Voices: Rezabek

Tolerate less redundancy

Today, with Foundation fieldbus, the old redundancy paradigm no longer applies. Chances are, though, it isn’t free. So where should you apply it to achieve the fault tolerance you need?

Focus on FieldbusBy John Rezabek, Contributing Columnist

While designing our first Foundation fieldbus (FF) segments in 1999, we had a one-day training session for our engineers and designers. Someone cracked open the case of the proposed FF power conditioners and we were aghast to find multiple integrated circuits (ICs) and (gasp!) fuses. A single point of failure for our multi-loop segments! There were red faces and bulging veins, and during the ensuing weeks, I was perhaps a bit more unpleasant toward our system integrator than normal.

Our attitude was compounded by a new supplier that had relatively modest redundancy in its system. Bulk DC power, controllers, and controller power supplies were redundant, but nearly everything else was simplex. We became less confident this supplier fully appreciated the demands the plant placed on us: basically to never shut down.

One way we found comfort was fieldbus backup link active scheduler (BLAS). In theory, if the system had a bad day, control on the segment would continue uninterrupted. However, for this to function, one needs reliable segment power. The theoretical segment power conditioners, made up of basic inductors, capacitors, resistors, etc., could be considered a simple device, akin to the 250 ohm dropping resistor in a legacy system. But to make them more compact and efficient, manufacturers used ICs. These were not simple devices.

After much agonizing, our supplier saved the day with a redundant solution that was effectively a really simple device.

We put the bulky redundant conditioners only on that 20% of the segments we considered critical. We used the non-redundant devices, those with the ICs and fuses, on the remaining 50 segments, which had between three and 15 devices. Most of the valves in the plant were Level 3, which means they could go to their fail positions without causing a shutdown. We applied this engineering judgment because then, as now, redundancy cost more, took up more space, supported fewer instruments per segment, generated more heat, and added complexity.

The irony is—after six years under continuous power and 90% of it running as a continuous process—none of the non-redundant power conditioners ever failed in a way that caused a valve to go to its fail position. Nearly half of them did fail, but not in a way that caused more than nuisance alarms or controller-mode shedding. Many, maybe most, failure modes don’t result in a process upset. Simply put, all components, especially those with improved diagnostics, can have sufficient fault tolerance without being redundant.

Today, we have a good selection of redundant power conditioners, redundant H1 cards, and even solutions that accommodate redundant H1 trunks. But they aren’t free.

Redundancy became commonplace in the late 1980s when second-generation DCSs, in response to demands for improved fault tolerance from the large process industries, began to offer redundancy at the power supply, controller, I/O, network, and HMI levels. We justified redundancy’s increased cost, complexity, and system footprint in light of the dire consequences of a process shutdown. By achieving fault tolerance for the DCS, we could deliver a solution that was equally, if not more, fault tolerant than pre-DCS, single-loop solutions.

Sometimes it seems we have a whole generation of systems specialists who only remember that TDC-3000 was vastly more fault-tolerant than TDC-2000, largely due to available redundancy at all levels. I was among those who dismissed any PLC or DCS that didn’t offer redundant controllers, I/O, power, and networks for any application more demanding than wastewater treatment or filter cleaning.

Today, with Foundation fieldbus, the old redundancy paradigm no longer applies. Chances are, though, it isn’t free. So where should we apply it to achieve the fault tolerance we need?

Have you noticed the “spurious trip rate” statistic that falls out of SIL analyses? Even the most obsessively redundant, bulletproof automation can potentially shut down the plant. Maybe it’s every 30 or 18,000 years, but it’s not never.

Why not use something similar for our basic controls? Hey, suppliers, we users need tools that have inserted statistics for MTTF and so on, so we can judiciously apply redundancy to components and services where we need it. On my next project, if I mess with all the old Level 1, 2, 3 stuff, I want to be able to tell my project manager I know precisely where to apply redundancy to achieve the fault tolerance demanded by operations.

  About the Author
John RezabekJohn Rezabek is a process control specialist for ISP Corp. in Lima, Ohio. You can reach John at jrezabek@ispcorp.com.

More from this voice


Training Wheels for Fieldbus

Even in Lean Times, There Are Ways to Get a Fieldbus Testbed If You Think Creatively


Finding Freebies in Fieldbus

Can We Use the Standard Deviation Method to Flag a Suspicious Measurement?


Save Money. Calibrate Less?

Have Our Calibration Skills and Practices Quietly Migrated to Being Largely "Plug-N-Play.”"Or Are They "Plug-N-Pray?"


DCS Disasters

This Month We Join an End User Who’d Like Her Off-Hours to Be Less Subject to Distress Messages from Her Place of Employment. Dang! Cletus Been in My DCS!


Certainty of Outcome with Fieldbus

What Are Some of the Key Areas Where Effort and/or Investment Are Needed to Obtain Sufficient Certainty of Outcome for Even the Smallest Project?


Finally, Registered Hosts

"Compliant Host" Came to Be Because Users Were Seeking Objective Ways to Evaluate Different Hosts's Capabilities


Simplifying Fieldbus Device Calibration

Creative End Users Have Been Exploring the Use of 802.11 Wireless to Display their DCS Interface on a Wireless Laptop or Notebook PC


Control Systems, We Know What You Need

We Know What It Is You Want, So Step Aside While We Give It to You


How's Your Fieldbus Resume?

What Kind of Qualifications Should You Be Displaying to Qualify for the Jobs That Are Available?


Wireless or Fieldbus?

Is Wireless Easier to Integrate with Legacy Systems than Fieldbus? Since Wireless Emerged as Viable Option, Users Have Been Pleased to Find That Wireless Connects Easily with Their Old System


A Logical Path to Device Criticality

If You're Aiming to Improve the Usefulness of Your Digitally Integrated Intelligent Field Devices, There's Help Available to Help You Get Moving Down This Road


New Guidelines for Fieldbus Systems

Experienced Users Concluded That the Effort of Classifying and Segregating Critical Service Loops Is Not Worth the Effort


Is Field-Based Control Really All That?

Recent Studies Shown That the Fieldbus-for-I/O-Only Approach Is Likely a Source of Compromised Performance and Unknown Latencies


Surprise! Field-Based Control Beats DCS

It Is Evident That Device-Based Control Exceeds DCS-Based Control in Reliability and Performance


Failed Bus Blame Game

If You Allow Yourself to Be Dour, Defeated and Critical of Your Selected System, You Could Be Headed for Disaster


Wireless Control in the Field

Users Will Have to Exert Their Influence with Suppliers to Get Control in the Field Implemented in WirelessHART


Birds of a Feather

If You Recognize Your Peers and Competitors Attending or Presenting at a Trade Group Seminar, Then You May Have Found Your Home


Can You Specify "Or Equal" with Fieldbus?

Does the Fieldbus "Checkmark" Confer Some Uniformity that Minimizes the Capabilities of One Vendor's Offering Compared to Another?


Wired or Wireless - Just DO It

Why Let Another Week Slip by with All Your Smart Devices Asleep on the Couch? Just Do It


Everyone, Do Your Own Math

The Incremental Costs to Add Spurs to These Fieldbus Segments make WirelessHART at Best a Break-Even Option in Many Circumstances