AADvance The Next Step in Automation AADvance Controller Solutions Handbook Issue: 09 DOCUMENT: 553631 (ICSTT-RM447J_EN_P)
Solutions Handbook (AADvance Controller) This page intentionally left blank ii Document: 553631 (ICSTT-RM447J_EN_P) Issue: 09:
Notice In no event will Rockwell Automation be responsible or liable for indirect or consequential damages resulting from the use or application of this equipment. The examples given in this manual are included solely for illustrative purposes. Because of the many variables and requirements associated with any particular installation, Rockwell Automation does not assume responsibility or reliability for actual use based on the examples and diagrams.
Solutions Handbook (AADvance Controller) Notes and Symbols used in this manual This symbol calls attention to items which "must" be considered and implemented when designing and building an AADvance controller for use in a Safety Instrumented Function (SIF). It appears extensively in the AADvance Safety Manual. Note: Notes are used extensively to provide important information about the product.
Issue Record Issue Date Comments 01 Dec 2008 First Issue 02 Feb 2009 03 Feb 2010 04 Mar 2010 Updates after peer review 05 June 2010 updates for release 1.1.1 06 Oct 2010 updates to meet UL requirements 07 Nov 2010 updates for ATEX and UL Certification and release 1.2 08 July 2012 Release 1.3 version 09 Aug 2013 Changes to TUV certification topic, add On-line update feature and module specification data.
Solutions Handbook (AADvance Controller) Forward This technical manual describes the features, performance and functionality of the AADvance controller and systems. It sets out some guidelines on how to specify a system to meet your application requirements. Note: The AADvance controller is a logic solver. It uses processor modules and I/O modules. An AADvance system is formed by one or more controllers, their power sources, communications networks and workstations.
Solutions Handbook (AADvance Controller) Contents Chapter 1 The AADvance System ........................................................................... 1-1 The AADvance Controller .............................................................................................................................. 1-1 Performance and Electrical Specifications .............................................................................................. 1-3 Scan Times ...........................................
Serial Communications ............................................................................................................................. 1-37 Field Wiring Connections ........................................................................................................................ 1-38 Corrective Maintenance and Module Replacement .......................................................................... 1-38 Chapter 2 AADvance System Architectures ........................................
Solutions Handbook (AADvance Controller) Estimate Module Supply Power Dissipation and Field Loop Power Dissipation ................................ 6-7 Chapter 7 Module Overview and Specifications ..................................................... 7-1 T9110 Processor Module ................................................................................................................................ 7-2 Processor Module Specification ...................................................................
Power Supply Requirements ........................................................................................................................... 9-4 Adding Cable Management .............................................................................................................................. 9-4 Chapter 10 Parts List ................................................................................................ 10-1 Chapter 11 Glossary of Terms ..............................................
Chapter 1 The AADvance System An AADvance system consists of an AADvance controller, an external operator's workstation, field connections, power sources and external network connections. The flexibility of the design allows a system to be built to suit your own requirements from a standard range of modules and assemblies. This chapter describes the main components that can be used to build an AADvance controller. In This Chapter The AADvance Controller .....................................................
Solutions Handbook (AADvance Controller) The significant benefits of the AADvance controller are its performance and flexibility. Being designed to IEC 61508 it meets both SIL2 and SIL3 application requirements from the basic range of modules and mixed SIL rated applications can be covered by this range of modules. All of the configurations are readily achieved by combining modules and assemblies without using special cables or interface units.
Single input modules are designed to meet SIL3 and in the most basic simplex configuration they offer a fail-safe solution. The AADvance system has comprehensive built-in diagnostics, while maintenance activities are straight forward operations which maximize system availability. The AADvance controller is developed and built for IEC 61131 compliance and includes support for all five programming languages. Program access is secured by a removable "Program Enable" key.
Solutions Handbook (AADvance Controller) Time Stamp Accuracy Safety accuracy limit 10ms 200µA for Analogue Inputs and 1.0V dc for Digital Inputs. Electrical Characteristics Supply voltage Redundant 24V dc nominal, 18V dc to 32V dc range Channel isolation (channel to channel and channel to chassis) Maximum withstanding ± 1.5kV dc withstand for one minute. Power consumption, heat dissipation and weight depend on the arrangement of the controller.
Throughput time is the time from input change to output action. Due to the discrete nature of the scan, the throughput time will vary between one and two scans. Note: The AADvance application scan time is limited to a minimum of 64ms to allow all processes to run. Small applications will report a scan time of approximately 57 61ms. Large applications may have longer scan times but each scan time will be consistent to within approximately 5ms.
Solutions Handbook (AADvance Controller) Functional Stress 5Hz to 9Hz Continuous 1.7mm amplitude Occasional 3.5mm amplitude Withstand Acceleration Endurance 10Hz to 150Hz 0.1g in 3 axes 10Hz to 150Hz Acceleration 0.5g in 3 axes Shock 15g peak, 11ms duration, ½ sine Operating 0 to 2000m (0 to 6,600 ft.) Storage and Transport 0 to 3000m (0 to 10,000 ft.) This equipment must not be transported in unpressurized aircraft flown above 10,000 ft.
Controller TUV Certification TÜV Certification TÜV is the safety certifying authority for an AADvance controller. The AADvance system is certified to the following standard: IEC 61508, Part 1-7:1998-2000 EN 50178:1997 IEC 61511-1:2004 EN 50156-1:2004 EN 61131-2:2007 EN 54-2:1997, A1:2006 (†) EN 61326-3-1:2008 NFPA 72:2007 EN 61000-6-2:2005 NFPA 85:2007 EN 61000-6-4:2007 NFPA 86:2007 (†) The analogue output modules are not certified to EN 54-2.
Solutions Handbook (AADvance Controller) Products Covered The products investigated and approved: Programmable Logic Controllers Models: 9110 Processor Module; 9401/2 Digital Output Module; 9431/2 Analogue Input module; 9451 Digital output module; 9482 Analogue Output Module.
Listed Accessories for use with PLCs: 9100 Processor Backplane, 9300 I/O Backplane, 9801 Digital Input Termination Assembly, Simplex; 9802 Digital Input Termination Assembly, Dual; 9803 Digital Input Termination Assembly, TMR; 9831 Analogue input Termination Assembly, Simplex; 9832, Analogue Input Termination Assembly, Dual; 9833 Analogue Input Termination Assembly, TMR 9851 Digital Output Termination Assembly, Simplex and 9852 Digital Output Termination Assembly, Dual; 9881 Analogue Output Termination Asse
Solutions Handbook (AADvance Controller) Certificate The AADvance controller modules have been evaluated to the requirements of EN 60079-0: 2009 and EN 60079-15: 2010 under Certificate Number: DEMKO 11 ATEX 1129711X .
The AADvance controller has also been evaluated under certificate IECEx UL 12.0032X to the standards IEC 60079-0; (5th Edition) and IEC 60079-15 (4th Edition). [ certificate to be supplied] For a system that is located in a Zone 2 Hazardous environment where ATEX certification is required, all modules should be installed in an ATEX and IECEx Certified, tool accessible IP54 enclosure. The enclosure is to be marked with the following: "Warning - Do not open when energized".
Solutions Handbook (AADvance Controller) KCC-EMC Registration KCC- EMC Registration 1-12 Document: 553631 (ICSTT-RM447J_EN_P) Issue: 09:
Main Components Hardware Components Each controller is built from a standard range of modules and assemblies; it consists of processor modules, a processor base unit, digital and analogue I/O modules, I/O base units and termination assemblies all of which are assembled as follows: A processor module is installed into a processor base unit that can hold up to 3 processor modules. 3-way I/O base units are connected to the processor base unit and to each other.
Solutions Handbook (AADvance Controller) AADvance Workstation Software and Application Development Environment Workstation Software The AADvance workstation uses software that enables you to design the complete control strategy as one, then to target parts of the strategy at each controller. Interaction between the resources is automatic, significantly reducing the complexity of configuration in a multi-resource solution.
Programs can be simulated and tested and tested on the computer before downloading to the controller hardware. Also provided is a set of configuration tools that enables you to define the hardware architecture in the software; set up the processor functionality; and connect application variables to the Workbench application resource program that will monitor processor and I/O module status information and report I/O channel data values to the Workbench.
Solutions Handbook (AADvance Controller) Controller Functionality SNTP The AADvance controller supports the Simple Network Time Protocol (SNTP) service that can circulate an accurate time around the network. As an SNTP client the controller will accept the current time from external Network Time Protocol (NTP) and SNTP network time servers.
Note: The CIP Protocol is intended to allow AADvance users to exchange data between AADvance controllers and the Allen Bradley Logix family controllers, using produce/consume messaging. Produce/Consume messaging does not support downloading to or for monitoring AADvance controllers. It is not recommended to use the CIP network to exchange data between AADvance controllers unless this is exclusively for non-safety data.
Solutions Handbook (AADvance Controller) Figure 1: Example HART Pass-through System SNCP Safety Networks SNCP (Safety Network Control Protocol) is the Safety Protocol that allows elements of an AADvance System to exchange data. AADvance SNCP is a SIL 3 certified protocol which provides a safety layer for the Ethernet network making it a "Black Channel". Data is exchanged by creating a relationship between variables in different AADvance controllers; this is called "Binding Variables".
The physical network is considered a "Black Channel" so the design of the Ethernet network and the equipment used does not impact the SIL rating of the communications interface, but the design of the network does affect the reliability of the network and does impact the spurious trip rate.
Solutions Handbook (AADvance Controller) Peer-to-Peer AADvance provides the capability for a SIL 3 certified Peer-to-Peer data connections, allowing safety data to be transferred between AADvance and Trusted Controllers. The Trusted Peer-to-Peer network protocol enables you to share safety data between AADvance systems or AADvance and Trusted TM systems across an Ethernet network.
Safety Related Peer-to-Peer Configurations The following Peer-to-Peer configurations are approved for use in a safety Related Function: Table 3: Peer-to-Peer Settings TÜV Certified Configuration Conditions Software Board Definitions: Certified for use over a single communication network or multiple networks Certified as safety-related and can be used for safety critical communications in SIL 3 applications.
Solutions Handbook (AADvance Controller) Peer-to-Peer Settings TÜV Certified Configuration Conditions Software Board Definitions: Certified for use over a single communication network or multiple networks Certified as safety-related and can be used for safety critical communications in SIL 3 applications provided to separate Dxpai128 & Dxpao128 board definitions are used for safety values, the safety values from the tw oDxpai128 boards (or digital trip points from the values) shall have a 1oo2 vote wi
Modbus Master The AADvance controller can be used as a Modbus master to one or more Modbus slave devices. Slave devices can include programmable logic controllers, remote devices (typically with little or no processing capability) and, more rarely, other functional safety controllers (Trusted or AADvance). The controller supports the Modbus RTU and Modbus TCP protocols, and a subset of Modbus commands. You can use Modbus RTU with point-to-point and multi-drop serial links, and Modbus TCP with Ethernet.
Solutions Handbook (AADvance Controller) Modbus Master Hardware and Physical Connections The Modbus master functionality is built into the T9110 Processor Module; the physical communication ports are located on the T9100 Processor Base Unit. You do not need to add any extra hardware to the AADvance controller except to make the physical connections to the processor base unit. The illustration shows some possible arrangements of Modbus master connections.
Controller IP Address Setting The AADvanceDiscover Utilility uses a discovery and configuration protocol (proprietary to Rockwell Automation) to set the controller IP address within the AADvance Workbench and to scan the broadcast domain for other AADvance controllers. The utility locates each controller by its unique MAC Address.
Solutions Handbook (AADvance Controller) Ethernet Forwarding When enabled, the "Ethernet Forwarding" feature will forward all Ethernet packets destined for a host (3rd Party Device) connected to one of the AADvance’s Ethernet ports along with any broadcast and multicast Ethernet traffic. Incoming messages on the other port will be forwarded directly to the second. The forwarded messages will be unaltered by the AADvance controller. This feature can be enabled using the AADvance Discover utility.
Transparent Communication Interface (TCI) The AADvance controller processor module provides a Transparent Communications Interface (TCI) function. This functionality will establish a pass-through communications link between an Ethernet link to a Serial port allowing devices attached to a serial port to be communicated with and for them to reply. The controller does not tamper with or inspect the data passed over the channel. TCI uses a TCP port number to represent a serial port.
Solutions Handbook (AADvance Controller) Technical Features TUV Approved Operating System The AADvance system runs an IEC 61508 approved operating system and the overall system is certified to IEC 61508, Part 1-7: 19T98 - 2000 SIL3. Internal Diagnostics The AADvance controller contains comprehensive internal diagnostic systems to identify faults that develop during operation and raise appropriate alarm and status indications.
System Modification and On-line Updates The AADvance controller has a modular design which allows you to change the I/O hardware configuration. An on-line update feature also allows you to make the required changes to the workbench I/O configuration. The following changes can be made by an on-line update: Add new I/O base units, termination assemblies and extra I/O modules.
Solutions Handbook (AADvance Controller) When new I/O modules need to be added and there is not enough space in the existing row of modules, you can use an Expansion Cable to install a new row of modules. A typical arrangement using an expansion cable is shown below.
ControlFLASH Firmware Upgrades The AADvance controller supports upgrades of processor module firmware by using the ControlFLASH utility. You need the ControlFLASH firmware upgrade kit that includes and RSLinx Classic Lite software or better. To install and configure the ControlFLASH utility refer to the Rockwell Automation ControlFLASH Firmware Upgrade Kit documentation, Publication No: 1756-UM105C-EN-E March 2012 available from the Rockwell Automation Literature Library.
Solutions Handbook (AADvance Controller) Physical Features An innovative feature of the AADvance controller is the design of the hardware. Everything fits together easily without any need for inter-module wiring. Product Dimensions Overall Dimensions of Modules with Base Units Table 4: Summary of Dimensions Attribute Value Base unit dimensions (H × W × D), approx. 233 × 126 × 18mm (see text) (9-¼ in × 5 × ¾ in) Module dimensions (H × W × D), approx.
The depth of the base unit (18mm) excludes the parts of the backplane connectors that mate inside the module connectors. Adding the depth of module (118mm) to the depth of the base unit gives the overall depth of the controller assembly, which is 136mm. Module Dimensions All modules have the same dimensions. Compact Module Design Each processor and I/O module is enclosed in a flame-retardant and impact-resistant plastic cover. The cover is designed to assist ventilation and heat dissipation.
Solutions Handbook (AADvance Controller) Base units are moulded from a similar material. Each base unit can be mounted onto standard DIN rails or directly onto a panel or wall. The moldings incorporate slots and clamps for DIN rail mountings, and holes for screw fixing. CAUTION HEAT DISSIPATION AND ENCLOSURE POSITION System and field power consumption by modules and termination assemblies is dissipated as heat. You should consider this heat dissipation on the design and positioning of your enclosure; e.
Module Locking Mechanism Each module carries a locking mechanism, which secures the module onto its base unit. The locking mechanism is in the form of a clamp screw, visible on the front panel of the module and engaged by a quarter turn of a flat blade screwdriver. The module senses the locking mechanism position and notifies the controller accordingly. This acts as an interlock device and prevents the module from going on-line when it is not in the locked position.
Solutions Handbook (AADvance Controller) Part No: Digital Input Fuses T9901: No 396/TE5 50mA time lag fuse; UL 248-14, 125 V,T Leadfree; manufactured by Littlefuse. Part No: Digital Output Fuses T9902: SMF Omni-Block, Surface Mount Fuse Block 154 010, with a 10A, 125V Fast Acting Fuse, Littlefuse. WARNING FUSE REMOVAL or REPLACEMENT When the controller is installed in a Hazardous environment do not remove or replace a fuse when energized.
Ethernet, Serial Data and Power Connections The external connections for Earthing, Ethernet (E1-1 to E3-2), serial data (S1-1 to S3-2) and the +24V dc Redundant powers supplies (PWR-1 and PWR-2) are all located on the T9100 Processor Base Unit. There are two serial data and two Ethernet connectors for each processor module. Two connectors for the dual redundant power supplies, a stud for the Earth and a connector for the security device (KEY) also known as the Program Enable Key.
Solutions Handbook (AADvance Controller) Field Wiring Connections Field connections are made using industry-standard screw terminal blocks. Terminals are readily accessible for future wiring modifications without needing to dismantle any assemblies. This illustration shows field wiring to four simplex termination assemblies: Corrective Maintenance and Module Replacement Corrective maintenance is by module replacement.
Chapter 2 AADvance System Architectures An AADvance controller can be configured to manage non-safety up to SIL 3 safety related system requirements and low demand or high demand fault tolerant applications. This chapter describes the different system architectures that can be configured for an AADvance controller to meet this variety of requirements. Note: Architectures are independent of I/O module capacity therefore 8 or 16 channel I/O modules can be used. In This Chapter SIL2 Architectures ............
Solutions Handbook (AADvance Controller) SIL2 Fail-safe Architecture The following is a simplex fail-safe SIL2 architecture, where I/O modules operate in 1oo1D under no fault conditions and will fail-safe on the first detected fault. The processor module operates in 1oo1D and will degrade to fail safe on the first detected fault.
SIL2 Fault Tolerant Input Architectures A SIL2 fault tolerant input architecture can have dual or triple input modules with a single processor and single output modules. The illustration shows a dual input arrangement where the dual input modules operate in 1oo2D under no fault conditions, they degrade to 1oo1D on detection of the first fault in either module of the redundant pair, and when a fault occurs on the second module it will fail-safe.
Solutions Handbook (AADvance Controller) SIL2 Output Architecture A SIL2 output architecture has a single output module with single processor and single or redundant input modules. In de-energize to trip operation, the output modules operate in 1oo2D no fault conditions and degrade to 1oo1D on detection of the first fault in either module and fail-safe when there are faults on both output modules.
SIL2 Fault Tolerant Input High Demand Architecture A SIL2 fault tolerant "High Demand" architecture has dual input, dual processor and dual output modules. In a dual arrangement the input modules operate in 1oo2D under no fault conditions, degrade to 1oo1D on the detection of the first fault in either module, and will fail-safe when there are faults on both modules. A triple input module arrangement can also be configured if it is required to increase the fault tolerance of the input.
Solutions Handbook (AADvance Controller) Position Module Type I/P A 2 × T9401/2 Digital Input Module, 24V dc, 8/16 Channel + T9802 Digital Input TA, 16 Channel, Dual or 2 × T9431/2 Analogue Input Module, 8/16 channel + T9832 Analogue Input TA, 16 Channel, Dual 2 × T9300 I/O Base unit CPU A & CPU B 2 x T9110 Processor,, T9100 Processor Base Unit O/P A 2 × T9451 Digital Output Module, 24V dc, 8 Channel + T9852 Digital Output TA, 24V dc, 8 channel, T9300 Base unit SIL3 Architectures SIL3 architectures
SIL3 Fail-safe I/O, Fault Tolerant Processor A SIL3, fail-safe I/O with a fault tolerant processor architecture has a simplex input and output arrangement with dual or triple processor modules. The dual processor modules operate in 1oo2D under no fault conditions and degrade to 1oo1D on detection of the first fault in either module. When there are faults on both modules the configuration will fail-safe. If required you can configure triple processor modules as a variation of this SIL3 architecture.
Solutions Handbook (AADvance Controller) Table 9: Modules for SIL3 Fail-safe I/O, Fault Tolerant Processor Position Module Type I/P A T9401/2 Digital Input Module, 24V c, 8/16 Channel + T9802 Digital Input TA, 16 Channel, Dual or T9431/2 Analogue Input Module, 8/16 channel + T9832 Analogue Input TA, 16 Channel, Dual T9300 Base unit CPU A & CPU B 2 x T9110 Processor Module, T9100 Base Unit O/P A T9451 Digital Output Module, 24V dc, 8 Channel + T9851 Digital Output TA, 24V dc, 8 Channel, Simplex SIL
Table 10: Modules for SIL3 Fault Tolerant Architectures Position Module Type I/P A 2 × T9401/2 Digital Input Module, 24V dc, 8/16 Channel, + T9802 Digital Input TA, 16 Channel, Dual or and I/P B 2 × T9431/2 Analogue Input Module, 8/16 Channel + T9832 Analogue Input TA, 16 Channel, Dual 2 x T9300 I/O Base Unit CPU A & CPU B 2 × T9110 Processor Module, 9100 Processor Base Unit, O/P A 1 × T9451 Digital Output Module, 24V dc, 8 Channel + T9851 Single Digital Output TA, 24V dc, 8 Channel for deenergiz
Solutions Handbook (AADvance Controller) SIL3 TMR Input and Processor, Fault Tolerant Output A SIL3 TMR architecture offers the highest level of fault tolerance for an AADvance controller and consists of triple input modules, triple processors and dual output modules.
CPU A & CPU B 3 × T9110 Processor Module, T9100 Processor Base Unit, O/P A 2 × T9451 Digital Output Module, 24V dc, 8 Channel + 9852 Digital Output TA, 24V dc 8 Channel, Dual Note: All configurations that use dual or triplicate processor modules are suitable for SIL3 architectures with de-energize to trip outputs. Dual outputs are also required for SIL3 energize to action outputs.
Solutions Handbook (AADvance Controller) Table 14: Output Modules Modules TÜV Certified Configuration Conditions Digital Outputs 1oo1D, 1oo2 or 2oo2D De-energize to action (normally energized): SIL3 with 1 or 2 modules fitted. 2oo2D with dual output modules fitted. T8451, 24V dc, 8 channel. Energize to action (normally de-energized): SIL2 with 1 module fitted and SIL3 with 2 modules fitted.
This page intentionally left blank Document: 553631 (ICSTT-RM447J_EN_P) Issue: 09: 2-13
Chapter 3 Building Architectures with TUV Approved Modules The controller supports a range of architectures. This chapter describes how to build a range of architectures configurations and includes selected examples that illustrate the alternative options. The modular construction of the controller makes it easy to create module arrangements and these can be tailored for a particular application. In This Chapter Fundamental Architectures .....................................................................
Solutions Handbook (AADvance Controller) Low Demand SIL2 Architecture This is an example of a SIL2 controller which is suited to low demand mode applications with de-energize and energize to action outputs. The T9801 and T9851 illustrated are the associated simplex termination assemblies that mate with the T9401 and T9451 I/O modules. This arrangement is also suitable for non-safety applications. This example supports 8 field inputs and 8 outputs.
Data Input and Output A controller can support up to 48 I/O modules in total (on 16 I/O base units); as an example, here is a controller with four 8 channel T9401 digital input modules and two 8 channel T9451 Digital Output Modules, giving 32 inputs and 16 outputs.
Solutions Handbook (AADvance Controller) Adding a 2nd Processor for a Higher SIL Rating Configuration A single processor module is rated SIL2, while two or three in a redundant arrangement are rated SIL3. Returning to the first example and adding a second processor module creates a controller suitable for high as well as low demand mode applications at SIL3. The T9401/2 digital input module (identical to the module for the SIL2 controller) is rated SIL3 as it stands.
Dual Architecture for Fault Tolerant Applications Fault Tolerant Input and SIL3 Outputs A dual architecture configuration shown uses two dual redundant modules for each stage. The use of two processor modules provides SIL3 integrity for the processor stage, (as for the previous example), while the addition of the second input module provides fault tolerance for the inputs.
Solutions Handbook (AADvance Controller) Increasing I/O Capacity The capacity of this controller is increased by adding pairs of I/O modules and associated dual termination assemblies. The next example shows how to provide 16 inputs and 16 outputs (this could also be 32 inputs if 16 channel input modules are used). The outputs shown are digital output modules. Note: The T9852 dual termination assembly can be used with both 8 channel and 16 channel input modules.
Triple Modular Redundant Architecture A SIL3 TMR architecture offers the highest level of fault tolerance for an AADvance controller and consists of triple input modules, triple processors and dual output modules. The input and processor modules operate in a 2oo3D under no fault conditions, degrade to 1oo2D on detection of the first fault in any module, and degrade to 1oo1D on the detection of faults in any two modules and will fail-safe when there are faults on all three modules.
Solutions Handbook (AADvance Controller) You can add further groups of three input modules and pairs of output modules to provide additional I/O capacity. For example, a triple modular redundant controller using 8-channel modules for 16 inputs and 16 outputs could be arranged like this. For 16 channel TMR input you should use the T9402 16 channel digital input modules in the same arrangement.
Chapter 4 Mixed Architectures It is straightforward to implement single, dual and triple I/O architectures for a controller. This can provide a mixed level of redundancy, fault tolerance and safety integrity level an application needs, without over-specifying some of the I/O or the need to provide a second controller. In This Chapter Example Controllers .......................................................................................... 4-1 Mixed I/O Architectures ....................................
Solutions Handbook (AADvance Controller) 4-2 Document: 553631 (ICSTT-RM447J_EN_P) Issue: 09:
Mixed I/O Architectures An application might readily justify a dual processor and dual I/O for some field circuits, but not for all. It is easy and economical to configure one controller to provide a solution. Consider a dual processor system that needs 16 inputs and 16 outputs, half of which must be duplicated and half of which can be simplex. The requirement would be fulfilled by a controller architecture like this.
Solutions Handbook (AADvance Controller) Mixed Safety Integrity Levels Such is the flexibility of AADvance that a single controller can support mixed safety integrity levels; for example, if a system needs SIL3 energize to trip outputs alongside SIL2 outputs. The following example shows how a small a viable controller for mixed integrity levels can be when built from AADvance modules.
Distributed Architectures AADvance is designed to support a distributed safety architecture.
Solutions Handbook (AADvance Controller) Typical Network Applications A typical distributed AADvance system uses two networks: An information network, which provides connectivity to the BPCS (basic process control system) and to OPC devices A dedicated safety network, which handles data shared between the AADvance controllers The engineering workstation may connect to the safety network (as illustrated), to the information network or to both networks.
Controller Network Connectors The controller features six autosensing 10/100BASE-TX Ethernet ports which allow it to connect to a local area network through standard RJ45 Ethernet cable. There are two ports for each processor module.
Solutions Handbook (AADvance Controller) This page intentionally left blank 4-8 Document: 553631 (ICSTT-RM447J_EN_P) Issue: 09:
Chapter 5 AADvance Scalability The AADvance design concept provides an expandable solution for every application through its current range of I/O modules and termination assemblies. Increased I/O capacity is possible because of the ease and simplicity for adding new modules and the flexibility for creating different architectures. This chapter describes how you can expand the I/O capacity of a controller. In This Chapter I/O Channel Capacity .................................................................
Solutions Handbook (AADvance Controller) Simplex I/O Channel Capacity When you need I/O modules arranged in only simplex configurations you should use the simplex termination assembly for each module type. You can use any physical arrangement of 8-channel and 16-channel input modules with their simplex termination assemblies, also any arrangement of output modules with simplex termination assemblies.
Dual I/O Channel Capacity When you need I/O modules arranged in dual redundant formations, each pair of modules shares a dual termination assembly and occupies two-thirds of an I/O base unit. The termination assemblies can bridge adjacent I/O base units, so two base units will hold three pairs of dual redundant module configurations, while three base units will hold four pairs. Arrange base units in groups of two or four to optimize capacity for dual redundant modules.
Solutions Handbook (AADvance Controller) Triple Modular Redundant Channel Capacity When you need input modules arranged in triple modular redundant formations, each group of three modules will share a single triple termination assembly and occupies a whole I/O base unit. A single controller supports 16 groups of three modules, so a hypothetical controller using 16-channel input modules and needing no output channels would have a capacity of 16 x 16 = 256 input channels.
Adding I/O Channel Capacity You can specify a new controller to have the precise quantity of I/O channels that you need and also configure spare I/O channels that you anticipate you may need in the future. Having done this, it is possible add the hardware to expand the controller.
Solutions Handbook (AADvance Controller) Redundancy and Fault Tolerance A significant advantage of the AADvance design is the option to add redundant modules to increase fault tolerance as an when they are required. Redundant configurations allow you to replace faulty modules without affecting the system operation. This flexibility and operational persistence is made possible by Termination Assemblies that provide redundant I/O module capacity.
Chapter 6 Specifying a New Controller This chapter provides a list of key information needed to specify a new AADvance controller. The flowcharts and tables that follow will guide you through the process of defining a suitable system for your application and requirements. In This Chapter Information to Specify a New Controller..................................................... 6-1 Define a New System ........................................................................................
Solutions Handbook (AADvance Controller) Define a New System The charts use minimal designs to illustrate particular solutions.
Document: 553631 (ICSTT-RM447J_EN_P) Issue: 09: 6-3
Solutions Handbook (AADvance Controller) 6-4 Document: 553631 (ICSTT-RM447J_EN_P) Issue: 09:
Choosing Termination Assemblies The use of termination assemblies gives the AADvance system exceptional flexibility for creating different architectures and expanding the system. Each termination assembly is a very simple circuit that is matched to a type of I/O module and to a particular module configuration. This table shows a summary of the termination assemblies which are available and the associated I/O module configurations.
Solutions Handbook (AADvance Controller) Estimate AADvance Controller Weight Use the following table to estimate the weight of your system. Table 18: AADvance Controller Module Weight Item Number Used Weight Allowance g (oz.) T9100 Processor Base Unit × 460g (16 oz.
Estimate Module Supply Power Dissipation and Field Loop Power Dissipation Module supply voltage and field power consumption is dissipated as heat. Use these tables to estimate the supply voltage and field power heat dissipation of your system. Note: All figures given are worst-case estimates based upon maximum operating field current and voltages. Table 19: Estimating Module Supply Power Dissipation Item Number Power Dissipation of Modules Subtotal (W/BTU/hr) T9110 Processor Module × 8.0W (27.
Solutions Handbook (AADvance Controller) This page intentionally left blank 6-8 Document: 553631 (ICSTT-RM447J_EN_P) Issue: 09:
Chapter 7 Module Overview and Specifications This chapter provides a brief technical overview and technical specification of each module and its associated termination assembly. Each module has a set of front panel LEDs to provide status and failure indications. Also, variables included with the application software can be set up to also monitor and report on the system and module status. In This Chapter T9110 Processor Module ................................................................................
Solutions Handbook (AADvance Controller) T9110 Processor Module The T9110 processor module is the central processing unit of an AADvance controller.
If a controller uses two or three processor modules, and one processor module develops a fault, plant maintenance personnel can fit a new processor module while the controller is on-line. The new processor module automatically carries out selfeducation and synchronizes with the other processors. Fault detection and fail-over in redundant processor configurations is automatic and has no impact on controller operation.
Solutions Handbook (AADvance Controller) Processor Module Specification Table 21: Processor Module Specification Attribute Value Functional Characteristics Degradation 1oo1D, 1oo2D and 2oo3D Processor clock 400MHz Memory Boot flash 512kB SRAM 512kB Bulk flash 64MB SDRAM 32MB Sequence of events (for internal variables) Event resolution 1ms Time-stamp accuracy Application Scan Performance Characteristics Safety Integrity Level (SIL) 1 processor: non-safety applications up to SIL1 and S
T9100 Processor Base Unit Every AADvance controller has one T9100 processor base unit. A processor base unit supports one, two or three modules depending on the architecture chosen for the application.
Solutions Handbook (AADvance Controller) The processor base unit provides the electrical connections between the T9110 processor modules, and the rest of the controller modules and has the following connections: Command and response bus connections for up to 48 I/O modules Inter-processor links Two Ethernet 100 BaseT connectors per processor Two serial data connections per processor Dual +24v System power Ground stud Program enable key The processor base unit holds the IP address of each proc
T9100 Base Unit Specification Table 22: T9100 Processor Base Unit Specification Attribute Value Electrical Specification Supply voltage requirements Redundant + 24V dc nominal; 18V dc to 32V dc range Number of processor modules supported 1, 2 or 3 Number of I/O base units supported 16: 8 per I/O bus E1-1, E1-2; E2-1, E2-2; E3-1, E3-2 Connectors for Ethernet Ports 1 & 2 for Processor A, B and C S1-1, S1-2; S2-1,S2-2; S3-1, S3-2 Connectors for Serial Ports 1 & 2 for Processor A, B and C PWR-1, P
Solutions Handbook (AADvance Controller) T9300 I/O Base Unit (3 way) The AADvance controller has T9300 I/O base units for the I/O modules. An I/O base unit supports up to three I/O modules (of any type), and their associated termination assemblies. It contains a passive backplane that provides the electrical connections between the I/O modules and the T9100 processor base unit; i.e. the command and response buses and the system power.
The bus and power connections from the processor base unit enter the backplane at the left connector and are routed direct to the module connectors. The backplane provides a connector at the right for the next I/O backplane. The connection to the left of the backplane can connect to a processor base unit or another I/O base unit. Adjacent base units clip together and are held in position by a plastic retaining clip.
Solutions Handbook (AADvance Controller) T9310 Expansion Cable Assembly The T9310 expansion cable assembly connects a T9300 I/O base unit to another I/O base unit or to the T9100 processor base unit. The assembly consists of a cable, terminated by multi-way plugs, and a pair of adaptors. One end has a cable socket assembly and the other end a cable plug assembly that connects to the right-hand bus connector of an I/O base unit or to IO Bus2 (the left hand connector) of a processor base unit.
T9310 Extension Cable Specification Table 24: T9310 Extension Cable Specification Attribute Value Electrical Specification Carries the following Signals: Command Bus I/O Response Bus x 24 Backplane 0V Return Redundant System +24V DC_1 & 2 power supplies Mechanical Specification Length 2m (78.
Solutions Handbook (AADvance Controller) T9401/2 Digital Input Module, 24V dc, 8/16 channel The T9401/2 digital input module monitors eight (T9401) or sixteen (T9402) isolated digital input channels and measures input voltages in the range 0V to 32V dc. Each channel provides both digital state and voltage data to the processor module for field device state, line monitoring and field fault detection. Input modules provide module and individual channel status indications through the front panel LEDs.
T9401/2 Digital Input Module Specification Table 25: T9401/2 Digital Input Module Specification Attribute Value Functional Characteristics Input Channels T9401: 8 T9402: 16 Performance Characteristics Safety integrity level IEC 61508 SIL3 * Safety level degradation 1oo1D, 1oo2D,2oo3D Safety accuracy limit 1V Self test interval < 1 hour; system dependent Sample update interval (no filter) 6ms Sequence of events Event resolution Time-stamp accuracy 1ms 10ms Electrical Characteristics Module
Solutions Handbook (AADvance Controller) T9801/2/3 Termination Assemblies for Digital Inputs There are three termination assemblies for use with digital input modules that provide simplex, dual and triple modular redundant configurations. A T9801 termination assembly is for a simplex application and provides terminations for 16 non-isolated digital inputs; it has connections for one T9401 or T9402 digital input module.
T9801/2/3 Digital Input Termination Assembly Specification Table 26: T9801/2/3 Digital Input TA Specification Attribute Value Functional Characteristics Field Connections 16 Input modules supported T9801 One T9401/2 T9802 Two T9401/2 T9803 Three T9401/2 Electrical Characteristics Input channel fuses 50mA, 125V, Type T Channel load 5.125k ± 0.2% Measurement voltage resolution 5mV, 13 bit Channel isolation T9801 T9802, T9803: None ± 1.
Solutions Handbook (AADvance Controller) T9431/2 Analogue Input Module, 8/16 Channel The T9431/2 analogue input module monitors eight (T9431) or sixteen (T9432) isolated analogue input channels and measures input current in the range 0mA to 24mA. Each channel provides digital state and analogue data to the processor for process monitoring, line monitoring and field fault detection.
T9431/2 Analogue Input Module Specification Table 27: Analogue Input Module Specification Attribute Value Functional Characteristics Input channels: T9431: 8 T9432: 16 Degradation 1oo1D, 1oo2D and 2oo3D Performance Characteristics Safety integrity level IEC 61508 SIL3 * Safety level degradation 1oo1D, 1oo2D and 2oo3D Safety accuracy limit 200µA Self test interval < 1 hour system dependent Sample update interval (no filter) 6ms Value of least significant bit 0.
Solutions Handbook (AADvance Controller) Weight T9431: 280g (10 oz.) T9432: 340g (12 oz.) Casing Plastic, non-flammable * SIL3 is the maximum achievable for a single channel. Selected CPU, input and output voting configurations may increase or decrease the actual SIL achieved. Refer to the Safety Manual for further details.
T9831/2/3 Analogue Input Termination Assembly Specification Table 28: Analogue Input Termination Assembly Attribute Value Functional Characteristics Field connections 16 Number of input modules supported T9831 One T9832 Two T9833 Three Electrical Characteristics Input channel fuses 50mA per channel Channel load 135 ± 2 Channel isolation: T9831 None T9832/T9833 ± 1.5kV dc Maximum withstanding for 1 minute Maximum field loop power dissipation 0.08W per field loop (0.
Solutions Handbook (AADvance Controller) T9451 Digital Output Module, 24V dc, 8 channel The T9451 digital output module interfaces up to eight final elements and can switch 1A at 32V dc for each device. It features voltage and load current monitoring on each channel, reverse current protection and short and open circuit line monitoring. It is designed to always be able to switch off an output when demanded. No single failure within the module can cause a stuck-on failure.
T9451 Digital Output Module Specification Table 29: Digital Output Module Specification Attribute Value Functional Characteristics Output channels 8 Performance Characteristics Safety integrity level IEC 61508 SIL3 * Safety level degradation 1oo1D, 1oo2D Self-test interval <30 mins (30s per module) Electrical Characteristics Module supply voltage: Voltage Redundant +24V dc nominal; 18V dc to 32V dc range Module supply power dissipation 3.0W (10.
Solutions Handbook (AADvance Controller) * SIL3 is the maximum achievable for a single channel. Selected CPU, input and output voting configurations may increase or decrease the actual SIL achieved. Refer to the Safety Manual for further details. T9851/2 Termination Assemblies for Digital Outputs There are two termination assemblies for use with digital output modules - for simplex and dual applications.
T9851/2 Digital Output Termination Assembly Specifications Table 30: Digital Output Termination Assembly Specification Attribute Value Functional Characteristics Field connections 8 Modules supported T9851 : One T9852 : two Electrical Characteristics Dual field supply voltage +24Vdc Field supply fuses 10A for each field supply Mechanical Specification Dimensions (height x width) T9851 132mm × 42mm (5-¼ in. × 1-21/32 in.) T9852 132mm × 84mm (5-¼ in. × 3-5/16 in.
Solutions Handbook (AADvance Controller) T9481/2 Analogue Output Module The T9481 and 9482 analogue output modules are compact and versatile modules that provide 4 – 20mA output current for field devices. Each channel is a current sink device and in simplex mode a channel drops the full demanded current. In dual module operation each channel drops half the output current. The module features voltage and load current channel monitoring, reverse current protection and short and open circuit line monitoring.
T9481/2 Analogue Output Module Specification Table 31: Analogue Output Module Specification Attribute Value Functional Characteristics Output channels T9481: 3 T9482: 8 Performance Characteristics Safety integrity level awaiting approval Safety level degradation 1oo1D, 1oo2D Safety accuracy 200A Self-test interval < 1 hour, system dependent Value of Least significant bit (control) 0.98A Value of least significant bit (monitor) 3.9A Error at 25°C ± 2°C After 1 year at 40°C 0.
Solutions Handbook (AADvance Controller) Maximum range 0 - 750limited by compliance voltage Typical 250 Maximum field loop power dissipation 0.77W per field loop (2.63BTU/hr) Mechanical Specification Dimensions (height × width × depth) 166mm × 42mm × 118mm (6-½ in. × 1-21/32 in. × 4-21/32 in.) Weight 290g (10.5oz.
T9881/2 Analogue Output Termination Assembly Specification Table 32: Analogue Output Module Termination Assembly Specification Attribute Value Functional Characteristics Field connections 8 Modules supported T9881: One T9882: Two Electrical Characteristics Channel isolation ± 1.5kV dc maximum withstand for 1 minute Mechanical Specification Dimensions (height x width) T9881 132mm × 42mm (5-¼ in. × 1-21/32 in.) T9882 132mm × 84mm (5-¼ in. × 3-5/16 in.
Solutions Handbook (AADvance Controller) This page intentionally left blank 7-28 Document: 553631 (ICSTT-RM447J_EN_P) Issue: 09:
Chapter 8 Application (Resource) Development The AADvance Workbench environment facilitates the task of automation throughout the life-cycle of your system, from system design to commissioning and the day to day operation and maintenance. For application (resource) development the AADvance Workbench provides powerful and intuitive features and functionality to enhance ease of use. This chapter introduces the AADvance Workbench and describes basic software features.
Solutions Handbook (AADvance Controller) Support for Variable Types For each controller, you can declare variables using all types defined in IEC 61131-3, including boolean, 16-bit integer (signed and unsigned) and 32-bit real. Controllerspecific types include structures to hold multiple variables for each I/O application. Variables are easily imported from external databases if required. Variables are defined in a data dictionary.
Aids to Software Development The development environment automatically verifies the syntax of the source code entered in each of its supported languages. It performs checks at each stage of development, correcting or prompting the user with the correct use of the language. There is also extensive on-line help, which includes a cross-referenced explanation of the IEC 61131-3 standard.
Solutions Handbook (AADvance Controller) DIN Rails Fitting You can install the AADvance controller onto a pair of parallel DIN rails. The DIN rails must be TS35 rail, which is 35mm × 7.5mm standard symmetric rail. Alternatively, you can install the controller onto a flat panel. The fixing dimensions are given below for both methods. A typical DIN rail arrangement is shown below: An application using DIN rails must provide the DIN rail free space to the left to fit an end stop on the upper DIN rail.
Chapter 9 System Build The AADvance controller is supplied as 'open' type equipment, ready for installation on a wall or panel or within a cabinet. This chapter provides an overview of some features of a system build to demonstrate the ease and simplicity of the process; refer to the AADvance System Build Manual for more detailed information about constructing a system. In This Chapter Free Space Around the Controller ................................................................
Solutions Handbook (AADvance Controller) CAUTION HEAT DISSIPATION AND ENCLOSURE POSITION System and field power consumption by modules and termination assemblies is dissipated as heat. You should consider this heat dissipation on the design and positioning of your enclosure; e.g. enclosures exposed to continuous sunlight will have a higher internal temperature that could affect the operating temperature of the modules.
Base Units, DIN Rail installations and Expansion Cables Base units fit together side by side. One I/O base unit can be fitted directly onto the right hand edge of the processor base unit. The second and subsequent base units connect directly to the right of this first I/O base unit. If required, termination assemblies can bridge adjacent I/O base units to save space.
Solutions Handbook (AADvance Controller) Power Supply Requirements A controller requires the following power supply sources: A dual redundant power supply of + 24V dc with an operating range of 18V dc to 32V dc. Note: An AADvance controller is designed to accept supply transient and interference according to IEC 61131 part 2.n An over current fault in the controller must not result in the whole system losing power.
Document: 553631 (ICSTT-RM447J_EN_P) Issue: 09: 9-5
Chapter 10 Parts List Bases Part No. Part Description T9100 Processor base unit T9300 I/O base unit (3 way) Modules Part No.
Solutions Handbook (AADvance Controller) T9831 Analogue input TA, 16 channel, simplex, commoned T9832 Analogue input TA, 16 channel, dual T9833 Analogue input TA, 16 channel, TMR T9851 Digital output TA, 24Vdc, 8 channel, simplex, commoned T9852 Digital output TA, 24Vdc, 8 channel, dual T9881 Analogue output TA, 8 channel, simplex commoned T9882 Analogue output TA, 8 channel, dual T9844 Frequency Input Module TA, Simplex, Active (not yet released) T9845 Frequency Input Module TA, Dual, Act
T9903 Replacement coding pegs (pack of 20) T9904 Replacement backplane clips (pack of 20) T9905 Replacement processor 3V lithium cell (pack of 20) *see notes T9906 Replacement program enable key T9907 Installation tool kit T9908 Fuse Extractor Tool Software Part No. Part Description T9082U IEC 61131 Workbench, USB key, single user, single controller T9082D IEC 61131 Workbench, hard disk key, single user, single controller Part No.
Solutions Handbook (AADvance Controller) T9902: SMF Omni-Block, Surface Mount Fuse Block 154 010, with a 10A, 125V Fast Acting Fuse, Littlefuse. T9905: Poly-carbonmonofluride Lithium Coin Battery, BR3032, 20mm dia; Nominal voltage 3V; Nominal capacity (mAh) 190; Continuous standard load (mA) 0.
Glossary of Terms Glossary of Terms A asynchronous accuracy A data communications term describing a serial transmission protocol. A start signal is sent before each byte or character and a stop signal is sent after each byte or character. An example is ASCII over RS232-C. See also 'RS-232-C, RS-422, RS-485'. The degree of conformity of a measure to a standard or a true value. See also 'resolution'. achievable safe state A safe state that is achievable. Note: Sometimes, a safe state cannot be achieved.
Solutions Handbook (AADvance Controller) blanking cover C A plastic moulding to hide an unused slot in an AADvance base unit. CIP boolean A type of variable that can accept only the values 'true' and 'false'. BPCS Basic process control system. A system which responds to input signals and generates output signals causing a process and associated equipment to operate in a desired manner, but which does not perform any safety instrumented functions with a claimed safety integrity level of 1 or higher.
Glossary of Terms consumer dictionary The consuming controller requests the tag from the producing controller. The set of internal input and output variables and defined words used in a program. contact A graphical component of a Ladder Diagram program, which represents the status of an input variable. discrepancy A condition that exists if one or more of the elements disagree. continuous mode DITA See high demand mode. Digital input termination assembly.
Solutions Handbook (AADvance Controller) fault reset button function block diagram The momentary action push switch located on the front panel of the 9110 processor module. An IEC 61131 language that describes a function between input variables and output variables. Input and output variables are connected to blocks by connection lines. See 'limited variability language'.
Glossary of Terms hot swap instruction list See live insertion. An IEC 61131 language, similar to the simple textual language of PLCs. See 'limited variability language'. I I/O base unit A backplane assembly which holds up to three I/O modules and their associated termination assembly or assemblies in an AADvance controller. Part number 9300. See 'I/O module' and 'termination assembly'.
Solutions Handbook (AADvance Controller) M OPC manual call point A series of standards specifications which support open connectivity in industrial automation. A component of a fire detection and fire alarm system which is used for the manual initiation of an alarm. Modbus An industry standard communications protocol developed by Modicon. Used to communicate with external devices such as distributed control systems or operator interfaces.
Glossary of Terms processor module RS-232-C, RS-422, RS-485 The application execution engine of the AADvance controller, housed in a selfcontained and standardized physical form factor. Standard interfaces introduced by the Electronic Industries Alliance covering the electrical connection between data communication equipment. RS-232-C is the most commonly used interface; RS-422 and RS-485 allow for higher transmission rates over increased distances.
Solutions Handbook (AADvance Controller) SFF synchronous Safe Failure Fraction. Given by (the sum of the rate of safe failures plus the rate of detected dangerous failures) divided by (the sum of the rate of safe failures plus the rate of detected and undetected dangerous failures). A data communications term describing a serial transmission protocol. A pre-arranged number of bits are expected to be sent across a line per second.
Glossary of Terms U U Rack unit. A unit of measure used to describe the height of equipment intended for mounting in a standard rack. Equivalent to 44.45mm (1-¾ inches). V validation In quality assurance, confirmation that the product does what the user requires. verification In quality assurance, confirmation that the product conforms to the specifications. voting system A redundant system (m out of n) which requires at least m of the n channels to be in agreement before the system can take action.
Additional Resources For more information about the AADvance system refer to the associated Rockwell Automation technical manuals shown in this document map. Publication Purpose and Scope 553630 Safety Manual This technical manual defines how to safely apply AADvance controllers for a Safety Instrumented Function. It sets out standards (which are mandatory) and makes recommendations to ensure that installations meet their required safety integrity level.
Solutions Handbook (AADvance Controller) 553847 PFH avg and PFDavg Data This document contains the PFHavg and PFDavg Data for the AADvance Controller. It includes examples on how to calculate the final figures for different controller configurations. The data supports the recommendations in the AADvance Safety Manual Doc No: 553630. Regional Offices Rockwell Automation Oil and Gas Resources are available in Regional Offices worldwide.
