the detector safety system for lhc experiments [email protected]@cern.ch (ep/di...

The Detector Safety Systemfor LHC Experiments

[email protected] (EP/DI & IT/CO) The DSS Team

3rd JCOP Workshop, June 5th 2002

June 5th, 2002 ”The DSS for LHC Experiments” by Stefan Lüders 2/18

Overview

DSS Overview Experiment Safety The JCOP DSS Project

The DSS Functional Requirements Experiment Needs Design and Architecture

Conclusions and Outlook

3/18 ”The DSS for LHC Experiments” by Stefan LüdersJune 5th, 2002

Experiment (Sub-Detector, Racks, Gas)

CSSCSAM, CSE,

etc.

Smoke,Gas

Leak,etc.

Technical Services

DIP(LDIWG

)

DCS

Tracker

Sub-Detect

or

hardwired information

information via network

action signal

Infrastr.Contr

ol

Services (Power, Water, …)

Supervisory LayerSupervisory Layer(PVSS)(PVSS)

Sub-System LayerSub-System Layer(PVSS)(PVSS)

Temp

EquipmentEquipmentequipment that is acted upon by CSS, DSS, and/or DCS,

e. g. power distribution, (sub-)detectors, racks, magnet, gas systems


Services (Power, Water, Gas)

DCS

Tracker

Sub-Detect

or

Infrastr.Contr

ol

CSSCSAM, CSE,

etc.

Smoke,Gas

Leak,etc.

Infrastructure Controls SystemInfrastructure Controls Systemsub-system of the DCS that handles infrastructure and environment

controls, e.g. racks, together with its own sensors

Infrastr.Contr

ol

Temp

Technical ServicesTechnical Servicesentity including all provided services like power, water, gas;

this bubble references their respective controls systems

Technical Services

Data InterchangeData Interchangenetwork connection running

the DData IInterchange PProtocol

defined by the LDIWG

DIP(LDIWG

)

CERN Safety SystemCERN Safety Systemsafety system including the CCERN SSafety EEquipment with its own

sensors and the CCERN SSafety AAlarms and MMonitoring system with its information links

All required Safety Actions (in case of a Level 3 Alarm) are handled by All required Safety Actions (in case of a Level 3 Alarm) are handled by CSSCSS

Detector Control SystemDetector Control Systemsoftware controls system running PVSS on the supervisory

and the sub-system layersall PVSS systems are interconnected via network


Experiment Safety Safety for personnel is ensured by the CSS. The DCS is responsible for the overall monitoring

and control of the detector. It might initiate corrective action to maintain normal operation.

The DSS complements CSS and DCS: “The DSS is a system to safeguard the experiment. As such, it acts to prevent damage to the experimental equipment when a serious fault situation is detected (e.g. temperature too high, water leak…), inside or outside of the detector…”


Scope and Goal:An Optimization Challenge

The DSS should… protect experimental equipment improve the experiment’s efficiency by

preventing situations leading to severe (CSS) alarms

decreasing downtimes due to failures not cost too much

consider it like an insurance policy


Constraints for DSS

easy integration into the controls system of the experiment of sub-detector safety systems of subsystems (racks, gas, magnets, …)

adaptability to different needs of the four experiments to evolving experimental environments

maintainability

7/18 ”The DSS for LHC Experiments” by Stefan LüdersJune 5th, 2002


CSSCSAM, CSE,

etc.

Smoke,Gas

Leak,etc.

Technical Services

DIP(LDIWG

)

DCS

Tracker

Sub-Detect

or

hardwired information

information via network

action signal

Infrastr.Contr

ol

Services (Power, Water, …)

Supervisory LayerSupervisory Layer(PVSS)(PVSS)

Sub-System LayerSub-System Layer(PVSS)(PVSS)

Temp


Services (Power, Water, Gas)

DCS

Tracker

Sub-Detect

or

Infrastr.Contr

ol

CSSCSAM, CSE,

etc.

Smoke,Gas

Leak,etc.

Infrastr.Contr

ol

Temp

Technical Services

DIP(LDIWG

)

Front-End LayerFront-End Layer(PLC, …)(PLC, …)

DSS

Temp,Humidity,

Status,etc.

DSSDSSFront-End

hardwired information exchange between CSS and DSS front-endCSSDSS Front-End: information about level 2 or 3 alarmsDSS Front-EndCSS: information about an alarm condition

Detector Safety SystemDetector Safety Systemsystem consisting of

• a supervisory part (back-end), which is in-turn a subsystem of the DCS, and

• a front-end part consisting of independentDetector Safety Units

(based on PLCs, plus own sensors)


JCOP

The DSS Project

DSS TeamIT/CO & EP

AdvisoryBoard

advises

proposes

ATLAS

CMS

ALICE

LHC-b

feedback

• standard JCOP subproject

Bruce Flockhart (project leader)Giulio Morpurgo (developer)

Sascha Schmeling (safety systems expert)

Stefan Lüders (developer)

• Wayne Salter (chairman)• experiments’ representatives

• external experts (CSS, GSS, …)


The DSS functional requirements are described in CERN-JCOP-2002-012: http://itcowww.cern.ch/DSS/StG/Minutes/25-04-02/DSSFRD_20020425.pdf

“A Detector Safety System for the LHC Experiments”

chaired by Philippe Gavillet

The DSS User Interface (Back-End) will… be based on the JCOP framework and PVSS monitor and control the Front-End allow an easy definition of the input parameters and

the actions performed in case of failures through controlled access (the “Alarm/Action Matrix”)

displays / logs alarm states, warnings and related info

The DSS is a standalone system and must be…

highly reliable highly available as simple and robust as possible rapidly re-configurable by experts self-checking for consistency

The DSS Front-End… will have its own sensors and power

sources will be based on PLC technology will check and filter the sensor inputs will react immediately and always

autonomously on fault conditions indicated by the sensors

The DSS Functional Requirements


PLC:

Sensors

cycle time

The Alarm/Action Matrix

The PLC loop: PLCs continuously monitor the inputs

e.g. temperatures, water / gas flows, gas sniffer status

Output: Action(e.g. switching off power)

T>TthresT>TthresT>Tthres

input parameters are compared to programmable thresholds

several conditions can be logically combined. Their fulfillment produces an alarm

End-of-loop alarms evoke defined actions actions are on a coarse level

(e.g. cutting power for rack rows)

ANDAlarm


Experiments Needs

200 to 800 inputs to be monitored

sensors located in several buildings

(caverns & surface) less outputs

Geographicallydistributed system


Input / Output

• local I/O interfaces near sensors

• max. distance to sensors 200m

• low failure rate

• I/O interfaces hot-swappable

• outputs to be failsafe

• time-stamping capability for inputs

DSS Overview

local I/Ointerfaces

local I/Ointerfaces

local I/Ointerfaces

local I/Ointerfaces

front-endcontroller

back-end

Back End

• User interface via PVSS

• data display & logging

• modification of the Alarm/Action Matrix

Front End

• low failure rate

• interface to Ethernet

• implements Alarm/Action MatrixSensorsOutputs

(e.g. power switch)


System Choice

CERN approved suppliers (Schneider & Siemens) offer redundant PLC systems…

both suppliers offer systems close to our hardware requirements and evaluation is underway time-stamping issue to be resolved (~200ms accuracy

seems to be feasible, ~20ms needs much more effort) no decision taken yetOther solutions (SafetyPLCs, …) still to be

evaluated.


Preliminary Architecture

• redundancy up to the level of I/O interfaces

• backup if failure of a PS, CPU, local network

• capable of handling the number of channels (inputs and outputs) as defined for DSS

SensorsOutputs

SensorsOutputs


Project Strategic PlanOperation,

Support, and Maintenance

Prototypingand

Validation

Prototypingand

Validation

Prototypingand

Validation

Prototypingand

Validation

Prototypingand

Validation

Pha

ses

Pha

ses

1. Requirements Specification2. Desig n3. Deve lopment4. Prototype Implemen tation5. Prototype Tests6. Acce ptance Tests7. Project Review





1. Operation and sub-sytem Inte gration2. Operation, Su pport, and

Maintenance by the four E xperiments

3. Operation, Su pport, and Maintenance Outsourcing for the four Experiments

01/ 20 02 05/ 20 0 3 0 1/2004

- Building of a prototype DSS system- Validation (concept, needs, scope) of the DSS for the next phase





Implementation based on existing systems’ components - Front-End on industrial components (e.g . CSS) - Back-End on CERN SCADA system (PVSS)





Specification by 03/2002Design by 08/2002Prototype Implementation by 12/2002Tests by 04/2003





Project Team

Advisory Board

Project Management 0.3 FTESafety System Expert 0.3 FTEDevelopment 1.0 FTEEngineering Support 0.3 FTE

Experiments’ Input and Support ( )

- Hardware cost for 2 basic PLC units ~ 50 kCHF- Other costs (PC, rack,...) ~ 15 kCHF- Hardware cost for 2 basic PLC units ~ 50 kCHF- Other costs (PC, rack,...) ~ 15 kCHF- Hardware cost for 2 basic PLC units ~ 50 kCHF- Other costs (PC, rack,...) ~ 15 kCHF- Hardware cost for 2 basic PLC units ~ 50 kCHF- Other costs (PC, rack,...) ~ 15 kCHF- Hardware cost for 2 basic PLC units ~ 50 kCHF- Other costs (PC, rack,...) ~ 15 kCHF

Installation and

Commissioning

Installation and

Commissioning

Installation and

Commissioning

Installation and

Commissioning

Installation and

Commissioning

Installation and

Commissioning

Installation and

Commissioning

Installation and

Commissioning

Installation and

Commissioning

Pha

ses 1. Experime nt specific configuration2. Cabling a nd Hardware Installation3. Commiss ioning and Val idation4. Operational Tests5. Experime nt Acceptance Tests

1. Experime nt specific configuration2. Cabling a nd Hardware Installation3. Commiss ioning and Val idation4. Operational Tests5. Experime nt Acceptance Tests








- Installation of the prototype DSS system at an experiment site- Running of the DSS as a standalone application- Installation and Commiss ioning of a complete DSS (except experiment sub-systems)

- Need for basic infrastruct ure (networking, ...)

- Connection to the CERN Safety System (CSS)





















First Commission ing 05/2003First operational System 07/2003Installation completed by 01/2004











Project Team

Experiment Support

Project Management 0.3 FTESafety System Expert 0.3 FTECommissioning 1.0 FTEEngineering Support 1.3 FTE

( )Support and Commissioning 1.0 FTE

per experiment

- Hardware cost (sensors, cables, and patch panels not included)

DSU ~ 25 kCHFCabling and Installation ~ 40 kCHF (per DSU, if ou tsourced)

















Milestones:• August 2002:

decision on supplier and hardware architecture• End 2002: tests of first prototype• Summer 2003: prototype system fully operational


Summary

DSS prototyping phase has already begun. Front-end (i.e. hardware) implementation

under investigation.No decision taken so far.

Back-end system will be based on PVSS and the JCOP framework.


Outlook

Prototype architecture proposals will be presented to the advisory board in August 2002.

Pro and Cons of potential suppliers will be discussed, as well as cost issues.

Construction of a prototype is expected to start in September 2002.


Where to find more Information?

All documents and DSS presentations can be found on the DSS site

http://cern.ch/proj-lhcdss

the detector safety system for lhc experiments [email protected]@cern.ch (ep/di...

Documents