Upgrading control systems at a major UK refinery
Author : Chris Parr, Principal Engineer (Safety), Hima-Sella
09 January 2013
For all industrial processing and automation systems, it is a fact of life that components need to be upgraded; in order to counter obsolescence issues, meet new standards and/or deliver greater productivity.
It is also a fact of life that the engineering work carried out to implement the upgrade must have minimal impact on the site’s day-to-day operations, safety must not be compromised and costs must be kept as low as possible. Accordingly, upgrading an entire site’s control system is not without its challenges; particularly if it is a large site with hazardous areas.
A few years ago a major UK refinery established that it needed to replace its plant-wide Control System and field-mounted Programmable Logic Controllers (PLCs) in light of impending obsolescence issues. As part of the project the refinery decided to install a new Distributed Control System (DCS), settling on a Honeywell Experion system. For the site-wide network of PLCs, the majority of which are in an ATEX 3G (Zone 2) hazardous area, the refinery invited four companies to devise ‘engineered solutions’ to meet a variety of requirements.
Buzz-phrases on the refinery’s list of priorities included: current generation products and non-proprietary communication protocols; redundant fibre-optic communication; fast response times (specifically any event in the field must be seen by the DCS within 500 milliseconds); rugged solutions (to work in harsh environments and across wide temperature ranges); and scope for expansion. There was also a size requirement, in that the PLCs had to fit a relatively small footprint (circa 300 x 350mm).
Over a period of six months, the four companies set about developing their respective solutions. Moreover, they had to demonstrate the capabilities of the PLCs they proposed to use; and in October 2011 Stockport-based Hima-Sella was awarded the contract to provide a complete engineered solution for the replacement of the field PLCs and their integration with the Honeywell DCS. The company was also charged with the management of the supply chain.
Safety First
Perhaps more associated with Safety Instrumented Systems (SIS), Hima-Sella is an engineering integration company that works in a variety of industry sectors (including oil & gas, nuclear and rail) and always puts safety first. However, the company has considerable overall system integration and project management experience; acquired over almost 40 years and working on a number of large, safety-critical and plant control system projects.
Hima-Sella’s solution for the refinery centres on replacing the field-mounted PLCs with Remote Input / Output (RIO) units and supplying a HIMA HIMax Programmable Electronic System (PES) to interface with the DCS. Hima-Sella is the exclusive UK distributor for Germany-based HIMA, and the HIMax PES has a scalable redundancy architecture (quad, triple, dual or single) that affords protection up to SIL 3. It also has virtually unlimited expansion potential, and accommodates changes and additions to both hardware and software while the system is running; a feature which meant the refinery’s upgrade project would not require a site-wide shut-down.
The HIMax, which acts as a combined data concentrator and conditioning unit, is located in the site’s control room and is split over two enclosures to provide communications between the DCS and all field devices via two independent networks. These networks provide independent access to about 100 network interface boxes (netboxes) via three fibre rings; designated Blue, Green and Red.
Each netbox contains a HIMatrix unit, which provides the necessary interface between the redundant networks and the simplex communication to one or more RIOs. Hima-Sella’s reasoning behind using the HIMatrix (which like the HIMax is certified up to SIL 3) was the system’s suitability for the network and installation in harsh environments. The unit is also suitable for use in an ATEX Zone hazardous area.
The netboxes interface with up to 12 field-mounted RIOs, each of which comprises a Schneider Advantys STB modular distributed I/O unit with 25 channels for physically interfacing with motorised valves, switches, sensors and other field hardware. All equipment communicates using the industry standard (and therefore non-proprietary) Modbus communication protocol which allows third party systems to be easily integrated into the system in the future.
Other industry standard communications methods were also employed to solve specific project challenges. For example, some of the legacy PLCs are in the jetty area of the refinery, and about 2km from the nearest fibre ring. For these, a fibre spur would have proved prohibitively expensive so the solution was to use DSL Ethernet extenders; that utilise the existing plant cabling.
The project also includes the provision of four field-mounted safety-critical PLCs that provide anti-surge protection. Again, these units use the HIMA HIMatrix, but this time it is providing a more localised control.
Hima-Sella has considerable experience of engineering such systems and its accredited functional safety management procedures, in accordance with BS EN 61508-1, ensure that:
* Safety system design follows a process of: functional safety assessment; verification; validation and configuration management;
* A culture of safe working;
* The identification of responsible departments and personnel;
* Personnel are competent to perform their allocated duties;
* Information is structured in a clear and concise manner; and
* Training is an integral part of the management system.
In addition, seven third-party PLCs (non-safety-critical and not facing any impending obsolescence issues) are being integrated into the overall system; emphasising again the benefits of using non-proprietary communications methods.
Implementation
An important project milestone occurred in early 2012, when the refinery approved Hima-Sella’s designs for the field enclosures.
This enabled manufacture of the netboxes (about 100) and RIOs (about 250) to commence. Shortly afterwards, the refinery’s engineering staff, with support from Hima-Sella, began installing the RIOs and netboxes (in place of the legacy standalone PLCs) and migrating control over to the new Blue ring; the physical installation work being done ‘live’ in that small local areas were shut down for a few hours at a time.
Migration onto the Blue ring went smoothly, taking only two months. The refinery is currently migrating onto the Green ring and completion is scheduled for the end of 2012. Red migration is scheduled for Q1 2013. This equates to approximately 18 months from order placement to project completion; an impressive feat considering the stats (see box) and live migrations.
As mentioned, four companies were in the running for this comprehensive site-wide PLC upgrade project. Working in Hima-Sella’s favour were the capabilities of the HIMA products the company proposed (and demonstrated), its ability to design the equipment to meet the hazardous area and other environmental requirements, plus the company’s experience of engineering solutions that employ open-standard communication protocols (namely Ethernet and Modbus).
Project stats at a glance
The HIMax at the heart of the system will, when the upgrade project completes, be processing an anticipated 20,000 channels of data and 6,000 I/O, with scope for expansion, and delivering a complete loop response time of less than one second (from field initiation to DCS transmission) and will have an individual cycle time of less than 70ms.
The field units include:
* Blue Ring = 24 netboxes and 60 RIOs
* Green Ring = 40 netboxes and 96 RIOs
* Red Ring = 38 netboxes and 97 RIOs
* Four safety-critical PLCs
* Seven third-party (and non-safety-critical) PLCs
Checking all’s well
Above right, a Remote Input / Output (RIO) unit is tested alongside a HIMatrix unit (from a netbox) The HIMatrix’s CPU has two microprocessors which operate in a 1-out-of-2 mode, in that one failure would shut down the CPU. Diagnostic routines constantly check the integrity of the systems (hardware and software). For example, memory is tested by having two copies of the operating system and application (code) stored on the CPU. The second copy is a logical inversion of the first, and should always be so when the two are compared. Any discrepancy would signal a memory failure.
ATEX Compliance
The majority of network interface boxes (netboxs) and Remote Input / Output (RIO) enclosures being installed as part of the site-wide PLC upgrade will be located in hazardous areas, categorised by Zone 2 IIB T3 (ATEX II 3G) (-20 to 60oC). Accordingly, the boxes and enclosures were constructed to comply with a variety of BS EN standards for explosive atmospheres including 60079-0:2009, 60079-7:2007 and 60079-15:2010. Compliance also required the compilation of a technical construction file for each box/enclosure type.
Contact Details and Archive...