11

Survivable Computing Environment

to Support Distributed

Autonomic AutomationDr. Andrés Lebaudy, Mr. Brian

Callahan, CDR Joseph B. Famme USN (ret)

ASNE Controls SymposiumBiloxi, MS

December 10-11, 2007

2 2

Damage Control Requirements

Naval studies show that ships are seldom lost to primary damage (direct blast effects) but the result of secondary damage: the progressive spreading of fire and flooding into surrounding areas

Key Challenge is to Increase Control System Survivability & Decrease Casualty Response Time Past experience has demonstrated that when

engineering casualties or damage occurs a human is too slow and vulnerable, and requires enormous logistical and medical support

Distributed, Survivable Autonomic Processing Contributes to Reduced Response Time

3 3

Learning from Experience

44

ONR Multi-level Control Integration

Engineering

Propulsion

Mission Control LayerSituational Awareness

Operator Interfaces

Autonomous System Layer

System Coordination Layer

Situational Awareness

Decision Aids ---- Systems Interactions

SignaturesElectrical

Survivability

HM & DC

WAN

WAN

Defining the Requirements for Survivable Computing

5

What is a Smart Valve?

Smart Valves sense or infer valve and fluid parameters

valve (actuator) position fluid flow rate upstream and downstream fluid pressure fluid temperature*

Embedded, programmable microprocessor-based controller

controls valve actuator filters sensor data estimates flow rate perform valve actuator diagnostics can be programmed to be “intelligent”

Communication interface interface with device- or field-level

network send/receive information to/from other

devices on the network send/receive information and commands

to/from next highest control system tier

Manual Operator

E lectric Actuator

Em bedded Controller

(Networkable)

Downstream

Pressure Tap

Upstream

Pressure Tap

Courtesy of Tyco International Ltd.

6

Smart Valve Applications

M M

M M

A/C Plantriser/returnCWS-V1

(closed) CWS-V2

CWR-V1(closed) CWR-V2

M

M

CWS-V3

CWR-V3

pipe rupture

rupturepath

rupturepath

Method 1: Hydraulic Resistance

M M

M M

supply todead-end vital

branch

CWS-V1 CWS-V2

CWR-V1 CWR-V2

zoneboundary

Q 1

Q 2

Q 3

Q 4

Method 2: Flow Inventory

Requires only pre-hit communication

Each valve independently determines

whether it lies along the rupture path

Valves initiate a closure sequence

after pre-configured time delay

Activates only when pressure and

flow conditions are abnormal

Requires full or partial communication

between adjacent smart valves

Neighboring smart valves calculate flow

balance

Rupture detected when flow into the zone is

not equal to flow out of the zone

Valves operate to isolate zone

Allows for estimating rupture or leak size

Number of branches and uncertainties in

individual flow estimates determines “size”

of rupture that can be reliably detected

77

DDG 1000 Fire Suppression

88

Live Fire Test of “SmartValve” Technology & Autonomic Fire

Suppression System

• AFSS EDM successfully responded to all of the live-fire test scenarios (Shadwell 2002)

• Follow-up testing of an AFSS prototype was demonstrated successfully during a Weapons Effects Test (WET) on ex-USS Peterson (Peterson 2003).

99

PAC Component Modular Design

In ter-M oduleO -R ing

E nd C ap

E nd C apO -R ing

S hock M ountingFoot

Fu ll-S ize M odu leE nclosure

E nd C ap

E nd C apO -R ing

H alf-S ize M odu leE nclosure

H alf-S ize C overand A ctive B oard

W ater-T igh tC able G lands

Full-S ize C overand A ctive B oard

C over M ountingS crews

H alf-S izeC onnection B oard

Full-S izeC onnection B oard

•Multi-domain functionality-including logic, motion, and process control-on a single very flexible and highly configurable platform.

•Mil Qualified Shock, Moisture …

1010

Multi-level Mil-spec Control Modules

•Computational and storage resources that grow with application demands

• Resistant to component failures by distributing the processing load

1111

Next Generation Control Software

• Survivable, reconfigurable third-generation graphical design tool

•Windows-based software package that relies on intuitive drag-and-drop, undo-redo, and cut-copy-paste functionality

1212

Next Generation Graphical Design Environment

• Comprehensive set of field-proven function blocks

•state-diagramming features allow design engineers to define operational states

1313

Field-proven function blocks

1. Controller Blocks (e.g., PID controller, lead-lag controller)2. Signal Conditioning Functions (e.g., characterizer, rate limiter, track

& hold)3. Signal Comparator Blocks (e.g., high/low alarm, equality,

thresholding)4. Mathematical Operators (e.g., addition, natural log, exponent, sine)5. Logic Functions (e.g., NAND gate, XOR gate, RS flip flop)6. General Purpose Operators (e.g., timer, ramp profile, multiplexer,

A/B switch)7. Hardware Access (e.g., analog input, barograph display,

pushbutton)8. Networking Operators (e.g., broadcast, receiver, parameter

synchronization)9. Diagnostic Operators (e.g., data recorder, hardware status monitor)10.Text Manipulation (e.g. string constants, concatenation, left, right,

etc.)

Examples:

1414

Fleet Modernization INSTALLATION EXAMPLES

Naval Surface Warfare Center (NSWC) in Philadelphia to accomplish Ship Alteration 480D for the following ships: USS Boone, USS McInerny (FFG 8), USS Gary (FFG 51), and USS Vandergrift (FFG 48). To regulate the cooling of the four SSDGs, as well

as the SSDG waste heat temperature, the fuel temperature in two sets of oil service and

transfer heaters, the hot water tank temperature, and the start-air-mixer air temperature.

The PACs also control the main engine lube oil purifier, cooler, and service pressure loops.

1515

Weight and Cost Savings - Table

Design Element for 20,000 Point

Engineering Control System

Conventional Data Acquisition Unit Design

(DAU)

Survivable Distributed Design: Process Closest to

Machinery

Enclosure Size including mounts

24”x24”x14” 24”x11”x6.5” small or “mini” PACs

Points Density 160 max. Assume 100 36 max. Assume 25

Enclosure WT w/ mounts

140 lbs 16 lbs

No. I/O Drops 200 800

Volume per Drop 1,067 ft3 571 ft3

Weight / Drop 18,000 lbs 12,800 lbs

Cable WT 53,800 lbs 17,000 lbs

Cost Est./Drop $25,000 $4,500

Total Cost $5.0 M $3.6M

Est. Weight Savings CVN-21

42,000 lbs > 18 tons, or 1.4 times the weight of one F/A-18F

16

Distributed I/O Processing Saves Cable Cost

• Enclosureless Mini-RTU/DAU• Highly distributed, located in close

proximity to machinery - Reduced Cable Cost

• Wired or secure wireless communications

• Topologies supported: Ring, Bus, Star, Mesh

• Interface to smart sensors 1451.4 and 1451.5

• DDS Publish / Subscribe• Industrial Communications• Network Gateways• Legacy I/O

Machinery Control SystemHMI & Processors

Chameleon PAC Can Interface With Any Control System

TSCE Network

TSCE Network

Copper/Fiber 10/100MBpsEthernet Ring with DDSCommunications

4-20mA

0-5V

RTD

LonTalk

4-20mA

ProfiBUS

1451.4

Ethernet/IP

1451.4

1451.4

RTD PWM

1451.5 /ZigBee

S e c u re

8 0 2 .1 1 a / b / g

Secure Bluetoothor 802.11 a/b/g

RPM

Temperature

Vibration

Pressure

S e c u r e

T S C E L i n k

17

Compare Conventional Wiring to Distributed Process Wiring

ConventionalCompartment

I/O Drop

Machinery

DistributedCompartment

I/O Drop

DistributedSavings:• Installation Costs• Weight MIL-SPEC

RTUs

Machinery

TSCE

DistributedCompartment

I/O Drop

Ethernet etc.

1818

CONCLUSIONS New Shp Classes will be able to employ

Decentralized Ship System Architectures with Distribute Control Systems in order to Improve Rapid System Recovery / Ship Survivability and Fight Through Capability

Survivability is Achieved through Computational and Process Electronics Protection Provided by Hardware, Hardware Architectures / Control Software that is Mil-Spec and Locally Reconfigurable

Using Control Hardware that has been Tested to Highest Level of Survivability to Reduce Vulnerability to Damage and Ensure No Critical Single Points of Vital System Failure

This solution Supports Reduced Crew Size, Lowers the Weight of Wire, and the Cost to Install Control Systems thus Improving Ship Production.

Proposed solutions are Technical Readiness Levels 7, 8 & 9.