target controls introduction linda r. coney group leader – target safety and controls jülich...
DESCRIPTION
The ESS Organisation 3 H. CarlingTRANSCRIPT
Target Controls Introduction
Linda R. ConeyGroup Leader – Target Safety and Controls
Jülich Meetingwww.europeanspallationsource.se
17 August 2015
2
Outline
• Controls at ESS – ICS & Target Divisions– Division of responsibility for the different control systems– Personnel– Scope of controls systems
• Target Safety System (TSS) – Target Division– Description & plan for development– Requirements determination – Hazard Analysis
• Target Controls – Integrated Control System Division – Process Controls– MPS (Machine Protection System)– PSS (Personnel Safety System)
3
The ESS Organisation
H. Carling
Top Level Requirements for Controls
• Provide the following to ESS:– Control system framework for monitoring and
control of accelerator, target, instruments and conventional facilities
– Timing service for generating events, synchronization of devices andtime stamping (in the ns range)
– Control system services and applicationsto perform commissioning and operations
– IOC and Integration Support to stakeholders– Machine Protection (MPS) and Personnel Safety
systems (PSS)– Control Room(s)
• Constraining requirements– High reliability and availability (>95%)!
5
ICS OrganisationHenrik Carling
Head of Division
SOFTWARE AND SERVICESGroup Leader - vacant
Leandro FernandezRichard Fearn
Ricardo FernandesEmanuele LafaceKarin RathsmanJaka Bobnar (C)
Jakob Battellino (C)Miha Vitorovič (C)
Jure Krašna (C)Marko Kolar (C)
Miroslav Pavleski (C)
HARDWARE AND INTEGRATIONDaniel Piso Fernandez - GL
Lead Integrator, Accelerator (vacant)
Target Lead Integrator vacant – Benedetto Gallese
Javier Cerejo Garcia Nick Levchenko
Klemen Strniša (C)Urša Rojec (C)
Niklas Claesson (C) Alexander Söderqvist (C)
Žiga Kroflič (C)Rok Štefanič (C)Gregor Cijan (C)
PROTECTION SYSTEMSAnnika Nordt – GLManuel Zaera-Sanz
Angel Montera MartinezStuart BirchDenis PaulicM. MansouriR. Andersson
INFRASTRUCTURERemy Mudingay (1/2015)
(Infrastructure Technology)
Deputy Head of Division (vacant)
Timo Korhonen – Chief EngineerDeputy Project Manager - vacant
Thilo Friedrich – Systems & Standardization Eng, PhDIñigo Alonso - Intern
Solveig Aas – Team Assistant
6
ESS Control Systems – Objectives
• TSS - Limit transfer of radioactive contamination to the public, workers, and environment
• PSS - Suppress radiologic hazards by switching off the proton beam
– Control access to restricted areas during operations
• MPS – Protect investment from damage due to beam losses and malfunctioning equipment
– Optimize integrated machine performance
– Stop beam – Beam Interlock System
• Process Control – operational control & monitoring of systems
TSS – Independent safety-qualified system g Not tied into other I&C systems
Personnel Safety System
Process Control
7
TSS – Purpose
• TSS is a safety critical system designed to protect the public and environment from radioactive release
• Active control and monitoring system– It is likely that the TSS will need to be able to shut down
the proton beam – Actions not necessarily limited to beam shut down
• Safety-certified system– Essential to the certification process for the ESS– Working closely with the ES&H group on requirements
8
TSS – Preliminary Top Level Requirements
• Single failure criterion:– Redundancy, physical separation adapted to different aggressors (zoning)– Independence, electrical isolation
• Fail-safe principle– Safe state must be clearly identified– Loss of power g actuators default to safe position– Actuator commands ‘de-energize to trip’
• Emergency power supply coverage
• Qualified for extreme operating conditions g seismic classification for a subset of functions
• No requirement on post-trip machine availability– Contrasts with MPS (Machine Protection System) – non-safety system designed to monitor
machine parameters, shut down beam, and allow quick turn-around
9
TSS – Requirements Determination
• Perform Hazard Analyses on all Target Station systems• Use this tool to:
– Understand potential hazardous scenarios– Define necessary mitigations – includes possible TSS actions
• Qualitative Hazard Analysis procedure– Define the system under analysis – include drawings, schematics, etc.– Identify hazards – Radioactivity, stored energy, explosion, impact (load drop) – Identify initiating events and top events – circumstances lead to hazardous situation– Describe unmitigated consequences – Estimate probability and severity g unmitigated risk ranking– Define applicable mitigations – Reassess severity g mitigated risk ranking
• Includes confinement & safety barriers and associated triggers for active safety system
• Accident Analysis/Quantitative Hazard Analysis– Technical analysis to determine contamination path(s) and accident progression– Inventory and release factors – Calculate dose to public and/or workers– Determine appropriate mitigation – safety classified equipment and systems
10
Pilot TSS
• Hazard analysis process is on-going & long term• Move forward with TSS design work – create Pilot TSS
– Make assumptions based on events most likely to require mitigation
– Recognize that requirements on TSS may change if need identified in Hazard Analyses
• Chosen events 1. Target wheel stops2. Target wheel loss of helium cooling (high temp or low
flow)
11
Pilot TSS – Design Concepts
• Monitor target systems• Target cooling system – He flow, He temperature or pressure• Target wheel – shaft speed, drive load, wheel motion (monitoring plug?)• Defining optimal detection methods & interfaces with system owners
• Two shutdown mechanisms to stop beam• Ion source and possibly RFQ• Direct access/priority to shutdown mechanisms• Defining interfaces with accelerator and MPS/PSS
• Use safety-rated PLCs• Two separate TSS rooms in Target building –
• Identified in CF plan• Independent paths to each beam shut-off system
• Defining cable paths with CF• Separate from ICS controls – cable-trays, UPS, shutdown mechanisms• Satisfy requirements & protect public with as-simple-as-possible system
12
ICS Control Systems for Target
• Process Controls– Operational monitoring and control for Target equipment– No safety related to radiation within process controls
• Machine Protection System (MPS)– Optimize operational efficiency, machine availability, & reliability– Requirements
• Stop the proton beam in case of failures• Prevent damage to elements in the accelerator & target• Provide tools for failure-tracing throughout machine
– Objectives• Protect the machine• Protect the beam – avoid unnecessary beam-stops
• Personnel Safety System (PSS)– Protect personnel against unnecessary exposure to hazards from the machine, including
radioactivity, electromagnetic radiation, oxygen deprivation hazards– Support multiple operational modes of facility– Primarily access control & radiation monitoring and alarm systems
13
Target – ICS Interfaces
• Systems necessary for control, monitoring, and operations of Target equipment– Yellow = Target owned, Blue = ICS owned– Green hashed = Building area, not Target equipment– Lines/arrows indicate flow of information/data
Target wheel
systems
Monolith systems
Fluid systems
Remote Handling Systems
Control Box EPICSTarget PSS
Timing systemPSS global Human machine
interface (HMI)
Target MPS
MPS global
Target Instrum-entation
TSS
Accelerator
Utility Rooms
Beam Dump
Active Cells Facility
Target building areas
ICS and Target responsibility
EPICS Domain
Target responsibility
ICS responsibility(EPICS integration)
EPICS = Experimental Physics and Industrial Control System
Specific to each case
Target subsystem
documentation
Target subsystem
documentation
Procedure of work ICS – Target
Internal target subsystem intro
meeting
ICS (Benedetto) - Target subsystem
intro meeting
Target subsystem document update if
needed
Introduce ICS design team
Weekly meetingsICS design team – target subsystem
PDR CDR
Target subsystem
documentation
ICS subsystem design
specification
Personnel Safety System
Controls – Protection and Safety Systems
ICS
MPS PSS
TSSTarget
17
MPS (Machine Protection System) – Target
• Beam Interlock System (BIS)– Terminates beam production when failure detected– Establishes a global BEAM PERMIT– Determines permissible operational modes
• Machine configuration + beam parameters • Fast response-time system – 10 msec• Sensors – BLMs, BCMs, BPMs
– Response for slower time-scale sensors & systems < 70 msec
• BIS for Target– Time scale of response ~100msec– Ongoing Risk Analyses will provide
information on input• Ex. Movement of target wheel – position
synchronized with proton beam arrival– Preliminary example:
• Input signals for Target Slave as part of Beam Interlock System
• Beam Permit given if all conditions met
18
PSS (Personnel Safety System) – Target
• Under development now– Preliminary requirements/design discussions under way
• Controlled access systems for rooms next to target station (red) on all floors– Beam-off triggered
• Remote Handling galleries/Maintenance cell area require access control tied to radiation monitoring– Not tied to accelerator operations or beam interlock
19
Conclusion
• Shown brief overview of controls for Target systems• Contacts for each system:
– Integrated Controls Systems Division• In-kind contact – Henrick Carling• Responsible for standard control & monitoring for Target
– Acting Target Lead Integrator – Benedetto Gallese• Responsible for Machine Protection System (MPS)
– Annika Nordt• Responsible for Personnel Safety System (PSS)
– Stuart Birch• Responsible for Global Timing System
– Timo Korhonen
– Target• Responsible for Target Safety System (TSS) – Linda Coney
20