You are on page 1of 46

Fault Tolerant Ethernet (FTE)

The communication network of Experion PKS

FTE

Confidential and Proprietary

TOPICS
Honeywell Process Solutions are based on process control.
What is process control?
What is a Distributed Control System (DCS)?
What is Fault Tolerant Ethernet (FTE)?
How does FTE work?
How is FTE implemented?

FTE

Confidential and Proprietary

What is process control?


A process transforms material from input to output.

Example: heating water


Field instruments measure properties of materials/processes

Examples: flow, pressure, temperature, level transmitters


Actuators regulate amount of something used in the process

Examples: fuel control valve, damper actuator


A controller continually reads data from a transmitter and
calculates actuator adjustments to maintain a property value.
controller

transmitter

input

PROCESS

actuator

FTE

Confidential and Proprietary

output

Requirements of process control


Performance: must be faster than the process.
Determinism: must always take the same time.

Read the Process Value (PV)


Calculate
Move the actuator
Fault tolerance: redundancy; must fail to a known state.

Govt regulations- safety, emissions, etc.


Security: must have access restrictions/controls.
control loop

controller

transmitter

input

PROCESS

actuator

FTE

Confidential and Proprietary

output

Characteristics of real process plants


The process shown below is very simple, and the controller
shown below is very simple.
In a real plant, many properties of the product are measured:

Temperature, pressure, viscosity, size, weight, color, etc.


and many properties of the process equipment are measured:

Fuel consumption, up/down time, corrosion, wear, etc.

control loop

controller

transmitter

input

PROCESS

actuator

FTE

Confidential and Proprietary

output

Characteristics of real process plants


Paper mill: a series of processes that transform trees into paper.

Makes many different products (toilet paper to computer paper).


Must control each process plus interactions between processes.
10s-100s of field devices / process; 1000s of control loops total

FTE

Confidential and Proprietary

Characteristics of real process plants


Paper mill: a series of processes that transform trees into paper.

Makes many different products (toilet paper to computer paper).


Must control each process plus interactions between processes.
10s-100s of field devices / process; 1000s of control loops total
Cant control the plant with 1000s of simple controllers!

X
FTE

Confidential and Proprietary

TOPICS
Honeywell Process Solutions are based on process control.
What is process control?
What is a Distributed Control System (DCS)?
What is Fault Tolerant Ethernet (FTE)?
How does FTE work?
How is FTE implemented?

FTE

Confidential and Proprietary

What is a Distributed Control System (DCS)?


A DCS is an integrated set of modules with distributed functions.

Multi-loop controllers (10s-100s) that connect to field devices


Via direct Input/Output modules and industrial buses

Multi-loop
Controller
Direct I/O Module

FTE

10

Confidential and Proprietary

What is a Distributed Control System (DCS)?


A DCS is an integrated set of modules with distributed functions.

Multi-loop controllers (10s-100s) that connect to field devices


Supervisory coordinating controllers

Supervisory
Controller

Multi-loop
Controller
Direct I/O Module

FTE

11

Confidential and Proprietary

What is a Distributed Control System (DCS)?


A DCS is an integrated set of modules with distributed functions.

Multi-loop controllers (10s-100s) that connect to field devices


Supervisory coordinating controllers
Multi-loop operator stations and engineering stations

Supervisory
Controller

Operator
Stations
Engineering
Station

Multi-loop
Controller
Direct I/O Module

FTE

12

Confidential and Proprietary

What is a Distributed Control System (DCS)?


A DCS is an integrated set of modules with distributed functions.

Multi-loop controllers (10s-100s) that connect to field devices


Supervisory coordinating controllers
Multi-loop operator stations and engineering stations
Servers for system data management

System
Server

Supervisory
Controller

Operator
Stations
Engineering
Station

Multi-loop
Controller
Direct I/O Module

FTE

13

Confidential and Proprietary

What is a Distributed Control System (DCS)?


A DCS is an integrated set of modules with distributed functions.

Multi-loop controllers (10s-100s) that connect to field devices


Supervisory coordinating controllers
Multi-loop operator stations and engineering stations
Servers for system data management
Control network for intercommunication
System
Server

Supervisory
Controller

Operator
Stations
Engineering
Station

Control Network
Multi-loop
Controller
Direct I/O Module

FTE

14

Confidential and Proprietary

What is a Distributed Control System (DCS)?


A DCS is an integrated set of modules with distributed functions.

Multi-loop controllers (10s-100s) that connect to field devices


Supervisory coordinating controllers
Multi-loop operator stations and engineering stations
Servers for system data management
Control network for intercommunication
+ External connections
Remote Users

www

System
Server

Supervisory
Controller

Operator
Stations

Engineering
Station

[to production
management
equipment]

Remote
Server

Control Network
Multi-loop
Controller
Direct I/O Module

Other Industrial Devices

FTE

15

Confidential and Proprietary

What is a Distributed Control System (DCS)?


A DCS, throughout the whole system, must provide:

Performance: control must be faster than the process.


Determinism: control must always take the same time.
Fault tolerance: redundancy; must fail to a known state.
Security: must have access restrictions/controls.

Remote Users

www

System
Server

Supervisory
Controller

Operator
Stations
Engineering
Station

[to production
management
equipment]

Remote
Server

Control Network
Multi-loop
Controller
Direct I/O Module

Other Industrial Devices

FTE

16

Confidential and Proprietary

What is a Distributed Control System (DCS)?


A DCS is designed, sold, maintained as a system, including:

System capacity and performance specifications


System configuration, simulation, and management
Alarms and status of the entire system
System releases (with on-line installation)
System maintenance and support (including 3rd party equipment)
Remote Users

www

System
Server

Supervisory
Controller

Operator
Stations
Engineering
Station

[to production
management
equipment]

Remote
Server

Control Network
Multi-loop
Controller
Direct I/O Module

Performance
Determinism
Fault tolerance
Security
FTE

17

Confidential and Proprietary

Other Industrial Devices

How is a DCS different from a PLC system?


DCS
Mfr sells a complete system of integrated
components.

PLC system
Mfr sells some components; an SI acquires
others and engineers the system.

Mfr supports the system.

Mfr supports the components and the SI.

On-line repair/ maintenance is the norm.

Off-line repair/ maintenance is the norm.

System management built-in.

System management designed per project.

Users expect to evolve/upgrade/expand a


system over 10/20/30 years.

System is a one-off project (like a house).


Upgrades / expansions are new projects.

Remote Users

www

System
Server

Supervisory
Controller

Operator
Stations
Engineering
Station

[to production
management
equipment]

Remote
Server

Control Network
Multi-loop
Controller
Direct I/O Module

Performance
Determinism
Fault tolerance
Security
FTE

18

Confidential and Proprietary

Other Industrial Devices

Honeywell DCS Evolution


Honeywell DCS architecture before Experion PKS

Controllers designed by Honeywell


Servers and stations had become PC-based
Proprietary 5 Mbps control networks
Interfaces/gateways required to non-Honeywell equipment
Near performance limits
Remote Users

www

System
Server

Supervisory
Controller

Operator
Stations
Engineering
Station

[to production
management
equipment]

Remote
Server

Control Network
Multi-loop
Controller
Direct I/O Module

Performance
Determinism
Fault tolerance
Security
FTE

19

Confidential and Proprietary

Other Industrial Devices

TOPICS
Honeywell Process Solutions are based on process control.
What is process control?
What is a Distributed Control System (DCS)?
What is Fault Tolerant Ethernet (FTE)?
How does FTE work?
How is FTE implemented?

FTE

20

Confidential and Proprietary

Why FTE?
Needed a next generation control network for Experion PKS

>10x performance, + determinism, security, fault tolerance


Reduce cost of communication infrastructure and support
Reduce cost of connection to PCs and IT networks
Ethernet preferred

+ Industry trend to industrial Ethernet


+ Industry bus protocols migrating to Ethernet

FF H1 FF HSE
Profibus ProfiNet
DeviceNet/ControlNet Ethernet/IP
Modbus Modbus/TCP
Etc.

Ethernet equipment perceived as not industrial enough


No suitable fault tolerance approach
FTE provides the required fault tolerance, using Cisco switches
to provide determinism and security.
FTE

21

Confidential and Proprietary

Experion PKS
FTE is the control network of Experion PKS.

Analogous to TPS LCN/UCN and PlantScape ControlNet.

Remote Users

www

System
Server

Supervisory
Controller

Operator
Stations
Engineering
Station

[to production
management
equipment]

Remote
Server

FTE
Multi-loop
Controller
Direct I/O Module

Performance
Determinism
Fault tolerance
Security
FTE

22

Confidential and Proprietary

Other Industrial Devices

What is Fault Tolerant Ethernet (FTE)?


FTE is the control network of Experion PKS.

Analogous to TPS LCN/UCN and PlantScape ControlNet.


Dedicated to the control mission

Fault-tolerant
Fast performance
Deterministic
Secure
Not an IT network, but leverages IT technology to lower cost of:

FTE network infrastructure


Connection to IT networks
Connection to 3rd party Ethernet devices
Maintenance and support
3 Cisco switches qualified for R200

100/1000 Mbps; single and multi-mode optical fiber up to 70 km


Security and determinism functions required for control mission
Preferred supplier by many customers
FTE
.

23

Confidential and Proprietary

What is FTE?
An FTE network has redundant switches and cables.

Topology: 2 parallel trees joined at the top to form one network.


An FTE node connects to both trees.
An Ethernet node (non-FTE) connects to either tree.

A tree

B tree

Switches

FTE
FTE

24

Ethernet

FTE
FTE
Confidential and Proprietary

Ethernet

FTE

What is FTE?

With Ethernet nodes

An FTE network has redundant switches and cables.

1 communication path between Ethernet nodes

A tree

B tree

Switches

FTE
FTE

25

Ethernet

FTE
FTE
Confidential and Proprietary

Ethernet

FTE

What is FTE?

With FTE & Ethernet nodes

An FTE network has redundant switches and cables.

1 communication path between Ethernet nodes


2 communication paths between an FTE node and an Ethernet node

A tree

B tree

Switches

FTE
FTE

26

Ethernet

FTE
FTE
Confidential and Proprietary

Ethernet

FTE

What is FTE?

With FTE & Ethernet nodes

An FTE network has redundant switches and cables.

1 communication path between Ethernet nodes


2 communication paths between an FTE node and an Ethernet node

A tree

B tree

Switches

FTE
FTE

27

Ethernet

FTE
FTE
Confidential and Proprietary

Ethernet

FTE

What is FTE?

With FTE nodes

An FTE network has redundant switches and cables.

1 communication path between Ethernet nodes


2 communication paths between an FTE node and an Ethernet node
4 communication paths between FTE nodes

A-A

A tree

B tree

Switches

FTE
FTE

28

Ethernet

FTE
FTE
Confidential and Proprietary

Ethernet

FTE

What is FTE?

With FTE nodes

An FTE network has redundant switches and cables.

1 communication path between Ethernet nodes


2 communication paths between an FTE node and an Ethernet node
4 communication paths between FTE nodes

A- B

A tree

B tree

Switches

FTE
FTE

29

Ethernet

FTE
FTE
Confidential and Proprietary

Ethernet

FTE

What is FTE?

With FTE nodes

An FTE network has redundant switches and cables.

1 communication path between Ethernet nodes


2 communication paths between an FTE node and an Ethernet node
4 communication paths between FTE nodes

B-B

A tree

B tree

Switches

FTE
FTE

30

Ethernet

FTE
FTE
Confidential and Proprietary

Ethernet

FTE

What is FTE?

With FTE nodes

An FTE network has redundant switches and cables.

1 communication path between Ethernet nodes


2 communication paths between an FTE node and an Ethernet node
4 communication paths between FTE nodes

B-A

A tree

B tree

Switches

FTE
FTE

31

Ethernet

FTE
FTE
Confidential and Proprietary

Ethernet

FTE

TOPICS
Honeywell Process Solutions are based on process control.
What is process control?
What is a Distributed Control System (DCS)?
What is Fault Tolerant Ethernet (FTE)?
How does FTE work?
How is FTE implemented?

FTE

32

Confidential and Proprietary

How Does FTE Work?

FTE path status

Each FTE node continually issues short diagnostic messages to


test each path to every other node, and builds a status table.
Below is a nodes status table. The first 2 nodes are FTE nodes,
and the last 4 nodes are singly-connected Ethernet nodes.

A bad link displays as SILENT.


If the B cable to the FTE-GUS node fails, A>B and B>B SILENT.
If the crossover cable fails, A>B and B>A SILENT on all nodes.

FTE

33

Confidential and Proprietary

How Does FTE Work?

Security and Determinism

Plant Automation System Levels


Domain
Controller

APC

Station

PHD Server

PKS Server

CDA = Control Data Access


DSA = Distributed Systems Architecture
Station

Layer 3 Switch

Management
Level 3
Station

FTE

PKS Server

Station

Station

Station
ACE

PKS Server

Station

Station
ACE

Operation
Level 2

Switch A

Switch B

Control
Level 1

This diagram shows levels of the plant automation system (level 0 field devices is not shown).
FTE is the Experion PKS network for the control and operation levels (1 and 2 ).

FTE

37

Confidential and Proprietary

How Does FTE Work?

Security and Determinism

Plant Automation System Levels


Domain
Controller

APC

Station

Station

Firewall hides all but servers

Level 3
Station

FTE

PKS Server

Layer 3 Switch

Management

PKS Server

PHD Server

CDA = Control Data Access


DSA = Distributed Systems Architecture

Station

Station

Station
ACE

PKS Server

Station

Station
ACE

Operation
Level 2

Switch A

Switch B

Control
Level 1

Firewall hides/secures Level 2 and Level 1-- Only L2 PKS Servers are visible
PKS server on L3 consolidates and makes available L2 data / alarms for applications via DSA

FTE

38

Confidential and Proprietary

How Does FTE Work?

Security and Determinism

Plant Automation System Levels


Domain
Controller

APC

Station

PHD Server

Station

Layer 3 Switch

Management

Firewall hides all but servers

Level 3
Station
PKS Server

PKS Server

CDA = Control Data Access


DSA = Distributed Systems Architecture

Station

Station

Station

Station

L1 & L2: Broadcast, Multicast, Unicast Storm Suppression


ACE

PKS Server

Station
ACE

FTE

L1 & L2: Bandwidth Allocation


L2: CDA Traffic Prioritized High
Operation
Level 2

Switch A

Switch B

L1: Restricted to CDA and FTE Traffic Only


Control
Level 1

Firewall hides/secures Level 2 and Level 1-- Only L2 PKS Servers are visible
PKS server on L3 consolidates and makes available L2 data / alarms for applications via DSA
FTE switches provide:
Port Filtering between L2 and L1 to allow only CDA and FTE messages for control
L2 bandwidth allocation to ensure that L2 supervisory traffic is not disrupted
L1 bandwidth allocation to ensure that L1 control is not disrupted
Broadcast, Multicast, Unicast storm suppression to maximize FTE network availability
FTE

39

Confidential and Proprietary

TOPICS
Honeywell Process Solutions are based on process control.
What is process control?
What is a Distributed Control System (DCS)?
What is Fault Tolerant Ethernet (FTE)?
How does FTE work?
How is FTE implemented?

FTE

40

Confidential and Proprietary

Basic FTE Configurations


An FTE network interconnects clusters of nodes.

A cluster is a group of nodes with high intercommunication,


typically associated with the same process unit.

Experion
Stations

aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Application
Redundant
Control
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Servers
Environment
Engineering
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Tools
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
C200
aaaaaaaaaaaaaaaaaaaa
F
T
E

F
T
E

F
T
E

F
T
E

F
T
E

F
T
E

F
T
E

F
T
E

FTE
FTE

41

Confidential and Proprietary

Basic FTE Configurations


A minimum FTE network is one pair of cluster switches; larger
networks could have several cluster switch pairs connected to
backbone switches.
Firewall
Backbone
Switches

To Plant Information Network (PIN)

History,
Advanced
Control

Cluster
Switches

UNIT #1
CLUSTER

FTE

42

UNIT #2
CLUSTER

Confidential and Proprietary

UNIT #3
CLUSTE
R

UNIT #4
CLUSTE
R

How Is FTE Implemented?


Cabling: CAT5 STP copper; single and multi-mode fiber optic.
Cisco switches: 24/48 STP ports + 2 GBIC ports; 10 GBIC ports.

Switches are expandable up to 436 ports; can mix switch types


GBICs: plug-in converters for 0.5 / 10 / 70 km fiber optic
FTE software and dual Network Interfaces per PC node
Typically CAT5 STP,
but often fiber optic,
single or multi-mode
-1000 Mbps
- up to 70km

Backbone
Switches
Media
Converters

GBICs
Cluster
Switches
Typically CAT5 STP
- 100 Mbps
- up to 100m

Software
Dual NIC card
FTE

FTE

43

Ethernet

Confidential and Proprietary

FTE
FTE

Ethernet

FTE

Main Configuration Rules


Switches: 24/48 ports, expandable up to 432 ports
FTE network:

up to 200 FTE nodes (dual-connected)


Up to 99 of those can be C200 controllers

+ up to 511 Ethernet nodes (singly-connected)


Firewall/router: required to connect to other networks

FTE network is a separate IP subnet


Private IP addresses; only servers are visible externally
Cable: shielded twisted pair (STP) or fiber optic recommended
for best noise immunity and performance

Required for CE Mark

FTE

44

Confidential and Proprietary

Honeywell Network Services


Honeywell network experts can do it all-for FTE and for all networks in the plant.
Planning, design, installation, integration

Cabling, testing, training, documentation


Special needs, e.g., video surveillance
Network security assessment, engineering, management

Authorization, authentication, encryption, activity logging,


intrusion detection, virus protection
Firewall engineering, configuration, testing and management

Remote Network Administration

Systems (servers, workstations)


Network (switches, routers, firewalls, etc.)

FTE

45

Confidential and Proprietary

1st

Honeywell Network Services


Honeywell network experts can do it all-for FTE and for all networks in the plant.
Remote Monitoring 24/7

Networks (Switches, Routers, VPNs, Firewalls)


Systems (PlantScape, TPS, PHD, any type of PC)
Applications on PCs (are they running/responding)
Network and System Performance Management

Proactive tracking of system, server, network performance


Work load Characterization & Capacity Planning
Procurement and support of PCs and network equipment

FTE
.

46

Confidential and Proprietary

1st

Fault Tolerant Ethernet (FTE)----FTE is the control network of Experion PKS.

Analogous to TPS LCN/UCN and PlantScape ControlNet.


Dedicated to the control mission

Fault-tolerant
Fast response
Deterministic
Secure
Not an IT network, but leverages IT technology to lower cost of:

FTE network infrastructure


Connection to IT networks
Connection to 3rd party Ethernet devices
Maintenance and support

FTE
.

47

Confidential and Proprietary

Cisco products in FTE


Products being qualified for R200

2950G-24
2950G-48
3550-12G
GigaStack GBIC
1000BASE-T GBIC
1000BASE-SX GBIC
1000BASE-LX GBIC
1000BASE-ZX GBIC
Potential additional products for qualification or certification

3550-24-FX
2955C-12
Other 2950 models with Enhanced Image

FTE

48

Confidential and Proprietary

Thank You!