Voices: Rezabek

Tolerate less redundancy

Today, with Foundation fieldbus, the old redundancy paradigm no longer applies. Chances are, though, it isn’t free. So where should you apply it to achieve the fault tolerance you need?

Focus on FieldbusBy John Rezabek, Contributing Columnist

While designing our first Foundation fieldbus (FF) segments in 1999, we had a one-day training session for our engineers and designers. Someone cracked open the case of the proposed FF power conditioners and we were aghast to find multiple integrated circuits (ICs) and (gasp!) fuses. A single point of failure for our multi-loop segments! There were red faces and bulging veins, and during the ensuing weeks, I was perhaps a bit more unpleasant toward our system integrator than normal.

Our attitude was compounded by a new supplier that had relatively modest redundancy in its system. Bulk DC power, controllers, and controller power supplies were redundant, but nearly everything else was simplex. We became less confident this supplier fully appreciated the demands the plant placed on us: basically to never shut down.

One way we found comfort was fieldbus backup link active scheduler (BLAS). In theory, if the system had a bad day, control on the segment would continue uninterrupted. However, for this to function, one needs reliable segment power. The theoretical segment power conditioners, made up of basic inductors, capacitors, resistors, etc., could be considered a simple device, akin to the 250 ohm dropping resistor in a legacy system. But to make them more compact and efficient, manufacturers used ICs. These were not simple devices.

After much agonizing, our supplier saved the day with a redundant solution that was effectively a really simple device.

We put the bulky redundant conditioners only on that 20% of the segments we considered critical. We used the non-redundant devices, those with the ICs and fuses, on the remaining 50 segments, which had between three and 15 devices. Most of the valves in the plant were Level 3, which means they could go to their fail positions without causing a shutdown. We applied this engineering judgment because then, as now, redundancy cost more, took up more space, supported fewer instruments per segment, generated more heat, and added complexity.

The irony is—after six years under continuous power and 90% of it running as a continuous process—none of the non-redundant power conditioners ever failed in a way that caused a valve to go to its fail position. Nearly half of them did fail, but not in a way that caused more than nuisance alarms or controller-mode shedding. Many, maybe most, failure modes don’t result in a process upset. Simply put, all components, especially those with improved diagnostics, can have sufficient fault tolerance without being redundant.

Today, we have a good selection of redundant power conditioners, redundant H1 cards, and even solutions that accommodate redundant H1 trunks. But they aren’t free.

Redundancy became commonplace in the late 1980s when second-generation DCSs, in response to demands for improved fault tolerance from the large process industries, began to offer redundancy at the power supply, controller, I/O, network, and HMI levels. We justified redundancy’s increased cost, complexity, and system footprint in light of the dire consequences of a process shutdown. By achieving fault tolerance for the DCS, we could deliver a solution that was equally, if not more, fault tolerant than pre-DCS, single-loop solutions.

Sometimes it seems we have a whole generation of systems specialists who only remember that TDC-3000 was vastly more fault-tolerant than TDC-2000, largely due to available redundancy at all levels. I was among those who dismissed any PLC or DCS that didn’t offer redundant controllers, I/O, power, and networks for any application more demanding than wastewater treatment or filter cleaning.

Today, with Foundation fieldbus, the old redundancy paradigm no longer applies. Chances are, though, it isn’t free. So where should we apply it to achieve the fault tolerance we need?

Have you noticed the “spurious trip rate” statistic that falls out of SIL analyses? Even the most obsessively redundant, bulletproof automation can potentially shut down the plant. Maybe it’s every 30 or 18,000 years, but it’s not never.

Why not use something similar for our basic controls? Hey, suppliers, we users need tools that have inserted statistics for MTTF and so on, so we can judiciously apply redundancy to components and services where we need it. On my next project, if I mess with all the old Level 1, 2, 3 stuff, I want to be able to tell my project manager I know precisely where to apply redundancy to achieve the fault tolerance demanded by operations.


  About the Author
John RezabekJohn Rezabek is a process control specialist for ISP Corp. in Lima, Ohio. You can reach John at jrezabek@ispcorp.com.

More from this voice

Title

Tolerate less redundancy

Today, with Foundation fieldbus, the old redundancy paradigm no longer applies. Chances are, though, it isn’t free. So where should you apply it to achieve the fault tolerance you need?

12/05/2006

One bus for all?

When it comes to applications that allow our basic controls to function, system lock-ups are intolerable, so it pays to examine the heritage of fieldbus and carefully analyze the market that shaped it.

05/06/2007

Justifying Fieldbus, Part I

Asset management and wiring saving cost were common justifications for installing Foundation fieldbus in refineries 10 years ago. Today, the cost to replace DCS with electronic field devices must be justified.

07/13/2007

Lipstick on Modbus

There are people who would rather take a flogging than maintain an OPC installation.

08/31/2007

Portable Diagnostic Tools – Who’s the Best?

So what do I grab when heading out the door to troubleshoot a suspect segment? More often than not, it’s the FBT-6.

09/27/2007

Load ’Em Up!

If we know the element will respond in a second at best, why compute a new output four times a second?

11/06/2007

Yikes! Look out for that Chasm!

The best practice by far is to choose a main instrument vendor who is accountable for the integration of all field devices.

12/03/2007

Right Message, Right Person, Right Time

Data Doesn’t Always Equal Information. Why Can’t We Get Alarm Information to Our Operators in a More Meaningful Way?

01/03/2008

Paving the Way for Bus Technology

I’ve Had Great Success on Projects, Especially Upgrades and Retrofits, Where I Was Able to Get an Experienced Board Person and/or Front-Line Supervisor Assigned to the Job

02/04/2008

Instrinsic Safety Obsolete Yet?

Like Most End Users, I Truly Value the Credibility and Security That Organizations Such as Factory Mutual, the Canadian Standards Association, CENELEC and Their Ilk Bring to the Devices We Use in Hazardous Environments. But Perhaps One Practice is Ready to Be Relegated to the ISA Museum of How We Used to Do Things. Here’s Why.

03/07/2008

And the Cheapest Bus Is . . .

Bus ‘XYP’ Uses Cheaper Devices. Users Will Find It Cheaper Than Foundation Fieldbus

04/01/2008

Playing the Field

If Most of Loops Are Distributed to Field-Solved PID, What Are the Chances You Could “Hot Swap” Your Host Just Like a Field Device?

05/04/2008

Fieldbus for Safety Instrumented Functions

FF-SIF Transcends the Limitations of Conventional Safety System Design by Introducing New and Innovative Ways of Thinking About Safety

06/12/2008

Ready for Control in the Field?

When The Loop’s Valve Positioner Loses Power, the Loop Will Experience an Upset No Matter Where the PID Is Solved

07/01/2008

Bus = Remote I/O?

Consider “Bussing” a Network of 8- to 12-Point Analog and Discrete I/O and Locating It Strategically Close to the Field Sensors

08/07/2008

Will Wireless Replace Fieldbus?

Hardwired Instruments Are Going to Be Around Until a Generation of Plant Operators Retires

09/05/2008

Using Fieldbus in your HMI

Digitally Integrated Field Device Information Is Useful to Your Operator

10/06/2008

Patches the Bad Dog

Why Can’t Patches the Dog Sit at the Firewall and Bite the Hand Off the Bad Guys Whenever He Spots One?

10/28/2008

Bubba and the Bus

The Rule of 20: If You Select a Tech at Random from a Group of 20, Can He or She Fix the Problem in 20 Minutes?

12/12/2008

Fieldbus on a Shoestring

Use the Wire You Have. Unless You’re Really Challenging the Limits of the Physical Layer, Ordinary Twisted/Shielded Pair Will Work Reliably

01/12/2009