BOILER / TURBINE

CONTROL BASICS

I. TYPE OF CONTROL
1. BOILER A. ANALOG CONTROL INTENSIVE
AND COMPLICATED (FOR ALL TYPES)
B. DIGITAL CONTROLS
GAS
OIL
FIRED

SOLID
FUEL
FIRED

FLUIDIZED
COMB.

VERY
CRITICAL

CRITICAL

CRITICAL

C. MONITERING
I. SWAS
II. STACK GAS MONITORING

2. TURBINE A. ANALOG CONTROLS LESS

COMPLICATED & FEW IN NOS
B. DIGITAL CONTROLS VERY
CRITICAL & FOR TRIP & DRIVE
CONTROL
C. TSI
& GOVERNOR CONTROLS
VERY CRITICAL WITH RESPECT TO
CONTROL AND SPEED OF RESPONSE
3

II. FAIL SAFE PHILOSOPHY OF CONTROL

(FOR BOILER + TURBINE)
FAIL SAFE:

1. INTERLOCKS / SHUTDOWN
2. TRANSMITTERS / SENSORS
3. FINAL CONTROL ELEMENTS

TYPE OF FAILSAFE POSITIONS

1. FAIL OPEN
2. FAIL CLOSE
3. STAYPUT

FAIL OPEN / FAIL CLOSE IN CONTROL VALVES

1. ON SIGNAL FAILURE
2. ON POWER AIR FAILURE

STAYPUT:

ON POWER AIR FAILURE

REDUNDANCY REQUIREMENTS
MOST OF THE EMERGENCY CONTROL SYSTEMS ARE
STATIC.
i.e. THEY JUST REMAIN WITHOUT OPERATING FOR
QUITE SAME TIME.
HOW ARE WE SURE THAT THE SYSTEM OPERATES
WHEN IT IS REQUIRED TO OPERATE?

I. IN NORMAL LIFE FOLLOWING ARE FEW EXAMPLES

1. UPS / diesel engine operation on failure of EB supply.
2. A fuse to blow on high current or short circuit.
3. An umbrella to unfold on sudden rain.
4. Kerosene stove to light on when gas cylinder getting
emptied at home.
5. Torchlight to light while power is off.
6. Fire fighting co2 cylinder to open while fire catches
up in a public place like cinema theatre.
7. Alarm clock to work for a critical early morning wakeup.
8. A relay to energize and trip the equipment on faulty
condition.

II. TO IMPROVE ON THE DEPENDABILITY OF

THE

CONTROL SYSTEM IT IS NORMALLY

HELD IN ENERGIZED CONDITION AND DEENERGIZED DURING A FALLTY CONDITION.

A. SAFE FAILURES
I.

A wire
opens

Output
De-energizes

Process
shutdown

II.

Fault in
system

Output
De-energizes

Process
shutdown

These are called safe failures

OR
FALSE TRIPS
OR
NUISANCE TRIPS
Since they stop the process unnecessarily
These faults REDUCE THE AVAILABILITY AND
CAUSE PRODUCTION LOSS
8

B. DANGEROUS FAILURES
Faults that cause the outputs to remain
Energized are generally not detected and are
Considered
DANGEROUS FAILURES
Because the system cannot tell the difference
Between Normal Operation and Failure
And therefore cannot take the process to a
Safe state when required to do so.
FAULT TOLERENCE
Ability to tolerate a single failure and
Continue to operate.
Can be implemented using various redundancy
Schemes.
9

CHARACTERISTICS OF SYSTEM ARCHTECTURES FOR

SAFETY SHUTDOWN

1001

A
S

1 Out Of 1

Process
WHEN A FAILS, PLANT TRIPS:
SAFETY

- LOW

AVAILABILITY LOW

10

1002

1 Out Of 2

Process
WHEN A OR B FAILS, PLANT TRIPS:
SAFETY - V.HIGH
AVAILABILITY LOW

11

2002

A
B

2 Out Of 2
S

Process
WHEN A & B FAIL THE PLANT TRIPS:
SAFETY

- LOW

AVAILABILITY V.HIGH

12

A
B

2003

2 Out Of 3

Process
WHEN 2 (OR 3) OUT OF THE THREE (A,B,C)
FAIL THEN ONLY PLANT TRIPS:
SAFETY - HIGH
AVAILABILITY - HIGH

13

REDUNDANCY
AT SENSOR LEVEL FOR ANALOG SIGNALS
SAFETY

AVAILABILITY

LOW

LOW

1001

SINGLE TRANSMITTER

1002

2 OUT OF 1 TRANSMITTER

AVERAGE

HIGH

2003

2 OUT OF 3 TRANSMITTER

HIGH

HIGH

14

1002
FT1

>
FT2

OUTPUT

HIGH
SELECTION

15

2003
FT1

FT2

MID
VALUE
SELECTION

OUTPUT

FT3

16

REDUNDANCY IN CONTROL SYSTEM

1. REDUNDANCY IN DCS / PLC
a) AT PROCESSER LEVEL
b) AT POWER SUPPLY LEVEL
c) AT COMMUNICATION LEVEL
d) AT I/O LEVEL
e) AT OPERATOR STATION LEVEL

17

OPERATING
STATION
(BOILER)

OPERATING &
ENGINEERING
STATION
(BOP)

OPERATING
STATION
(TURBINE)

ALARM &EVENT
PRINTER

LOG PRINTER

CONTROLLER
AND DATA
ACQUISITION
SYSTEM

CONTROLLER
AND DATA
ACQUISITION
SYSTEM

I/O MODULES
18

19