1
FF-SIS
© 2008 Fieldbus Foundation
Fieldbus FoundationSafety Fieldbus for Process Automation – FF
SIS (SIF)
Trygve Harvei
2
FF-SIS
© 2008 Fieldbus Foundation
ABB Corporate Research CenterResearch and Development within the area of automation
networks at Billingstad (Oslo, Norway)
One important topic is Safe Communication
About 22 scientists in Oslo
Integrated part of Scandinavian Corporate Research Center
and Global Lab for Automation (ca 700 scientists)
Work together with different ABB business units on
research activities and front-end technology development
ProcessAutomation
AutomationProducts
RoboticsPower Systems
Power Products
3
FF-SIS
© 2008 Fieldbus Foundation
IEC 61508
"Functional safety of
electrical/electronic/program
mable electronic safety-
related systems".
IEC 61508 has the following
views on risks:
zero risk can never be reached
safety must be considered from
the beginning
non-tolerable risks must be
reduced (ALARP) TÜV Rheinland,
FF-SIS approval
4
FF-SIS
© 2008 Fieldbus Foundation
What do we need to ensure with safe communication?
Communication:
We must know that the values of the data we receive
is right
We must know that the data is not too old
We must know that the data is received from the right
node to the right node
This is the purpose of the layered protocols
such as TCP/IP or others?
Yes, but the probability calculations for errors is not
good enough
5
FF-SIS
© 2008 Fieldbus Foundation
Some Industrial Safety Protocols
CIP-Safety
DeviceNet
Ethernet/IP
PROFIsafe
PROFIBUS DP/PA
PROFINET
FF-SIS
FF H1
Vendor specific
ABB (Ethernet)
Hima (Ethernet)
PILZ
Others
6
FF-SIS
© 2008 Fieldbus Foundation
Motion Control and Safety
Source: ARC
7
FF-SIS
© 2008 Fieldbus Foundation
Safety Measures in safety protocols
Trans-
mission
error
Number
sequen
ce
Time
stamp
Receipt
acknow-
ledge-
ment
Identifier for
sender &
receiver with
watchdog
timeout
Data
integrity
assurance
(CRC)
Redun-
dancy
with
cross
check
Different data
integrity
assurance
systems for
safety & standard
messages
Message
repetition
Loss of
message
Message
insertion
Sequence
failure
Data
corruption
SB
only
Delay
Masquerade
9
FF-SIS
© 2008 Fieldbus Foundation
Safety Instrumented System (SIS)
FF SIS
New approach to SIS
– Defines ”control in the field”
– Function blocks for building safety applications
Shared with ”host”
Distributed
PROFISAFE PA
PROFISAFE transparent to ”media”
Utilizes ”black channel” approach
ESD: emergency shutdown system
SIS: safety interlock (or instrumented)
system
BMS: burner management system
F&G: fire and gas system
10
FF-SIS
© 2008 Fieldbus Foundation
PROFIsafe – “wire representation”Ethernet ramme på kabelen:
Sikkerhets bitene i Ethernet rammen:
11
FF-SIS
© 2008 Fieldbus Foundation
Foundation Fieldbus extension - FF SIS
scope
Safety
Instrumented
Systems
n Extends FF Technology to Safety Instrumented
Systems
n Based on the IEC 61508 International Standard.
n Example Application Areas: Burner Management Systems
Fire & Gas (petrochemical)
Fuel Engineering
12
FF-SIS
© 2008 Fieldbus Foundation
International Development Team
ABB AS Norway
ABB Instrumentation Italy
BIFFI Italy
E.I. DuPont de Nemours, Inc. USA
ExxonMobil Research & Engineering USE
Emerson Process Management USA
Flowserve USA
HIMA Germany
Honeywell SMS The Netherlands
ice-PROS Canada
Infraserv Höchst Technik GmbH & Co. KG Germany
Invensys/Triconex USA
Metso Automation Finland
Rockwell Automation USA
Rotork Control Systems UK
Saudi Aramco Saudi Arabia
Smar Brazil and Singapore
Shell Global Solutions The Netherlands
Softing AG Germany
TÜV Germany
Westlock Controls Corporation USA
Yokogawa Electric Corporation Japan
Yokogawa - SCE The Netherlands
Yokogawa UK Limited UK
13
FF-SIS
© 2008 Fieldbus Foundation
FF-SIS Scope
n Extends FF Technology to Safety
Instrumented Systems
n Based on the IEC 61508 International
Standard.
n Example Application Areas:
Burner Management Systems
Fire & Gas
Fuel Engineering
14
FF-SIS
© 2008 Fieldbus Foundation
FF-SIS End User Requirements
n Reduced Total Cost of Ownership for FF-SIS
applications.
CAPEX– Hardware, Footprint, Commissioning, Power Consumption
OPEX– Advanced diagnostics, Reduced test interval via increased DCF.
n SIL 2 and 3 applications
n Password protected access to FF-SIS field devices
n Additional Function Blocks (e.g. logic, 2 out of 3
voting)
n Definable actions on diagnosed failures – trip,
message
n Handle discrete signals (e.g. switches, motor trips,
lights, push buttons, etc.) where H1 dynamic
performance is acceptable
15
FF-SIS
© 2008 Fieldbus Foundation
FF-SIS End User Requirements
n Total system approach
Total Asset Management – FF-SIS and Non-SIS
Modular Logic Solver –centralized and distributed
option
Diagnostics
Hybrid system architecture – FF-SIS & traditional
hardware
Guidance to manual proof test
Signalling/procedures for auto proof test
Awareness of opportunity-based proof test
Logging/documentation of results
Failure rate updates
16
FF-SIS
© 2008 Fieldbus Foundation
FF-SIS Extension Areas
n Communication
Meet IEC 61508 part 2 clause 7.4.8
Communication Diagnostics
n User Application
Meet IEC 61508 part 3 clause 7.4.4
Function Block Diagnostics
CRC on Device Description Files
17
FF-SIS
© 2008 Fieldbus Foundation
Process Safety Time/
Safety Function Response Time
Stale counter – must be applied in accordance with the specific application
3x communcation timeout as thumb rule
18
FF-SIS
© 2008 Fieldbus Foundation
FF Scheduling of communciation and FB execution
19
FF-SIS
© 2008 Fieldbus Foundation
FF H1- Slow but accurate & safe?The PID control algorithm
depend on the sampling of
process values + filtering
Polled approach
– PLC – cyclic IO Copy
Jitter + drift
introduces ”I&D-
errors”
Synchronized
approach
– FF -In loop execution of
sampling and control
algorithm
The analog SIS voter can rely
on ”fresh values” -> best
possible Process Safety
Time
1 ms synch
accuracy
”Alarm”
20
FF-SIS
© 2008 Fieldbus Foundation
FF-SIS Communication Extensions
n Black Channel Approach
H1 Communication System (Black Channel) is unchanged.
A new FF-SIS protocol above the Black Channel detects network
faults and appropriate action is taken without human intervention.
IEC 61508
IEC 61508
Black Channel
New FF-SIS
Communication Diagnostics
21
FF-SIS
© 2008 Fieldbus Foundation
FF-SIS User Application Extensions
n User Application
New Function Blocks for FF-SIS Applications – FBAP Part 6
New FBAP diagnostics detect application faults and appropriate
action is taken without human intervention.
IEC 61508
IEC 61508
Black Channel
New FF-SIS Function Blocks
&
Function Block Diagnostics
22
FF-SIS
© 2008 Fieldbus Foundation
Function Block Application Process – Part 6
SIS Write Lock
SIS Discrete Input
SIS Analog Input
SIS Discrete Output
SIS Analog Voter
SIS Discrete Voter
SIS AND/OR/XOR
FF-SIS Diagnostics and Statistics added to device Resource Block
FF-SIS User Application Extensions
23
FF-SIS
© 2008 Fieldbus Foundation
Operation Engineering
Proprietary Network
SIS Logic
Hardwired
Today’s Proprietary SIS
24
FF-SIS
© 2008 Fieldbus Foundation
Ethernet
Switch
Operation Engineering
Proprietary Network
SIS Logic
Hardwired
H1
Operation EngineeringTotal Asset
Management
HSE
FF-SIS Devices
Tomorrow’s Open FF-SIS
Linking
Device
H1
Non-SIS FF Devices
Linking
Device
. . . .Logic Solver?
Logic Solver
25
FF-SIS
© 2008 Fieldbus Foundation
Control Network
Control/
PLC
Seriell kommunikasjon/felt buss
Firewall
Plant Network / Intranett
Application
server
Aspect
server
Client/server Network
Tredje part
applikasjon
server
ArbeidsstasjonerEnterprise Optimization
Suite
Mobile
Operator
Connectivity
server
Engineering
Arbeidsstasjoner
F&G SIL 2ESD – SIL 3 PSD – SIL2
System topology for process safety
Trenger sikker (safe) kommunikasjon på
Kontrollnetverks-nivå og på felt-nivå.
Delevis på operatør-nivå
26
FF-SIS
© 2008 Fieldbus Foundation
Increased diagnostic coverage with FF-SIS
The instruments and actuators
are included in the safety system
and becomes part of the
diagnostic testing
The increased diagnostic
coverage
Makes it possible to at an early
stage do repair in many cases
No longer proven in use
certification
TÜV will not accept the proven in
use concept for FF-SIS devices
27
FF-SIS
© 2008 Fieldbus Foundation
Effects of increased diagnostic coverage
28
FF-SIS
© 2008 Fieldbus Foundation
SIS_
DI
SIS_
AVTR
SIS_
DO
Write Lock
S
SIS_
WL
SIS_
AI
SIS_
RB
SIS_
WL
SIS_
AI
SIS_
RB
SIS_
WL
SIS_
AI
SIS_
RB
SIS_
WL
SIS_
RB
Example FF-SIS Application
29
FF-SIS
© 2008 Fieldbus Foundation
SIS_
DI
SIS_
DVTR
SIS_
DO
Write Lock
S
SIS_
WL
SIS_
DI
SIS_
RB
SIS_
WL
SIS_
DI
SIS_
RB
SIS_
WL
SIS_
DI
SIS_
RB
SIS_
WL
SIS_
RB
Example FF-SIS Application
PS PS PS
SIS_
LOGIC
SIS_
WL
SIS_
DI
SIS_
RB
Estop
30
FF-SIS
© 2008 Fieldbus Foundation
USER LAYER
TRANSPORT LAYER
SESSION LAYER
PRESENTATION LAYER
APPLICATION LAYER
PHYSICAL LAYER
DATA LINK LAYER
NETWORK LAYER
1
2
3
4
5
6
7
OSI Model
PHYSICAL LAYER 1
2
3
4
5
6
7
COMMUNICATION
STACK
IEC 61158
@ 31.25 kbit/s
IEC 61158 - DLL
IEC 61158 - FMS
H1
USER LAYERDD – IEC 61804-2
IETF TCP/UDP
IEEE 802.3
MAC
IETF IP
IEC 61158 - FDA
IEEE 802.3u
@ 100 Mbit/s
HSE
USER LAYERDD – IEC 61804-2
FF-SIS – New Kid on the Block
PHYSICAL LAYER
COMMUNICATION
STACK
H1/HSE
USER LAYERDD – IEC 61804-2
FF-SIS
IEC 61508
31
FF-SIS
© 2008 Fieldbus Foundation
Target Schedule
2002
4Q FF Board of Director Approval for SIS Project
2003
1Q Project Kickoff Meeting
2Q Architecture Completed
3Q Draft Preliminary Specifications (DPS) Version 0.4
4Q TÜV Concept Approval for SIS
2004
1Q DPS Version 0.5 External Review
2Q Release DPS Version 1.0
3Q Develop Lab Test Tools and Lab Prototypes
4Q Begin Specification Validation Lab Testing @ Infraserve in
Frankfurt
2005 – Release SIS Specification 1.0 and Final TÜV Type Approval
2008 – FF SIS Rollout Team
32
FF-SIS
© 2008 Fieldbus Foundation
FF SIS demonstrators - SROT