Elder MatiasCanadian Light Source

University of Saskatchewan

Control System Development

Where is Saskatoon?

The CLS

170.88 m circumference 2.9 GeV DBA lattice with 12-fold periodNominal Tune:

x = 10.22 y = 3.26

Eloss per turn: > 0.876 MeVBend magnet radiation:

c = 1.6 Å Ec = 7.6 keV

x = 18.1 nm•radDamping times:

x = 2.4 ms, y = 3.8 ms, E = 2.7 ms~10 mm bunch length

Staff LevelsArea Initial Build Project 2000-2003

(7 beamlines)Current + 2008 hires(13 beamlines + 6 more funded)

Management 1 1

Instrument Develop + FPGA 1 2

System Design 1 2

EPICS Apps/Data Acquisition 2 6 ½

Web Services - 3 ½

System Admin - 1

PLC (Safety Systems) 1 1

PLCs ½ 1

Instrument Tech 1 2

RF Techs 2 3

Electrical Techs 1 3

Electronics/PS Techs 2 3

Excludes students. Excludes conventional IT, and AC Electrical Services Engineering in ICT of ETS groups.

Collaborate and Reuse

• Internal Collaboration/Reuse– Standardize equipment where it does not impact

scientific capability to reduce development and maintenance time

– Standardize Design Approach, Toolkits and Methods across beamlines and accelerator

– Common toolkit and tools across all projects

• External Collaboration/Reuse– Based on analysis of requirements versus

available systems

e.g., EPICS, RTEMS, IRMIS, ScienceStudio

Design Package

• A Design Package Includes:– PFD Drawings used by Mechanical Engineering

to capture system layout and critical parameters, e.g., water flow rates etc.

– P&ID Drawings used by Controls to define the inputs and outputs of the system and basic relationships• Partially based on American Instrumentation Society

– Wiring diagrams– Requirements Document (Developed as required)

– PLC and EPICS Software

Drawings

• All Drawings have a unique drawing number

• AutoCAD, Inventor, Eagle, Visio

• Draft Drawings have letter numbering

• Approved Drawings Alpha Numbering

• Drawings Review and Approval Process

• Sketches have Sketch numbers

• As-built captured on master print

• Master print in control room, updated by CAD as time permits

PID Example

PID Example

Change Control (Major Changes)

• Major Changes handled through ECR/ECO Process• Minor changes handled through MKS Integrity database

Change Control (Minor Changes)

• Central Database

• MKS IntegrityMKS Source– Includes source control– Web and IDE Based

• Implements the concept of “Sandboxes” and “Change Packages”

• Exploring options for using:– MKS Requirements – MKS Deploy

Sample Problem Report

Sample Change Package

Design for Maintainability

• Design systems for the long term

• Phase out and replace older equipment whenchanging standards

• Examples– Replacing 68360 IOC

with Moxa IOCs– Linac upgrade– PS upgrade

System Engineering ProcessConceptual Design

Preliminary Design

Detailed Design

In-house Outsource Technical Specification

Request for QuoteRequest for Proposal

Design Review

Design Review

Design Review

Installation

Commissioning

Conventional Software EngineeringUsed for Web Services Projects

Con

tent

Time

Slide prepared by IBM for CLS CANARIE Project

Comparison with the Unified Process?

Inception Elaboration Construction Transition

Requirements Analysis Design Implementation Test

Unified Process

Core Workflows In Each Phase

- Establish Feasibility- Establish Business/Scientific Case- Capture Essential Requirements- Identify Critical Risks- Establish initial budget & schedule

Deliverables (as required):- Project Plan- Risk Assessment- Initial Requirements (10-20%)

Requirements: - Refine System ScopeAnalysis: - Establish what to buildDesign:- Create an ArchitectureImplementation- Build an architecture baseline- Build any prototypesTest- Test the architecture baseline- Test any prototypes

Deliverables (as required):- PID Drawings- Wiring Diagrams- Updated Requirements Document- System breakdown

Requirements: - Uncover missing requirementsAnalysis: - Finish the analyis Design:- Finish detailed designImplementation- Build and install the systemTest:- Test and ring-out the system

Deliverables (as required):- Running System

- Correct any defected- Provide support for commissioning - Prepare final documentation

Deliverables (as required):- Final documentation- Working system

CLSI System (Beamline) Engineering Process

ProposalConceptual

DesignPreliminary

DesignDetailedDesign

Build Commissioning

Safety Critical Software

• Applications:– lockup system (ACIS)– Oxygen monitoring– BMIT human studies (under development)

• IEC 61508 – SIL 3 based system• Subject to CNSC Approval• Siemens S7/400 F• Redundant Second Chain• Fail-safe design• Independent Verification• ALARP Hazard Analysis

Hazard Analysis

Risk Class I

Risk Class II

Risk Class IV

Risk Class III

Risk cannot betolerated except in extraordinary circumstances.

Tolerable only if further risk reduction is impractical or if the cost is grossly disproportionate to the improvement gain.

It is not necessary to maintain assurance the risk remains at this level.

As the risk is reduced, the less, proportionately, it is required to spend to reduce it further to satisfy ALARP. The concept of diminishing proportion is shown in the triangle. Based on IEC 61508-5 and IEC 1564

Frequency Consequence Risk Classification

Initial Risk Probable Catastrophic I Residual Risk Incredible Catastrophic II

No. Constraint/Requirement Allocation

AM 4.1.1.a A lockup (search) procedure shall be developed requiring trained personnel or users to inspect the hutch prior to beam operation.

Procedure

AM 4.1.1.b The procedure shall define a specific configuration of the hutch perimeter doors prior to, during and after the inspection and the inspector is to follow a prescribed search patch. These controls are in place to ensure that on one may enter behind the inspector un-noticed.

Procedure

1.Hutch is not Searched and Secured Prior to Beam OperationAnalysis: The level of radiation present in a beamline hutch when the safety shutters are open is of a potentially lethal level and can not be easily detected by a worker in the hutch, it is conceivable that multiple workers could be harmed. To mitigate this hazard it is necessary to introduce an E/E/PE system (called the Access Control and Interlock System (ACIS)) that requires each hutch to be search and secured prior to beam operation through a lockup sequence.

Mitigation:

The End