Process Safety & Critical Control

An introduction to AADvance

Copyright © 2012 Rockwell Automation, Inc. All rights reserved.

Enhancing the Value of Safety
• Protect People, Environments & Assets
– Enhance system safety with flexible, scalable safety solutions
– Lower costs by deploying an integrated safety architecture
– Obtain maximum availability and reliability with proven safety technologies
– Reduce risk by leveraging the knowledge of safety experts
– Lower troubleshooting time and costs with Intelligent Motor Control
– Reduce the risks associated with the operation and maintenance of electrical
equipment with safety Motor Control Centers
– Reduce downtime and maintenance costs by protecting rotating assets

Copyright © 2012 Rockwell Automation, Inc. All rights reserved. 2

Key Characteristics and Features
of a Safety Integrity System (SIS)
Functional Requirements

Fail Safe
SIL Capability or Performance
Fault Tolerant

Cost(Benefits)
Key features

Size Connectivity Flexibility

Copyright © 2012 Rockwell Automation, Inc. All rights reserved. 3

Safety and Critical Control
High Availability Process Control
… High availability solutions
from redundant I/O to redundant controllers,
resilient networks to redundant HMI servers

Scalable Process Safety

… Integrated BPCS and scalable
SIS solutions, including TMR for
the highest availability

SIL 0 SIL 2 SIL 3

SIL 1 SIL 2 SIL 3
Process Fault Fault
Fail Safe Fail Safe Fail Safe
Control Tolerant Tolerant

Economical risk reduction by protecting onlyCopyright

critical assets
© 2012 Rockwell Automation, Inc. All rights reserved.
Process Safety
Recognize RA’s Strength in the Market

Copyright © 2012 Rockwell Automation, Inc. All rights reserved. 5

Copyright © 2012 Rockwell Automation, Inc. All rights reserved. 6
AADvance
Core Components
Controllers Workbench Portal Network

Logic Solvers Engineering OPC Safety Network

Processor modules Workstation For Connectivity to For distributed safety
I/O modules For Configuration, Operators, applications and
Termination Assemblies Programming and Historian, Alarm information exchange
Mechanical Maintenance management, etc. between controllers

Copyright © 2012 Rockwell Automation, Inc. All rights reserved. 7

Controller
Scalability in Size and Redundancy

Flexible Architectures

Each input slot group can be configured for simplex

TA (1oo1D), dual (1oo2D) or triplicated (2oo3) TA

Controller base allows simplex,

dual or triplicated processor
configurations and connections to
48 I/O module slots

Each output slot group can be configured for

fail-safe (1oo2D) or fault-tolerant
I/O backplane
(Quad)
CPU Base/backplane I/O Backplane

Copyright © 2012 Rockwell Automation, Inc. All rights reserved. 8

Portal & Network
Scalability & Connectivity
Workstation Workstation portal NAS

Ethernet based Safety Network

Copyright © 2012 Rockwell Automation, Inc. All rights reserved. 9

Scalable Redundancy
Simplex (SIL 2)

1oo1D Fail Safe – Certified for use in SIL2 applications

TA TA

I/P CPU O/P

Copyright © 2012 Rockwell Automation, Inc. All rights reserved. 10

AADvance Controller
Simplex

CPU Base with one I/O Base with one input

CPU populated and one output fail safe

Copyright © 2012 Rockwell Automation, Inc. All rights reserved. 11

Scalable Redundancy
Simplex (SIL3)

1oo1D/1oo2D Fail Safe – Certified for use in SIL3 applications

TA TA

I/P CPU O/P

Copyright © 2012 Rockwell Automation, Inc. All rights reserved. 12

AADvance Controller
Simplex IO, FT CPU

Redundant
CPUs

Copyright © 2012 Rockwell Automation, Inc. All rights reserved. 13

Scalable Redundancy
Redundant (SIL3)

1oo2D/2oo3
1oo2D Fault
Fault
Tolerant
Tolerant
– Certified
– Certified
for for
useuse
in SIL3
in SIL3
applications
applications

TA TA

I/P CPU O/P

Copyright © 2012 Rockwell Automation, Inc. All rights reserved. 14

AADvance Controller
Redundant
Redundant Redundant
CPUs Terminations

Redundant Redundant
inputs outputs

Copyright © 2012 Rockwell Automation, Inc. All rights reserved. 15

Scalable Redundancy
TMR (SIL3)

SIL3 TMR Fault Tolerant applications

TA
TA

I/P CPU O/P

Copyright © 2012 Rockwell Automation, Inc. All rights reserved. 16

AADvance Controller
Triplicated
Triplicated Triplicated
CPUs Terminations

Triplicated Fault Tolerant

inputs outputs

Copyright © 2012 Rockwell Automation, Inc. All rights reserved. 17

Input Architecture
TMR–––1oo2D
Simplex
Dual 1oo1D
2oo3
TA I/P Module Processor

IO Driver Logic

4-20mA PP PV (2oo3)
(1oo2D)
(1oo1D)
P
4-20mA

HH HART
H

Copyright © 2012 Rockwell Automation, Inc. All rights reserved. 18

Output Architecture
TMRDual
Simplex
TMR Processor
Processor
Processor
Processor –––
– 2oo3
1oo2D
& Quad Output
1001D
2oo3

Processor O/P Module TA

24v A
Logic IO Driver 24v B
Logic IO Driver
Logic IO Driver
CMD
CMD
CMD A D

1oo2D
2oo3
1oo1D A D

B D

2oo3
1oo2D
1oo1D B D

QUAD
1oo2D

Copyright © 2012 Rockwell Automation, Inc. All rights reserved. 19

Flexible Architecture
Summary
Processor AAdvance Processors configurable for simplex, dual,
configurations triplicated modes, including integration of Trusted TMR
technology
SIL levels Rated and suitable for SIL1-3 applications
I/O channels 8 and 16 channel SIL3 fail-safe modules
I/O connections 48 I/O slots connected to each controller.
I/O configurations Configurable as simplex, dual or triplicated
Output options Configurable for fail-safe or quad outputs
Safety network Safety networks allow multiple controllers and I/O to be
connected for distributed applications
Communications Integrated Connectivity with CLX devices through
Networked connection (CIP)
Architecture wide Connectivity with 3rd party devices through
AADvance portals (OPC)
Controller Connectivity with 3rd party devices through direct or
networked connection (MODBUS )
Standards TUV IEC61508, NFPA 72,85, IEC1131

Copyright © 2012 Rockwell Automation, Inc. All rights reserved. 20

Workbench
Languages

All 5 IEC 61131-3 languages.

Copyright © 2012 Rockwell Automation, Inc. All rights reserved. 21

Workbench
Multi-Controller Environment

SIL 3 Safety Data links between Train 1 & 2

Copyright © 2012 Rockwell Automation, Inc. All rights reserved. 22

Workbench
Collaborative Environment

“Checked
“Checked In”
Out”
– Unavailable
– Available for
for Modification
Modification

Copyright © 2012 Rockwell Automation, Inc. All rights reserved. 23

Workbench
Simple Hardware Configuration

Select Module Type and Architecture.

Copyright © 2012 Rockwell Automation, Inc. All rights reserved. 24

Workbench
Simple Point Configuration

You now have a Scaled Analog

Input Providing:
Input in Engineering Units
Three Standard Fault alarms.
Status Word for Transmitter Faults

Enter
Connect
theaInstrument
Field Device
Range.
Tag.

Copyright © 2012 Rockwell Automation, Inc. All rights reserved. 25

Workbench
Enhanced Point Configuration

You can also configure device

specific fault thresholds for
Overange, saturation, open
circuit etc.
Defaults follow NAMUR NE47

You now have HART Data

Providing:
Transmitter 4-20mA Current
Transmitter Process Value
Three Device HART Values
HART Status Assign a single HART Device Tag.
HART Communication Status
Copyright © 2012 Rockwell Automation, Inc. All rights reserved. 26
Workbench
Version Control & History

View
Get History.
Differences.
Copyright © 2012 Rockwell Automation, Inc. All rights reserved. 27
Workbench
Program Simulation

Simulate & test

programs offline!

Copyright © 2012 Rockwell Automation, Inc. All rights reserved. 28

AADvance
System Summary
Product Safety Integrity : TUV IEC61508 (SIL 3),
Standards Programming: IEC1131 (All Languages)
Electrical Safety: UL508, CSA 22.2
Hazardous Area: UL, CSA, ATEX (Class 1 Div 2/Zone 2)
EMC: IEC61000-6
Environmental Module Housing: IP21
Specification -25oC (-13oF) to +70oC (+158oF)
10% to 95% RH, non-condensing
Mechanical Shock: 15g, 11mS duration
Specification Vibration: 10Hz to 150Hz, 0.1g, all 3 axis
Electrical Module Supply: 18VDC to 32VDC
Specification Field Supply: 18VDC to 32VDC
Isolation: 1500VDC
Application Process Industries: IEC61511
Standards Power Industries: EN50178
Burner Management: EN50156, NFPA 85, NFPA 86
Fire Protection: EN54, NFPA72
Maintainability All Modules support ‘Hot Replacement’.
All Modules are physically ‘Keyed’ to prevent incorrect module insertion.

Copyright © 2012 Rockwell Automation, Inc. All rights reserved. 29

AADvance
Processor Summary
Processor AADvance Processors can be configured in Simplex (1oo1D),
configurations Dual (1oo2D) & Triplicated (2003) modes
Module Power Module: 8.0W

Processor Program Storage: 64Mb Flash Memory

Memory Runtime Storage: 32Mb SDRAM

Communication 2 x 10/100 Base T Ethernet and 2 x 115Kb RS485 Serial ports on each processor module
Ports
Communications Integrated Connectivity with PlantPAx Controllers using Ethernet I/P (CIP)
Protocols Architecture Connectivity with Automation Systems using the AADvance OPC Server
Architecture Connectivity with Field Devices using the AADvance HART DTM
Controller Connectivity with 3rd party devices through Ethernet or Serial connections
(MODBUS )
Safety network SIL 3 Safety network (Black Channel) allows multiple controllers and I/O to be
connected for distributed applications
Safety Data Safe Failure Fraction (SFF) > 90%
SIL 2 (Simplex) SIL 3 (Dual or Triple)
Typical PFDavg figures for 8hr MTTR & 1 yr Proof Test Interval (TI)
Simplex 1.20E-04, Dual 4.58E-07 & Triplicated 5.15E-07
Copyright © 2012 Rockwell Automation, Inc. All rights reserved. 30
AADvance
I/O Summary
Input AADvance Input Modules can be configured in Simplex (1oo1D),
configurations Dual (1oo2D) & Triplicated (2003) modes
Module Power 8 Channel Inputs: 3.3W
16 Channel Inputs: 4.0W
Input Digital Input: 0 to 30VDC (0-5VDC = OFF, 15-30VDC=ON)
Range Analog Input: 0 to 24mA (NAMUR NE47 Transmitter fault alarms and HART CMD#03)
Safety Data Safe Failure Fraction (SFF) > 99%, SIL 3 (Simplex, Dual or Triple)
Typical PFDavg figures for 8hr MTTR & 1 yr Proof Test Interval (TI)
Simplex 3.89E-06, Dual 4.28E-07 & Triplicated 4.28E-07
Output AADvance Output Modules can be configured in Simplex (1oo2D) & Dual (Quad) modes
configurations
Module Power Digital Outputs: 3.0W
Analog Outputs: 3.6W
Output Digital Output: 0 to 32VDC, 1.0A per channel, 10A Inrush for 50mS
Range Analog Output: 0 to 24mA (HART CMD#03)
Safety Data Safe Failure Fraction (SFF) > 99%, SIL 3 (Simplex, Dual or Triple)
Typical PFDavg figures for 8hr MTTR & 1 yr Proof Test Interval (TI)
Simplex 1.37E-05 & Dual 2.73E-06
Copyright © 2012 Rockwell Automation, Inc. All rights reserved. 31
AADvance Workbench
Summary
Supported Operating Windows Server 2003 & 2008, Windows XP SP3, Windows 7
Systems and Windows Vista.
Both 32 and 64 bit versions

Supported Languages IEC1131-3 compliant languages Ladder, Function Block, SFC,

ST, IL.
All code generated by the WB is TUV certified

On-line monitoring Monitor running applications (programs and variables), force I/O

On-line programming Modify applications in controllers, add/delete programs, variables

and I/O modules

Off-line simulation Simulate 100% applications before downloading

Version control Integrated version control and multiple user/project access

Security Password and Hardware Security

Distributed applications Support distributed applications across multiple AADvance

processors and multiple workstation access
Copyright © 2012 Rockwell Automation, Inc. All rights reserved. 32
 Installed Base
(1st installation September 2008)
Customer Location Application Architecture SIL Qty Interfaces
Statoil Norway Process Shutdown 1oo2D (Dist) 2 4 Modbus TCP/RTU
(Subsea)
Statoil Norway Comp Anti-Surge 1oo2D (Dist) N/A 2 Modbus TCP/RTU
(Subsea)
ExxonMobil Louisiana ESD 1oo2D/2oo3 3 OPC
SABIC Indiana BMS & ESD 1oo2D 2 2 OPC & Modbus
Big West Oil Utah ESD 1oo2D/TMR 3 1 OPC
Arkema Tenessee BMS & ESD 1oo1D/1oo2D 2 1 OPC & Modbus
Bayer UK BMS & ESD 1oo1D/1oo2D 2 4 OPC & Modbus
(Dist)
Talisman UK F&G 1oo2D N/A 1 OPC & Modbus

EPCO NY & RI ESD 1oo2D/2oo3 3 3 CIP

(Dist)
Chevron California ESD 1oo2D (Dist) 2 6 CIP
Total France ESD 1oo2D 3 3 Modbus

Copyright © 2012 Rockwell Automation, Inc. All rights reserved. 33

Integrated Control & Safety
PlantPAx

Operator Interface
FT View HMI Data Server

CIP Network
(EtherNet/IP)

Control System (BPCS) Safety System (SIS)

Copyright © 2012 Rockwell Automation, Inc. All rights reserved. 34

Integrated Control & Safety
AADvance Connectivity
FT View Clients displaying data from Logix and AADvance/Trusted

FT View HMI Data Server

CIP Network (EtherNet/IP)

ICST OPC Server

As a FTView
Configuration Monitoring
Data server
FTD

Safety Network

AADvance Controller

AADvance Enabled
Trusted Controller

RSLogix5000
AADvance and Trusted communicate with Logix via
EtherNet/IP using both Class 3 CIP Connection
OPC connectivity
Copyright © 2012 Rockwell Automation, Inc. All rights reserved. 35
Rockwell Automation Safety Solutions
 Cost effective approach to risk management
 The right degree of protection and fault tolerance
 Helps manage Capital and Operating Budgets for from an automation asset perspective
 Migration strategies & expertise
 Environmental Compliance
 Critical Control Solutions which assure asset integrity
 Reporting packages to support compliance
 Solutions to help maintain process boundaries; protecting people, assets & the environment
 Fit for Function/Purpose hardware design
 Take the risk out of applying safety systems
 Efficient space requirements
 Over 40 years of deploying Safety Solutions
 Knowledgeable People including Functional Safety Consultants
 Safety expertise to help determine what is needed to operate safety
 Expertise to provide the linkage between behavioral safety and process safety

Copyright © 2012 Rockwell Automation, Inc. All rights reserved. 36

Services for a Risk Based Approach

 Functional Safety Consultancy

 Certified Functional Safety
Engineers
 Risk Based Assessment
 Management IEC 61508
process
 SIL Assessment
 Training
 Validation and Compliance

Copyright © 2011 Rockwell Automation, Inc. All rights reserved. Copyright © 2012 Rockwell Automation, Inc. All rights reserved. 37
Questions?

Copyright © 2012 Rockwell Automation, Inc. All rights reserved.