Académique Documents
Professionnel Documents
Culture Documents
Abstract
This technical note discusses the architecture of the ITER Plant System Instrumentation & Control System.
There will be more than 160 of these systems, each with different characteristics and requirements. They all
have to be integrated in the ITER I&C System.
Page 1 of 22
ITER_D_32GEBH
Page 2 of 22
ITER_D_32GEBH
Table of Contents
1 INTRODUCTION...................................................................................................................................5
Page 3 of 22
ITER_D_32GEBH
4 CONCLUSIONS .................................................................................................................................18
Page 4 of 22
ITER_D_32GEBH
1 INTRODUCTION
1.1 Objective
This technical note discusses the architecture of plant system I&C. The objectives are to identify and define
the plant system I&C components and their relations, to analyze the feasibility of implementing different
types of plant system I&C using these components and to identify any weaknesses and problems in the
approach.
1.2 Assumptions
The starting point of the analysis is the CODAC conceptual design [RD1] and the Plant Control Design
Handbook (PCDH) [RD2]. Design decisions taken during last year are incorporated, in particular the decision
to use Siemens Simatic S7, EPICS and channel access communication middleware. This technical note
does not address the safety control systems.
1.3 References
[RD1] CODAC Conceptual Design Overview (ITER_D_2EFVMC v1.0)
[RD3] I&C signal and process variable naming convention (ITER_D_2UT8SH v2.4)
Page 5 of 22
ITER_D_32GEBH
[RD5] I&C signal processing, part I cubicle and wiring configurations (ITER_D_3299VT v1.6)
1.4 Acronyms
AVN Audio Video Network
CIN Central Interlock Network
CIS Central Interlock System
CODAC Control, Data Access and Communication
COS Common Operating State
COTS Commercial Off-The-Shelf
CSS Central Safety Systems
EPICS Experimental Physics and Industrial Control System
HMI Human-Machine Interface
HPN High Performance Networks
I&C Instrumentation & Control
I/O Input / Output
IO ITER Organization
IOC Input / Output Controller
NTP Network Time Protocol
OSI Open System Interconnect
PCI Peripheral Component Interconnect
PCIe PCI Express
PCS Plasma Control System
PLC Programmable Logic Controller
PON Plant Operation Network
PS Plant System
PSH Plant System Host
PV Process Variable
RD Reference Document
RHEL Red Hat Enterprise Linux
SDN Synchronous Databus Network
TBD To Be Defined
TCN Time Communication Network
Page 6 of 22
ITER_D_32GEBH
2 PHYSICAL ARCHITECTURE
Any plant system I&C is made up of a set of standard components. These standard components can be
selected and combined in different ways to address the particular plant system I&C characteristics and
requirements. The set of components can be viewed like Lego blocks to be assembled by the plant system
I&C designer.
The baseline physical network topology is flat, i.e. all components are connected to the Plant Operation
Network (PON) via a switch as illustrated in Figure 2.1 [RD4]. Although it is possible to physically connect
components in a hierarchical way using private networks, this is not recommended since it will make remote
maintenance more difficult. For example, a development station for a controller (not shown) could be
connected anywhere on the PON and reach the target controller. The Central Interlock Network (CIN) is an
independent network connecting the interlock controller to the Central Interlock System. The High
Performance Networks (HPN) are physically separated networks, which may connect to the Plant System
Host and/or fast controllers depending on the particular plant system I&C. All network connections are
provided in CODAC hutches and network panels are distributed throughout all ITER site buildings.
The HPN lines pointing to the grey area indicate a possible connection as detailed in Chapter 3.
Actuators and sensors are considered outside the scope of plant system I&C.
Figure 2.1 Illustration of a possible plant system I&C physical architecture. Lines are cables.
Page 7 of 22
ITER_D_32GEBH
Page 8 of 22
ITER_D_32GEBH
2.9 Cubicles
The components (switches, PSH, fast and slow controllers, part of signal interface) are embedded within
cubicles defined in an IO catalogue of products. The unit for hardware delivery between the PS suppliers and
IO, is a cubicle together with spare parts.
Page 9 of 22
ITER_D_32GEBH
3 FUNCTIONAL ARCHITECTURE
Despite the flat network topology explained in the previous chapter, the functional architecture may be more
hierarchical. In this chapter a number of example architectures are analyzed. Arrows are functional data
flows, which can be mapped to the flat physical architecture presented in Chapter 2.
CODAC Terminal
CODAC System /
Mini-CODAC
TCN
4 1 2
Plant
System Plant System I&C
Host
Slow
Controller
Signal
Interface
Figure 3.1. Functional architecture and dataflow of the simplest possible plant system I&C
The CODAC System / Mini-CODAC send commands and, if required, publishes data from other plant system
I&C to the PSH using the channel access protocol (1). This interface is also used to set runtime configuration
properties. The PSH publishes data, alarms and logs to CODAC System / Mini-CODAC using the channel
access protocol (2). This interface is also used to retrieve configuration properties. The interface between the
PSH and the CODAC System / Mini-CODAC is fully defined and configured by self-description.
The PSH and slow controller exchange data using the standard interface provided by the IO (3). This
interface is fully defined and configured by self-description. The PSH manages the COS.
The slow controller interfaces to actuators and sensors via a signal interface and contains plant-specific
software and logic programmed with Step 7.
The PSH receives absolute time from the TCN (4). The absolute time on the slow controller can be set using
NTP with the PSH as the NTP server.
Page 10 of 22
ITER_D_32GEBH
Figure 3.2. Functional architecture and dataflow of a small industrial plant system I&C
The CODAC System / Mini-CODAC sends commands and, if required, publishes data from other plant
system I&C to the PSH using the channel access protocol (1). This interface is also used to set runtime
configuration properties. The PSH publishes data, alarms and logs to CODAC System / Mini-CODAC using
the channel access protocol (2). This interface is also used to retrieve configuration properties. The interface
between the PSH and CODAC System / Mini-CODAC is fully defined and configured by self-description.
The PSH and supervising slow controller exchange data using the standard interface provided by the IO (3).
This interface is fully defined and configured by self-description. The PSH supervises the supervising slow
controller to manage COS.
The supervising slow controller implements plant specific coordination software and logic programmed with
Step 7. The supervising slow controller interfaces to two other slow controllers (5) through the PON. The
supervising slow controller could also have a direct interface to actuators and sensors via a signal interface
(not shown). Non supervising slow controllers could also have direct interfaces to the PSH (not shown).
Page 11 of 22
ITER_D_32GEBH
Two slow controllers interface to actuators and sensors via a signal interface and contain plant specific
software and logic programmed with Step 7.
The PSH receives absolute time from TCN (4). The absolute time on the slow controllers can be set using
NTP with the PSH as an NTP server.
The Central Interlock System sends commands to the interlock controller using the CIN (15) (protocol TBD).
This interface is also used to set configuration properties and to distribute the absolute time. The interlock
controller sends events, publishes data, alarms and logs to the Central Interlock System using the CIN (16)
(protocol TBD). This interface is also used to retrieve configuration properties. The interface between the
interlock controller and the Central Interlock System is fully defined and configured by self-description and
they exchange data using a standard interface provided by the IO.
The interaction between the interlock controller and the supervising slow controller (17) is carried out by
means of digital I/O.
The CODAC System receives data from the Central Interlock System to be displayed via the HMI and to be
archived for post-mortem analysis following an interlock event via a dedicated secured gateway (not shown)
using the channel access protocol (18). It sends its interlock signals by means of a dedicated secured
gateway (19) and the requests for acknowledgement of alarms via a dedicated secured gateway using the
channel access protocol (19).
The CODAC System / Mini-CODAC sends commands and, if required, publishes data from other plant
system I&C to the PSH using the channel access protocol (1). This interface is also used to set runtime
configuration properties. The CODAC System / Mini-CODAC may also send commands and, if required,
publish data from other plant system I&C to the fast Controller using the channel access protocol (6). The
PSH publishes data, alarms and logs to the CODAC System / Mini-CODAC using the channel access
protocol (2). This interface is also used to retrieve configuration properties. The fast controller may also
publish data, alarms and logs to CODAC System / Mini-CODAC using the channel access protocol (7). The
interface between the PSH and the CODAC System / Mini-CODAC is fully defined and configured by self-
description.
The PSH and slow controller exchange data using the standard interface provided by the IO (3). This
interface is fully defined and configured by self-description.
The slow controller implements plant-specific software and logic programmed with Step 7. The slow
controller interfaces via the signal interface to actuators and sensors.
The fast controller implements plant-specific logic in EPICS. The fast controller interfaces to actuators and
sensors via the signal interface.
The fast controller could also interface directly to the slow controller using the standard interface provided by
the IO (9).
The PSH receives absolute time from the TCN (4). The absolute time on the slow controller and fast
controller can be set using NTP with the PSH as an NTP server. Alternatively, the fast controller could also
be connected to the TCN.
Page 12 of 22
ITER_D_32GEBH
Figure 3.3. Functional architecture and dataflow of a small mixed plant system I&C
Either the fast controller or the slow controller provides the interface (17) with the interlock controller and acts
as a supervisor for the other using the standard interface provided by the IO (9).
The Central Interlock System sends commands to the interlock controller using the CIN (15) (protocol TBD).
This interface is also used to set configuration properties and to distribute the absolute time. The interlock
controller sends events, publishes data, alarms and logs to the Central Interlock System using the CIN (16)
(protocol TBD). This interface is also used to retrieve configuration properties. The interface between the
interlock controller and the Central Interlock System is fully defined and configured by self-description and
they exchange data using the standard interface provided by the IO.
The interaction between the interlock controller and the fast controller (17) (could also be the slow controller)
is carried out by means of digital I/O.
The CODAC System receives data from the Central Interlock System to be displayed via the HMI and to be
archived for post-mortem analysis following an interlock event via a dedicated secured gateway (not shown)
using the channel access protocol (18). It sends its interlock signals by means of a dedicated secured
gateway (19) and the requests for acknowledgement of alarms via a dedicated secured gateway using the
channel access protocol (19).
Page 13 of 22
ITER_D_32GEBH
Figure 3.4. Functional architecture and dataflow of an industrial plant system I&C with fast acquisition
The CODAC System / Mini-CODAC sends commands and, if required, publishes data from other plant
system I&C to the PSH using the channel access protocol (1). This interface is also used to set runtime
configuration properties. The CODAC System / Mini-CODAC may also send commands and, if required,
publish data from other plant system I&C to the fast controller using the channel access protocol (6). The
PSH publishes data, alarms and logs to the CODAC System / Mini-CODAC using the channel access
protocol (2). This interface is also used to retrieve configuration properties. The fast controller may also
publish data, alarms and logs to CODAC System / Mini-CODAC using the channel access protocol (7). This
interface can also be used to transfer acquired data for visualization and archiving. The interface between
the PSH and the CODAC System / Mini-CODAC is fully defined and configured by self-description.
The PSH and supervising slow controller exchange data using the standard interface provided by the IO (3).
This interface is also fully defined and configured by self-description. The PSH manages the COS.
The supervising slow controller implements plant-specific coordination software and logic programmed with
Step 7. The supervising slow controller interfaces to four other slow controllers and one COTS intelligent
device (5). The supervising slow controller could also have a direct interface to actuators and sensors via the
signal interface (not shown). The non-supervising slow controllers could also have direct interfaces to the
PSH (not shown).
The slow controllers implement plant-specific software and logic programmed with Step 7. One slow
controller interfaces to a remote I/O (11).
The slow controllers, remote I/O and COTS intelligent device interface to actuators and sensors.
The PSH supervises the fast controller (8) to manage the COS.
Page 14 of 22
ITER_D_32GEBH
The fast controller implements plant-specific logic in EPICS. The fast controller interfaces to actuators and
sensors via the signal interface.
Data acquisition by the fast controller can be triggered by the PSH (8), slow controller (9), CODAC System /
Mini-CODAC (6) and/or the TCN (10). The latter can through be a pre-programmed trigger(s) or pre-
programmed absolute time(s).
The PSH receives absolute time from the TCN (4). The fast controller receives absolute time from the
TCN (10). The absolute time on the slow controllers can be set using the NTP with the PSH as an NTP
server.
Central Interlock System sends commands to the interlock controllers using the CIN (15) (protocol TBD).
This interface is also used to set configuration properties and to distribute the absolute time. The interlock
controller sends events, publishes data, alarms and logs to the Central Interlock System using the CIN (16)
(protocol TBD). This interface is also used to retrieve configuration properties. The interface between the
interlock controller and the Central Interlock System is fully defined and configured by self-description and
they exchange data using the standard interface provided by the IO.
The interaction between the interlock controller and the supervising slow controller (17) is carried out by
means of digital I/O.
The CODAC System receives data from the Central Interlock System to be displayed via the HMI and data to
be archived for post-mortem analysis following an interlock event via a dedicated secured gateway (not
shown) using the channel access protocol (18).It sends its interlock signals by means of a dedicated secured
gateway (19) and the requests for acknowledgement of alarms via a dedicated secured gateway using the
channel access protocol (19).
The CODAC System / Mini-CODAC sends commands and, if required, publishes data from other plant
system I&C to the PSH using the channel access protocol (1). This interface is also used to set runtime
configuration properties. The CODAC System / Mini-CODAC may also send commands and, if required,
publish data from other plant system I&C to fast controller using the channel access protocol (6).The PSH
publishes data, alarms and logs to CODAC System / Mini-CODAC using the channel access protocol (2).
This interface is also used to retrieve configuration properties. The fast controller may also publish data,
alarms and logs to the CODAC System / Mini-CODAC using the channel access protocol (7). The interface
between the PSH and the CODAC System / Mini-CODAC is fully defined and configured by self-description.
The PSH supervises the fast controller (8) to manage the COS.
Page 15 of 22
ITER_D_32GEBH
Figure 3.5. Functional architecture and dataflow of a complex diagnostics plant system I&C connected to PCS
The supervising fast controller implements plant-specific coordination logic in EPICS. It also implements real-
time logic using a real-time operating system on a different core or CPU. The supervising fast controller
interfaces to three other fast controllers and one slow controller (5). The supervising fast controller and slow
controller exchange data using the standard interface provided by the IO (8). The fast controllers may or may
not run EPICS. The fast controllers implement plant-specific logic. The slow controller implements plant-
specific software and logic programmed with Step 7. The supervising fast controller could also have a direct
interface to actuators and sensors via a signal interface (not shown). The non supervising fast and slow
controllers could also have direct interfaces to the PSH (not shown). The non supervising fast controllers
could also have a direct interface to the CODAC System / Mini-CODAC (not shown).
The supervising fast controller streams scientific data to the CODAC System / Mini-CODAC for visualization
and archiving (12). The non supervising fast controllers could also stream scientific data to the CODAC
System / Mini-CODAC for visualization and archiving (not shown).
The PSH receives absolute time from the TCN (4). The fast controller receives absolute time from the TCN
(10). The absolute time on the slow controller and other fast controllers can be set using the NTP with the
PSH as an NTP server. Alternatively, other fast controllers could also be connected to the TCN.
The supervising fast controller pre-processes and publishes data for the PCS on the SDN (13). The raw data
may originate from multiple other fast controllers. In addition, any fast controller could receive data from the
SDN according to specific events in order to change acquisition behaviour.
One fast controller interfaces to a camera and streams the data on the AVN (14).
The supervising fast controller provides the interface (17) to the interlock controller.
Central Interlock System sends commands to the interlock controller using the CIN (15) (protocol TBD). This
interface is also used to set configuration properties and to distribute the absolute time. The interlock
controller sends events, publishes data, alarms and logs to Central Interlock System using the CIN (16)
(protocol TBD). This interface is also used to retrieve configuration properties. The interface between the
Page 16 of 22
ITER_D_32GEBH
interlock controller and the Central Interlock System is fully defined and configured by self-description and
they exchange data using the standard interface provided by the IO.
The interaction between the interlock controller and the supervising controller (17) is carried out by means of
digital I/O.
The CODAC System receives data from the Central Interlock System to be displayed via the HMI and to be
archived for post-mortem analysis following an interlock event via a dedicated secured gateway (not shown)
using the channel access protocol (18). It send its interlock signals by means of a dedicated secured
gateway (19) and the requests for acknowledgement of alarms via a dedicated secured gateway using the
channel access protocol (19).
Page 17 of 22
ITER_D_32GEBH
4 CONCLUSIONS
In this technical note the standard components making up a plant system I&C have been identified and
defined. The flexibility in combining these standard components in the design of different types of plant
system I&C has been emphasized.
Page 18 of 22
ITER_D_32GEBH
Page 19 of 22
ITER_D_32GEBH
Page 22 of 22