breaker information to FS. Loss of monitored data Loss of valid information for alarm point due to device, contact or wiring fault. Loss of control output.
Indication
Field Station
DP Effect
No immediate effect on DP. Hidden failures more likely to occur. Duty engineers must be more vigilant. No immediate effect on DP. Hidden failures more likely to occur. Duty engineers must be more vigilant. No immediate effect on DP. Hidden failures more likely to occur. Duty engineers must be more vigilant. No immediate effect on DP. Hidden failure possible but less likely. No immediate effect on DP. Hidden & compound failures more likely to occur. No immediate effect on DP.
4a
One Field station failed
4b
One FS processor malfunctions
4c
Serial input fails
VMS alarm serial link failed alarm. Alarm for open DI. None for shorted DI. Regular testing needed to catch all faults. No alarm until command fails. Regular testing needed to catch all faults. VMS alarm.
4d
Loss of digital input
4e
Loss of digital output Loss of analogue input
4f
Loss of process data.
7.4 7.4.1 7.4.2
Summary of Power & Vessel Management System Analysis Significant Failure Modes: None. Regular maintenance should ensure continued operation. Hidden Failures: The analysis identified possible hidden failures that could reduce system efficiency or redundancy. These failures can be avoided by regular testing, calibration and maintenance.
Failure Digital Input shorted Digital Output failed Problem Possible inaccurate plant conditions seen by Operator Loss of remote control to vessel equipment will not be noticed until operator tries to operate equipment Solution Regular testing Regular testing
7.4.3 7.4.4 7.4.5
Configuration Analysis: Redundant. Related Failures: This system can be affected by switchboard failures. Worst Case Failure: Shorted voltage decrease signals to AVR will cause engine to shed reactive load and enter capacitive operation. Current increases while bus voltage decreases as paralleled
H8675 Rev C
DG is forced down its droop curve. Both DGs may be tripped on UV or the healthy DG tripped on over-current and then the faulty DG on under-voltage. Possible equipment damage if left for extended period 7.4.6 7.4.7 Accuracy: The analysis is based on the referenced documentation. The analysis and the information it is based on has not yet been confirmed by survey and testing on the vessel. PMS/VMS System Summary: Single Point Failures DPO Intervention Required Maintenance Issues Analysis Reliability 0 0 2 Medium
H8675 Rev C
Page 67 of 80
February 4, 2009
8.
8.1 8.1.1
AUXILIARY SUPPORT SYSTEMS

Diesel Fuel Oil System System Diagram:
MDO Supply
PS Overflow Tank DBO MDO DBO MDO DBO MDO DBO MDO 7 PS 6 PS 5 PS 4 PS
NC
EG Day Tank PS MDO Settling Tank Aft
EG
MDO Service
DG1
DG2
MDO Transfer
F/O Seperator NC
PS MDO Day Tank Aft
MDO Service NC MDO Service
DG3
Legend
Transfer Service Overflow
NC
Bunker Stations
NC F/O Seperator
NC SB MDO Day Tank fwd
DG4
MDO Transfer
DG5
DBO MDO DBO MDO DBO MDO DBO MDO 7 SB 6 SB 5 SB 4 SB

NC
SB MDO Settling Tank Fwd
MDO Service
DG6
SB Overflow Tank
General Diagram not all valves and filters are shown refer to dwg. H340P110 for more details
8.1.2 8.1.3
Redundancy Concept: 2 split Engine Room system supplied by common storage system. Redundancy depends on proper fuel handling procedures. System Description: Each diesel engine runs on marine diesel oil. The Aft Engine Room contains the port side settling and day tanks, two service pumps configured in an automatic primary/secondary configuration that normally supply MDO to DGs 1-3. The forward Engine Room contains the starboard side settling and day tanks, two service pumps configured in an automatic primary/secondary configuration that normally supply MDO to DGs 4-6. The fuel oil supply and return piping is normally arranged in an independent split configuration in an emergency the system can be aligned to supply MDO to all DGs from the same tank. The fuel is transferred from the settling tank to the day tank through the MDO separator. Both the day tank and the settling tanks content can be re-circulated through the separator. The suction valves for the settling and day tanks are pneumatically operated. Each day tank is provided with a high and low level alarm but should be regularly checked by the Engineering Watch. It is assumed that the fuel in the tanks is regularly checked for biological, water and particulate contamination. The fuel oil transfer pumps are started and stopped based on the level alarm switches in the settling tanks. The transfer pumps can be remotely started and stopped from the automation system. The settling tanks are filled automatically via the vessel fuel oil transfer system that consists of eight dedicated fuel storage tanks, two transfer pumps with each one aligned to an individual settling tank with ability to cross connect. All the starboard side tanks vent to the starboard side overflow tank and all the port side tanks vent to the port side overflow tank. Both
H8675 Rev C
overflow tanks have high level alarms. The emergency day tank is filled via a dedicated pump from the PS Aft day tank. 8.1.4 8.1.5 Survivability: If the fuel system is isolated properly then any single systems total fuel failure will result in no worse than the vessels worst case failure FO FMEA Table: # Fault
PS Aft Day Tank empty due to rupture or leak
System Effect
Loss of fuel supply to DG1-3. eventual loss of MSB bus A. Loss of T1, T3, T5, T8 Liquid contamination passed to DG1-3. Engines may run rough or fail depending on the type and level of contamination Particle contamination stopped by system automatic filer and/or engine filters. Filter clogs if contamination is excessive. Possible loss of engines but unlikely. Loss of fuel supply to DG1-3. eventual loss of MSB bus A. Loss of T1, T3, T5, T8 Loss of fuel supply to DG1-3. eventual loss of MSB bus A. Loss of T1, T3, T5, T8 Returning fuel creates a back pressure and fails DG1-3. eventual loss of MSB bus A. Loss of T1, T3, T5, T8 Standby pump starts and provides fuel to generators. Loss of fuel supply to DG4-6. eventual loss of MSB bus A. Loss of T2, T4, T6,
Indication
VMS day tank level indication, day tank low level alarm, low FO pressure alarm, bilge high level alarms Visual indication at day tank site glass. Possible DG1-DG3 failed or generator tripped alarms
DP Effect
No immediate loss of heading or position. System compensates with remaining thrusters
01
02
Liquid contamination in PS Aft Day Tank
No immediate loss of heading or position. If thrusters lost then system compensates with remaining thrusters
03
Particle contamination in PS Aft Day Tank
Low fuel pressure alarm. High filter differential pressure alarm
No loss of heading or position.
04
PS Aft Day Tank suction clog
Low fuel pressure alarm.
No immediate loss of heading or position. System compensates with remaining thrusters No immediate loss of heading or position. System compensates with remaining thrusters No immediate loss of heading or position. System compensates with remaining thrusters No immediate loss of heading or position. No immediate loss of heading or position. System compensates with remaining thrusters
06
PS Aft Day Tank supply line clog
Low fuel pressure alarm
07
Port return line clogs/blocked
VMS high FO pressure indication.
08
MDO feed pump fault
Standby pump start event, loss of Primary pump alarm. VMS day tank level indication, day tank low level alarm, low FO pressure alarm, bilge high level alarms
09
SB Fwd. Day Tank empty due to rupture or leak
H8675 Rev C
Page 69 of 80
February 4, 2009
Fault
Liquid contamination in SB Fwd. Day Tank
System Effect
Liquid contamination passed to DG4-6. Engines may run rough or fail depending on the type and level of contamination Particle contamination stopped by system automatic filer and/or engine filters. Filter clogs if contamination is excessive. Possible loss of engines but unlikely. Loss of fuel supply to DG4-6. eventual loss of MSB bus A. Loss of T2, T4, T6 Loss of fuel supply to DG4-6. eventual loss of MSB bus A. Loss of T2, T4, T6 Returning fuel creates a back pressure and fails DG4-6. eventual loss of MSB bus A. Loss of T2, T4, T6 Emergency generators not available as backup power source. 2 transfer pumps & 2 separators. 24 hour supply of fuel available from the day & service tanks. Day and service tanks should be kept topped up to ensure fuel availability. Contamination transferred to day tanks unless run through the purifiers.
Indication
Visual indication at day tank site glass. Possible DG4-DG6 failed or generator tripped alarms
DP Effect
No immediate loss of heading or position. If thrusters lost then system compensates with remaining thrusters
10
11
Particle contamination in SB Fwd. Day Tank
Low fuel pressure alarm. High filter differential pressure alarm
12
SB Fwd Day Tank suction clog
Low fuel pressure alarm.
No immediate loss of heading or position. System compensates with remaining thrusters No immediate loss of heading or position. System compensates with remaining thrusters No immediate loss of heading or position. System compensates with remaining thrusters
13
SB Fwd Day Tank supply line clog
Low fuel pressure alarm
14
Port return line clogs/blocked
VMS high FO pressure indication. EG low fuel day tank alarm EG low fuel pressure alarm
16
EG fuel fault
17
FO transfer system pump, separator or valve failure.
VMS Alarms
18
FO Storage Tanks Contamination
None
No loss of vessel control or safety if only one day tank is filled at a time and then left to run several hours before the second tank is filled.
8.1.6
Summary of Analysis Results: No single point failures will result in loss of DP. Loss of a fuel line or tank can be avoided by maintaining the tank, pipes and hoses and not moving heavy equipment or performing hot work nearby while under way or dynamically holding position.
H8675 Rev C
Contamination can be avoided by using the separators and performing regular testing. Unalarmed failures such as closed valve, a clog in the emergency generator fuel line, clog in a return line or failed level alarm should be detected during regular watch keeping and testing. The fuel oil system must normally be operated split to maintain redundancy. Analysis is based on Kepper Marine Drawing H340-P110-1 Rev. 2 MDO Service & Supply Service system but has not yet been confirmed by survey and testing of the vessel. 8.2 8.2.1 Lubricating Oil Systems System Description: Each thruster and engine has a self-contained, lube oil system. A clean oil distribution system and dirty lube oil system exist to ease oil changing and pollution control but each system is normally isolated during DP operation. Each systems lubrication is described and analyzed in the appropriate power or thruster sections. Hydraulic Oil Systems System Description: Each thruster has a self-contained, hydraulic actuating system. systems are described and analyzed in the appropriate thruster sections. These
8.3 8.3.1
H8675 Rev C
Page 71 of 80
February 4, 2009
8.4 8.4.1
Cooling Water Systems System Diagram:

Exp. tank DG4 DG5 DG6 Refer to Section 6.4.16 of this document for pump power distribution T7 VSD T7 Transformer T7 Motor T7 Hyd. Cooler T7 LO Cooler Cooler Overboard Exp. tank Fwd Thrusters SW Pump 1 Cooler Fwd Thrusters SW Pump 2 Exp. tank Aft Thrusters SW Pump 1 Cooler Aft Thrusters SW Pump 2 Exp. tank Cooler Aux FWC pump 1 Main SBDs Aux. SW Pump 1 Aux FWC pump 2 Aux SBDs Aux Xfrmrs Main Xfrmrs Aux. SW Pump 2 Cooler Air compressors Overboard Exp. tank T1 Hyd. Cooler T1 LO Cooler T2 VSD T2 Transformer T2 Motor T2 Hyd. Cooler T2 LO Cooler Overboard T1 VSD T1 Transformer T1 Motor Cooler Aft FWC pump 1 This is only a representative drawing of the system. For further information please refer to Vessel As-Built Drawings T3 VSD T3 Transformer T3 Motor T3 Hyd. Cooler T3 LO Cooler T4 VSD T4 Transformer T4 Motor T4 Hyd. Cooler T4 LO Cooler Overboard Cooler Fwd FWC pump 1 T6 LO Cooler Fwd FWC pump 2 T8 VSD T8 Motor T5 VSD T5 Transformer T5 Motor T5 Hyd. Cooler T5 LO Cooler T6 VSD T6 Transformer T6 Motor T6 Hyd. Cooler
Port seachest (high) Port SW Pump 1 Port SW Pump 2
Port SW Pump 3
Aft FWC pump 2
Cooler Stbd SW Pump 1 DG1 Stbd SW Pump 2 DG2 DG3
Stbd SW Pump 3
Cooler Stbd. Seachest (Low) Cooler Overboard
H8675 Rev C
Page 72 of 80
February 4, 2009
8.4.2 8.4.3
Redundancy Concept: 2 split sea chests, coolers, pumps and FWC systems, but common piping. Redundancy is dependent on maintaining equipment condition. ME SWC System Description: The seawater cooling system suction piping is common and receives seawater from both a high suction sea chest on the port side and the low suction sea chest on the starboard side. There are a total of six pumps and their outputs are split into two groups of three. One set of pumps provides cooling for diesel generators 1-3 while the second set provides cooling for diesel generators 4-6. Two of the pumps that feed DG 4-6 are fed from auxiliary switchboard port section. Two of the pumps that feed DG 1-3 are fed from auxiliary switchboard starboard section. Two pumps (one from each set) are fed from the emergency switchboard. Two out of three pumps per set are required to run to permit sufficient cooling; the third one is in standby and will start automatically on loss of system pressure or pump failure. The system provides two coolers per set piped for parallel operation. The system has cross connects that are normally closed. Auxiliary Cooling System Description: The auxiliary FWC system consists of a head tank, two electric pumps that supply cooling to transformers, the 6.6kV and 480V switchboard, air compressors and two auxiliary coolers piped in parallel and cooled by the auxiliary SWC system. The auxiliary seawater cooling provides cooling to the auxiliary FWC system via two electric pumps that receive their suction from a sea chest and are arranged in a primary/standby configuration. Thruster Cooling System Description: The thruster FWC system consists of two separate systems. The aft system provides cooling for thrusters 1-4 while the fwd system provides cooling for thrusters 5-8. Each system consists of a header tank, two pumps arranged in a primary/standby configuration fed from different sources. Pump #1 of both systems is fed from the auxiliary switchboard port side and Pump #2 of both systems is fed from the auxiliary switchboard starboard side. The thruster SWC system arrangement is similar thruster FWC system and provides cooling to the thruster FWC system. Cooling Systems FMEA Table: #
01
8.4.4
8.4.5
8.4.6
Fault
Port Main SWC Pump Failure
System Effect
Standby Pump starts on pressure drop
Indication
VMS Event Main Port SWC Standby Pump started. Possible Low pressure alarm. VMS Event Main Stbd. SWC Standby Pump started. Possible Low pressure alarm. VMS Event Fwd SWC Standby Pump started. Possible Low pressure alarm. VMS Event Aft SWC Standby Pump started. Possible Low pressure
DP Effect
No immediate effect on DP
02
Stbd. Main SWC Pump Failure
03
Fwd SWC Pump Failure Aft SWC Pump Failure
Standby Pump starts on pressure drop Standby Pump starts on pressure drop
No immediate effect on DP No immediate effect on DP
04
H8675 Rev C
Page 73 of 80
February 4, 2009
Fault
System Effect
Indication
alarm. VMS Event Aux SWC Standby Pump started. Possible Low pressure alarm. VMS Event Fwd FWC Standby Pump started. Possible Low pressure alarm. VMS Event Aft FWC Standby Pump started. Possible Low pressure alarm. VMS Event Aux FWC Standby Pump started. Possible Low pressure alarm.
DP Effect
05
Aux SWC Pump Failure
06
Fwd FWC Pump Failure
07
Aft FWC Pump Failure
08
Aux FWC Pump Failure
8.4.7
Summary of Analysis Results: No single point failures will result in loss of DP. Loss of a supply line or clogged pipe can be avoided by maintaining the pipes and not moving heavy equipment or performing hot work nearby while under way or dynamically holding position. Analysis is based on Keppe Marine drawings H340-P104-01 Rev. 1 ME Cooling System, H340-P105-02 Rev. 2 Auxiliaries Cooling system, and H340-P105-01 Rev.0 Thrusters FW Cooling System but has not yet been confirmed by survey and testing of the vessel.
H8675 Rev C
Page 74 of 80
February 4, 2009
8.5 8.5.1
Compressed Air Systems Compressed Air Diagram:

Start Air 1 Port Aux SBD 480V
DG4 DG5 Air Receiver 1
435psi
DG6
Air Receiver 2
Start Air 2 ESBD 480V
NC
Air Receiver 3
DG1 DG2
Ship Services Bilge System Sprinkler system FO Purifiers
Air Receiver 4 435psi
DG3
Service Air 1 Port Aux. SBD 480V
Representative Drawing Only for further information refer to vessel Start and Service Air drawings
QCV LO Purifiers T5 T7 Port Seachest Oily Water Seperator
230psi
Service Air 2 Stbd. Aux. SBD 480V
Air Receiver 1
T1
T3
Air Receiver 2 230psi

Service Air 3 Port Aux. SBD 480V
T2
T4
T6
T8
Stbd. Seachest
230psi
To Tensioner Service Air
8.5.2
Start Air System Description: Two commonly piped start air compressors supply air to four independent, isolatable, receivers split by cross connect valves. Two receivers provide air to diesel generators 1-3 and the other two provide air to diesel generators 4-6. Compressor 1 is powered form the Auxiliary switchboard and Compressor 2 is fed from the emergency switchboard. Service Air System Description: Two commonly piped rotary compressors with water separators supply air to two service air receivers which are passed through an air dryer before supplying
8.5.3
H8675 Rev C
service air to the thrusters shaft brakes, LO head tank pressure, and quick connect clutches. A third service compressor is mainly used for the tensioner system but can supply air to the two service air compressors. The compressors are powered from different sources. 8.5.4 Compressed Air FMEA Table:
# 1 Fault Start Air Compressor Failure Effect Other compressor takes load. Indication Alarm DP Effect No immediate effect on DP.
Service Air Compressor Failure
Other compressor takes load.
Alarm
Loss of Port Start Air Backbone
Loss of Air pressure to DG1-3. Loss of pressure to stop engines, reduced load control stability on
No Immediate Effects. Low pressure alarms. No Immediate Effects. Low pressure alarms. No Immediate Effects. Low clutch pressure alarms T3-T7
Loss of Starboard Start Air Backbone
Loss of Air pressure to DG4-6. Loss of pressure to stop engines, reduced load control stability on
Loss of Service Air Backbone
Loss of Air Receiver pressure. Loss of clutch pressure to thrusters T3-T7. Lose of Brake Pressure to T1-T7
8.5.5
Summary of Analysis Results: Lose of start air will have minimal effect on running generator. Analysis done using Keppe Marine drawings H340-P108-01 Rev. 0 Compressed Air Diagram (Starting Air) and H340-P108-02 Rev. 0 Compressed Air Diagram ( Service and Instrument Air) but has not yet been confirmed by survey and testing of the vessel. Fire Protection Systems Fire Alarm System: A T2000 fire alarm system is installed and appears to provide adequate smoke and heat detectors using two different loops. The system has a main control panel located on the Navigation Bridge and a repeater station located in the ECR. The fire alarm system receives main 220V power from the port main switchboard. The main panel has a 24Vdc battery backup and the alarm relay box has a 24Vdc backup supply from DC1. The system has outputs that go to the vessels VDR, alarm and monitoring system, and the general alarm. There are activation buttons located throughout the vessel including critical machinery spaces and control rooms.
8.6 8.6.1
H8675 Rev C
Page 76 of 80
February 4, 2009
8.6.2
Water Mist System Description: The system is a medium-pressure water system that protects the main engines, fuel oil purifier and incinerator. The system can be activated automatically, locally or manually from remote locations. The System can automatically be started if the detection cabinet located in the fire control room receives either a smoke or fire alarm from one of the zones it covers. The system can be activated manually from the main control cabinet located in the fire control room or from remote panels located near equipment. System status indicator panels are located on the bridge and in the ECR. System uses 115V from ESBD5 and backup 24Vdc from DC3. CO2 System Description: The CO2 flooding system protects the forward and aft engine rooms, port and starboard aft propulsion rooms, emergency generator room, paint store and the incinerator room. CO2 flooding system can be manually triggered from either the fire control room or locally from inside the protected space. Activation initiated by operator manually opening releases activation canister valves. When any release cabinet door is opened a siren sounds in the space. When the main ball valve is opened a normally closed contact opens shutting down ventilation to the space. The system alarms are powered from either 24Vdc from DC1 or DC2 via a changeover switch. The fire dampers are controlled manually from the shutoff damper control panel assumed to be located in the fire control room or the ECR. FMEA Table: No single point failures. Summary of Analysis Results: The systems should be fully tested and witnessed by ABS surveyor prior to DP trials. Emergency Shutdown Systems Emergency Stops Description: Emergency stops are provided at each controlling station and locally for each generator and thruster. Wire break of emergency stop circuits associated with thruster VSD will not stop the drive and instead produce an alarm indicating a wire break. Estops should be checked regularly for proper contact operation. Emergency Shutdown Systems Summary: The emergency shutdown system is composed of 7 separate groups. All groups except for Group 4 can be remotely stopped from the ECR, fire control room, or bridge. Group four is activated from the galley. All the contacts are normally open and it is assumed they are protected from accidental operation.
Group 1 Non vital fans on DB #1 Non vital fans on DB #2 Pump RM supply fan Group 1F Tunnel thruster RM supply fan ER fwd Supply Fans Thruster RM stbd. supply fan Fwd thruster RM supply fan Group 1A Propulsion RM aft port supply and exhaust fans Propulsion RM fwd port supply and exhaust fans ER aft Supply Fans Thruster/pump RM aft supply fan Group 2P ODB #1 Group 2S ODB #2 Group 3 Fan DB #3 Group 4 Galley Equipment
8.6.3
8.6.4 8.6.5
8.7 8.7.1
8.7.2
EPDB #3
EPDB #3
Fan DB #5
Stbd. SBD RM AC DP Control RM AC Air Handling Units
H8675 Rev C
Page 77 of 80
February 4, 2009
8.7.3 8.7.4
QCV Description: The QCV are air operated and normally de-pressurized. Air supplied from a manifold inside a control panel will close the valve. FMEA Table: Each function has two failure modes a wire short causing the shutdown to function and an open, causing a wire break alarm at the vessels alarm and monitoring system operator station. An ESD control power short can cause unnecessary loss of an engine unless there is correct breaker coordination. Summary of Analysis Results: One single point Failure and no DPO interventions. This analysis is based on drawing Keppel Singmarine Fans and Pumps emergency stop system H340E612.01 Rev. 2 but has not yet been confirmed by survey/testing of this vessel. HVAC Systems System Description: All critical machinery spaces appear to have sufficient ventilation. The ECR and switchboard rooms have redundant air conditioning supplied from different sources. High equipment temperatures can have unpredictable effects on electronic control equipment so if ventilation fails equipment temperatures must be monitored. FMEA Table: No single point failures. Summary of Analysis Results: This analysis is based on Keppe Sing Marine H340-101.1 Rev 0 drawing but has not yet been confirmed by survey/testing of this vessel. Communication Systems System Data:
Space Bridge DP Control Engine Room fwd Engine Room aft ECR Port Propulsion Room Aft Stbd Propulsion Room Aft Port Aft Thruster Room Stbd Aft Thruster Room Port Thruster Room Stbd. Thruster Room Emergency Gen. Room Port SBD Room Stbd. SBD Room Y Radio Y Y Sound Powered Phone Y Y Y Y Y Y Y Y Y Y Y Y Y Y Telephone Y Y Y Y Y Y Y Y Y Y Y Y Y Y Y DP Alert Y Y
8.7.5
8.8 8.8.1
8.8.2 8.8.3
8.9 8.9.1
H8675 Rev C
Page 78 of 80
February 4, 2009
8.9.2
System Description: There is reliable and clear radio, and telephone communication between the Navigation Bridge, DP control, ECR, Engine Rooms, Switchboard Rooms, Thruster Rooms, and the Emergency Generator Room. There is a redundant means of communication to each of these stations despite any one failure. The vessel is equipped with a DP Alert system. Headsets and flashing lights are fitted in high noise environments. System Analysis Results: No single point or DPO intervention failures. No single failure can cause loss of communication. This analysis is based on 24Vdc one line diagram H340-E105 Rev. B sound but has not yet been confirmed by survey/testing of this vessel. Auxiliary Support Systems Summary: Single Point Failures DPO Intervention Maintenance Issues Analysis Accuracy 0 0 Medium
8.9.3
8.9.4
H8675 Rev C
Page 79 of 80
February 4, 2009
This Report is intended for the sole use of the person or organization to which it is addressed and no liability of any nature whatsoever shall be assumed to any other party in respect of its contents. As to the addressee, neither the Company nor the undersigned shall (save as provided in the Companys Conditions of Business dated 1st April 1999) be liable for any loss or damage whatsoever suffered by virtue of any act, omission or default (whether arising by negligence or otherwise) by the undersigned, the Company or any of its servants.
NOBLE DENTON MARINE INC.
Original Signed by: Ben Armstrong DP Engineer
Countersigned by: Paul D Kerr DP Technical Authority
H8675 Rev C
Page 80 of 80
February 4, 2009

Noble Denton Global 1200 Dp2 Fmea

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Noble Denton Global 1200 Dp2 Fmea

Hochgeladen von

Copyright:

Verfügbare Formate

14701 St Marys Lane, Suite 425 Houston, Texas, USA 77079 281-558-7180, www.nobledenton.

Global Industries Ltd

Global 1200 DP2 FMEA

NOBLE DENTON MARINE, INC.

Updated to reflect customer comments

Report No. H8675

Global Industries Ltd Global 1200 Pre-trial DP2 FMEA

Not yet confirmed. Loss of half 6.6kV switchboard.

Global Industries Ltd Global 1200 Pre-trial DP2 FMEA

Global Industries Ltd Global 1200 Pre-trial DP2 FMEA

Global Industries Ltd Global 1200 Pre-trial DP2 FMEA

Global Industries Ltd Global 1200 Pre-trial DP2 FMEA

1.3 1.3.1 1.3.2

I.M.O. MSC/Circ. 645 Section 2.2.2:

I.M.O. MSC/Circ. 645 Section 3.2.3

1.5 1.5.1 1.5.2

Global Industries Ltd Global 1200 Pre-trial DP2 FMEA

Global Industries Ltd Global 1200 Pre-trial DP2 FMEA

Global Industries Ltd Global 1200 Pre-trial DP2 FMEA

Type Tonnage Speed Built

Derrick Pipelay 8000 unknown 2005

Builder Owner Class Flag

Model Wrtsil FS3500NU

Drive 4.5MW Electric Motor Converteam MV7000

2.4MW Electric Motor Converteam MV3000

880kW Electric Motor Converteam MV3000

6.6kVac Stbd 480Vac

Hyundai 5300Kva .8pf Leroy Somer 1250Kva .8pf

Power Generation split

Mech Air Manual

Feeds bus 1 Feeds bus 2

Global Industries Ltd Global 1200 Pre-trial DP2 FMEA

Thruster Redundancy Overview

DP System Redundancy Overview

Global Industries Ltd Global 1200 Pre-trial DP2 FMEA

1.7.10 Safe Mode of Operation

Global Industries Ltd Global 1200 Pre-trial DP2 FMEA

AFT WH CCO1 (DP) CCO2 (DP)

ECR WS10 (MTC) WS09 (MTC)

CC01 AC Input (UPS 1) Main-PDB7(S) Emergency- EPDB1

CC02 AC Input (UPS 2) Main-PDB7(P) Emergency- EPDB1

UPS 4 UPS 5 UPS 6 UPS 7 Ship AC Supply

Global Industries Ltd Global 1200 Pre-trial DP2 FMEA

Global Industries Ltd Global 1200 Pre-trial DP2 FMEA

Global Industries Ltd Global 1200 Pre-trial DP2 FMEA

DGPS 1 or 2 failed Radio interference

Loss of all radio based position references.

Faulty IALA, delayed signal, low # of satellites

Position reference alarms

Loss of all wind sensors

Gyro failed alarm

Gyro rejected alarm

VRU failed alarm

A VRUs data is incorrect

DP workstation display failed

DP workstation panel failed

DP workstation glide pad failed

DP workstation CPU/Ethernet Failures DP workstation LCD Failed Independent Joystick failed

Analogue module input

Thruster DP feedback alarm

Analogue module output failure

Thruster DP feedback alarm

Digital input module failure Field Station 24Vdc PSU failed