Economics of Fault-Tolerant Fieldbus Wiring

It's ironic: Network cables in a safe and well-managed control room environment are almost always made redundant, whereas field cables exposed to the harsh and sometimes corrosive environment of a modern industrial plant have to fend for themselves. Of course, if those field cables carry simple point-to-point communications such as 4-20 mA, then redundancy isn't really a concern in general, and...

By Mike O'Neill, MooreHawke November 1, 2008

It’s ironic: Network cables in a safe and well-managed control room environment are almost always made redundant, whereas field cables exposed to the harsh and sometimes corrosive environment of a modern industrial plant have to fend for themselves. Of course, if those field cables carry simple point-to-point communications such as 4-20 mA, then redundancy isn’t really a concern in general, and specific devices can be duplicated as required. However, now that the lowest fieldbus physical layer carries data from up to 32 devices, the vulnerability of that cable can constitute a reliability issue, particularly if those devices are safety-related or process-critical. Conventional Foundation Fieldbus (FF) segment design does not lend itself to any version of fault-

Duplex wiring is typically the “conventional” approach but does not offer nearly the protection of fault-tolerant wiring. Data on cable failures in industrial environments used for MTBF calculations comes from “Reliability, Maintainability and Risk” 7th Edition, Dr. David J. Smith

tolerance except through complete and wholesale duplication. In a fieldbus context, that duplication brings with it special software requirements to implement one-out-of-two and two-out-of-three voting schemes and special measures required for safe maintenance, device replacement, etc.

In late 2007, MooreHawke Fieldbus released a new fault-tolerant segment design that permits a far higher segment MTBF (mean time between failure) than conventional designs without any special software in the DCS and for only the additional cost of an extra trunk cable. Working with a major DCS provider and a large oil & gas end user, this package was installed on a set of platforms in the South China Sea simply to mitigate the huge financial risk associated with loss of control. The question is, does this increase in availability really make a significant difference to the economics of a general fieldbus installation?

The answer is not a simple yes or no, because a fault-tolerant system allows a user to make permutations that match the desire for high plant availability against budget restrictions for the systems hardware. These available permutations (simplex vs. duplex vs. fault-tolerant) were simply not possible in previous fieldbus physical layer products.

A hypothetical example

Let’s base an analysis on a hypothetical plant with 120 segments, or about 1440 fieldbus instruments, such as flow transmitters, valve controllers, etc. We should divide these into groups based on how many segments are related to control of the plant, and how many are simple monitoring. Let’s say that 80 segments are monitoring-only and 40 segments have control. Of the 40 control segments, let’s say that 12 segments have loops which are process-critical — failure in any of those segments would cause immediate plant shut-down or scrap product.

Total segments 120
Monitoring only 80
Control related 28
Critical control 12

Let’s assume the following prices for fieldbus equipment. (Current MooreHawke prices are quoted, but these are comparable with similar systems from other suppliers.)

$390 Power Conditioner
$240 Carrier, 4-segment, simplex
$320 Carrier, 4-segment, duplex
$280 Carrier, 4-segment, fault-tolerant
$450 Diagnostics module, standard
$350 TrunkGuard coupler, 12-spur
$700 TrunkSafe coupler, 12-spur
$500 Trunk cable

We can now start to compare costs between the conventional design and the new approach.

30x $320 Carriers, 4-segment, duplex (1 per 4 segments)
240x $390 Power conditioners (2 per segment)
30x $450 Diagnostics module, standard (1 per 4 segments)
120x $350 TrunkGuard coupler, 12-spur (1 per segment)
120x $500 Trunk cable (1 per segment)
Total (conventional) $218,700

This approach for 120 segments uses 240 power conditioners (see graphic) with two on each segment following a common practice. While this is reasonable for some segments, it can be considered overkill for those that are performing only non-critical monitoring functions, particularly given the cost of each unit. At the same time, it does not offer the same level of availability for critical control loops as the fault-tolerant approach. The new thinking is, use duplex power conditioners only where they are truly necessary.

New optimized approach

The new approach optimizes hardware application in a way that uses duplication and fault-tolerant capabilities where they are most needed, which can reduce the overall cost of hardware depending on process requirements.

20x $240 Carrier, 4-segment, simplex (1 per 4 segments)
80x $390 Power conditioner (1 per segment)
20x $450 Diagnostics module, standard (1 per 4 segments)
80x $350 TrunkGuard coupler, 12-spur (1 per segment)
80x $500 Trunk cable (1 per segment)
28 conventional (duplex) segments:
7x $320 Carrier, 4-segment, duplex (1 per 4 segments)
56x $390 Power conditioner (2 per segment)
7x $450 Diagnostics module, standard (1 per 4 segments)
28x $350 TrunkGuard coupler, 12-spur (1 per segment)
28x $500 Trunk cable (1 per segment)
12 fault-tolerant segments:
6x $280 Carrier, 4-segment, fault-tolerant (2 per 4 segments)
24x $390 Power conditioner (2 per segment)
6x $450 Diagnostics module, standard (2 per 4 segments)
12x $700 TrunkSafe coupler, 12-spur (1 per segment)
24x $500 Trunk cable (2 per segment)
Total (new approach) $198,170

The conventional approach for 120 segments takes 240 power conditioners. The new approach allows savings for the 80 monitoring-only (simplex) segments as these have only one power conditioner. (Of course, the conventional system could also fit single power conditioners, but since they have duplex carriers, two power conditioners are frequently fitted as a matter of routine.)

Simplex wiring is adequate for non-critical monitoring segments. It eliminates the second power conditioner, but doesn’t reduce MTBF all that drastically.

The duplex segments have dual power conditioners, and the fault-tolerant segments also have two power conditioners but they are physically separated onto different carriers and connected to the field through two cables. In total, the new approach has 160 power conditioners rather than 240.

The net result is that this new approach leads to somewhat lower costs, even when allowing for the additional trunk cable used in the fault-tolerant segment layouts. The savings may be greater still. Many end-user specifications restrict process-critical segments (commonly defined as “level 1 criticality”) to having just one valve and one transmitter in that segment. It seems ridiculous to install a fieldbus segment with just two devices, but in the conventional single-trunk configuration, that is deemed necessary to minimize the risk of accidental plant shutdown

Adding fault-tolerant wiring is more expensive, but the increase in availability is huge. When used for process-critical segments, the cost justification is clear.

Failure analysis

Since we are comparing a conventional fieldbus physical layer with a fault-tolerant physical layer, we can effectively ignore all other sources of plant stoppage (blocked lines, primary power outage, pump seal failure, etc.) in this analysis. We are concerned only with the cost incurred if a fieldbus power conditioner or segment cable fails.

Let’s assume that a spurious trip in a plant of this size costs $250,000. The spurious trip rate of a standard fieldbus system is estimated as once every 5 years, and the spurious trip rate resulting from a failure in the fault-tolerant fieldbus system is estimated once every 25 years (we can demonstrate that the fault-tolerant design generates a 10-fold improvement in segment MTBF, so assuming only a five-fold improvement is conservative).

The annual cost of spurious trips for the conventional plant is $250,000 / 5 years = $50,000 / year. The annual cost for a fault-tolerant plant is $250,000 / 25 years = $10,000 / year. The potential benefit is therefore $40,000 / year.

Another analysis concerns the cost benefit over the investment lifecycle of any plant, which modern technology has reduced to something like 10 years. In this case, the fault-tolerant system represents a CAPEX saving ($218,700 – 198,170 = $20,530) which generates $33,441 at, say, 5% for 10 years.

CAPEX return: $33,441 (savings in capital expense)
OPEX return: $400,000 (savings in spurious trips)
Total: $433,441 (additional “free” income over 10 years)

This is, of course, a very simplified argument. I am no accountant, so all the assumptions should be re-interpreted by your financial and operations managers. For example, there is no break-out of system design time, maintenance, repairs, spare parts, etc. However, the fault-tolerant system discussed here does not demand any specialized attention over the standard system, nor does it require any additional design and service costs. No special software is required, and the same power conditioner is used throughout.

The only difference is that the fault-tolerant segments should be tested once a year, typically by unplugging one of the power conditioners or its cable, to demonstrate that the segment and associated process continues to operate even with one failure. This testing helps justify the low probability of failure on demand claimed for the fault-tolerant segments.

It seems very clear that this new approach to segment design does not necessarily increase costs over a conventional design. On the contrary, when the concept is properly applied, it actually costs less. The resulting improvement in real plant availability creates still greater benefit for the plant operator, and the positive cash flow generated is both dramatic and undisputable. Prospective fieldbus users now have further evidence that Foundation Fieldbus technology can be an advantage for their plant and their management, and the uptake rate may increase further, across the landscape of industrial networking & process control.

Author Information
Mike O’Neill is director, MooreHawke division of Moore Industries. Reach him at moneill@miinet.com .