Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dependability Requirements of the LBDS and their Design Implications

Published byCurtis Matthews Modified over 6 years ago

Similar presentations

Presentation on theme: "Dependability Requirements of the LBDS and their Design Implications"— Presentation transcript:

1 Dependability Requirements of the LBDS and their Design Implications
Jan Uythoven (AB/BT) References to work by R.Filippini (Ph.D. thesis) and Machine Protection Working Group

2 Outline Requirements on the LBDS in the context of the Machine Protection System Dependability numbers for the MPS Dependability numbers for the LBDS Safe Design of the LBDS Measures taken Sensitivity Procedures Conclusions Jan Uythoven, AB /BT LBDS Audit, 28 January 2008

3 Dependability Requirements of the LHC Machine Protection System
Safety Assessment (‘reliability’) IEC standard defining the different Safety Integrity Levels (SIL) ranking from SIL1 to SIL4 Based on Risk Classes = Consequence x Frequency Machine Protection System for the LHC should be SIL3, taking definition of Protection Systems, with a probability of failure between 10-8 and 10-7 per hour (because of short mission times) Catastrophy = beam should have been dumped and this did not take place; can possibly cause large damage With 200 days of operation per year: 1/10-7 hours  1 failure every 2000 years Availability Definition: Beam is dumped when it was not required Operation can not take place because the protection system does not give the green light (is not ready) Requirement: Definition not according to any standard Downtime comparable to other accelerator equipment; maximum tens of operations per year Jan Uythoven, AB /BT LBDS Audit, 28 January 2008

4 The LBDS within the Machine Protection System
Study of simplified Machine Protection System LBDS, BIC, BLM, QPS, PIC Absolute value of the unsafety and # false dumps depend critically on model assumptions Dependability studies were made for each sub-system Unsafety of the LBDS and availability comparable to the other systems: Unsafety 2 x 2.4 x 10-7 /year False dumps 2 x 4 /year Resulting safety number can be between SIL2 and SIL4 LBDS Safety > SIL 4 ! Jan Uythoven, AB /BT LBDS Audit, 28 January 2008

5 Calculation of the LBDS Dependability Numbers
Ph.D thesis Roberto Filippini FMECA analysis More than 2100 failure modes at component levels Components failure rates from standard literature (Military Handbook) Arranged into 21 System Failure modes Operational Scenarios with State Transition Diagram for each Mission = 1 LHC fill State Transition Diagram for Sequence of Missions and checks Jan Uythoven, AB /BT LBDS Audit, 28 January 2008

6 No single point of failure should exist in the LBDS
Fault Tolerant Design No single point of failure should exist in the LBDS Redundancy is introduced to allow failures up to a certain threshold Redundancy in components and in signal paths. Surveillance detects failures and issues a fail safe dump request. Redundancy 14 out of 15 MKD, 1 out of 2 MKD generator branches Surveillance Energy tracking, Retriggering 1 out of 4 MKBH, 1 out of 6 MKBV Energy tracking Energy tracking, Fast current change monitoring (MSD) 1 out of 2 trigger generation and distribution Synchronization tracking Reference energy taken from 4 Main Dipole circuits TX/RX error detection Voting of inputs Jan Uythoven, AB /BT LBDS Audit, 28 January 2008

7 Apportionment of Dependability
Safety and number of false dumps are apportioned to the LBDS components. The MKD is the most complicated and critical system of the LBDS. It makes the largest contribution both to unsafety (75 %) and to the number of false dumps (60 %). Jan Uythoven, AB /BT LBDS Audit, 28 January 2008

8 Sensitivity to Fault Tolerant Design and Surveillance
(ReTrig.System) All these systems are obligatory ! Jan Uythoven, AB /BT LBDS Audit, 28 January 2008

9 Sensitivity to Assumed Failure Rates
Important for Safety Important for Availability Jan Uythoven, AB /BT LBDS Audit, 28 January 2008

10 Safety by Operation / Procedures
Periodic checks to get back to a state which is ‘as good as new’ Failure rates of redundant systems increase in time – get back to zero (different from aging) Included in Dependability Calculations After each LHC beam dump the green light for injection is only given when Internal Post Operational Check (IPOC) is ok: MKD and MKB current waveforms Redundancy in current paths External Post Operational Check (XPOC): Image on screen in front of beam dump Beam Loss Monitors in the extraction area and dump line Testing before operation Tests in the laboratory, before installation Tests once installed, before operation with beam Talk NM Talk EG Talk JU Jan Uythoven, AB /BT LBDS Audit, 28 January 2008

11 Conclusions The Beam Dumping System has been designed with Safety and Availability as design criteria Redundancy Surveillance Procedures A detailed dependability analysis has been made for the Beam Dumping System and other Machine Protection Subsystems Coherency within the Machine Protection System should lead to acceptable safety and availability of the MPS as a whole Beam Dumping System not a weak link of the MPS concerning safety Acceptable number of false beam dumps from the LBDS Within the Beam Dumping System Sensitivity to design parameters / redundancy shows that correct design choices seem to have been made To the ‘invited experts’ of the Audit to confirm (or not) Jan Uythoven, AB /BT LBDS Audit, 28 January 2008

Download ppt "Dependability Requirements of the LBDS and their Design Implications"

Similar presentations

Jan Uythoven, AB/BTLHCCWG, 3 May 2006 Page 1 450 GeV Commissioning Machine Protection Needs to be commissioned to: Prevent damage with the used, higher.

Jan Uythoven, AB/BTLHCCWG, 3 May 2006 Page GeV Commissioning Machine Protection Needs to be commissioned to: Prevent damage with the used, higher.
1 Commissioning ABT Equipment in the LHC Jan Uythoven ABT TCM 13/01/2015.

1 Commissioning ABT Equipment in the LHC Jan Uythoven ABT TCM 13/01/2015.
Etienne CARLIER AB/BT/EC

Etienne CARLIER AB/BT/EC
12/03/2013MPP Workshop Annecy Update on Beam Failure Scenarios Jan Uythoven Thanks to: T.Baer, R.Schmidt, J.Wenninger, D.Wollmann, M.Zerlauth, other MPP.

12/03/2013MPP Workshop Annecy Update on Beam Failure Scenarios Jan Uythoven Thanks to: T.Baer, R.Schmidt, J.Wenninger, D.Wollmann, M.Zerlauth, other MPP.
LHC Beam Dumping system

LHC Beam Dumping system
1 MKBH Erratic Jan Uythoven On behalf of the ABT team (Viliam, Nicolas M., Etienne, Laurent, Francesco etc…..) MPP meeting 8/5/2015.

1 MKBH Erratic Jan Uythoven On behalf of the ABT team (Viliam, Nicolas M., Etienne, Laurent, Francesco etc…..) MPP meeting 8/5/2015.
Failure mode impact studies and LV system commissioning tests

Failure mode impact studies and LV system commissioning tests
Beam Dumping System – Failure Scenarios Brennan Goddard, CERN AB/BT How the dump system can fail Catalogue of primary failures Failure classes and protection.

Beam Dumping System – Failure Scenarios Brennan Goddard, CERN AB/BT How the dump system can fail Catalogue of primary failures Failure classes and protection.
B.Goddard 08/11/04 HHH 2004 Workshop, CERN Beam Dump Brennan GODDARD CERN AB/BT The existing LHC beam dump is described, together with the relevant design.

B.Goddard 08/11/04 HHH 2004 Workshop, CERN Beam Dump Brennan GODDARD CERN AB/BT The existing LHC beam dump is described, together with the relevant design.
Technical review on UPS power distribution of the LHC Beam Dumping System (LBDS) Anastasia PATSOULI TE-ABT-EC Proposals for LBDS Powering Improvement 1.

Technical review on UPS power distribution of the LHC Beam Dumping System (LBDS) Anastasia PATSOULI TE-ABT-EC Proposals for LBDS Powering Improvement 1.
LBDS Kicker Electronic and Slow Control Etienne CARLIER AB/BT/EC.

LBDS Kicker Electronic and Slow Control Etienne CARLIER AB/BT/EC.
LHC Beam Dump System Technical Audit Trigger Synchronisation Unit.

LHC Beam Dump System Technical Audit Trigger Synchronisation Unit.
BIW May 2004 LHCSILSystemsBLMSSoftwareResults Reliability of BLMS for the LHC. G.Guaglio, B Dehning, C. Santoni 1/15 Reliability of Beam Loss Monitors.

BIW May 2004 LHCSILSystemsBLMSSoftwareResults Reliability of BLMS for the LHC. G.Guaglio, B Dehning, C. Santoni 1/15 Reliability of Beam Loss Monitors.
1 LBDS Testing Before Operation Jan Uythoven (AB/BT) Based on the work of many people in the KSL, EC and TL sections.

1 LBDS Testing Before Operation Jan Uythoven (AB/BT) Based on the work of many people in the KSL, EC and TL sections.
B. Todd et al. 25 th August 2009 Observations Since 2005 0v1.

B. Todd et al. 25 th August 2009 Observations Since v1.
LBDS overview on system analysis and design upgrades during LS1 Roberto Filippini, Etienne Carlier, Nicolas Magnin, Jan Uythoven CERN Workshop Machine.

LBDS overview on system analysis and design upgrades during LS1 Roberto Filippini, Etienne Carlier, Nicolas Magnin, Jan Uythoven CERN Workshop Machine.
1 Beam Plans for Accelerator Systems: The Machine Protection System Jan Uythoven On behalf of the MPWG and the MPS Commissioning WG Special thanks to R.Schmidt,

1 Beam Plans for Accelerator Systems: The Machine Protection System Jan Uythoven On behalf of the MPWG and the MPS Commissioning WG Special thanks to R.Schmidt,
Etienne CARLIER, LBDS Audit, 28/01/2008 LBDS Environmental Aspects EMC, radiation, UPS… Etienne CARLIER AB/BT/EC.

Etienne CARLIER, LBDS Audit, 28/01/2008 LBDS Environmental Aspects EMC, radiation, UPS… Etienne CARLIER AB/BT/EC.
1 Beam Dumping System MPP review 12/06/2015 Jan Uythoven for the ABT team.

1 Beam Dumping System MPP review 12/06/2015 Jan Uythoven for the ABT team.
The LBDS trigger and re-trigger schemes Technical Review on UPS power distribution of the LHC Beam Dumping System (LBDS) A. Antoine.

The LBDS trigger and re-trigger schemes Technical Review on UPS power distribution of the LHC Beam Dumping System (LBDS) A. Antoine.

Similar presentations

Ads by Google