Sie sind auf Seite 1von 46

Fault Tolerant Ethernet (FTE)

The communication network of Experion PKS

FTE 2 Confidential and Proprietary


TOPICS
Honeywell Process Solutions are based on “process control”.
 What is “process control”?
 What is a “Distributed Control System (DCS)”?
 What is Fault Tolerant Ethernet (FTE)?
 How does FTE work?
 How is FTE implemented?

FTE 3 Confidential and Proprietary


What is “process control”?
 A “process” transforms material from input to output.
– Example: heating water
 “Field instruments” measure properties of materials/processes
– Examples: flow, pressure, temperature, level transmitters
 “Actuators” regulate amount of something used in the process
– Examples: fuel control valve, damper actuator
 A “controller” continually reads data from a transmitter and
calculates actuator adjustments to maintain a property value.

controller
transmitter

input PROCESS output

actuator

FTE 4 Confidential and Proprietary


Requirements of “process control”
 Performance: must be faster than the process.
 Determinism: must always take the same time.
– Read the Process Value (PV)
– Calculate
– Move the actuator
 Fault tolerance: redundancy; must fail to a known state.
– Gov’t regulations- safety, emissions, etc.
 Security: must have access restrictions/controls.

“control loop”
controller
transmitter

input PROCESS output

actuator

FTE 5 Confidential and Proprietary


Characteristics of real process plants
 The process shown below is very simple, and the controller
shown below is very simple.
 In a real plant, many properties of the product are measured:
– Temperature, pressure, viscosity, size, weight, color, etc.
 …and many properties of the process equipment are measured:
– Fuel consumption, up/down time, corrosion, wear, etc.

“control loop”
controller
transmitter

input PROCESS output

actuator

FTE 6 Confidential and Proprietary


Characteristics of real process plants
 Paper mill: a series of processes that transform trees into paper.
– Makes many different products (toilet paper to computer paper).
– Must control each process plus interactions between processes.
 10’s-100’s of field devices / process; 1000’s of control loops total

FTE 7 Confidential and Proprietary


Characteristics of real process plants
 Paper mill: a series of processes that transform trees into paper.
– Makes many different products (toilet paper to computer paper).
– Must control each process plus interactions between processes.
 10’s-100’s of field devices / process; 1000’s of control loops total

X
 Can’t control the plant with 1000’s of simple controllers!

FTE 8 Confidential and Proprietary


TOPICS
Honeywell Process Solutions are based on “process control”.
 What is “process control”?
 What is a “Distributed Control System (DCS)”?
 What is Fault Tolerant Ethernet (FTE)?
 How does FTE work?
 How is FTE implemented?

FTE 9 Confidential and Proprietary


What is a “Distributed Control System (DCS)”?
 A DCS is an integrated set of modules with distributed functions.
– Multi-loop controllers (10’s-100’s) that connect to field devices
• Via direct Input/Output modules and industrial buses

Multi-loop
Controller
Direct I/O Module

FTE 10 Confidential and Proprietary


What is a “Distributed Control System (DCS)”?
 A DCS is an integrated set of modules with distributed functions.
– Multi-loop controllers (10’s-100’s) that connect to field devices
– Supervisory coordinating controllers

Supervisory
Controller

Multi-loop
Controller
Direct I/O Module

FTE 11 Confidential and Proprietary


What is a “Distributed Control System (DCS)”?
 A DCS is an integrated set of modules with distributed functions.
– Multi-loop controllers (10’s-100’s) that connect to field devices
– Supervisory coordinating controllers
– Multi-loop operator stations and engineering stations

Supervisory Operator
Controller Stations
Engineering
Station

Multi-loop
Controller
Direct I/O Module

FTE 12 Confidential and Proprietary


What is a “Distributed Control System (DCS)”?
 A DCS is an integrated set of modules with distributed functions.
– Multi-loop controllers (10’s-100’s) that connect to field devices
– Supervisory coordinating controllers
– Multi-loop operator stations and engineering stations
– Servers for system data management

Supervisory Operator
System Stations
Server Controller
Engineering
Station

Multi-loop
Controller
Direct I/O Module

FTE 13 Confidential and Proprietary


What is a “Distributed Control System (DCS)”?
 A DCS is an integrated set of modules with distributed functions.
– Multi-loop controllers (10’s-100’s) that connect to field devices
– Supervisory coordinating controllers
– Multi-loop operator stations and engineering stations
– Servers for system data management
– Control network for intercommunication
Supervisory Operator
System Stations
Server Controller
Engineering
Station

Control Network

Multi-loop
Controller
Direct I/O Module

FTE 14 Confidential and Proprietary


What is a “Distributed Control System (DCS)”?
 A DCS is an integrated set of modules with distributed functions.
– Multi-loop controllers (10’s-100’s) that connect to field devices
– Supervisory coordinating controllers
– Multi-loop operator stations and engineering stations
– Servers for system data management
– Control network for intercommunication
+ External connections
Supervisory Operator [to production
Remote Users System Stations
www Controller management
Server
Engineering equipment]
Station

Remote
Server

Control Network

Multi-loop
Controller
Direct I/O Module

Other Industrial Devices

FTE 15 Confidential and Proprietary


What is a “Distributed Control System (DCS)”?
 A DCS, throughout the whole system, must provide:
– Performance: control must be faster than the process.
– Determinism: control must always take the same time.
– Fault tolerance: redundancy; must fail to a known state.
– Security: must have access restrictions/controls.

Supervisory Operator [to production


Remote Users System Stations
www Controller management
Server
Engineering equipment]
Station

Remote
Server

Control Network

Multi-loop
Controller
Direct I/O Module

Other Industrial Devices

FTE 16 Confidential and Proprietary


What is a “Distributed Control System (DCS)”?
 A DCS is designed, sold, maintained as a system, including:
– System capacity and performance specifications
– System configuration, simulation, and management
– Alarms and status of the entire system
– System releases (with on-line installation)
– System maintenance and support (including 3rd party equipment)
Supervisory Operator [to production
Remote Users System Stations
www Controller management
Server
Engineering equipment]
Station

Remote
Server

Control Network

Multi-loop
Controller
Direct I/O Module

• Performance
• Determinism
• Fault tolerance
Other Industrial Devices
• Security

FTE 17 Confidential and Proprietary


How is a DCS different from a PLC system?
DCS PLC system
Mfr sells a complete system of integrated Mfr sells some components; an SI acquires
components. others and engineers the system.
Mfr supports the system. Mfr supports the components and the SI.
On-line repair/ maintenance is the norm. Off-line repair/ maintenance is the norm.
System management built-in. System management designed per project.
Users expect to evolve/upgrade/expand a System is a one-off project (like a house).
system over 10/20/30 years. Upgrades / expansions are new projects.
Supervisory Operator [to production
Remote Users System Stations
www Controller management
Server
Engineering equipment]
Station

Remote
Server

Control Network

Multi-loop
Controller
Direct I/O Module

• Performance
• Determinism
• Fault tolerance
Other Industrial Devices
• Security

FTE 18 Confidential and Proprietary


Honeywell DCS Evolution
 Honeywell DCS architecture before Experion PKS
– Controllers designed by Honeywell
– Servers and stations had become PC-based
– Proprietary 5 Mbps control networks
• Interfaces/gateways required to non-Honeywell equipment
• Near performance limits

Supervisory Operator [to production


Remote Users System Stations
www Controller management
Server
Engineering equipment]
Station

Remote
Server

Control Network

Multi-loop
Controller
Direct I/O Module

• Performance
• Determinism
• Fault tolerance
Other Industrial Devices
• Security

FTE 19 Confidential and Proprietary


TOPICS
Honeywell Process Solutions are based on “process control”.
 What is “process control”?
 What is a “Distributed Control System (DCS)”?
 What is Fault Tolerant Ethernet (FTE)?
 How does FTE work?
 How is FTE implemented?

FTE 20 Confidential and Proprietary


Why FTE?
 Needed a next generation control network for Experion PKS
– >10x performance, + determinism, security, fault tolerance
– Reduce cost of communication infrastructure and support
– Reduce cost of connection to PCs and IT networks
 Ethernet preferred
+ Industry trend to “industrial Ethernet”
+ Industry bus protocols migrating to Ethernet
• FF H1  FF HSE
• Profibus  ProfiNet
• DeviceNet/ControlNet  Ethernet/IP
• Modbus  Modbus/TCP
• Etc.
– Ethernet equipment perceived as not “industrial” enough
– No suitable fault tolerance approach
 FTE provides the required fault tolerance, using Cisco switches
to provide determinism and security.

FTE 21 Confidential and Proprietary


Experion PKS
 FTE is the control network of Experion PKS.
– Analogous to TPS LCN/UCN and PlantScape ControlNet.

Supervisory Operator [to production


Remote Users System Stations
www Controller management
Server
Engineering equipment]
Station

Remote
Server
FTE

Multi-loop
Controller
Direct I/O Module

• Performance
• Determinism
• Fault tolerance
Other Industrial Devices
• Security

FTE 22 Confidential and Proprietary


What is Fault Tolerant Ethernet (FTE)?
 FTE is the control network of Experion PKS.
– Analogous to TPS LCN/UCN and PlantScape ControlNet.
 Dedicated to the control mission
– Fault-tolerant
– Fast performance
– Deterministic
– Secure
 Not an IT network, but leverages IT technology to lower cost of:
– FTE network infrastructure
– Connection to IT networks
– Connection to 3rd party Ethernet devices
– Maintenance and support
 3 Cisco switches qualified for R200
– 100/1000 Mbps; single and multi-mode optical fiber up to 70 km
– Security and determinism functions required for control mission
– Preferred supplier by many customers
FTE 23 Confidential and Proprietary

.
What is FTE?
 An FTE network has redundant switches and cables.
– Topology: 2 parallel trees joined at the top to form one network.
– An FTE node connects to both trees.
– An Ethernet node (non-FTE) connects to either tree.

A tree B tree

Switches

FTE FTE
Ethernet FTE Ethernet
FTE

FTE 24 Confidential and Proprietary


What is FTE? – With Ethernet nodes

 An FTE network has redundant switches and cables.


– 1 communication path between Ethernet nodes

A tree B tree

Switches

FTE FTE
Ethernet FTE Ethernet
FTE

FTE 25 Confidential and Proprietary


What is FTE? – With FTE & Ethernet nodes

 An FTE network has redundant switches and cables.


– 1 communication path between Ethernet nodes
– 2 communication paths between an FTE node and an Ethernet node

A tree B tree

Switches

FTE FTE
Ethernet FTE Ethernet
FTE

FTE 26 Confidential and Proprietary


What is FTE? – With FTE & Ethernet nodes

 An FTE network has redundant switches and cables.


– 1 communication path between Ethernet nodes
– 2 communication paths between an FTE node and an Ethernet node

A tree B tree

Switches

FTE FTE
Ethernet FTE Ethernet
FTE

FTE 27 Confidential and Proprietary


What is FTE? – With FTE nodes

 An FTE network has redundant switches and cables.


– 1 communication path between Ethernet nodes
– 2 communication paths between an FTE node and an Ethernet node
– 4 communication paths between FTE nodes

A-A

A tree B tree

Switches

FTE FTE
Ethernet FTE Ethernet
FTE

FTE 28 Confidential and Proprietary


What is FTE? – With FTE nodes

 An FTE network has redundant switches and cables.


– 1 communication path between Ethernet nodes
– 2 communication paths between an FTE node and an Ethernet node
– 4 communication paths between FTE nodes

A-B

A tree B tree

Switches

FTE FTE
Ethernet FTE Ethernet
FTE

FTE 29 Confidential and Proprietary


What is FTE? – With FTE nodes

 An FTE network has redundant switches and cables.


– 1 communication path between Ethernet nodes
– 2 communication paths between an FTE node and an Ethernet node
– 4 communication paths between FTE nodes

B-B

A tree B tree

Switches

FTE FTE
Ethernet FTE Ethernet
FTE

FTE 30 Confidential and Proprietary


What is FTE? – With FTE nodes

 An FTE network has redundant switches and cables.


– 1 communication path between Ethernet nodes
– 2 communication paths between an FTE node and an Ethernet node
– 4 communication paths between FTE nodes

B-A

A tree B tree

Switches

FTE FTE
Ethernet FTE Ethernet
FTE

FTE 31 Confidential and Proprietary


TOPICS
Honeywell Process Solutions are based on “process control”.
 What is “process control”?
 What is a “Distributed Control System (DCS)”?
 What is Fault Tolerant Ethernet (FTE)?
 How does FTE work?
 How is FTE implemented?

FTE 32 Confidential and Proprietary


How Does FTE Work? –FTE path status

 Each FTE node continually issues short diagnostic messages to


test each path to every other node, and builds a status table.
 Below is a node’s status table. The first 2 nodes are FTE nodes,
and the last 4 nodes are singly-connected Ethernet nodes.
– A bad link displays as “SILENT”.
• If the B cable to the FTE-GUS node fails, A>B and B>B  SILENT.
• If the crossover cable fails, A>B and B>A  SILENT on all nodes.

FTE 33 Confidential and Proprietary


How Does FTE Work? – Security and Determinism
Plant Automation System Levels CDA = Control Data Access
DSA = Distributed Systems Architecture
Domain
Controller APC PHD Server PKS Server
Station Station

Layer 3 Switch
Management
Level 3
Station Station Station Station Station Station

PKS Server ACE PKS Server ACE

Operation
Level 2 Switch A Switch B

Control
Level 1

 This diagram shows levels of the plant automation system (level 0 – field devices – is not shown).
 FTE is the Experion PKS network for the control and operation levels (1 and 2 ).

FTE 37 Confidential and Proprietary


How Does FTE Work? – Security and Determinism
Plant Automation System Levels CDA = Control Data Access
DSA = Distributed Systems Architecture
Domain
Controller APC PHD Server PKS Server
Station Station

Layer 3 Switch
Management
Level 3 Firewall hides all but servers
Station Station Station Station Station Station

PKS Server ACE PKS Server ACE

Operation
Level 2 Switch A Switch B

Control
Level 1

 Firewall hides/secures Level 2 and Level 1-- Only L2 PKS Servers are visible
 PKS server on L3 consolidates and makes available L2 data / alarms for applications via DSA

FTE 38 Confidential and Proprietary


How Does FTE Work? – Security and Determinism
Plant Automation System Levels CDA = Control Data Access
DSA = Distributed Systems Architecture
Domain
Controller APC PHD Server PKS Server
Station Station

Layer 3 Switch
Management
Level 3 Firewall hides all but servers
Station Station Station Station Station Station

PKS Server
L1 & L2: Broadcast,
ACE
Multicast, Unicast Storm Suppression
PKS Server ACE

L1 & L2: Bandwidth Allocation


L2: CDA Traffic Prioritized High
Operation
Level 2 Switch A Switch B

L1: Restricted to CDA and FTE Traffic Only


Control
Level 1

 Firewall hides/secures Level 2 and Level 1-- Only L2 PKS Servers are visible
 PKS server on L3 consolidates and makes available L2 data / alarms for applications via DSA
 FTE switches provide:
 Port Filtering between L2 and L1 to allow only CDA and FTE messages for control
 L2 bandwidth allocation to ensure that L2 supervisory traffic is not disrupted
 L1 bandwidth allocation to ensure that L1 control is not disrupted
 Broadcast, Multicast, Unicast storm suppression to maximize FTE network availability
FTE 39 Confidential and Proprietary
TOPICS
Honeywell Process Solutions are based on “process control”.
 What is “process control”?
 What is a “Distributed Control System (DCS)”?
 What is Fault Tolerant Ethernet (FTE)?
 How does FTE work?
 How is FTE implemented?

FTE 40 Confidential and Proprietary


Basic FTE Configurations
 An FTE network interconnects clusters of nodes.
– A cluster is a group of nodes with high intercommunication,
typically associated with the same process unit.

Experion
Stations

aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Application
Redundant
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Control
Servers Environment
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Engineering
Tools
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
F
T
E
F
T
E
F
T
E
F
T
E
F
T
E
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
F
T
F
T
F
T

aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
E E E

aaaaaaaaaaaaaaaaaaaa C200

FTE

FTE 41 Confidential and Proprietary


Basic FTE Configurations
 A minimum FTE network is one pair of cluster switches; larger
networks could have several cluster switch pairs connected to
backbone switches.
Firewall
To Plant Information Network (PIN)
Backbone
Switches
History,
Advanced
Control

Cluster
Switches

UNIT #2 UNIT #3 UNIT #4


UNIT #1
CLUSTER CLUSTE CLUSTE
CLUSTER
R R

FTE 42 Confidential and Proprietary


How Is FTE Implemented?
 Cabling: CAT5 STP copper; single and multi-mode fiber optic.
 Cisco switches: 24/48 STP ports + 2 GBIC ports; 10 GBIC ports.
– Switches are expandable up to 436 ports; can mix switch types
– GBICs: plug-in converters for 0.5 / 10 / 70 km fiber optic
 FTE software and dual Network Interfaces per PC node
Typically CAT5 STP,
but often fiber optic,
single or multi-mode Backbone
-1000 Mbps Switches
- up to 70km Media
Converters
GBICs

Cluster
Switches

Typically CAT5 STP


- 100 Mbps
- up to 100m Software
Dual NIC card FTE FTE
Ethernet FTE Ethernet
FTE

FTE 43 Confidential and Proprietary


Main Configuration Rules

 Switches: 24/48 ports, expandable up to 432 ports


 FTE network:
• up to 200 FTE nodes (dual-connected)
• Up to 99 of those can be C200 controllers
+ up to 511 Ethernet nodes (singly-connected)
 Firewall/router: required to connect to other networks
– FTE network is a separate IP subnet
– Private IP addresses; only servers are visible externally
 Cable: shielded twisted pair (STP) or fiber optic recommended
for best noise immunity and performance
– Required for CE Mark

FTE 44 Confidential and Proprietary


Honeywell Network Services
Honeywell network experts can do it all--
for FTE and for all networks in the plant.
 Planning, design, installation, integration
– Cabling, testing, training, documentation
– Special needs, e.g., video surveillance
 Network security assessment, engineering, management
1st
– Authorization, authentication, encryption, activity logging,
intrusion detection, virus protection
– Firewall engineering, configuration, testing and management
 Remote Network Administration
– Systems (servers, workstations)
– Network (switches, routers, firewalls, etc.)

FTE 45 Confidential and Proprietary


Honeywell Network Services
Honeywell network experts can do it all--
for FTE and for all networks in the plant.
 Remote Monitoring 24/7
– Networks (Switches, Routers, VPNs, Firewalls)
– Systems (PlantScape, TPS, PHD, any type of PC)
– Applications on PCs (are they running/responding)
1st
 Network and System Performance Management
– Proactive tracking of system, server, network performance
– Work load Characterization & Capacity Planning
 Procurement and support of PCs and network equipment

FTE 46 Confidential and Proprietary

.
Fault Tolerant Ethernet (FTE)-----
 FTE is the control network of Experion PKS.
– Analogous to TPS LCN/UCN and PlantScape ControlNet.
 Dedicated to the control mission
– Fault-tolerant
– Fast response
– Deterministic
– Secure
 Not an IT network, but leverages IT technology to lower cost of:
– FTE network infrastructure
– Connection to IT networks
– Connection to 3rd party Ethernet devices
– Maintenance and support

FTE 47 Confidential and Proprietary

.
Cisco products in FTE
 Products being qualified for R200
– 2950G-24
– 2950G-48
– 3550-12G
– GigaStack GBIC
– 1000BASE-T GBIC
– 1000BASE-SX GBIC
– 1000BASE-LX GBIC
– 1000BASE-ZX GBIC
 Potential additional products for qualification or certification
– 3550-24-FX
– 2955C-12
– Other 2950 models with Enhanced Image

FTE 48 Confidential and Proprietary


Thank You!

Das könnte Ihnen auch gefallen