Control System Considerations for ADS

EuCARD-2/MAX Accelerators for Accelerator Driven Systems Workshop, CERN, March 20-21, 2014

Klemen Žagar <klemen.zagar@cosylab.com>Robert Modic <robert.modic@cosylab.com>Mark Pleško <mark.plesko@cosylab.com>

Fault tolerance and redundancy of the accelerator use of components far from their limits, parallel and serial redundancy of components, ability to repair failing section.

Control strategies for high availability Reliable components in the first place Redundant elements Protection systems without false positives Predicting faults before they occur Working around faulty equipment

High Availability2

Standard CS Architecture3

Equipment Interface – Control Boxes

Central RoomCentral Services

IP over Ethernet

Power Supplies Sector AControl Box

RF Sector BControl Box

Gateway Archive Operator’s workstation

Other networks

Model

Planning: work breakdown4

Considerations: Maturity Performance Use in other facilities Obsolescence management

Today’s choices: VME [mature, nearing obsolescence] cPCI [suboptimal performance; cPCIe immature] PXI, PXIe [limited choice of vendors]mTCA/ATCA, mTCA.4 for physics

[not much support from industry – yet]

Hardware platform5

We recommend EPICS as the control system infrastructure.

Widely used in ACC community. Good community and commercial support. Significant reuse of existing components possible. Mature and proven technology. Hooks allow implementation of a redundancy scheme.

Software Framework6

About EPICS7

Thermo-meter

Computer Interface

Computer Interface

Computer Interface

Channel Access Server(IOC)

Process Variables:

CWS-PHTS-DLHT:VC1-FCVZ

Channel Access Client Channel Access Client

FlowControlValve

Sub-system

CWS-PHTS-DLHT:VC1-FCVY1CWS-PHTS-DLHT:VC1-FCVY2

CWS-PHTS-DLHT:MT2-TT

The Channel Access network communication protocol. UDP for discovery. TCP for data exchange.

EPICS Data Flow8

CA Server

CA Client

Channel Access Client

Who has a PV named“CWS-PHTS-DLHT:TTSPTARGET”?

I do.

What is its value?

25.5 degC

Change its value to 30.5

“connection request” or “search request”

OK, it is now 30.5

Notify me when the value changes

It is now 20.5 degC

It is now 10.3 degC

It is now 9.2 degC

“put” or

“caPut”

“get” or

“caGet”

“set a monitor”

“post an event”

or

“post a monitor”

“put complete”

Process Variables:

Channel Access Server

CWS-PHTS-DLHT:VC1-FCVZCWS-PHTS-DLHT:VC1-

FCVY1CWS-PHTS-DLHT:VC1-

FCVY2CWS-PHTS-

DLHT:TTSPTARGET

One of the IOCs is a primary, and one is a backup. Primary IOC sends all state changes (e.g., changes of

values) to the backup to keep it in sync. if heartbeat fails, backup node takes over, in the same

state where the primary left off.

EPICS and redundancy9

How to integrate equipment:

Redundancy?

Equipment interfaces10

Fieldbus

Pump

PumpRPM

Valve

Pumppower

Valveopen/close

Valvestate

Lo

cal c

ontr

olle

r

DO

DI

AI

AO

EP

ICS

IO

C

EP

ICS

Ch

ann

el A

cce

ss

Equipment

Responsibility of equipment supplier Myrrha

or

Dem

ux

IOC 1

IOC 2

EP

ICS

Ch

ann

el A

cces

s

Equipment

Enable / OK signal (IOC® equipment)Actuator signals (IOC® equipment)Sensor signals (equipment® IOC)

Logic neither complex nor very fast (>10ms) robust. Used in off-the-shelf industrial systems

Cryo plant, vacuum, building automation/HVAC, … Used for personnel protection (interlocks).

Use And Integration Of PLCs11

PLCIOC

PLC Communication

HMI Alarms Archives Supervision

Processing

I/O

Channel Access

pu

t

ge

t

mo

nito

r

PLCs implement redundancy in the CPU and with redundant hot

swappable IO modules.

Network switches Predefining routing tables on nodes and switches This way communication can resume more quickly after

switchover

Industrial Redundant Systems12

Multiple levels of protection: Hardwired protection system.

Required for nuclear safety. Personnel protection system. Machine/investment protection.

Quick reaction to faults. Graceful shutdown. The first two are outside the scope of control system.

But can be integrated with it (e.g., via 4-20mA signal interface).

MPS issues a mitigation action when a problem is detected. Topology:

Machine protection system13

Source LEBT RFQ NC DTL SC DTLSpokes, β=0.35 Elliptical, Medium β=0.47 Elliptical, High β=0.65 Dump

ReactorSource LEBT RFQ NC DTL SC DTL

Spare part

Machine Protection is Redundant to Control System14

Control Room Control System Services

EPICS IOC

Device Network (Ethernet)

Control System Network (Ethernet)

Ion Source controller

Timing System

Machine Protection System

Trigger(s)

Machine protection system15

CONTROL SYSTEM(Configuration&Supervision)

BIS(Beam Interlock System)

MID(MPS Input Devices)

MOD(MPS Output

Devices)

TIMING SYSTEM

Post Mortem

RPS(Run Permit

System) FDS(Fault-Diagnostic

System)

Statistical analysis of archived data (e.g., trends) to identify components nearing a fault.

Model and detailed monitoring of subsystems. E.g., monitoring of vibrations in mechanical subsystems.

Uses: Preventive maintenance planning. Preventively taking a component off-line.

Predictive diagnostics16

Simulator of the machine. Uses real-time configuration data of beamline elements

to simulate beam characteristics. Useful to analyze failure scenarios. An R&D topic: automatic reconfiguration in case of a

subsystem failure.

Virtual accelerator17

1. Initiate collaboration on control system with similar projects.

2. Introduce a naming convention early in the project.

3. Standardize and define control system interfaces for all delivered components and devices at the time of procurement.

5. Equip RFQ@UCL with fully functional and stable control system for its operation.

6. Foresee time and resources for reliability and availability investigation on RFQ@UCL.

7. Define the scope of the control system well – if subsystems don’t have a control system, foresee that it needs to be developed.

Key recommendations18

QUESTIONS

Supervision of alarm state. Guides operator in reacting to alarms. E.g., BEAST.

Part of the Control System Studio suite.

Alarms20

Storing values of process variables (PVs) through time. Usage:

Monitoring (and analysis) of (mid-/long-)term trends. Predictive diagnostics. Comparison of performance at various times.

E.g., BEAUTY. Part of Control System Studio.

Not a high-performancescientific archiving tool!

Archiving21

Timing system22

Timing Generator

Crate

Client device

Client device

RF Clock

RF Clock Generator

Crate

Client device

Crate

Timing Receiver

Timing Receiver

Clock + Data

Client device

TS transport layer core

TS TL core

Client device

TS TL core

Switch / Fan-out

Response generation

Response generation

Timing sequences

The Control Box

Equipment interfaces23

Input Output Controller (IOC)

EPICS IOC

Channel Access

Device Support

Device Support

anal

og

inp

uts

Eth

ern

et/I

PPLC

Device Support

Intelligent Controller

Ethernet SwitchEthernet SwitchPROFINET TCP/IP, UDP/IP

PLC

PLC Intelligent Controller

Intelligent Controller

analog/digital I/O analog/digital I/O

Responsibility of the ESS integrators

Responsibility of the subsystem developers/integrators

Ethernet Switch

Oth

er

sub

syst

em

s,

cen

tral

se

rvic

es,

co

ntr

ol r

oom

, et

c.

A/D module

Packaging of control system software. Operating system. EPICS. User interface tools.

In addition, ITER-specific tools E.g., Self Description Data toolkit for providing meta-data

and development of “plant system instrumentation & control”.

Can be used elsewhere as a baseline E.g., ESS.

ITER CODAC24