Redundancy in the Control System of DESY’s Cryogenic Facility. M. Bieler, M. Clausen, J. Penning, B. Schoeneburg, DESY ARW 2013, Melbourne, 16.4.2013.

Slides:

Advertisements

Similar presentations

RTEMS and Linux at the Canadian Light Source Tony Wilson Canadian Light Source University of Saskatchewan.

Advertisements

Report of Liverpool HEP Computing during 2007 Executive Summary. Substantial and significant improvements in the local computing facilities during the.

NERC Lessons Learned Summary December NERC lessons learned published in December 2014 Three NERC lessons learned (LL) were published in December.

XFEL The European X-Ray Laser Project DESY/ XFEL An Overview EPICS Collaboration Meeting San Francisco, October 5th, 2013 Matthias Clausen, DESY.

Dirk Zimoch, EPICS Collaboration Meeting, Vancouver 2009 PSI-XFEL Challenges and Developments.

BEPCII Cryogenic Control Gang Li IHEP, Beijing,China.

TE / CRG / Paulo Gomes The Control System for the LHC tunnel cryogenics, p. 1 CERN Portuguese Teachers Programme, 7 Sep 2011 Dr. Paulo Gomes on behalf.

Presents The Silver Family An Integrated Approach to Processors, Data Communication and Head End Integration.

Accelerator control at iThemba LABS. Some background No formal reliability procedures Cost considerations SSC operational 24/7 Shutdown total of 2 months/year.

9-12 Oct 2000PCaPAC 2000, DESY Hamburg Epics to TINE translator Matthias Clausen, DESY Hamburg Phil Duval, DESY Hamburg Zoltan Kakucs, DESY Hamburg.

16 - Nov. 2000EPICS Workshop Oak Ridge1 Epics to TINE translator Matthias Clausen, DESY Hamburg Phil Duval, DESY Hamburg Zoltan Kakucs, DESY Hamburg.

Matthias Clausen DESY, Hamburg, Germany Cryogenic Controls for the European XFEL.

Notes: For the installation of a PB network, you can use shielded twisted pair copper cable, glass or plastic FO and infrared components. And you can mix.

EPICS on TPS RF System Yu-Hang Lin Radio Frequency Group NSRRC.

DCS LEB Workshop ‘98, Rome, Detector Control System, H.J.Burckhart,1 Detector Control System H.J Burckhart, CERN u Motivation and Scope u Detector and.

Single Board Computers and Industrial PC Hardware at the CLS

Page 1 ADAM-6000 Web-enabled Smart I/O Γιάννης Στάβαρης Technical Manager Ιούνιος 26, 2007.

trends in distributed control systems

Superconducting Accelerating Cryo-Module Tests at DESY International Workshop on Linear Colliders 2010 (ECFA-CLIC-ILC Joint Meeting) Denis Kostin, MHF-SL,

Control Over WirelessHART Network S. Han, X. Zhu, Al Mok University of Texas at Austin M. Nixon, T. Blevins, D. Chen Emerson Process Management.

CV activities on LHC complex during the long shutdown Serge Deleval Thanks to M. Nonis, Y. Body, G. Peon, S. Moccia, M. Obrecht Chamonix 2011.

H. Herzog, 22th-26th September 2008 Cryogenics Operations 2008, CERN, Geneva, Switzerland 1 CRYOGENICS OPERATIONS 2008 Organized by CERN LARGE SCALE CRYOGENIC.

Progress Report on CGSE Control System Project Team of SJTU for AMS-02 Yang Yupu AMS JSC, Jan 8-12, 2007.

Experience of Developing BEPCII Control System Jijiu ZHAO IHEP, Beijing October 18, 2007.

1 Progress of the Controls for BEPCII EPICS Seminar Presented by J. Zhao 20 August, 2002.

IMPROUVEMENT OF COMPUTER NETWORKS SECURITY BY USING FAULT TOLERANT CLUSTERS Prof. S ERB AUREL Ph. D. Prof. PATRICIU VICTOR-VALERIU Ph. D. Military Technical.

Matthias Clausen, DESY CSS GSI Feb. 2009: Introduction XFEL The European X-Ray Laser Project X-Ray Free-Electron Laser 1 CSS – Control System.

ITER – Interlocks Luis Fernandez December 2014 Central Interlock System CIS v0.

Redundancy. 2. Redundancy 2 the need for redundancy EPICS is a great software, but lacks redundancy support which is essential for some highly critical.

Dec 8-10, 2004EPICS Collaboration Meeting – Tokai, Japan MicroIOC: A Simple Robust Platform for Integrating Devices Mark Pleško

ATCA based LLRF system design review DESY Control servers for ATCA based LLRF system Piotr Pucyk - DESY, Warsaw University of Technology Jaroslaw.

Jan Hatje, DESY CSS ITER March 2009: Technology and Interfaces XFEL The European X-Ray Laser Project X-Ray Free-Electron Laser 1 CSS – Control.

André Augustinus 17 June 2002 Technology Overview What is out there to fulfil our requirements? (with thanks to Tarek)

Redundant IOC with ATCA(HPI) support Utilizing modern hardware for better availability Artem Kazakov, KEK/SOKENDAI.

CLS Control System Progress Report Elder Matias Canadian Light Source University of Saskatchewan Saskatoon Saskatchewan.

FAIR Accelerator Controls Strategy

Control Group April 26, 2006 Progress of Control System Presented by C.H. Wang Control Group Accelerator Center of IHEP IMAC, April

LHC Cryogenics Control: INTEGRATION OF THE INDUSTRIAL CONTROLS (UNICOS) AND FRONT-END SOFTWARE ARCHITECTURE (FESA) APPLICATIONS Enrique BLANCO Controls.

March 2008EPICS Meeting in Shanghai1 KEKB Control System Status Mar Tatsuro NAKAMURA KEKB Control Group, KEK.

Experience Running Embedded EPICS on NI CompactRIO Eric Björklund Dolores Baros Scott Baily.

Clustering In A SAN For High Availability Steve Dalton, President and CEO Gadzoox Networks September 2002.

Eugenia Hatziangeli Beams Department Controls Group CERN, Accelerators and Technology Sector E.Hatziangeli - CERN-Greece Industry day, Athens 31st March.

Online Software 8-July-98 Commissioning Working Group DØ Workshop S. Fuess Objective: Define for you, the customers of the Online system, the products.

A configurable Interlock System for RF- Stations at XFEL M.Penno, T. Grevsmühl, H.Leich, A. Kretzschmann W.Köhler, B. Petrosyan, G.Trowitzsch, R.Wenndorff.

FLASH Free Electron Laser in Hamburg Status of the FLASH Free Electron Laser Control System Kay Rehlich DESY Content: Introduction Architecture Future.

Chiller control system Lukasz Zwalinski – PH/DT.

Experience of Developing BEPCII Control System Jijiu ZHAO IHEP, Beijing ICALEPCS2007 October 18, 2007.

NCSX CD-4/MIE block diagrams April 18, 2007 P. Sichta rev 0.

2013 China WPC PAC Product Update 2013 China WPC PAC Product Update Mars Huang 12 th July, th July, 2013.

The recent history and current state of the linac control system Tom Himel Dec 1,

EPICS EPICS Collaboration Meeting Argonne June 2006 IOC Redundancy: Redundancy Monitor Task EPICS Meeting - Redundancy Argonne, June 16, 2006 Matthias.

Matthias Clausen, Gongfa Liu, Bernd Schoeneburg (DESY), ICALEPCS, 2007 XFEL The European X-Ray Laser Project X-Ray Free-Electron Laser Redundant EPICS.

60kW Thermosiphon control system

CEA DSM Irfu SIS LDISC 18/04/2012 Paul Lotrus 1 Control Command Overview GBAR Collaboration Meeting Paul Lotrus CEA/DSM/Irfu/SIS.

The Control System for the LHC tunnel cryogenics Controlling Cool Accelerators Controle da Criogenia de Aceleradores de Partículas Dr. Paulo Gomes CERN.

ESS (vacuum) control system Daniel Piso Controls Division February 20, 2013.

FLASH Free Electron Laser in Hamburg Status of the FLASH Free Electron Laser Control System Kay Rehlich DESY Outline: Introduction Architecture Future.

Fermilab Control System Jim Patrick - AD/Controls MaRIE Meeting March 9, 2016.

CV works in the non- LHC accelerator complex during 2008 and plans for 2009 ATOP days 2009.

C. Kiesling, 11th B2GM PXD Session, KEK, March , Slow Control System for the PXD PXD Support Systems & Control UNICOS Standard PVSS User Interface.

Lecture 11. Switch Hardware Nowadays switches are very high performance computers with high hardware specifications Switches usually consist of a chassis.

ATCA based LLRF system design review DESY Control servers for ATCA based LLRF system Piotr Pucyk - DESY, Warsaw University of Technology Jaroslaw.

MicroTCA Development and Status

BaBar Transition: Computing/Monitoring

Presented by Li Gang Accelerator Control Group

ATF/ATF2 Control System

Accelerator Module Test Facility

EPICS: Experimental Physics and Industrial Control System

TS2 PSS Architecture, Concepts of Operations and Interfaces

Commissioning the European XFEL cryogenic system and best practice

Presentation transcript:

Redundancy in the Control System of DESY’s Cryogenic Facility. M. Bieler, M. Clausen, J. Penning, B. Schoeneburg, DESY ARW 2013, Melbourne,

M. Bieler | Redundancy in the Control System| April 16, 2013 | Page 2 Content > DESY’s Cryogenic Facility  Customers  Requirements  Control System > Control System Architecture  Technical Requirements  Redundancy  Selection Criteria  Selected Components > Operational Experience

M. Bieler | Redundancy in the Control System| April 16, 2013 | Page 3 DESY’s Cryogenic Facility > 3 independent sectors > 6.8 kW at 4.4 K > originally built in the 1980ties to serve the HERA proton ring

M. Bieler | Redundancy in the Control System| April 16, 2013 | Page 4 DESY’s Cryogenic Facility > Mayor upgrade for two of the three systems in 2010 to serve the European XFEL > 2.47 kW at 2 K > Cold compressors

M. Bieler | Redundancy in the Control System| April 16, 2013 | Page 5 DESY’s Cryogenic Facility FLASH-Coldbox Customers: > FLASH, a 1 GeV superconducting linac at 2 K > Accelerator Module Test Facility AMTF: 3 module test stands, 2 cavity test stands > Cryo Module Test Bed CMTB: 1 module test stand > Hall 3: 2 cavity test stands > XMTS: Magnet test stand XFEL-Coldbox(es) Customers: > European XFEL, a 1 km 17.5 GeV superconducting linac at 2 K  Operation 24/7, no shutdowns foreseen.

M. Bieler | Redundancy in the Control System| April 16, 2013 | Page 6 DESY’s Cryogenic Facility Requirements: > 24/7 Operation round the year > Changing cryogenic loads > High availability > Maintenance during full operation  Redundancy (where ever possible)!

M. Bieler | Redundancy in the Control System| April 16, 2013 | Page 7 DESY’s Cryogenic Facility Control system: > Process Control System based on EPICS  All control loops run in EPICS (no PLCs for process controls) > Operating system: VxWorks for all processes requiring real-time controls (any process with PID loops) > VME/ PC/ Compact PCI (for redundant systems) > All I/O on field-busses (CAN, Modbus, Profibus (for redundant systems)) > Ethernet (100Mb/ 1Gb) Cisco (redundant) > PC Operator consoles running Control System Studio (CSS)

M. Bieler | Redundancy in the Control System| April 16, 2013 | Page 8 Control System Architecture Technical Requirements: XFEL Cryogenic Plant: Main objective: Maintenance (permanent operation for more than one year)  Hardware maintenance  Software maintenance  Installing new system-/ application- Software XFEL Tunnel Installation: Main objective: Survive radiation damage (MTBR > 1 month)  … same like cryogenic plant  Seamless switch over of: Process Controller (IOC) Power supplies

M. Bieler | Redundancy in the Control System| April 16, 2013 | Page 9 T‘PTPT PLC IOC (redundant) FEC-IOC (redundant) Ethernet Field Bus Profibus (with ring topology) XFEL TunnelCryogenic Plant Router R-Link PT Field Bus Control Backbone Gateway Office Netw. 6 X 10 X Control System Architecture Outside Inside XFEL Tunnel

M. Bieler | Redundancy in the Control System| April 16, 2013 | Page 10 Power B Control System Architecture Redundancy: B A B A Power A Power B Power A Private Link Redundant network, redundant power, redundant IOCs

M. Bieler | Redundancy in the Control System| April 16, 2013 | Page 11 Control System Architecture Redundancy: > redundant sensors (temperature) > redundant front end processors > redundant power supplies > redundant network connections > well established failover procedures “Any redundant implementation must make the system more reliable than the non redundant one. Precaution must be taken especially for the detection of errors which shall initiate the failover. This operation should only be activated if there is no doubt that keeping the actual mastership will definitely cause more damage to the controlled system than an automatic failover.”

M. Bieler | Redundancy in the Control System| April 16, 2013 | Page 12 Control System Architecture > Key redundancy tasks on an IOC : Redundancy Monitor Task  Supervision of the tasks running on an IOC  Switching IOC’s in case of serious problems on one IOC Continuous Control Executive Task  Synchronizing the continuous control processing on two IOC’s  Permanent monitoring of all changes in record processing on an IOC > Core and main objective of any failover: > The resulting status of an IOC after a failover must be a more stable state than the status before the failover.  Diagnostic analysis programs must be activated to ensure this. Redundancy:

M. Bieler | Redundancy in the Control System| April 16, 2013 | Page 13 Control System Architecture Selected Components: > Operating system:  VxWorks > Process Control System:  EPICS > Processors:  no fans, no active cooling  low power CPUs (~ 10 W)  no hard discs > Network:  redundant layout of all network layers  seamless failover > Power:  redundant power supplies, low power  battery backup for power supplies (UPS)  diesel generator backup of mains line

M. Bieler | Redundancy in the Control System| April 16, 2013 | Page 14 Operational Experience Redundant front-end processors are in operation for 2 ½ years: > During the first year we still earned experience  Failover conditions What should trigger a failover?  Update communication over the redundant (private) link caused a lot of network traffic. The VxWorks network task crashed randomly. The traffic could be reduced and the update tasks run stable since then.  Identifying the ‘real’ state of the redundant partner –even without Ethernet communication- could be implemented by means of the connected field-bus. A failover should only occur when the redundant partner is in better conditions then the actual selected (active) processor. This can be ensured by the new – additional- measures.

M. Bieler | Redundancy in the Control System| April 16, 2013 | Page 15 Operational Experience II Redundant front-end processors are in operation for 2 ½ years: > Stable operations since 1 ½ years  About 6 failover during full operation of the cryogenic plant: The plant continued operations without interruption. Beware: All control loops are running in EPICS on the front-end controller  Primary cause of failover: Profibus communication (nodes were down)  Three front-end controllers are running in redundant mode

M. Bieler | Redundancy in the Control System| April 16, 2013 | Page 16 Summary Redundant Process DESY > Implementation took quite some effort > The stable operation since the last 1 ½ years is a proof of a successful concept > All process controllers for XFEL operations will be running in redundant mode > The basic redundancy component (RMT Task) is written in ‘C’ and operating system independent. It is also used on Linux systems to supervise important (Channel Access) Network gateways.