status of iter collaboration for machine protection i. romera on behalf of the colleagues who...
TRANSCRIPT
Status of ITER collaborationfor Machine Protection
I. Romera
On behalf of the colleagues who contribute to the project
Thanks to: Sigrid, Markus, Rüdiger, Manuel, Jonathan et all…
Outline
Introduction
Magnet Powering Layout
Current activities ongoing
Next milestones
FactsQ ≥ 10 (500 MW)840m3 of plasma
150M °C23000 Tons
12.8 Billion Euros34 nations
ITER Tokamak
CERN-ITER agreement
Agreement nº 7 of 2007 cooperation between ITER and CERN
4 tasks:
Consultancy for the set up of a MPWG
Definition of overall architecture of Machine Protection and Central Interlock System
Specifications for the fault scenario simulations
Definition of tools for diagnostics
Outline
Introduction
Magnet Powering Layout
Current activities ongoing
Next steps
Magnet Powering Layout
Toroidal Field coils
Plasma confinement
18 coils / 1 circuit Stored energy = 41 GJ Nominal current = 68 kA
Magnet Powering Layout
Poloidal Field coils
Keep plasma away from walls
6 coils / 6 circuits Stored energy = 4 GJ Nominal current = 48 kA
Magnet Powering Layout
Central Solenoid coils
Induce plasma current by changing current in the CS
6 coils / 5 circuits Stored energy = 6 GJ Nominal current = 45 kA
Magnet Powering Layout
Corrector coils
Compensation of errors in confining magnetic field
18 coils / 9 circuits Stored energy = 2 GJ Nominal current = 10 kA
Magnet powering layout
CS3U
CS2U
CS1U
CS1L
CS2L
CS3L
PF1
PF6
PF2
PF3
PF4
PF5
CCU1
CCU2
CCU3TF
PF1 PS
CS3U PS
CS2U PS
CS1U PS
CS1L PS
CS2L PS
CS3L PS
PF6 PS
TF PS
PF2 PS
PF3 PS
VS PS
PF4 PS
PF5 PS
9 FDUs
SNU FDU
SNU FDU
SNU FDU
SNU FDU
SNU FDU
SNU FDU
SNU FDU
SNU FDU
FDU
FDU
FDU
FDU
CSU1 PSPMS
CSU2 PS
CSU3 PS
CCL1
CCL2
CCL3
CSL1 PS
CSL2 PS
CSL3 PS
CCS1
CCS2
CCS3
CSS1 PS
CSS2 PS
CSS3 PS
PMS
PMS
PMS
PMS
PMS
PMS
PMS
PMS
PMS
PMS
PMS
PMS
PMS
PMS
PMS
PMS
PMS
PMS
PMS
PMS
PMS
TF
PF1
PF2
PF3
PF4
PF5
PF6
CS3U
CS2U
CS1U
CS1L
CS3L
CS3L
CCU
CCS
CCL
Outline
Introduction
Magnet Powering Layout
Current activities ongoing
Next steps
Functional specification of necessary logic in CIS for magnet powering protection
3 levels of protection: Circuit level Family level Global level
Defining dependability level for each IPF
Includes fault tree representations of IPF
Activities ongoing – IPF
Activities ongoing – IPF
Circuit level IPF
CF-QFCP A Quench in any circuit has to result in: Opening of all FDUs:
o Case of the Toroidal Field Circuit at least 7oo9o No action (no FDUs) in the case of Corrector Coils
Fast Power Abort of the corresponding Power Converter Fast Discharge Request detected by PC, CIS and FDUs Inhibit Start of Powering/next plasma discharge Inform PCS to start Plasma ramp down/disruption mitigation
A FDU spurious opening in any circuit (no action in case of Corrector Coil circuits) result in the same procedure as above.A CIS Fast Discharge Request has to result in the same actions as in the case of Quench.A Power Converter Fast Discharge Request has to result in the same actions as in the case of Quench
RequiredSIL level
SIL 3 equivalent. Direct hardwired loop, daisy chaining all involved user systems (quench loop)
Activities ongoing – IPF
Family level IPF
CF-QFCP A Quench in any circuit of a family has to result in: Opening of all FDUs for the family of circuits considering:
o No action (no FDUs) in the case of Corrector Coils Fast Power Abort of the Power Converters for all circuits of
the corresponding family Fast Discharge Request detected by PC, CIS and FDUs Inhibit Start of Powering/next plasma discharge Inform PCS to start Plasma ramp down/disruption mitigation
A FDU spurious opening in any family of circuits (no action in case of Corrector Coil circuits) result in the same procedure as above.A CIS Fast Discharge Request has to result in the same actions as in the case of Quench.A Power Converter Fast Discharge Request has to result in the same actions as in the case of Quench
Required SIL level
SIL 2 equivalent. ‘Configurable’ function implemented in Safety PLC and probably additional redundant HW module.
Activities ongoing – IPF
Global level IPF
GF-CR2 A less critical failure in the Cryogenics system due to a for instance an unbalanced coil cool down distribution implies: Inhibit Start for all the circuits of all families Slow Abort of the Power Converters for all circuits of all
families Inform PCS to start Plasma ramp down/disruption
mitigationRequired SIL level
SIL 2 equivalent. Hardware signal exchange with safety PLC I/O
Functional specification of signal exchange between clients
Dependability requirements for different signals types
Transmission type and architecture
Electrical properties of interfaces and connections (interface box, safety PLC I/O)
Activities ongoing – Hardware interfaces
Activities ongoing – Hardware interfaces
Fast discharges in magnet coils limited to ~50 during ITER life (real+false)
To ensure investment protection, CIS design must not only account for high level of safety, but also for high availability (to limit mechanical stress)
Studies confirmed 2oo3 architecture as the best candidate to meet dependability requirements
Activities ongoing – Dependability studies
Courtesy of S.Wagner
2oo3 2oo3
1oo2
2oo3
2oo2
2oo3
1oo3
2oo3
2oo3
2oo3
3oo3
A B1 B2 C1 C2 C3
2oo3
C0
2oo3
B0
Quench Loop
Interface (voting fault-free)
Interface with loop components (voting fault-free)
Activities ongoing – Dependability studies
Interface with voting component
Courtesy of S.Wagner
Interface with redundant voting component
Series of quantitative studies performed on architecture of
Quench Loop
Interface with fault-free voting
Interface with voting component prone to failures (with and without redundancy)
Interface with voting logic
Activities ongoing – Dependability studies
Courtesy of S.Wagner
Interface with voting logic
A. Apollonio
Series of quantitative studies performed on architecture of
Quench Loop
Interface with fault-free voting
Interface with voting component prone to failures (with and without redundancy)
Interface with voting logic
Activities ongoing – Dependability studies
Courtesy of S.Wagner
Availability Safety
2oo3 is the best compromise for availability and safety, but…
it is only efficient if does not stop at the level of the CIS, but …
Quench Loop
Activities ongoing – Dependability studies
Courtesy of S.Wagner
Interface
A_ B1_ B2_ C1_ C2_ C3_ B0 CO_
Mission completed B7 7.95E-01 7.40E-01 8.50E-01 6.89E-01 8.42E-01 8.54E-01 7.40E-01 8.24E-01
Emergency success B5A 1.28E-01 1.25E-01 1.32E-01 1.20E-01 1.33E-01 1.32E-01 1.24E-01 1.32E-01
False success B5B 7.62E-02 1.36E-01 1.68E-02 1.91E-01 2.48E-02 1.28E-02 7.68E-02 4.44E-02
Emergency missed B6A 4.62E-04 7.96E-06 9.16E-04 5.69E-061.25E-05 1.37E-03 4.09E-04 2.31E-05
False missed B6B 5.87E-02
2oo3 2oo3
1oo2
2oo3
2oo2
2oo3
1oo3
2oo3
2oo3
2oo3
3oo3
A B1 B2 C1 C2 C3
2oo3
C0
2oo3
B0
Availability
Safety
… continued to the client system.
Several proposals based on PLC S7-400 series:
Redundant configuration: S7-400H + 2oo3
Redundant + Safety configuration: S7-400FH + 2oo3
Performance analysis on periphery based on:
Response times MTBF figures from SIEMENS catalogue
Results shown: F modules ~3 times slower than
standard F modules ~3 to 5 times more likely to
fail than standard
Activities ongoing – Interlock prototype
Courtesy of M. Zaera-Sanz
INTER
FAC
E 2
..10
INTER
FAC
E 1
INTER
FAC
E 1
1
Provides unique interface to the Quench Loop with required dependability
Remote test facility Simplified test and
commissioning Unique version common to all
clients Based on CIBU design
Activities ongoing – Interface box
Courtesy of J. Burdalo-Gil
Next milestones
First version of PLC program, implementing local and global IPFs
Performance measurements for realistic configuration
Functional verification of prototype
Remote diagnostics for user interfaces
Experimental setup being built in China with current leads QD
Next milestones
Thanks for your attention
Parameters of electrical circuits
Fault tree representations
QUENCH / FDU Spurious Opening/ CIS Fast Discharge Request / Power Converter Fast Discharge Request in any circuit has to result in the opening of all FDUs and a Fast Discharge of the corresponding power converter
CF-QFCP
FDU TF FDU PF FDU CS ITER magnet interlock system
QUENCH
FDU Opening (7oo9 TF) Fast Discharge of power converter
Fast Discharge Request detected by power converter, CIS and FDUInhibit Start of Powering/next plasma discharge
Inform PCS to start Plasma ramp down/disruption mitigation
Circuit Quench Spurious Opening FDU TF1..9
Spurious Opening FDU PF1..6
Spurious Opening FDU CS1..CS6
CIS Fast Discharge Request
Power Converter Fast Discharge
Request
Power Converter