Hybrid industrial plants are found in many sectors including food, beverage, pharmaceutical, and specialty chemical. Hybrid plants have two distinct types of operations: process and discrete.
Process operations include mixing, distilling, cooking, and other activities. These operations are monitored and controlled based on variables such as flow, temperature, pressure, and level. This is the world of process control, formally the domain of distributed control systems (DCSs), but now also inhabited by PLCs.
Discrete operations in a hybrid plant include tasks such as packaging, product movement, and air compression. These discrete operations typically are controlled and monitored by machines based on parameters such as presence, motion, and speed. Machines typically have been controlled by PLCs and custom-built controllers. Many machines also use PC-based control systems.
The similarities give hope that a hybrid plant can use one digital network for control and safety. The differences so far have kept this from being a reality—most hybrid plants feature multiple digital networks for process control, process safety, machine control, and machine safety.
But progress is being made and there is hope that hybrid plants can reduce the number of digital networks, perhaps someday to the ultimate end point of one network. Let’s first see what’s different.
Machine Shutdown Is Simple
Differences between process and machine control caused digital network standards to be created for each. Chief among them is that machine safety systems have simpler shutdown and recovery requirements.
When something goes wrong with a machine, usually it’s sufficient to shut down the entire machine immediately. Recovery typically consists of locating the fault, correcting the problem that caused the fault, and restarting the machine.
Because of simple shutdown requirements, many machine safety systems only require a few discrete contact inputs hardwired in series to a safety relay that stops machine operation.
Similarities Between Process and Machine Control Systems and Digital Networks
|
Both must:
|
Machine digital safety networks are useful when many events can activate a safety shutdown, as with machines made by Bosch Doboy. “Our machine safety networks must accommodate up to 17 guard switches and be easy to troubleshoot to a device level using normal tools and not a PC,” says Keenan Stahl, principal software engineer at Bosch Doboy, New Richmond, Wis., maker of packaging machines and product-handling equipment for food, pharmaceuticals, paper products, and other industries.
In cases such as Bosch Doboy’s and in other machine control applications, digital safety networks reduce the amount of wiring, speed diagnostics, and allow safety-related inputs to be easily added.
Process Shutdown Is Complex
Unlike machine safety systems, process safety systems often have very complex shutdown procedures. Different events trigger different shutdown sequences, and many sequences must proceed in a prescribed fashion to keep essential parts of the process running.
For example, overheating in a nuclear reactor often requires shutdown or at least slowdown of the nuclear reaction. But it would be disastrous to also shut down the pumps that provide cooling water to the reactor.
Dave Goodman, project manager at Cambrex Pharma, Charles City, Iowa, has another example of the complexity of process safety systems. “A high-speed compressor used for pressure control of a distillation system will need automatic shutdown systems based not only on its own health, but also on the current operating conditions of the distillation column,” says Goodman.
Process safety shutdown requirements are complex, and recovery from a shutdown also can be difficult if it doesn’t proceed according to plan. An extrusion machine process is a good example of a system that needs an orderly slowdown or shutdown to minimize recovery time.
Extruders heat and melt plastic with shearing forces and with heaters. If the extruder overheats, three courses of action can be taken. First, the extruder motor can be slowed or shut down to reduce heat from shear. Second, the heaters can be shut down or their heat output can be reduced. Third, the extruder cooling system can be activated.
A simple and safe extruder overheating shutdown would turn off the motor, turn off the heaters, and fully activate the cooling system. Unfortunately, this would cause the plastic in the extruder barrel to harden. In many cases recovery would mean taking the extruder apart and chipping out the hardened plastic. A better system would resort to the above shutdown sequence only after exhausting all other avenues for cooling the extruder.
Tight integration between process control and process safety has driven some vendors to a closed-system when it comes to digital networks. “A supplier of a process safety-shutdown system often will jealously guard access to their network by other devices,” says Harry Forbes, analyst with the ARC Advisory Group.
Lack of Speed Kills
Another key difference between process and machine control systems is the need for speed. Put simply, machines are fast and processes are slow.
A great example of a fast machine control and safety system can be seen with a hot dog demo that National Instruments has in its trade show booths. A hot dog is pushed up against a rapidly rotating saw blade. The control system uses presence sensing to shut down the blade so quickly that the hot dog is barely nicked. Damage is so minimal that you (almost) might be tempted to use your finger to stop the blade.
The process safety system for MRL Industries’ stack diffusion furnace must fail safe not only for a loss of electricity, but also for loss of gas, water, or pressure since removal of any of these inputs can cause a hazardous situation.
Courtesy of MRL
Processes don’t act as fast as a hot dog or finger contacting rotating machinery, and so their safety systems can also react slower. Pressures, temperatures, levels, and flows typically change relatively slowly. The control system has time to read the conditions, consider alternative actions, and react. The results of the control system reaction can be observed, and the control system can take action as dictated by process measurements. Shutdown can be a last resort instead of an immediate action.
Speed requirements and limitations often drive design decisions and digital network selection. “I have yet to see a network that has limitless capability,” observes Goodman. “Given this, some machine-safety networks will require critical parameter monitoring on high-speed networks. For process-safety networks, I always want to limit the amount of critical information passed between subsystem and host. The network might be able to handle more information, but the user must be able to understand and react to the information.”
Another key difference between process and machine safety systems is articulated by Dave Selbee, a senior design engineer for process control with MRL Industries, Sonora, Calif. MRL makes semiconductor diffusion furnaces and industrial conveyor furnaces (Figure 1). “Process safety systems must fail safe not only for a loss of electricity, as is the case with a machine, but often also for loss of gas, water, or pressure since removal of any of these inputs can cause a hazardous situation.”
Requirements Drive Networks
Differences between process and machine control systems and digital networks
|
Machine control systems mostly look at discrete on/off variables, but many have a few key analog variables to be monitored and controlled. Digital networks used in machines must be fast, and interaction between control and safety is limited.
Digital networks for machines have evolved to fit these requirements. These networks are high-speed and carry limited amounts of data. Many machines have separate control and safety networks, and in many cases the safety “network” is hardwiring.
Such is the case with GL&V, Lenox, Mass., manufacturer of paper machinery. “Our safety networks still are hardwired because we believe it is the best safety ‘network’ as it works with every brand of controller,” says Volker Klocke, GL&V’s project manager for software and HMI Systems. “It sometimes seems manufacturers use safety networks to lock you into their products, but as an OEM we’re often bound to the requests of our customers regarding the machine controller. We can’t change safety networks every time we change the controller. Every safety network change brings some risk with it and, especially in the area of safety systems, risk should be at a minimum.”
Limited required interaction between control and safety convinces many machine builders to use a digital network for control and hardwiring for safety. The only connection between the two control systems often is a contact output from the safety relay to the main controller. Even when a separate safety network is employed, communication between the two networks often is limited.
The main reasons for using one network for machine control and safety are less wiring, better diagnostics, and more flexibility when making changes. Close coupling and constant interaction between the control and the safety system are not big factors driving integration of machine control and safety networks.
Another key difference between process safety and machine safety is certifications. Some networks are certified for process safety, others for machine safety, and few for both.
Custom PC-based control systems often used on machines are not addressed by certification. “Certified safety networks I’m aware of require a safety-certified PLC, and we don’t use a PLC,” reports John Klauser, principal electrical engineer, Speedline Technologies, Franklin, Mass., manufacturer of surface-mount assembly equipment (Figure 2).
“Our machine control, including vision and safety, is performed by a PC on Windows XP,” says Klauser. “We want one network for control and safety, but until a certified safety network meets these criteria, we will use home-grown safety approaches. Recognizing that our approach might not satisfy strict interpretation of the codes, we use heartbeat monitoring of the nodes and double or triple redundancy where necessary.”
Process Safety Networks
Compared to machine control and safety networks, process control and safety networks are quite different. Most every process control system monitors and controls some discrete on/off parameters, but control of analog variables is the heart of process control.
Digital networks for process control don’t need to be fast, but they need to carry lots of analog data. Interaction between control and safety systems is extensive. Unlike discrete components, the analog transmitters used extensively in process control often are calibrated via a digital network, adding yet more data-intensive traffic.
Digital networks for process control and safety fit these requirements. These networks are relatively low-speed and carry large amounts of data. Extensive interaction is required between process control and safety systems such that it can be difficult to distinguish where one stops and where the other starts.
Process control operations have the same reasons as machine control systems for using digital networks, including less wiring, better diagnostics, and more flexibility. They also have a further need for tight integration between control and safety systems, driving a quest for one digital network for process control and process safety.
Similarities Give Hope
Similarities in process and discrete requirements provide hope that one digital network someday can be used for control and safety.
The obvious similarities are reliability and guaranteed speed. Machine control speed requirements are more stringent, but if the network is fast enough for the machine, it will be fast enough for the process.
Both process and machine control systems and networks must provide diagnostics, but the diagnostics required for process control are more demanding. This, in large part, is because analog transmitters and continuously variable outputs are inherently more complex than on/off discrete inputs and outputs. Calibration of analog transmitters also burdens both the control system and the network.
For data handling, process control needs are more demanding. But if the network can transmit sufficient amounts of data for process control, then it will be more than sufficient for machine control.
Speedline Technologies wants to use one network for control and safety, but until a certified network exists for both, it uses home-grown safety approaches for its stencil printers.
Courtesy of Speedline
Flexibility is a common need for both process and machine control and safety systems, and modern digital control systems and digital networks accommodate this need. It usually is easy to add another input or another output to a digital network, especially compared to the onerous tasks of running new wiring as required with a hardwired system.
Many end users believe similarities between machine and process safety networks outweigh differences. “There is no reason why machine and process safety networks should be separate,” argues Brian Stephens, principal engineer at Goodyear Tie & Rubber Co., Akron, Ohio. “Process safety shutdowns are based on analog signals for pressure or temperature. Machine safety networks monitor discrete inputs such as light curtains, e-stop pushbuttons, and safety mats. The safety network must provide bandwidth and throughput to support both types of data transfers.”
If one network is used for process and machine control, machine control needs will drive speed requirements to a level faster than that required for process control. The same network also will have to be more data intensive than needed for machine control in order to accommodate process control needs. This sounds expensive and it is, and that is perhaps a key reason why we still have multiple networks for process and machine control and safety systems.
Can Ethernet Drive Commonality?
There are many players in process safety and control networks. There also are many players in machine safety and control networks. Most of these players concentrate on what they know best, either process or discrete, usually not both.
But at least two network organizations support both process and machine control. Profibus International (PI) supports Profibus, Profinet, ProfiSafe, and related digital networks. ODVA supports DeviceNet, EtherNet/IP, and related digital networks.
ProfiSafe can be used for both machine control and machine safety. “We use Siemens hardware with ProfiSafe to combine safety and control on one network in order to save cost and ease troubleshooting,” says Chris Cote, manager of R&D electrical engineering at Goss International Americas (www.gossinternational.com), Durham, N.H. Goss makes web offset printing presses and post-press finishing equipment (Figure 3).
Goss International manufactures printing presses as well as post press finishing equipment. It uses ProfiSafe to combine safety and control on one network to save costs and ease troubleshooting.
Courtesy of GOSS International
ProfiSafe can accommodate both machine control and safety on one network. “ProfiSafe covers discrete I/O typically used in machines as well as process instruments and drives,” claims Carl Henning, deputy director of Profibus Trade Organization, the North American arm of PI. “ProfiSafe runs seamlessly across Profibus and ProfiNet and also integrates AS-i Safe. Because ProfiNet is standard Ethernet, ProfiSafe also works over wireless 802.11 networks. While ProfiSafe is designed to run on the same bus as standard devices, it also can be run as a separate safety bus. Either way, the advantage is having one set of tools for both standard and safety buses.”
Different requirements for machine and process safety networks does not mean that one network cannot satisfy both needs, suggests Henning. “The difference in response times is a big factor, as process safety requires response times of 100 msec to 1 sec while machine safety reaction times must be in the range of 5 to 150 msec,” he says. “Different international standards also must be adhered to: IEC 61511 for process, and IEC 61508 and 62061 for machine safety. NFPA-79 also applies to U.S. machine safety. ”
The ODVA organization promotes DeviceNet and EtherNet/IP, and Rockwell Automation is one of its leading supporters. “Rockwell Automation’s open network architecture includes DeviceNet, ControlNet and EtherNet/IP networks,” reports Dan Hornbeck, safety market development manager at Rockwell Automation. “All three networks support a common language called the Common Industrial Protocol (CIP). CIP provides a set of common services for control, configuration, and sharing across all of the CIP wired and wireless networks. Network extensions CIP Safety, CIP Sync, and CIP Motion provide the means to integrate networks for safety, synchronization, and motion into the wider enterprise network topology.”
It’s likely that the digital networks for process and discrete control and safety will continue to incorporate some Ethernet technology as have ProfiNet and EtherNet/IP. Ethernet will continue to increase its capabilities by becoming faster, by getting cheaper, and by adding options like Power over Ethernet. This could make it the logical choice as a do-all network.
