Presentation is loading. Please wait.

Presentation is loading. Please wait.

1v0.

Published byRudolf Gardner Modified over 6 years ago

Similar presentations

Presentation on theme: "1v0."— Presentation transcript:

1 1v0

2 CIBU Failure Explanation
1. Background CIBU Input Circuits Installation Rules MI Stance 2. Before the Incident Vacuum System as Tested Conformity Functional Testing 3. The Incident Modified Interconnection Failure in the CIBU Report of Non-Conformities 4. Future Goals Connection Specification Improvements to Interfaces Automated Test Sequences LHC Beam Interlock System

3 Background Machine Interlocks Section
Develop fail-safe dependable hardware Testing / failure modes analysis of all critical hardware Audited / reviewed internally and externally We commit to Be open and honest with you about our work Share our experiences openly (both bad & good) Be completely open to critique / criticism Optimise the balance safety versus physics If ever we find weaknesses in our designs effecting safety We will present the findings to MPP and stop the LHC until issues can be solved Every experience is fed back into the design Everyone’s opinion counts. This is an example of this commitment to you – no blame to be assigned! Quite the opposite! We can use this to improve our designs - Let’s take a look… LHC Beam Interlock System

4 The User Interface (CIBU)
User System to Beam Interlock System connection Unique Hardware for All Users Current Loops Redundant Circuits Tested to CIBU Output Connector Internally using BIS TEST Need USER SYSTEM Test for full coverage CIBU is used in the whole accelerator complex Many CIBU-Hours of operation for statistics Around 2e6 unit-hours - SPS since 2006 Link Specified in: Until this year – NO failures on critical paths LHC Beam Interlock System

5 The User Interface (CIBU)
User System to Controller LHC Beam Interlock System

6 CIBU Input Circuit User System User Interface (CIBU) to Controller
LHC Beam Interlock System

7 CIBU Input Circuit User System User Interface (CIBU) to Controller
LHC Beam Interlock System

8 CIBU Input Circuit User System User Interface (CIBU) to Controller
LHC Beam Interlock System

9 CIBU Input Circuit User System User Interface (CIBU) to Controller
LHC Beam Interlock System

10 CIBU Input Circuit LHC Beam Interlock System

11 Timescale 7th August 2008 No Beam In the Machine
Final Commissioning Vacuum System to Beam Interlock System Vacuum Valves moved IN around IR3 Vacuum UJ33 USER_PERMIT_A stayed TRUE Vacuum UJ33 USER_PERMIT_B stayed TRUE BIC Test Mode showed ALL OK Commissioning Fail LHC Beam Interlock System

12 As Tested July 08 LHC Beam Interlock System

13 EIS Between July and August EIS (Elément Important de Sécurité)
Added to Interlock Logic EIS controlled by Access System (Personnel Protection Device) 3. Access System connected to BIS via Vacuum System MI were not aware of this cabling change LHC Beam Interlock System

14 August 08 - After Incident
LHC Beam Interlock System

15 August 08 - After Incident
46 Signals From other equipment 6 floating wires Surface IR3 100m PLC = 48V Not Enclosed 2m to Lift Motor 1m to GSM Repeater WHEN CONNECTED CIBU ALWAYS TRUE (next slides) LHC Beam Interlock System

16 What was the mechanism? Access – Connected Panel to Surface PLC incorrectly initially …took several attempts … LHC Beam Interlock System

17 What was the mechanism? LHC Beam Interlock System

18 What was the mechanism? LHC Beam Interlock System

19 What was the mechanism? LHC Beam Interlock System

20 What was the mechanism? LHC Beam Interlock System

21 What was the mechanism? LHC Beam Interlock System

22 What was the mechanism? LHC Beam Interlock System

23 What was the mechanism? LHC Beam Interlock System

24 In Summary Several events = complete Blind Failure
Two Equipment systems sharing the same channel PLC Voltage against rules TVS Blocked Short-Circuit Inputs were not redundant Not re-commissioned by MI after a significant change In addition… a) Cable length against rules b) EMC would have been a show-stopper anyway! LHC Beam Interlock System

25 Future Work Shows weaknesses in the interconnection conception:
No redundancy = No SIL Can a GND short be mitigated? Human Error can never be 100% eradicated – Testing before each fill should be possible if in doubt! For each User System Change to use full redundancy Change so a GND fault doesn’t fail blind Automated Test from User Side A /= B LHC Beam Interlock System

26 FIN LHC Beam Interlock System

27 CIBU Failure Explanation
1. Background CIBU Input Circuits Installation Rules MI Stance 2. Before the Incident Vacuum System as Tested Conformity Functional Testing 3. The Incident Modified Interconnection Failure in the CIBU Report of Non-Conformities 4. Future Goals Connection Specification Improvements to Interfaces Automated Test Sequences LHC Beam Interlock System

28 Incident 1. Background 2. Before the Incident 3. The Incident
CIBU Input Circuits Installation Rules MI Stance 2. Before the Incident Vacuum System as Tested Conformity Functional Testing 3. The Incident Modified Interconnection Failure in the CIBU Report of Non-Conformities 4. Future Goals Connection Specification Improvements to Interfaces Automated Test Sequences LHC Beam Interlock System

29 Future Goals 1. Background 2. Before the Incident 3. The Incident
CIBU Input Circuits Installation Rules MI Stance 2. Before the Incident Vacuum System as Tested Conformity Functional Testing 3. The Incident Modified Interconnection Failure in the CIBU Report of Non-Conformities 4. Future Goals Connection Specification Improvements to Interfaces Automated Test Sequences LHC Beam Interlock System

Download ppt "1v0."

Similar presentations

André Augustinus 16 June 2003 DCS Workshop Safety.

André Augustinus 16 June 2003 DCS Workshop Safety.
[ 1 ] LVDS links Servizio Elettronico Laboratori Frascati INFN - Laboratori Nazionali di Frascati G. Felici LVDS links.

[ 1 ] LVDS links Servizio Elettronico Laboratori Frascati INFN - Laboratori Nazionali di Frascati G. Felici LVDS links.
HPS MPS OVERVIEW Dan Sexton & the Safety Systems Group JLAB 1.

HPS MPS OVERVIEW Dan Sexton & the Safety Systems Group JLAB 1.
M. Jimenez AT/VAC Room Temperature (LSS) Vacuum Systems M. Jimenez.

M. Jimenez AT/VAC Room Temperature (LSS) Vacuum Systems M. Jimenez.
LHC UPS Systems and Configurations: Changes during the LS1 V. Chareyre / EN-EL LHC Beam Operation Committee 11 February 2014 EDMS No. 1354977111/02/2014.

LHC UPS Systems and Configurations: Changes during the LS1 V. Chareyre / EN-EL LHC Beam Operation Committee 11 February 2014 EDMS No /02/2014.
A. Castañeda 07 th September 2009 Generators and Detectors Permit Loop / CIBG / CIBO 0v0.

A. Castañeda 07 th September 2009 Generators and Detectors Permit Loop / CIBG / CIBO 0v0.
PLC: Programmable Logical Controller

PLC: Programmable Logical Controller
Technical review on UPS power distribution of the LHC Beam Dumping System (LBDS) Anastasia PATSOULI TE-ABT-EC Proposals for LBDS Powering Improvement 1.

Technical review on UPS power distribution of the LHC Beam Dumping System (LBDS) Anastasia PATSOULI TE-ABT-EC Proposals for LBDS Powering Improvement 1.
Experimental Area Meeting 10.03.2004V. Bobillier1 Good connection to earth (in many points) of every metallic parts to be installed in the cavern is very.

Experimental Area Meeting V. Bobillier1 Good connection to earth (in many points) of every metallic parts to be installed in the cavern is very.
The Architecture, Design and Realisation of the LHC Beam Interlock System Machine Protection Review – 12 th April 2005.

The Architecture, Design and Realisation of the LHC Beam Interlock System Machine Protection Review – 12 th April 2005.
 AUTOMATION  PLC  SCADA  INSTRUMENTATION  DRIVES & MOTORS.

 AUTOMATION  PLC  SCADA  INSTRUMENTATION  DRIVES & MOTORS.
1 LBDS Testing Before Operation Jan Uythoven (AB/BT) Based on the work of many people in the KSL, EC and TL sections.

1 LBDS Testing Before Operation Jan Uythoven (AB/BT) Based on the work of many people in the KSL, EC and TL sections.
Ground loops Why grounding is so important ?DefinitionGround loops :(Introduction)where ground loops affect ?Ground loops are created by :Solutions.

Ground loops Why grounding is so important ?DefinitionGround loops :(Introduction)where ground loops affect ?Ground loops are created by :Solutions.
RF voltage and frequency interlocks A. Butterworth MP review 17/6/2010.

RF voltage and frequency interlocks A. Butterworth MP review 17/6/2010.
Beam Interlock System PR-101007-b-CTM, October 7th, 2010 Cesar Torcato de Matos.

Beam Interlock System PR b-CTM, October 7th, 2010 Cesar Torcato de Matos.
B. Todd et al. 25 th August 2009 Observations Since 2005 0v1.

B. Todd et al. 25 th August 2009 Observations Since v1.
Roman Pot Engineering Design Review CERN, 14 February 2006 M.Oriunno, CERN PH-TOT Installation, Commissioning and Schedule.

Roman Pot Engineering Design Review CERN, 14 February 2006 M.Oriunno, CERN PH-TOT Installation, Commissioning and Schedule.
LHC Machine Protection System Review LHC Machine Protection System Review Oliver Aberle13 April 2005 with input from R. Assmann and R. Losito Ensuring.

LHC Machine Protection System Review LHC Machine Protection System Review Oliver Aberle13 April 2005 with input from R. Assmann and R. Losito Ensuring.
Issues in Accelerator Control Bob Dalesio, December 23, 2002.

Issues in Accelerator Control Bob Dalesio, December 23, 2002.
Chiller control system Specification meeting 24.11.2010 Lukasz Zwalinski – PH/DT.

Chiller control system Specification meeting Lukasz Zwalinski – PH/DT.

Similar presentations

Ads by Google