Automation built for resiliency

Digital systems are wonderful when they are working, which is most of the time. However, many people have experienced the need to reboot or repair a mobile device, a PC, or something more important when digital controls stopped functioning. Sometimes these problems are a minor nuisance or cause minimal productivity loss, but for critical systems such failures have far greater consequences.

Industrial automation systems are built to churn out product, minimize waste, protect equipment, and keep workers safe—and must do so for long periods of time with minimal attention. One definition of resiliency is the ability to adjust or recover to change or adversity. Most would agree automation system resiliency is desirable, but how is this best accomplished and at what cost?

Because automation systems are built from unique but interrelated sensors, wiring, power distribution, controllers, networks, software, and much more, the best-fit resiliency solution for any application involves many considerations and tradeoffs.

Knowing about practical automation products and practices can help designers find the right balance among resiliency, cost, and complexity.

Products, practices help with electrical, instrumentation and controls designs

Many industries group the electrical, instrumentation, and controls (EIC) design disciplines because they are closely related. Electrical involves power distribution and wiring systems. Instrumentation refers to the sensors used for condition monitoring. Controls include the hardware and programming needed for an automation system to act on physical equipment, and extends to the networking of programmable logic controllers (PLCs), human-machine interfaces (HMIs), and other components commonly used for industrial automation.

Intelligent EIC design is necessary for reliable and resilient automation of industrial equipment and processes, and it spans many aspects of each project. EIC product selections should consider:

• Picking products designed to survive the target environment, which may experience extremes of temperature, moisture, contaminants, electrical noise, and other hazards.
• Ensuring product suppliers maintain a strong focus on testing devices under adverse conditions.
• Looking for relevant industry certifications such as Underwriters Laboratories (UL) or American Bureau of Shipping (ABS).
• Choosing devices with attributes or design features enabling them to excel under problematic conditions.

Margin of reliability for automation designs

Designers often determine worst-case operating environments which a device would encounter. However, choosing devices which have been tested by suppliers to survive over and above the expected operating condition extremes provides an extra margin of reliability (Figure 1).

Depending on the device type, operating characteristics like voltage, and the application where it will be used, there are many rating agencies that provide third-party certifications or standards. Choosing a device with a UL rating for industrial automation use, or an ABS rating for shipboard use, provides additional assurance of dependability.

Designers can also select devices that offer additional built-in protections against the specific challenges faced in industrial environments, a major one being electrical noise. Standard single-ended PLC input/output (I/O) modules use the simplest and least expensive signaling method but may not operate as expected when there are nearby devices like welders, transformers, generators, and variable frequency motor drives creating large amounts of electrical noise. By choosing modules offering differential I/O, signal accuracy is safeguarded by cancelling out any electrical noise induced on the line in these high EMI environments (Figure 2).

Reliable products can only deliver robust automation systems when they are implemented using good practices. Even for general automation, designers should follow codes like the National Electrical Code (NEC), along with standards such as ANSI and ISA, to ensure minimum requirements are met.

Individual design practices applied piecewise to specific areas may not provide the best overall reliability. Codes, standards, and specifications are often based on the minimums required to meet basic safety and performance needs. Designers must approach resiliency at both the micro and the macro level.

Automation reliability, redundancy, resiliency

Resilient systems are designed and built using reliable products, and in some cases by applying redundant configurations. There is no point attempting to create a resilient system from unreliable parts. And even when devices offer the necessary reliability, there are design, redundancy, and installation practices which can improve system resiliency.

Redundancy, which is the duplication of system elements to increase dependability, can be a key strategy, implemented in varying degrees for each part of an EIC system. However, redundancy adds cost, devices and implementation effort, and it may not be practical for smaller systems.

Electrical redundancy

For the most critical systems, power can be supplied by primary and secondary circuits, with or without automatic switchover in case one circuit fails. Dual circuits also improve the ability of personnel to service the power feeds.

Many automation systems incorporate an uninterruptable power supply (UPS) in key locations such as control panels. A UPS can provide ac or dc power to downstream equipment if the upstream power supply fails. Also, a UPS provides a degree of power quality filtering for downstream devices and can signal the control system if there is a problem so users can respond. AC surge protection, particularly for power and instrumentation conductors, protects expensive electronic devices from utility power surges or lightning events.

Devices, cables, and connectors must be installed in enclosures and raceways to provide mechanical protection, vibration resistance, and even electromagnetic interference (EMI) and radio frequency (RF) shielding in certain cases. EMI and RF are particularly problematic for low voltage digital communication and signaling wire and cable, so those circuits must be designed and installed to provide distance from noise-generating power circuits. Fiberglass enclosures can protect devices from the elements, but a grounded ferrous steel enclosure provides additional EMI/RF protection for those devices.

Instrumentation redundancy

At critical measurement locations, two instruments can be installed for redundancy. Sometimes the instruments are identical, but it is even better to install different technologies. Two-out-of-three configurations provide an even greater measurement reliability. For instance, an important tank level can be gauged with a primary ultrasonic transmitter and a secondary submersible transmitter, with additional protection provided by high and low float switches.

Controls and networking redundancy

Industrial PLCs are extremely reliable and some platforms offer processor redundancy as well. For many medium and small systems, the expense and complexity of redundant PLCs is not warranted.

Instead, it can be more productive to focus on industrial networks as these are more susceptible to failure because they extend outside of protected control cabinets, sometimes for extended distances, and often in challenging plant environments. With the right devices, it is possible to design networks in a self-healing ring configuration. The ring is installed in a path through the equipment or facility, and it can withstand a single point of failure and notify operators if there is a problem. This allows resolution of the issue before a second failure occurs, which could render the entire network inoperable.

While wireless networking may not be considered more reliable than wired solutions, Wi-Fi can improve reliability when used as an alternate network connection, enabling users with mobile devices to access equipment without opening control panels or making physical connections.

HMI redundancy

HMIs located in the field or control room can usually achieve a form of redundancy by having two or more units operating in parallel. A more appealing method, made possible by the newest generation of HMIs, is installing one or two hardware HMIs as part of the automation system, but then accessing these using remote access methods and mobile devices.

In fact, the local HMI can be “headless,” which means it is installed within a protected control panel and not connected to a physical display. Instead of installing the display in a challenging outdoor or hazardous location, users can access the headless HMI with a mobile device (Figure 3).

Other considerations for automation resilience: Actuators, programming

A holistic strategy for automation resilience considers many other factors. Good physical designs and software work together with other EIC improvements to provide overall system resiliency.

Field hardware and actuators, such as motors and cylinders used to provide motion, must move with the proper speed, force, and precision and should use be used with safeguards to ensure they remain reliable. For example, proper cylinder cushioning is one way to protect machines and cylinders from end-of-stroke impact damage and excessive vibration. Preventive maintenance and monitoring efforts, whether changing the oil in a gearbox, updating PLC firmware, or monitoring equipment and control panels for high temperatures also make for improved resiliency.

Other aspects of resiliency are often determined by programming methods. User interfaces, especially HMIs, must be configured for easy and intuitive use by operators, providing clear indications and alarms so they can respond quickly and correct problems in a timely manner. Some resilient PLC programming practices are simple, such as saving operating setpoint values so they are preserved when a machine undergoes a power cycle. Other concepts are more elaborate, such as developing logic to identify operating problems, and then either adapting to these issues automatically or notifying users.

Resiliency spectrum for industrial automation

The right solution to industrial automation resiliency is different for each application, but the strategy for selecting products and the design methodology is the same. Today’s designers have a wide range of devices and technologies to choose from as they create the right balance for each project.

The smallest and most economical projects can simply rely on solid products, installed properly following good basic practices. As equipment and systems grow in size, complexity, and criticality, there is greater opportunity to invest in more advanced electrical, instrumentation, and controls products and design practices to provide greater levels of system resiliency. Redundancy at these levels is a primary way to achieve improved resiliency. In particular, the technology for delivering redundant networking and HMIs has improved in recent years and can deliver improved resiliency at a low cost.

Bill Dehner is technical marketing engineer, AutomationDirect. Edited by Mark T. Hoske, content manager, Control Engineering, CFE Media and Technology, mhoske@cfemedia.com.

KEYWORDS: Automation resiliency, electrical resiliency, redundant design

CONSIDER THIS 

Should your next automation design build in more resiliency?

Do you have experience and expertise with the topics mentioned in this content? You should consider contributing to our CFE Media editorial team and getting the recognition you and your company deserve. Click here to start this process.