Status on CERN-ITER collaboration for Machine Protection

CERN

Ivan Romera MPE-Technical meeting

Status on CERN-ITER collaboration for Machine Protection

Acknowledgments: J.Burdalo, R.Schmidt, S.Wagner , M.Zaera Sanz, M.Zerlauth and Critical Systems Lab

EDMS 1283934

CERN


Overview of current agreement

2

Collaboration agreement with duration from 2010 to end 2012

● Task-1: Consultancy for the setup of a Machine Protection Working GroupProposal and recommendations sent to ITER

● Task-2: Definition of the overall architecture of the Machine Protection and Central Interlock SystemThe overall architecture of these systems is defined

● Task-3: Specifications for the fault scenarios simulationsDone for the magnet interlock system, new methods were developed to

assess architectures of interlock systems + external consultant from system safety domain

● Task-4 Definition of tools for diagnostics of the machine protection systemsPartially done, combined with the development of a prototype

CERN


Recap - Powering Layout

3

CS3U

CS2U

CS1U

CS1L

CS2L

CS3L

PF1

PF6

PF2

PF3

PF4

PF5

CCU1

CCU2

CCU3TF

PF1 PS

CS3U PS

CS2U PS

CS1U PS

CS1L PS

CS2L PS

CS3L PS

PF6 PS

TF PS

PF2 PS

PF3 PS

VS PS

PF4 PS

PF5 PS

9 FDUs

SNU FDU

SNU FDU

SNU FDU

SNU FDU

SNU FDU

SNU FDU

SNU FDU

SNU FDU

FDU

FDU

FDU

FDU

CSU1 PS PMS

CSU2 PS

CSU3 PS

CCL1

CCL2

CCL3

CSL1 PS

CSL2 PS

CSL3 PS

CCS1

CCS2

CCS3

CSS1 PS

CSS2 PS

CSS3 PS

PMS

PMS

PMS

PMS

PMS

PMS

PMS

PMS

PMS

PMS

PMS

PMS

PMS

PMS

PMS

PMS

PMS

PMS

PMS

PMS

PMS

TF

PF1PF2

PF3

PF4

PF5

PF6

CS3U

CS2U

CS1U

CS1L

CS3L

CS3L

CCU

CCS

CCL

Acronym NamingI Nominal

(kA)Inductance

(H)Stored Energy

(G j)TF Toroidal Field 68 17.7 41CS Censtral Solenoid 45 0.784 4PF Poloidal field 48 0.784 4

CCU,S,LCorrection Coil Upper,Side, Lower 10 0.02

PS Power SupplyPMS Protective Make SwitchSNU Switching network UnitFDU Fast Disharge Unit

CERN


Recent activities 1/5

4

● Prototype for magnet powering interlocks has been completed and delivered to Cadarache (fully documented)

● Following individual commissioning, system is awaiting first connection and tests with quench detectors before being shipped to India & China

Redundant S7400 PLCs

I/Os in 2oo3

Local supervision

Standard User Interface

Based on redundant safety PLCs + 2oo3 I/O module configuration (down to and

including client connections)

Fault tolerant to any single component failure

Redundancy of programming through safety matrix + standard logic

Local SCADA system + touch screen

Standard user interface (DLUI) for client connections and diagnostics

CERN



5

● Prototype for magnet powering interlocks has been completed and delivered to Cadarache (fully documented)

● Following individual commissioning, system is awaiting first connection and tests with quench detectors before being shipped to India & China

Based on redundant safety PLCs + 2oo3 I/O module configuration (down to and

including client connections)

Fault tolerant to any single component failure

Redundancy of programming through safety matrix + standard logic

Local SCADA system + touch screen

Standard user interface (DLUI) for client connections and diagnostics

CERN



6

● Different HW architectures tested in order to find the fastest and more dependable solution

N

Discharge loop based on Standard + Failsafe components

Implementation based on Safety Matrix + AWL

CERN



7

● Different HW architectures tested in order to find the fastest and more dependable solution

Discharge loop using only standard componentsbut diversity of components

Implementations based on AWL for Boolean Processors and CPU

CERN



8

● Working on 2nd version of User Interface Box (only non COTS component), including Profinet connectivity for diagnostic purposes

● PCB already produced and currently being tested

Rad tolerant FPGA

User connectivity

Mechanics + redundant power supplied

Profbus in V1.0Profinet in V2.0

CERN



9

● Completed dependability analysis of magnet powering interlock system with external company from system safety domain (CSL – Critical Systems Lab), including

• Dependability analysis and review of functional specification, definition of Investment Protection functions

• Definition of state machines for system functionality (concurrency between circuits)

• Study of interfaces and dependencies with main client systems (QD, PC, FDU,…)

• Catalogue of (unresolved) design issues• Failure Mode and Effect Analysis (FMEA) for backbone architecture

CERN


Budget and resources

10

● CERN resources invested to date:• 2200 hours of CERN staff (system design, meetings,…) • 400 hours of student/Fellow for analysis of interlock architectures• 1200 hours of Fellow (50% since Aug 2011) for development of

interface box • 960 hours of PJAS + 880 hours of external consultant for PLC SW and

SCADA

● Additional external resources invested to date:• 300 hours of system safety consultancy (through direct contract of

CSL with ITER)

● Budget and expenses evolved as planned

CERN


Conclusions

11

● The collaboration agreement ended in 2012, all deliverables completed● Collaboration has been fruitful learning experience for CERN in many fields

(COTS vs voting in interlock systems, radiation tolerant FPGAs, Profinet, studies of architecture and system dependability,..)

● Due to delay of China test and ITER wish for a V2.0 of user interface, agreed on extension of collaboration by 1 year

● Possible continuation as of 2014 on following topics (tbd):• Analysing + feed back the performance from the China tests into final

design• Provision of full-scale system including full monitoring part• Definition of the entire powering interlock system (includes

clarification of open questions)• Other topics related to Machine Protection (towards interlocking of

Plasma)

Documents

Status on CERN-ITER collaboration for Machine Protection