GE Mark VI Manual - 1

GE Energy

GEH-6721D

System Guide, Volume I

Mark VIe™ Control

T B T B T B

These instructions do not purport to cover all details or variations in equipment, nor to provide for every possible contingency to be met during installation, operation, and maintenance. The information is supplied for informational purposes only, and GE makes no warranty as to the accuracy of the information included herein. Changes,

modifications and/or improvements to equipment and specifications are made

periodically and these changes may or may not be reflected herein. It is understood that GE may make changes, modifications, or improvements to the equipment referenced herein or to the document itself at any time. This document is intended for trained personnel familiar with the GE products referenced herein.

GE may have patents or pending patent applications covering subject matter in this document. The furnishing of this document does not provide any license whatsoever to any of these patents.

This document contains proprietary information of General Electric Company, USA and is furnished to its customer solely to assist that customer in the installation, testing, operation, and/or maintenance of the equipment described. This document shall not be reproduced in whole or in part nor shall its contents be disclosed to any third party without the written approval of GE Energy.

GE provides the following document and the information included therein as is and without warranty of any kind, expressed or implied, including but not limited to any implied statutory warranty of merchantability or fitness for particular purpose.

If further assistance or technical information is desired, contact the nearest GE Sales or Service Office, or an authorized GE Sales Representative.

© 2004 - 2006 General Electric Company, USA. All rights reserved.

Belden is a registered trademark of Belden Electronic Wire and Cable of Cooper. Bussmann is a registered trademark of Cooper Bussmann, Inc.

CIMPLICITY is a registered trademark of GE Fanuc Automation North America, Inc. CompactPCI is a registered trademark of PCI Industrial Computers Manufacturing Group. Ethernet is a registered trademark of Xerox Corporation.

Geiger-Mueller is a registered trademark of Protectowire Company, Inc, USA. HART is a registered trademark of HART Communication Foundation. Honeywell is a registered trademark of Honeywell International Inc.

IBM and PC are registered trademarks of International Business Machines Corporation. IEEE is a registered trademark of Institute of Electrical and Electronics Engineers. Intel and Pentium are registered trademarks of Intel Corporation.

We welcome comments and suggestions to make this publication more useful.

Your Name Today’s Date

Your Company’s Name and Address Job Site

GE Requisition No.

Publication No. Your Job Function / How You Use This Publication

Publication Issue/Revision Date

If needed, how can we contact you? Fax No.

Phone No. E-mail Address

General Rating

Excellent Good Fair Poor Additional Comments

Contents { { { { ____________________________________________________________ Organization { { { { ____________________________________________________________ Technical Accuracy { { { { ____________________________________________________________ Clarity { { { { ____________________________________________________________ Completeness { { { { ____________________________________________________________ Drawings / Figures { { { { ____________________________________________________________ Tables { { { { ____________________________________________________________ Referencing { { { { ____________________________________________________________ Readability { { { { ____________________________________________________________

Specific Suggestions (Corrections, information that could be expanded on, and such.)

Page No. Comments

_____ _________________________________________________________________________________

_____ _________________________________________________________________________________

_____ _________________________________________________________________________________

_____ _________________________________________________________________________________

_____ _________________________________________________________________________________

_____ _________________________________________________________________________________

Other Comments (What you like, what could be added, how to improve, and such.)________________________________________________

__________________________________________________________________________________________

__________________________________________________________________________________________

__________________________________________________________________________________________

__________________________________________________________________________________________

__________________________________________________________________________________________

g

Reader Comments

To: GE Energy Documentation Design, Rm. 293 1501 Roanoke Blvd. Salem, VA 24153-6492 USA Fax: 1-540-387-8651 (GE Internal DC 8-278-8651)

...

Fold here and close with staple or tape

...

____________________________

____________________________

____________________________

GE

Energy

Documentation Design, Rm. 293

1501 Roanoke Blvd.

Salem, VA 24153-6492 USA

...

Fold here first

...

Place stamp here.

Safety Symbol Legend

Indicates a procedure, condition, or statement that, if not strictly observed, could result in personal injury or death.

Indicates a procedure, condition, or statement that, if not strictly observed, could result in damage to or destruction of equipment.

Indicates a procedure, condition, or statement that should be strictly followed in order to optimize these applications.

This equipment contains a potential hazard of electric shock or burn. Only personnel who are adequately trained and thoroughly familiar with the equipment and the instructions should install, operate, or maintain this equipment.

Isolation of test equipment from the equipment under test presents potential electrical hazards. If the test equipment cannot be grounded to the equipment under test, the test equipment’s case must be shielded to prevent contact by personnel.

To minimize hazard of electrical shock or burn, approved grounding practices and procedures must be strictly followed.

To prevent personal injury or equipment damage caused by equipment malfunction, only adequately trained personnel should modify any programmable machine.

Contents

Chapter 1 Overview

1-1

Introduction ...1-1 Applications ...1-2 Controllers ...1-3 I/O Networks (IONet) ...1-3 I/O Modules...1-4 Related Documents...1-5 How to Get Help ...1-5 Acronyms and Abbreviations ...1-6

Chapter 2 System Architecture

2-1

Introduction ...2-1 System Components ...2-1 Controller ...2-1 Controller Enclosure ...2-3 Power Supply ...2-3 I/O Pack ...2-4 Terminal Blocks ...2-5 I/O Types ...2-7 Power Sources...2-8 Communications...2-10 Unit Data Highway (UDH) ...2-10 Plant Data Highway (PDH)...2-10 IONet...2-11 Human-Machine Interface (HMI) ...2-11 Servers...2-12 Control Operator Interface (COI)...2-12 Link to Distributed Control System (DCS) ...2-13 EX2100 Exciter...2-14 Generator Protection ...2-14 LS2100 Static Starter ...2-14 Control and Protection...2-15 Mean Time Between Failure (MTBF)...2-15 Mean Time Between Forced Outage (MTBFO) ...2-15 Fault Detection ...2-16 Online Repair ...2-17 Designated Controller ...2-19 UDH Communicator ...2-19 Output Processing ...2-20 Input Processing ...2-22 State Exchange ...2-27 Voting ...2-27 Forcing ...2-28 Peer I/O ...2-28 Command Action ...2-28

Redundancy Options ...2-31 Simplex Controller ...2-32 Dual Controllers ...2-33 Triple Controllers (TMR)...2-36

Chapter 3 Networks

3-1

Introduction ...3-1 Network Overview ...3-1 Network Layers ...3-2 Data Highways ...3-4 Plant Data Highway (PDH)...3-4 Unit Data Highway (UDH) ...3-6 Data Highway Ethernet Switches ...3-7 Selecting IP Addresses for UDH and PDH ...3-8 IONet...3-9 Addressing...3-9 Ethernet Global Data (EGD) ...3-11 Fiber-Optic Cables...3-13 Components...3-13 Single-mode Fiber-optic Cabling ...3-17 IONet Components...3-18 UDH/PDH Components ...3-20 Example Topology ...3-20 Component Sources...3-21

Chapter 4 Codes, Standards, and Environment

4-1

Introduction ...4-1 Safety Standards ...4-1 Electrical...4-1 Printed Circuit Board Assemblies ...4-1 Electromagnetic Compatibility (EMC) ...4-1 Low Voltage Directive ...4-2 ATEX Directive 94/9/EC ...4-2 Supply Voltage...4-2 Environment ...4-3 Temperature ...4-3 Shipping and Storage Temperature ...4-5 Humidity ...4-5 Elevation ...4-6 Contaminants...4-6 Vibration ...4-6

Chapter 5 Installation and Configuration

5-1

Introduction ...5-1 Installation Support ...5-1 Early Planning...5-1 GE Installation Documents ...5-2 Technical Advisory Options...5-2 Equipment Receiving and Handling...5-4 Storage ...5-4 Operating Environment ...5-5 Power Requirements...5-6 Installation Support Drawings ...5-8 Grounding...5-13 Equipment Grounding ...5-13 Building Grounding System...5-14 Signal Reference Structure (SRS) ...5-15 Cable Separation and Routing ...5-21 Signal and Power Level Definitions...5-21 Cableway Spacing Guidelines...5-23 Cable Routing Guidelines ...5-26 Cable Specifications ...5-27 Wire Sizes ...5-27 General Specifications ...5-28 Low Voltage Shielded Cable...5-28 Connecting the System ...5-31 I/O Wiring ...5-31 Terminal Block Features ...5-32 Power System...5-33 Installing Ethernet ...5-33 Startup Checks...5-34 Wiring and Circuit Checks...5-34

Chapter 6 Tools and System Interface

6-1

Introduction ...6-1 ToolboxST...6-1 Human-Machine Interface (HMI) ...6-2 Basic Description ...6-2 Product Features...6-2 Turbine Historian ...6-4 System Configuration...6-4 System Capability ...6-5 Data Flow...6-5 Turbine Historian Tools ...6-6 uOSM ...6-8 OPC Server...6-9 Modbus...6-10 Ethernet Modbus Slave ...6-11 Serial Modbus ...6-12 Ethernet GSM...6-15 Time Synchronization ...6-16 Redundant Time Sources ...6-16 Selection of Time Sources ...6-17

Chapter 7 Maintenance and Diagnostics

7-1

Introduction ...7-1 Maintenance ...7-1 Ethernet Switches ...7-2 Alarm Overview ...7-3 Process Alarms ...7-4 Process and Hold Alarm Data Flow ...7-4 Diagnostic Alarms ...7-5 Viewing Controller Diagnostics Using ToolboxST ...7-5 Voter Disagreement Diagnostics...7-6 Totalizers ...7-7 LED Quick Reference ...7-8 I/O Pack Status ...7-9 IONet Status ...7-10

Glossary of Terms G-1

Index I-1

C

H A P T E R

1

Chapter 1 Overview

Introduction

The Mark VIe control was designed to serve a wide variety of control and protection applications from steam and gas turbines to power generation balance of plant (BOP) equipment. The control provides more options for redundancy, better

maintainability, and greater capability for locating I/O closer to the controlled equipment.

Applications

The control system consists of three primary components, the controllers, I/O networks, and I/O modules as shown in diagram.

I/O Modules I/O Networks Controllers PS B lank F a c e P late Fan Tray B lank F a c e P late UC C A PS B lank Fac e P late Fan Tray B lank Fac e P late UCCA T B T B PS PS B lank F a c e P late B lank Fac e P late PS B lank Fa ce P late Fan Tray B lank Fa ce P late UC C A PS B lank Fac e P late T B R S T R IONet T IONet S IONet UDH UDH

Controllers

The Mark VIe controller is a single board, which run the application code. The controller communicates with the I/O packs through onboard I/O network interfaces. The controller operating system (OS) is QNX® Neutrino®, a real time, multitasking OS designed for high-speed, high reliability industrial applications.

Unlike traditional controllers where I/O is on a backplane, the Mark VIe controller does not normally host any application I/O. Also, all I/O networks are attached to each controller providing them with all redundant input data. This hardware architecture along with the software architecture guarantees that no single point of application input will be lost if a controller is powered down for maintenance or repair.

The controllers are designated as R, S, and T in a TMR system, R and S in a dual system and R in a single system. Each controller owns one I/O network (IONet). The R controller sends outputs to an I/O module through the R IONet, the S controller sends outputs through the S IONet, and the T controller sends outputs through the T IONet.

During normal operation each controller receives the inputs from the I/O modules on all networks, optionally votes the TMR inputs, computes the application algorithms including sensor selection if not voted, sends the outputs to the I/O modules on its own network, and finishes by sending data between the controllers for

synchronization. This time line is known as a frame.

Communication ports provide links to I/O, operator, and engineering interfaces as follows:

• Ethernet®

connection for the UDH for communication with HMIs, and other control equipment

• Ethernet connection for the R, S, and T I/O network • RS-232C connection for setup using the COM1 port

Note The I/O networks are private special purpose Ethernets that support only the

I/O modules and the controllers.

I/O Networks (IONet)

The I/O networks are IEEE 802.3 100 Mbit full duplex Ethernet networks. In Mark VIe, these networks are referred to as IONet. All traffic on each IONet is

deterministic UDP/IP packets. TCP/IP is not used. Each network (red, blue, black) is an independent IP subnet.

The networks are fully switched full-duplex preventing collisions that can occur on non-switched Ethernet networks. The switches also provide data buffering and flow control during the critical input scan. The IEEE 1588 standard for precision clock synchronization protocol is used to synchronize frame and time, the controllers, and

I/O Modules

The Mark VIe I/O modules contain three basic parts, the terminal board, the terminal block, and I/O pack. The terminal board mounts to the cabinet and comes in two basic types, S and T. The S-type board provides a single set of screws for each I/O point and allows a single I/O pack to condition and digitize the signal. This board is used for simplex, dual, and dedicated triple modular redundant (TMR) inputs by using one, two or three boards. The T-type TMR board typically fans the inputs to three separate I/O packs. Usually, the T-type board hardware votes the outputs from the three I/O packs.

Input Screws Pack Connector Output Screws

Simplex Terminal Board

Fanned Inputs Input Screws Pack Connector Output Screws Pack Connector Pack Connector Vote/ Select TMR Terminal Board

Both terminal board types provide the following features: • Terminal blocks for I/O wiring

• Mounting hardware

• Input isolation and protection • I/O pack connectors

• Unique electronic ID

Related Documents

For additional information, refer to the following documents: GEH-6126, Vol. I HMI for Turbine Control - Operator’s Guide GEH-6126, Vol. II HMI for Turbine Control - Application Guide GEH-6700 ToolboxST™ for Mark VIe Control

GEH-6721, Vol. II Mark VIe Control - System Guide, Volume II GEH-6422 Turbine Historian System Guide

GEH-6408 Control System Toolbox for Configuring the Trend Recorder GEI-100189 System Database (SDB) Server User’s Guide

GEI-100271 System Database (SDB) Browser GEI-100680 Mark VIe Turbine Block Library GEI-100681 Mark VIe Legacy Block Library GEI-100682 Mark VIe Standard Block Library

GEI-100513 HMI Time Synchronization for Turbine Control

GEI-100534 Control Operator Interface (COI) for Mark VI and EX2100 Systems

How to Get Help

If technical assistance is required beyond the instructions provided in the

documentation, contact the nearest GE Sales or Service Office or an authorized GE Sales Representative.

Acronyms and Abbreviations

AWG American Wire Gauge, standards for wire numbers and sizes BOP Balance of Plant

CT Current transformer, senses the current in a cable CPCI _CompactPCI® _{6U high enclosure for Mark VIe controllers} DCS Distributed Control System, for the balance of plant and auxiliary

equipment

DHCP Dynamic Host Configuration Protocol

EGD Ethernet Global Data, a control network and communication protocol EMC Electromagnetic Compatibility

EMI Electromagnetic Interference EU Engineering Units

HMI _{Human-Machine Interface, usually a computer with CIMPLICITY}® _software HRSG Heat Recovery Steam Generator, used with gas turbine plants

KP _KeyPhasor®_{, a shaft position sensor for rotational position sensing} MTBF Mean Time Between Failures, a measure of reliability

MTBFO Mean Time Between Forced Outage

MTTR Mean Time To Repair, used with MTBF to calculate system availability NEC National Electrical Code

NFPA National Fire Protection Association NVRAM Non-volatile Random Access Memory OPC OLE process control server

PDH Plant Data Highway, links HMIs to servers and viewers PT Potential Transformer, senses the voltage in a cable RFI Radio Frequency Interference

RTD Resistance Temperature Device, senses temperature in the process SIFT Software Implemented Fault Tolerance, uses "2 out of 3" voting SOE Sequence of Events, a record of high-speed contact closures SRS Signal reference structure

TMR Triple modular redundant, uses three sets of controllers and I/O UDH Unit Data Highway, links the controllers to the HMI servers uOSM Universal Onsite Monitor

C

H A P T E R

2

Chapter 2 System Architecture

Introduction

This chapter defines the architecture of the Mark VIe control system, including system components, communication networks, and various levels of redundancy that are possible. It also discusses system reliability, availability, and third-party

connectivity to plant distributed control systems.

System Components

The following sections define the main subsystems making up the Mark VIe control system. These include the controllers, I/O packs or modules, terminal boards, power distribution, cabinets, networks, operator interfaces, and the protection module.

Controller

The Mark VIe controller is a single board, which run the application code. The controller communicates with the I/O packs through onboard I/O network interfaces. The controller operating system (OS) is QNX® Neutrino®, a real time, multitasking OS designed for high-speed, high reliability industrial applications.

Unlike traditional controllers where I/O is on a backplane, the Mark VIe controller does not normally host any application I/O. Also, all I/O networks are attached to each controller providing them with all redundant input data. This hardware architecture along with the software architecture guarantees that no single point of application input will be lost if a controller is powered down for maintenance or repair.

The controllers are designated as R, S, and T in a TMR system, R and S in a dual system and R in a single system. Each controller owns one I/O network (IONet). The R controller sends outputs to an I/O module through the R IONet, the S controller sends outputs through the S IONet, and the T controller sends outputs through the T IONet.

During normal operation each controller receives the inputs from the I/O modules on all networks, optionally votes the TMR inputs, computes the application algorithms including sensor selection if not voted, sends the outputs to the I/O modules on its own network, and finishes by sending data between the controllers for

Communication ports provide links to I/O, operator, and engineering interfaces as follows:

• Ethernet®

connection for the UDH for communication with HMIs, and other control equipment

• Ethernet connection for the R, S, and T I/O network • RS-232C connection for setup using the COM1 port

Note The I/O networks are private special purpose Ethernets that support only the

I/O modules and the controllers.

The controller is loaded with software specific to its application, which includes but is not limited to steam, gas, land-marine (LM), or balance of plant (BOP) products. It can run rungs or blocks. The IEEE1588 protocol is used through the R, S, and T IONet to synchronize the clock of the I/O modules and controllers to within ± 100 ms.

External data is transferred to and from the control system database in the controller over the R, S, and T IONet.

In a simplex system, IONet data includes: • Process inputs/outputs to the I/O packs. In a dual system, IONet data includes: • Process inputs/outputs to the I/O packs

• Internal state values and initialization information from the designated controller • Status and synchronization information from both controllers

In a triple module redundant (TMR) system, IONet data includes: • Process inputs/outputs to the I/O packs

• Internal state values for voting and status and synchronization information from all three controllers

• Initialization information from the designated controller

Single Board

The UCCAM03 CPCI controller is a single board module. The baseboard contains a 650 MHz Celeron® processor, 128 MB flash, 128 MB DRAM, two serial ports, and one 10/100 Mbit Ethernet interface. The baseboard Ethernet provides the UDH connection. The module also includes an EPMC PCI Mezzanine Card (PMC) attached to the baseboard. The EPMC contains 32 KB Flash Backed Non Volatile RAM (NVRAM), three 10/100 Mbit Ethernets for IONet connections, temperature sensors for fan loss detection, and Ethernet Physical Layer snoop hardware for precision time synchronization.

Controller Enclosure

The Mark VIe controller is hosted in a CompactPCI® (CPCI) enclosure. A typical CPCI enclosure consists of a 6U high rack, one or two 3U high power supplies, a 6U high single board, and a cooling fan.

The CompactPCI (CPCI) control module rack provides an enclosure for the Mark VIe controller, the power supply(s), and a cooling fan. The rack backplane is CPCI compliant, but is used only to provide power from the power supply(s) to the controller and cooling fan. The CPCI power supply converts the bulk incoming power to ±12 V dc, 5 V dc, and 3.3 V dc. These voltages are distributed to the controller(s) and fan through the backplane.

Power supply

Cooling fan compartment Main processor board

- QNX operating system - UDH Ethernet connections

-Power supply on /off switch

IONet 100 MB Ethernet

Mark VIe Controller CPCI Enclosure

Power Supply

The CPCI power supply takes the incoming bulk power from the CPCI backplane and creates ±12, 5, and 3.3 V dc. This power is provided to the backplane through one or two Mate-In-Lok® connectors, for use by the power supply(s), controller(s) and cooling fan.

The power supply is a CPCI hot swap compliant 3U power supply using the standard CPCI 47-pin connector. Two power supplies can be used to provide power supply

I/O Pack

I/O packs in Mark VIe have a generic processor board and a data acquisition board that is unique to the type of connected device. I/O packs on each terminal board digitize the signal, perform algorithms, and communicate with Mark VIe controller. The I/O pack provides fault detection through a combination of special circuitry in the data acquisition board and software running in the CPU board. The fault status is transmitted to and used by the controllers. The I/O pack transmits inputs and receives outputs on both network interfaces if connected. For details on individual I/O packs, refer to GEH-6721 Volume II System Guide.

Each I/O pack also sends an identification message (ID packet) to the main controller when requested. The packet contains, the hardware catalog number of the I/O board, the hardware revision, the board barcode serial number, the firmware catalog number, and the firmware version. The I/O pack’s processor board and data acquisition board are rated for -30°C to 65°C (-22 °F to 149 °F)operation with free convection cooling. The I/O packs have a temperature sensor that is accurate to within ±2°C (3.6 °F). Every I/O pack temperature is available in the database and can be used to generate an alarm.

Terminal Blocks

Signal flow begins with a sensor connected to a terminal block on a board. There are two types of boards available.

T-type terminal boards contain two, 24-point, barrier-type, removable, terminal

blocks. Each point can accept two 3.0 mm (0.12 in) (#12AWG) wires with 300 V insulation per point with either spade or ring-type lugs. In addition, captive clamps are provided for terminating bare wires. Screw spacing is 9.53 mm (0.375 in) minimum and center-to-center.

S-type boards support one I/O pack for simplex and dual redundant systems. They

are half the size of T-type boards and are standard base mounted but can also be DIN-rail mounted. Two versions of the boards are available, one version has fixed Euro-style box type terminal blocks that are not removable, and the second has removable box type terminal blocks. S-type board terminal blocks accept one 2.05 mm (#12AWG) wire or two 1.63 mm (#14AWG) wires, each with 300 V insulation per point. Screw spacing is 5.08 mm (0.2 in) minimum and center-to-center. Wide and narrow boards are arranged in vertical columns of high and low-level wiring that can be accessed from top and/or bottom cable entrances. An example of a wide board is a board that contains magnetic relays with fused circuits for solenoid drivers. T-type boards are normally standard-base mounted, but can also be DIN-rail mounted.

A shield strip is provided to the left of each terminal block. It can be connected to a metal base for immediate grounding or floated to allow individual ground wires from each board to be wired to a centralized, cabinet ground strip. Refer to GEH-6721 Mark VIe Control System Guide,Volume II for specific terminal board information.

Mounting screw

Mounting screw Mounting screws

Wiring segment

Euro-style box terminal block

Barrier-style terminal block

I/O Types

There are two types of I/O available. General purpose I/O is used for both turbine applications and process control. Turbine specific I/O is used for direct interface to the unique sensors and actuators on turbines. This reduces or eliminates a substantial amount of interposing instrumentation. As a result, many potential single point failures are eliminated in the most critical area for improved running reliability and reduced long-term maintenance. Direct interface to the sensors and actuators also enables the diagnostics to directly interrogate the devices on the equipment for maximum effectiveness. This data is used to analyze device and system performance.

General Purpose I/O Board

Redundancy Packs/Board

24 DI (125 V dc, group isolated) TBCIH1 1 or 2 or 3 24 DI (24 V dc, group isolated) TBCIH2 1 or 2 or 3 24 DI (48 V dc, group isolated) TBCIH3 1 or 2 or 3 24 DI (115/230 V ac, 125 V dc, point isolated) 1 ms SOE TICIH1 1 or 2 or 3 24 DI (24 V dc, point isolated) TICIH2 1 or 2 or 3

24 DI (24 V dc, group isolated) STCIH1 1

12 form C mechanical relays w/6 solenoids, coil diagnostics TRLYH1B 1 or 3 12 form C mechanical relays w/6 solenoids, voltage diagnostics, 125 V dc TRLYH1C 1 or 3 12 form C mechanical relays w/6 solenoids, voltage diagnostics, 24 V dc TRLYH2C

6 form A mechanical relays for solenoids, solenoid impedance diagnostics TRLYH1D 1 or 3 12 form A solid-state relays/inputs 115 V ac TRLYH1E 1 or 3 12 form A solid-state relays/inputs 24 V dc TRLYH2E 1 or 3 12 form A solid-state relays/inputs 125 V dc TRLYH3E 1 or 3 36 mechanical relays, 12 sets of 3 voted form A, WPDF option adds 12 fused

circuits

TRLYH1F 3

36 mechanical relays, 12 sets of 3 voted form B, WPDF option adds 12 fused circuits

TRLYH2F 3

10 AI (V/I inputs) and 2 AO (4-20/0-200 mA) TBAIH1 1 or 3 10 AI (V/I inputs) and 2 AO (4-20/0-200 mA) STAI 1 16 AO (4-20 mA outputs) 8 per I/O pack TBAOH1 2

8 AO (4-20 mA outputs) STAO 1

12 thermocouples TBTCH1B 1or 2 or 3

24 thermocouples (12 per I/O pack) TBTCH1C 1 or 2

12 thermocouples STTC 1

16 RTDs 3 wires/RTD (8 per I/O pack) normal scan TRTDH1D 1 or 2 16 RTDs 3 wires/RTD (8 per I/O pack) fast scan TRTDH2D 1 or 2

8 RTDs 3 wires/RTD scan SRTO 1

6 serial ports for I/O drivers RS-232C, RS422, RS485 PSCAH1 1 HART® Communications 10/2 Analog I/O SHRAH1A 1

Turbine Specific I/O Board

Redundancy Packs/ Board

Mixed I/O: 4 speed inputs/ pack, synchronizing, shaft voltage TTURH1C 1 or 3

Speed inputs, trip outputs TRPA 3

Primary trip - Gas TRPG 3 (through PTUR)

Primary trip - Large Steam TRPL 3 (through PTUR)

Primary trip - Steam TRPS 3 (through PTUR)

Backup trip - Gas TREG 3 (through PPRO)

Backup trip - Large Steam TREL 3 (through PPRO)

Backup trip - Steam TRES 3 (through PPRO)

Mixed I/O: 3 speed inputs, backup sync check, trip contacts PPRO 1 2 Servo channels: up to 3 coils, 4 LVDTs/ channel TSVCH1 1 8 vibration (prox/seismic/accel) 4 position

1 reference probe

TVBAH1 1 or 2

Refer to GEH-6721 Mark VIe Control System Guide,Volume II for a complete list of I/O types.

Power Sources

The Mark VIe control is designed to operate on a flexible, modular selection of power sources. The power distribution modules (PDM) support 115/230 V ac, 24 and 125 V dc power sources in many redundant combinations. The power applied is converted to 28 V dc for operation of the I/O packs. The controllers may operate from the 28 V dc power, direct ac, or direct 24 V dc battery power.

The PDM system can be divided into two substantially different categories, the core distribution system, and the branch circuit elements. The core pieces share the feature of cabling into a PPDA I/O pack for system feedback. They serve as the primary power management for a cabinet or series of cabinets. The branch circuit elements take the core output and fan it into individual circuits for consumption in the cabinets. They are not part of the PPDA system feedback. Branch circuits provide their own feedback mechanisms. It is not expected that all of the core components and branch circuits that make up the PDM will be used on every system. For detailed information on the core and branch circuit components of the PDM, refer to GEH-6721 Mark VIe Control System Guide,Volume II.

PPDA _{28V Control Power}JPDS or JPDM JPDR Select 1 of 2 JPDF 125VDC JPDB 115/230VAC x2 JPDP JPDA JPDL Pack RST JPDD JPDD JPDA R S T DAC A DAC A PS r uns fr o m on e o f 3 so ur c e s 125 V Battery AC Input AC Input AC Power Selector Board AC to DC Converter Modules AC Power DC Power AC Power DC Power Local AC Power Distribution Boards RST Control Power System Feedback PS PS PS Power Supply Power Supply Power Supply JPDE 24VDC JPDD JPDD 24 V Pwr Supply 24 V Pwr Supply 24 V Pwr Supply DC Power Distribution Boards DC Power DC Power

Core Circuits Branch Circuits

Communications

Unit Data Highway (UDH)

The UDH connects to the Mark VIe controller and communicates with the HMI or HMI/Data Server. The network media is UTP or fiber-optic Ethernet. Redundant cable operation is optional and, if supplied, unit operation continues to function even if one cable is faulted. Dual cable networks still comprise one logical network. Similar to the plant data highway (PDH), the UDH can have redundant, separately powered network switches, and fiber-optic communication. UDH command data can be replicated to three controllers. The UDH communicator transmits UDH data (refer to the section, UDH Communicator).

Note The UDH network supports the Ethernet Global Data (EGD) protocol for

communication with other Mark VIe control, Heat Recovery Steam Generators (HRSG), Excitation Control System, Static Starter, and Balance of Plant (BOP) control.

Plant Data Highway (PDH)

The optional PDH connects the CIMPLICITY HMI/data server with remote operator stations, printers, historians, and other customer computers. It does not connect directly to the Mark VIe control. The media is UTP or fiber-optic Ethernet running at 10/100 Mbps, using the TCP/IP protocol. Redundant cables are required by some systems, but these form part of one single logical network. The hardware consists of two redundant Ethernet switches with optional fiber-optic outputs for longer distances, such as to the central control room. On smaller systems, the PDH and the UDH may physically be the same network, as long as there is no peer-to-peer control on the UDH.

IONet

Communication between the controller(s) and the I/O packs is through the internal IONet. This is a 100 MB Ethernet network available in single, dual, and triple configurations. EGD and other protocols are used for communication. The I/O packs multicast their inputs to the controllers. The controllers broadcast their outputs to the I/O packs each frame.

P R O C PS PS Opt. HMI 100MB Ethernet Unit Data Highway

Operator &

Maintenance Station

Controller

Switch

Ethernet TCP/IP Plant Data Highway

I/O Pack Terminal Board Terminal Block Terminal Block IONet – 100MB Ethernet BPPB Supply Processor 2 Ethernet Data Acquisition Card I/O Pack

General Purpose I/O Discrete I/O Analog I/O

Thermocouples & RTDs Pulse I/O

Communications Turbine- Specific I/O Speed & Overspeed Servo Control Vibration & Position Synchronizing Combustion Monitor PLU and EVA

GE Control Systems Dual Option Controller Triple Option Controller ToolboxST

Only industrial grade switches that meet the codes, standards, performance, and environmental criteria for industrial applications are used for the IONet. This also includes an operating temperature of -30°C to 65°C (-22 °F to 149 °F). Switches have provisions for redundant 10 to 30 V dc power sources (200/400 mA) and are DIN-rail mounted. LEDs indicate the status of the IONet link, speed, activity, and duplex.

Human-Machine Interface (HMI)

Typical HMIs are computers running the Windows® operating system with communication drivers for the data highways, and CIMPLICITY® operator display software. The operator initiates commands from the real-time graphic displays, and views real-time turbine data and alarms on the CIMPLICITY graphic displays. Detailed I/O diagnostics and system configuration are available using the ToolboxST software. An HMI can be configured as a server or viewer, containing tools and utility programs.

Servers

CIMPLICITY servers collect data on the UDH and use the PDH to communicate with viewers. Multiple servers can be used to provide redundancy.

Note Redundant data servers are optional, and if supplied, communication with the

viewers continues even if one server fails.

Control Operator Interface (COI)

The COI consists of a set of product and application specific operator displays running on a small panel computer (10.4 or 12.1 inch touch screen) hosting

embedded Windows operating system. The COI is used where the full capability of a CIMPLICITY HMI is not required. The embedded Windows operating system uses only the components of the operating system required for a specific application. This results in all the power and development advantages of a Windows operating system in a much smaller footprint. Development, installation or modification of requisition content requires the ToolboxST®. For details, refer to the appropriate toolbox documentation.

The COI can be installed in many different configurations, depending on the product line and specific requisition requirements. The only cabling requirements are for power and for the Ethernet connection to the UDH. Network communication is through the integrated auto-sensing 10/100BaseT Ethernet connection. Expansion possibilities for the computer are limited, although it does support connection of external devices through floppy disk drives (FDD), intelligent drive electronics (IDE), and universal serial bus (USB) connections.

The COI can be directly connected to the Mark VIe or Excitation Control System, or it can be connected through an EGD Ethernet switch. A redundant topology is available when the controller is ordered with a second Ethernet port.

Interface Features

EGD pages transmitted by the controller are used to drive numeric data displays. The refresh rate depends on the rate at which the controller transmits the pages, and the rate at which the COI refreshes the fields. Both are set at configuration time in the toolbox.

The COI uses a touch screen, and no keyboard or mouse is provided. The color of pushbuttons is driven by state feedback conditions. To change the state or condition, press the button. The color of the button changes if the command is accepted and the change implemented by the controller.

Touching an input numeric field on the COI touch screen displays a numeric keypad for entering the desired number.

Link to Distributed Control System (DCS)

External communication links are available to communicate with the plant

distributed control system (DCS). This allows the DCS operator access to real time Mark VIe data, and provides for discrete and analog commands to be passed to the Mark VIe control.

The Mark VIe control can be linked to the plant DCS in three different ways. • Serial Modbus Slave link from the HMI server RS-232C port or from optional

dedicated gateway controller to the DCS

• A high speed 100 Mbaud Ethernet link using the Modbus Slave over TCP/IP protocol

• A high speed 100 Mbaud Ethernet link using the TCP/IP protocol with an application layer called GEDS Standard Messages (GSM)

GSM supports turbine control commands, Mark VIe data and alarms, the alarm silence function, logical events, and contact input sequence of events records with 1 ms resolution. Modbus is widely used to link to DCS, but Ethernet GSM has the advantage of tighter system integration.

To Plant Data Highway (PDH)

Ethernet

UNIT DATA HIGHWAY

PLANT DATA HIGHWAY

HMI Server Node To DCS

Serial Modbus

To DCS To DCS

Ethernet Modbus Ethernet GSM

Ethernet Ethernet x L A N x UCVE CPCI Controller

EX2100 Exciter

The excitation control system supplies dc power to the field of the synchronous generator. The exciter controls the generator ac terminal voltage and/or the reactive volt-amperes by means of the field current.

The exciter is supplied in NEMA 1 freestanding floor-mounted indoor type metal cabinets. The cabinet lineup consists of several cabinets bolted together. Cable entry can be through the top or bottom.

Generator Protection

The generator protection system is mounted in a single, indoor, freestanding cabinet. The enclosure is NEMA 1, and weighs 2500 lbs. The generator panel interfaces to the Mark VIe control with hard-wired I/O, and has an optional Modbus interface to the HMI.

LS2100 Static Starter

The LS2100 static starter system is used to start a gas turbine by running the generator as a starting motor. The LS2100 control, Mark VIe control, and EX2100 excitation control form an integrated static start system. The Mark VIe control supplies the run, torque, and speed setpoint signals to the LS2100 control, which operates in a closed loop control mode to supply variable frequency power to the generator stator. The EX2100 control is controlled by the LS2100 control to regulate the field current during startup.

The control cabinet contains a CPCI enclosure containing the Mark VIe CPCI controller. The controller communicates to the UDH and the HMI through onboard I/O network interfaces and through communication ports for field control I/O and Modbus. The controller operating system (OS) is QNX® Neutrino developed for high-speed, high reliability industrial applications. The field control I/O is used for temperature inputs and diagnostic variables.

The LS2100 control cabinet is a ventilated NEMA 1 freestanding enclosure made of 12-gauge sheet steel on a rigid steel frame designed for indoor mounting.

Control and Protection

Mean Time Between Failure (MTBF)

Mean time between failure (MTBF) is a basic measure of reliability for systems. It is the average failure free operating time, during a particular measurement period under stated conditions. A failure may or may not result in a problem with the overall system depending on any redundancy employed. MTBF is usually specified for each replaceable system component.

MTBF roll up of the system components gives the equipment owner the knowledge needed to determine how long the equipment can be expected to operate without failure under given conditions. If it is essential that the equipment does not fail during operation, the owner can use this data to schedule maintenance/replacement of the equipment prior to failure. Alternately, redundant applications could be used preventing system problems when a failure occurs.

MTBF data is also used to determine the weak links in a system. The system engineer provides contingency options for those weak links to obtain higher reliability.

Mean Time Between Forced Outage (MTBFO)

Mean time between forced outage (MTBFO) is a measure of system availability, which includes the effects of any fault tolerance that may exist. This average time between failures causes the loss of system functions.

The engineer must be very aware of MTBF and MTBFO when designing a reliable continuous system. To maximize the MTBFO, Mark VIe control systems undergo evaluation of all system component MTBF values. The effects of failures and contingency operation are then analyzed to maximizing MTBFO.

Continuing operation after a critical system component has failed, a control must have one or more backups in place (redundancy) to improve the MTBFO

significantly above that of a simplex control. The simplest method is adding a second component that takes over the critical function when a fault is detected.

The redundancy in the system can be either active or standby. The Mark VIe control uses active redundancy and has all components operating simultaneously. Standby redundancy activates backup systems after a failure is detected.

Realizing the full benefits of redundancy, a system failure must be detectable for the control to bypass it. In a dual control, gross failures are readily detectable while subtle failures are more difficult to detect. TMR controls, using two out of three voting, are always able to select a valid value when presented with any single failure. Depending on the equipment, the time required to detect the fault and switch to the new component may be hours/minutes/seconds/milliseconds. In the case of fuel-flow control to a turbine, this is required to be done in milliseconds.

When a redundant control bypasses a failure, it is required that the system annunciate the presence of the failure and that repairs be completed in a timely fashion. The term, mean time to repair (MTTR), refers to the time it takes to identify and repair a given failure. The Mark VIe control is designed to support a MTTR of four hours. This preserves the MTBFO benefits of redundancy resulting in unequaled system reliability. A control is used to run the system as well as detect system failures. In a dual control, configured for one out of two to run, it is often necessary to add dedicated tripping controls for each critical trip system. This is done to yield running reliability while maintaining required tripping reliability.

A TMR control normally configures the control for two out of three selection. This yields high running and tripping reliability from the primary control. Additional dedicated tripping controls can be used to achieve even higher tripping reliability, but they must also be TMR in order to preserve running reliability.

Fault Detection

A system offering redundancy can be less reliable than a non-redundant system. The system must be able to detect and annunciate faults so it can be repaired before a forced outage occurs. Fault detection is needed to ensure a component or group of components are operating properly. Fault detection is achieved through one or more of the following methods.

• Operator inspection of the process • Operator inspection of the equipment.

• Special hardware circuits to monitor operation • Hardware and software watchdogs

• Software logic • Software heartbeats

Complex control systems have many potential failure points. This can be very costly and time consuming in order to create foolproof fault detection. Failure to control the outputs of a system is the most damaging. Fault detection must be determined as close to the output as possible in order to achieve the highest level of reliability. The Mark VIe, using triple redundant controllers and I/O modules, a high level of detection and fault masking is provided by voting the outputs of all three controllers and monitoring discrepancies.

All Mark VIe systems benefit from the fault detection design of the I/O packs. Every pack includes function-specific fault detection methods attempting to confirm correct operation. This is made possible by the powerful local processing that is present in each input and output pack. Some examples of this include:

• Analog to digital (A/D) converters are compared to a reference standard each conversion cycle. If the converted calibration input signal falls outside of acceptable ranges, the pack declares bad health.

• Analog output 4-20 mA signals use a small current-sense resistor on the output terminal board. This signal is read back through a separate A/D converter and compared to the commanded value. A difference between the commanded and actual value exceeding an acceptable level results in the output signal being declared in bad health.

• Discrete input opto-isolators are periodically forced to an on condition, then forced off. This is done independently of the actual input signal and is fast enough not to interfere with the sequence of events (SOE) time capture. If any signal path is stuck and does not respond to the test command, the signal is declared in bad health.

Refer to the specific pack diagnostic information, in GEH-6721 Volume II, for further information.

Online Repair

When a component failure is detected and healed in the control system on a critical path, a potential failure has been avoided. Subsequent actions can include:

Option 1- Continue running until the backup component fails.

Option 2 - Continue running until the system is brought down in a controlled manner to replace the failed component.

Option 3 - Replace the component online.

Option 1 is not recommended. A redundant system, where the MTTR is infinite can have a lower total reliability than a simplex system.

Option 2 is a valid procedure for some processes needing predictable mission times. Many controlled processes cannot be easily scheduled for a shut down.

Note As MTTR increases from the expected four hours to infinite, the system

reliability can decline from significantly greater down to less than a simplex system reliability. Repair should be accomplished as soon as possible.

Option 3 is required to get the maximum benefit from redundant systems with long mission times. In dual or triple redundant Mark VIe controller applications, the controllers and redundant I/O packs can be replaced online.

To ensure online repair capability, control systems must have their redundancy tested after installation and after any system modifications. Refer to the requisition specific system application documentation/control specification (if available) for redundancy testing procedures. Simplex X online repair X system component failure TMR Time Probability of Failure X online repair X system component failure

Forced Outage Probability versus Time (Conventional TMR)

Simplex X online repair X system component failure Mark VIe TMR Time Probability of Failure X online repair X system component failure

Designated Controller

Although three controllers, R, S, and T, contain identical hardware and software, some of the functions performed are unique. A single designated controller can perform the following functions:

• Supply initialization data to the other two controllers at start-up • Keep the master time clock

• Supply variable state information to the other controllers if one fails

For the purposes of deciding which controller is to be the designated controller, each controller nominates itself on a weighting algorithm. The nominating values are voted among the controllers and the majority value is used. If there is a tie, or no majority, the priority is R, then S, and then T. If a designated controller is powered down and later powered up, the designated controller will move and not come back if all controllers are equal. This ensures that a toggling designated controller is not automatically reselected.

Designated controller selection is based on: • Control state

• UDH connectivity • IONet connectivity • NVRAM health

UDH Communicator

Controller communications takes place across the UDH. A UDH communicator is a controller selected to provide the panel data to that network. This data includes both control signals (EGD) and alarms. Each controller has an independent, physical connection to the UDH. In the event that the UDH fractures and a controller becomes isolated from its companion controllers, it assumes the role of UDH communicator for that network fragment. For one panel there can be only one designated controller, while there could be multiple UDH communicators. The designated controller is always a UDH communicator.

When a controller does not receive external EGD data from its UDH connection, it may request the data be forwarded across the IONet from another UDH

communicator. One or more communicators supply the data and the requesting controller uses the last data set received. Only the external EGD data used in sequencing by the controllers is forwarded in this manner.

Output Processing

The system outputs are the portion of the calculated data transferred to the external hardware interfaces and then to the various actuators controlling the process. TMR outputs are voted in the output voting hardware. Any system can output individual signals through simplex hardware.

The three voting controllers calculate TMR system outputs independently. Each controller sends the output to its associated I/O hardware (for example, the R controller sends output to the R I/O). The three independent outputs are then combined into a single output by a voting mechanism. Different signal types require different methods of establishing the voted value.

The signal outputs from the three controllers fall into three groups:

• Outputs are driven as single ended non-redundant outputs from individual I/O networks

• Outputs exist on all three I/O networks and are merged into a single signal by the output hardware

• Outputs exist on all three I/O networks and are output separately to the controlled process. This process may contain external voting hardware.

For normal relay outputs, the three signals feed a voting relay driver, which operates a single relay per signal for critical protective signals. The three signals drive three independent relays, with the relay contacts connected in the typical six-contact voting configuration. I/O Board Channel R I/O Board Channel S I/O Board Channel T Coil

Terminal Board, Relay Outputs

Relay Output I/O Board Channel R I/O Board Channel S Coil

Terminal Board, High Reliability Relay Outputs

Relay Output Relay Driver Relay Driver Coil Coil KR KS KR KS Voted Relay Driver KSKT V

For servo outputs, the three independent current signals drive a three-coil servo actuator, which adds them by magnetic flux summation., as shown in the following figure. Failure of a servo driver is sensed and a deactivating relay contact is closed to short the servo coil.

Servo Driver Servo Driver Servo Driver Channel R Channel S Channel T I/O Boards Output Terminal Board Coils On Servo Valve Hydraulic Servo Valve D/A D/A D/A

TMR Circuit to Combine Three Analog Currents into a Single Output

The following figure shows 4-20 mA signals combined through a 2/3 current sharing circuit that allows the three signals to be voted to one. Failure of a 4-20 mA output is sensed and a deactivating relay contact is opened.

I/O Boards D/A D/A D/A 4-20 mA Driver 4-20 mA Driver 4-20 mA Driver Channel R Channel S Channel T Output Load Current Feedback Output Terminal Board TMR Circuits for Voted 4-20 mA Outputs

Communication Loss

Each output pack monitors the IONet for valid commands from one or two controllers. In the event that a valid command is not received within an expected time the pack declares the communication as being lost. Upon loss of communication the pack action is configurable. The pack can continue to hold the last commanded value indefinitely or it can be commanded to go to a specified output state. The default action is to go to a power-down state, the same as if the power were removed from the pack.

For critical loops, the default action is the only acceptable choice. The other options are provided for non-critical loops, where running liability may be enhanced by an alternate output. Refer to specific pack documentation in GEH-6721 Volume II for additional information.

Input Processing

All inputs are available to all three controllers, but there are several ways that the input data is handled. For input signals existing in only one I/O module, all three controllers use the same value as common input without voting, as shown in the table below. Signals that appear in all three I/O channels may be voted to create a single input value. The triple inputs may come from three independent sensors. They can also be created from a single sensor by hardware fanning at the terminal board.

I/O Topology TMR Dual Simplex

Simplex 1 pack- 1 IONet* Dual 1 pack- 2 IONet

2 pack- 1 IONet

3 pack- 1/1/2 IONet NA TMR Fanned – 3 packs, 1 IONet/pack

Dedicated – 3 packs, IONet/pack

For any of the above input configurations, multiple inputs can be used to provide application redundancy. For example, three Simplex inputs can be used and selected in application code to provide sensor redundancy.

The Mark VIe control provides configuration capability for input selection and voting using a simple, highly reliable and efficient selection/voting/fault detection algorithm to reduce application configuration effort. This maximizes the reliability options for a given set of sensor inputs and provides output voting hardware compatibility. All applicable subsets of reliability options are available on a per terminal board basis for any given Mark VIe topology. For example, in a TMR controller, all simplex and dual option capabilities are also provided.

While each IONet is associated with a specific controller that is responsible for transmitting outputs, all controllers see all IONets. The result is that for a simplex input the data is not only seen by the output owner of the IONet, it is seen in parallel by any other controllers. The benefit of this is that loss of a controller associated with a simplex input does NOT result in the loss of that data. The simplex data continues to arrive at other controllers in the system.

I/O pack IONet

T e rm inal Bo a rd Controller

Simplex - 1 pack - 1 IONet

Term in al B o a rd Controller IONet

I/O pack IONet _Controller

Dual -1 pack- 2 IONet

I/O pack IONet

Te rm in al Bo a rd Controller

I/O pack IONet Controller

Dual - 2 pack- 1 IONet

I/O pack IONet

Term in a l B o ar d _Controller Controller I/O pack I/O pack

I/O pack IONet Te rm in a l B o a rd Controller Controller I/O pack

I/O pack _Controller IONet

IONet

TMR - Fanned – 3 packs, 1 IONet/pack Terminal

Board I/O pack IONet Controller

Controller I/O pack

I/O pack _Controller IONet IONet Terminal Board Terminal Board

TMR - Dedicated – 3 packs, IONet/pack

A single input can be brought to the three controllers without any voting as shown in the following figure. This is used for non-critical, generic I/O, such as monitoring 4-20 mA inputs, contacts, thermocouples, and resistance temperature devices (RTD).

Control System Database Controller IONet

R

S

T

Exchange

SC

Sensor Signal Condition

Field Wiring Terminal Board I/O Pack

A

Alarm Limit Direct Input

One sensor can be fanned to three I/O boards as above for medium-integrity applications. This is used for sensors with medium-to-high reliability. Three such circuits are needed for three sensors. Typical inputs are 4-20 mA inputs, contacts, thermocouples, and RTDs. Control System Database Controller IONet Exchange Sensor Signal Condition

Field Wiring Terminal Board I/O Pack Fanned Input

SC

R

SC

S

SC

T

R

Vote

S

Vote

T

Vote

Voted (A) Voted (A) Voted (A)

A

One Sensor with Fanned Input and Software Voting

Three independent sensors can be brought into the controllers without voting to provide the individual sensor values to the application. Median values can be selected in the controller if required. This configuration, shown in the following figure, is used for special applications only.

SC

R

SC

S

SC

T

MS

R

MS

S

MS

T

Sensors Signal Condi tion Control System Database

Field Wiring Terminal Board

I/O Pack IONet Controller

A

Alarm Limit

B

C

Common Input Median (A,B,C) Median (A,B,C) Median (A,B,C) Median Select Block No Vote A B C A B C A B C A B C A B C A B C Exchange

The following figure shows three sensors, each one fanned and then software implemented fault tolerance (SIFT) voted. This provides a high reliability system for current and contact inputs, and temperature sensors.

SC

R

SC

S

SC

T

R

Vote

S

Vote

T

Vote

Sensors Signal Condition Voter Control System Database

Field Wiring Terminal Board

I/O Pack IONet Controller

A

Alarm Limit

B

C

Fanned Input Same Same Prevote Voted "A" Voted "B" Voted "C" Control Block Voted "B" Voted "C" Control Block Voted "B" Voted "C" Control Block Voted "A" Voted "A" Exchange

Three Sensors, Each One Fanned and Voted, for Medium-to-High Reliability Applications

Highly reliable speed input applications are brought in as dedicated inputs and SIFT voted. The following figure shows this configuration. Inputs such as speed control and overspeed are not fanned so there is a complete separation of inputs with no hardware cross coupling which could propagate a failure. RTDs, thermocouples, contact inputs, and 4-20 mA signals can also be configured this way.

SC

R

SC

S

SC

T

R

Vote

S

Vote

T

Vote

Sensors Signal Condition Control System Database

Field Wiring Terminal Board

I/O Pack IONet Controller

A

Alarm Limit

B

C

Dedicated Input Voted (A,B,C) Voted (A,B,C) Voted (A,B,C) Prevote Voter Exchange

State Exchange

To keep multiple controllers in synchronization, the Mark VIe control efficiently exchanges the necessary state information through the IONet. State information includes calculated values such as timers, counters, integrators, and logic signals such as bi-stable relays, momentary logic with seal-in, and cross-linked relay circuits. State information is voted in TMR controllers and follows the designated controller in dual or faulted TMR systems.

Voting

Voting in the Mark VIe control is separated into analog and logic voting. Additionally, fault detection mechanisms directly choose owned inputs and designated states.

Median Value Analog Voting

The analog signals are converted to a floating-point format by the I/O pack. The voting operation occurs in each of the three controller modules (R, S, and T). Each controller receives a copy of the data from the other two channels. For each voted data point, the controller has three values including its own. The median value voter selects the middle value of the three as the voter output. This is the most likely of the three values to be closest to the true value.

Sensor 1 Sensor 3 Configured TMR Deviation = 30 981 985 978 981 Sensor Input Value Median Selected Value No TMR Diagnostic 910 985 978 TMR Diagnostic on Input 1 1020 985 978 TMR Diagnostic on Input 1 978 985

Sensor Inputs _SelectedMedian

Value Sensor Input Value Median Selected Value Sensor Input Value Median Value Voting Examples

Sensor 2

Median Value Voting Examples with Normal and Bad Inputs

Two Out of Three Logic Voter

Each of the controllers has three copies of the data for the logic voter. Voting is a simple logic process, inputting the three values and finding the two values that agree.

Disagreement Detector

A disagreement detector continuously scans the input prevote input data sets and produces an alarm bit if a disagreement is detected between the three values. Any disagreement between the prevote logical signals generates an alarm. For analog signals, comparisons are made between the voted value and each of the three prevote values. The delta for each value is compared with a user programmable limit value. The limit can be set as required to avoid nuisance alarms, but give indication that one of the prevote values has moved out of normal range. Each controller is required to compare only its prevote value with the voted value; for example, R compares only the R prevote value with the voted value. Nominal, analog voting limits are set at a 5% adjustment range, but can be configured to any number for each analog input.

Note Failure of one of the three voted input circuits has no effect on the controlled

process since the fault is masked by SIFT. Without a disagreement detector, a failure could go unnoticed until second failure occurs

Forcing

The controller has a feature called forcing. This allows the maintenance technician using ToolboxST to set analog or logical variables to forced values. Variables remain at the forced value until unforced. Both compute and input processing respect forcing. Any applied forcing is preserved through power down or reboot of the controller.

Peer I/O

In addition to the data from the I/O modules, there is a class of data coming from other controllers in other cabinets connected through the UDH network. For integrated systems, this network provides a data path between multiple turbine controllers and possibly the controls for the generator, the exciter, or the HRSG/boiler.

Selected signals from the controller database can be mapped into pages of peer outputs that are broadcast periodically on the UDH I/O to peer controllers. For TMR systems, the UDH communicator performs this action using the data from its internal database. In the event of a redundant UDH network failure, the controller will request data over the remaining network, the I/O Net.

Command Action

Using IONet connectivity, the controller copies command traffic from the UDH across all controllers. This provides fault tolerance for dual UDH networks.

Rate of Response

Mark VIe control can run selected control programs at the rate of 100 times per second, (10 ms frame rate) for simplex, dual, and TMR systems. For example, bringing the data from the interface modules to the control module and voting takes 3 ms, running the control program takes 4 ms, and sending the data, back to the interface modules takes 3 ms.

SOF One Frame Time (10 ms)

1 2 3 4 5 6 7 8 9 Vote I/O Module Board Input Input Fast Fast Send Send Background Scatter Read Scale Calc Background Data Set Output Scan Input Scale Calc Write Data

Just in Time to Start Gather Control Module CPU Control Module Voting Control Module Comm I/O Module Comm Start of Frame (SOF)

Background Compute Control Sequence & Blocks Background

State Xchg. Out Prevote Compare Fast R2 Fast R1 State Vote Fast R1 Fast R2 Receive

Turbine Protection

Turbine overspeed protection is available in three levels; control, primary, and emergency. Control protection comes through closed loop speed control using the fuel/steam valves. Primary overspeed protection is provided by the controller. The TTUR terminal board and PTUR I/O pack bring in a shaft speed signal to each controller where the median signal is selected. If the controller determines a trip condition, it sends the trip signal to the TRPG terminal board through the PTUR I/O board. The three PTUR outputs are 2/3 voted in three-relay voting circuit (one for each trip solenoid) and power is removed from the solenoids. The following figure shows the primary and emergency levels of protection.

Terminal Board Controller & PTUR Controller & PTUR Controller & PTUR TRPG Terminal Board SPRO TREG Terminal Board Trip Solenoids (Up to three) Primary Protection Emergency Protection Magnetic Speed Pickups (3 used) Magnetic Speed Pickups (3 used) Softw are Voting Hardware Voting (Relays) Hardware Voting Trip Signal to Servo Terminal Board TSVC R S T R8 S8 T8 High Speed Shaft

High Speed Shaft

High Speed Shaft

High Speed Shaft

High Speed Shaft

High Speed Shaft

R S T (Relays) SPRO SPRO PPRO T8 PPRO S8 PPRO R8

Emergency overspeed protection is provided by the independent triple redundant PPRO protection system shown in the preceding figure. This uses three shaft speed signals from magnetic pickups, one for each protection module. These are brought into SPRO, a terminal board dedicated to the protection system. Each PPRO independently determines when to trip, and the signals are passed to the TREG terminal board. TREG operates in a similar way to TRPG, voting the three trip signals in relay circuits and removing power from the trip solenoids. This system contains no software voting, making the three PPRO modules completely

independent. The only link between PPRO and the other parts of the control system is the IONet cable, which transmits status information.

Additional protection for simplex systems is provided by the protection module through the Servo Terminal Board, TSVC. Plug J1 on TREG is wired to plug JD1 on TSVC, and if this is energized, relay K1 disconnects the servo output current and applies a bias to force the control valve closed.

Redundancy Options

The Mark VIe control provides scaleable levels of redundancy. The basic system is a single (simplex) controller with simplex I/O and one network. The dual system has two controllers, singular or fanned TMR I/O and dual networks, which provides added reliability and online repair options. The TMR system has three controllers, singular or fanned TMR I/O, three networks, and state voting between controllers providing the maximum fault detection and availability.

Simplex Controller

The simplex control architecture contains one controller connected to an Ethernet interface through the Ethernet network (IONet). No redundancy is provided and no online repair of critical functions is available. Online replacement of non-critical I/O (that where the loss of the I/O does not stop the process) is possible.

Each I/O pack delivers an input packet at the beginning of the frame on its primary network. The controller sees the inputs from all I/O packs, performs application code, and delivers a broadcast output packet(s) containing the outputs for all I/O modules. The following diagram shows typical simplex controller architecture.

I/O Modules I/O Network Controller PS Bl a n k F a c e P la te Fan Tray Bl a n k F a c e P la te CP C I PS Bl a n k F a c e P la te T B T B T B R R IONet UDH