Design Feature and Prototype Testing Methodology of DHIC’s Nuclear I&C system
Doosan Heavy Industries & ConstructionKookHun Kim, Ph. D
International Conference on Opportunities and Challenges for Water Cooled Reactors in the 21st Century
Vienna, 27-30 October 2009
1
1. From R&D Project to NPP project • KNICS R&D Project• ……• SUN 1&2 Project
2. Design Features • Configuration of Doosan’s I&C System• Platforms for Safety System : PLC• ……• Control Rod Control System
3. Integrated Verification Test • Background of Integrated Verification Test Facilities• Detailed test items via verification test facility • ……• Test Method
Contents
2
1. From R&D Project to NPP project
KNICS R&D Project (2001~2008)
System Verification R&D Project (2007~2010)
SUN #1&2 Project (2009~2015)
Integrated System Validation for SUN #1&2 (2009~2010)
3
KNICS R&D ProjectObjective
• Development of I&C system and equipment to meet the APR1400 and other PWRs– PLC (Platform for Safety System), PPS, ESF-CCS– DCS (Platform for Non-safety System), PCS, …
Period and Budget• 2001. 7 ~ 2008. 4• USD 70,000,000
Organization of KNICS R&D Center
Administrative Office
Advisory Committee
Evaluating GroupMEST / MKE
Director
R&D Groups- Over 200 researchers
- 25 organizations
Sub-projects• Digital Reactor Safety System• Licensing Support Technology for Digital
I&C• DCS (Distributed Control System) for
NPPs• CRCS (Control Rod Control System) and
PCS (Power Control System) for NPPs• System Integration and Evaluation of
Components/Systems for NPPs• RSPT (Reed Switch Position Transmitter)
and HJTC (Heat Junction Thermo-couple)• NPP Monitoring and Operation Support
Technology• Regulatory Safety Issues for Digital I&C
4
System Verification & Integrated System Validation
Objective• Construction of Integrated Verification Test Facility and Verification
Testing of I&C system– Reliability Assurance of KNICS products – Construction of advanced Main Control Room Facility of NPP– Construction of Test system – Interfacing with APR1400 simulator
Period and Budget• 2007. 8 ~ 2010. 7• USD 16,000,000
System Verification R&D Project(2007~2010)
Integrated System Validation for SUN #1&2 (2009~2010) Objective
• Pre-Installation Test • Performance Evaluation • Long Term Reliability Test
5
SUN #1&2 Project (2009~2015)
2010
1
2007 201120092008
87 1065432
SUN #1&2 PJT. Schedule
SUN #1&2 PJT. Schedule
Work
Schedule
KNICS Development Project
KNICS Development Project
IntegratedVerification Facility
Construction &Verification
(Nu-Tech2012)
IntegratedVerification Facility
Construction &Verification
(Nu-Tech2012)
○ ○ ○ ★Contract
Negotiation
PrimaryPropositionSubmission
○
RFPIssue
○
○ ○ ○
PrimaryContract
NSSS Contract
NSSSPropositionSubmission
PrototypeCompletion(PPS, PCS)
Integrated Test Computer
Equipment &APR1400Simulator
Small-scale Integrated verification
Performance
9 1112 1 87 1065432 9 11121 87 1065432 9 1112
2012
Prototype Completion
(ESF-CCS, NIMS)
○
Large-scale Integrated verification
performance
V&V Report
1....12 1....12 1....12
○
PrototypeCompletion
(LDP, MCR Console)
○ ○
PrototypeCompletion
(RCOPS, NPCS)
Operation Plan
Permission
○
Construction Permission Acquisition
○
ReactorVessel
Installation
○
First Concrete Infusion
Finalverification performance
V&VReport
PrototypeCompletion
(QIAS, P-CCS)
○Project
Completion
IntegratedVerification
performance
V&V Report
2013
1....12
Long-
Term
Reliability
Test
○
I&C systemDelivery
6
2. Design Features
Configuration of Doosan’s I&C System
Main Control Room
Safety System
Non Safety System
Platforms for Safety System : PLC
Platforms for Non Safety System : DCS
Power Control System
Control Rod Control System
Sub. Contents
7
Configuration of Doosan’s I&C System
• Doosan’s I&C System Architecture : Three layers of modularized system
• Control room• Information processing
computer system• Indication system
• Control system• Protection system
• Various measurement system• A few of monitoring system
of equipment and system
PPS
Cabinet Ch. A
RCOPS
Cabinet Ch. A
8
Main Control Room
Computer-based Advanced MCR- Compact workstation, Large Display Panel, Safety Console, and Soft Control,
Computerized Operating ProceduresThorough Human Factors Engineering (HFE) Verification & ValidationMeets all the latest HFE and digital system design requirementsFour compact workstations for sit-down operationVideo Display Unit (VDU) for control and monitoringLDP for display of overall plant operation
Soft control for both safety and non-safety componentFixed position controls on the safety console for maintaining the plant in safe conditionComputerized procedure system providing all operating procedures
9
Safety System
ESF-CCS
PPS
RCOPS
PPS (Plant Protection System) - Redundancy/Triple Redundancy structure in a single channel- To adopt an auto-periodic logic test algorithm- Completely independence structure from inputs to outputs- To separate control signals from information signals (HR-SDL/HR-SDN)
ESF-CCS (Engineered Safety Features-Component Control System)
- To improve the reliability by using triple redundancy structure of Group Controller
- Integrated structure : Group Controller performs a function of the system-level actuation logic and Loop Controller performs a function ofcomponent control
- To enforce online self-diagnosis & automatic testRCOPS (Reactor Core Protection System)
- Enhanced Algorithm against CPCS - Improvement of Thermal Margin by Best Estimate Calculation for DNBR- False Signal Filtering Algorithm for 12 Fingers Control Rod Position
Licensing- Safety Evaluation of PPS, ESF-CCS and RCOPS topical report was
completed
10
Non Safety System
PCS
NIMS
NPCS
PCS (Power Control System) - redundancy structure in a logic controller- redundancy structure in a power control unit - Maintenance capability enhancement by using drawer
type power conversion module
NPCS(NSSS Process Control System)- To improve the reliability by using redundancy
structure - Separated Control and Information network
NIMS (Nuclear Integrity Monitoring System)- Advanced signal processing capability- Various analysis information display- Maintenance capability enhancement by using same
type hardware
11
Platforms for Safety System : PLC
Processor Module• Single / Redundant Processor ModuleCommunication Module• HR-SDL (High Reliability-Safety Data Link)
Module – Trip signals between channels for PPS
• HR-SDN (High Reliability-Safety Data Network) Module
– Safety control signals for ESF-CCSInput/Output Module• Digital Input Module
– 120VAC, 230VAC• Digital Output (Relay Output) Module
– 24VDC, 48VDC, 125VDC, 110~220VAC• Special Module
– Analog Input, Analog Output – Pulse Counter Module – RTD Module, TC Module – I/O Extension Module
Licensing• Safety Evaluation of PLC topical report was completed
Power Modules
CPU Module
Comm. Modules
I/O Modules
12
PLC Equipment Qualification (Environmental, EMI/RFI, Seismic)• Environmental Qualification
– USNRC Reg. Guide 1.89, Rev. 01, June 1984– IEEE Std. 323-2003– EPRI TR-107330
• EMI/EMS/ESD/RFI/Surge Qualification– EPRI-TR-102323-R3, 2004. – USNRC Reg. Guide 1.180, Rev. 01, 2003 – IEC61000-4-2, 2001.– MIL-STD-461E, 1999– EPRI TR-107330– IEEE Std. C62.41.1-2002– IEEE Std. C62.45-2002
• Seismic Qualification– USNRC Reg. Guide 1.29, 1978– USNRC Reg. Guide 1.100, 1988– IEEE 344-2004
• Isolation Qualification– USNRC Reg. Guide 1.75, Rev. 02, Sept.1978 – IEEE Std. 384-1992
CPU1Q
SDL(OP)
NSPS-2Q CPU2Q
Signal Generator
Measuring Inst.(Current)
Voltage Regulator(SLIDACS)
Current(10mA), DC24V, DC48V, AC220V
DA_10mACh1-2
DC125V
NSPS-2Q
BLANK
BLANK
SDL(485)
SDL(485)
SDL(OP)
CPU2Q
BLANK
BLANK
BLANK
BLANK
BLANK
NFD1S-1Q
BLANK
BLANK
BLANK
NSPS-2Q NLBE-2Q
NQ-DC1Q
BLANK
BLANK
BLANK
BLANK
BLANK
DO
BLANK
HDL(232)
BLANK
NLBE-1Q
BLANK
HDL(232)
NDA8-2Q
NTC8-1Q
BLANK
BLANK
DA TC
SDN(485)
NAD8-3Q
NADF-1Q
AD AD
SDN(485)
NHSC-1Q
HSC
Pulse GeneratorNI-D23Q
DI
NQ-D23Q
DO
13
Platforms for Non Safety System : DCS
Operator Interface System (OIS)
• Tag/Group Viewer• Trend/Event Viewer• Graphic Viewer• Soft-Control
Engineering Workstation System( EWS)
• System Builder• Logic Builder• Tag/Group Builder• Graphic Builder• Etc.
Server• Historical Server• Monitoring Server• Alarm Server• DB ServerField Control Unit (FCU)
• Dual CPU • Dual FCU• CPU Board• GTS Communication Device• IO Board
Control Network• Dual Communication• Central Switching Hub• Group Switching Hub• Local Switching Hub
Information Network• Ethernet Commercial
Network(100MBPS)
Cabinet• Power Module• Terminal Block
DCS
14
DCS Communication Network
Information Network(100Mbps, Ethernet)
FCS#1
Control Network(100Mbps, Ethernet)
OIS #1EWS …
FCS#2 FCS#(N-1)(Master)... MUX Station
#1 ... ...FCS# FCSMax. #288
GatewayPC
Printer
History Data Server
(Master) (Slave)
(FCS redundancy)
...
OIS #64
MUX StationMax. #64...
Bus Expansion
MUXExpansion
Unit #2
MUXExpansion
Unit #1
Ethernet / Serial
MUXExpansion
Unit #1
MUXExpansion
Unit #32
...FCS#(N)(Slave) FCS#277
Ethernet / Serial
Operator Interface StationEngineering Work Station
M ultiplexer
External System or
Device
ExternalSystem or
Device
• Control NetworkControl Data traffic between ControllersSoft control from OISRedundancy
• Information NetworkOn-line Tag value from Controllers to ServersControl Logic downloadRedundancy
OIS
15
PCS Overview - Introduction
Interface Systems Power Control System
ControlCabinet
Aux. & IsolationCabinet
PowerCabinet
FiberOptic
RSPT C&D
CEDM Driving Power SignalControl
& MonitoringControl & Monitoring
CWP
16
PCS Overview – Test Configuration
Network InterfacePanel
Code Simulator
OIS Client #NOIS Client #1
HardwireInterfacePanel
APCSCC #1 (RRS,RPCS)
LSH(Main)LSH(Back-Up)
CC #2 (CEDMCS)
LSH(Main)
AC #2 AC #1
LSH(Back-Up)
GSH(Main)GSH(Back-Up)
CSH(Main)CSH(Back-Up)
MTP
PC #1MODBUS
MODBUSTCP
Soft-Control(Back-Up)
Soft-Control(Main)
TCP/IP
OIS Server(Master Node)
PC #13
17
PCS Overview – Proto-TypeControl Cabinet Power CabinetAux. & Isolation
Cabinet
18
CRCS Overview - Introduction
[ LEGEND]CB : containment buildingRV : reactor vesselCRCS : control rod control systemCC : control cabinetMTP : Maintenance & Test PanelPC : power cabinetPCU : power control unitPCM : power converter moduleCRDM : control rod drive mechanism
Reactor Regulating SystemReactor Regulating System
Rod Position Indicator SystemRod Position Indicator System
Computer SystemComputer System
MCB in MCRMCB in MCR
PCM
PCU
MTP
CCPC
RV
CRCS
CRDM
MG Set
19
MainControl Unit(Redundant PLC)
MTP
Size(W*H*D) : 800 x 2300 x 1220mmWeight : 920kgPower Specification
Main : 120Vac±10%, 60Hz± 5%, 1kVAAux : 120Vac±10%, 60Hz± 5%, 1kVA
CRCS Overview – Control Cabinet
20
CRCS Overview – Power Cabinet
Power Converter Module
Power Control Unit
Size(W*H*D) : 1,450*2,300*1,220mmWeight : 1,475KgCabinet Power
Main : 120Vac±10%, 60Hz± 5%, 425VAAux : 120Vac±10%, 60Hz± 5%, 375VA
CRDM Power3Phase 260/150Vac±10%, 60Hz± 5%, 40KVA
Drawer type Power Converter Module
21
CRCS Overview – MTPInformation for Control Cabinet
Control Rods Operation StatusBank Overlap Operation StatusStaggering Operation StatusMain Control Unit StatusPower Control Unit Status Coil Current/VoltageDetail Fault Messages: Power Supply: Thyristor: Fuse: Zero Cross Signal: PT/CT etc.Event Log
22
CRCS Overview – Equipment Qualification Test
Code & Std. : IEEE 323,344, EPRI TR102323, Etc.
23
Simulator
Simulator Main Computer
APR1400 Simulator
CRDM
Rod Control System
Display of Operator Console
ENG W/S
ETHERNET
Operator Console
CC
MODBUS+, ETHERNET
REACTOR MODEL
SIM. I/O
HARD WIRE
PC
CRCS Overview – Performance Test
24
3. Integrated Verification Test Background of Integrated Verification Test Facilities
Overall Structure of integrated test facility
APR1400 Simulator
Test System of Integrated Verification Test Facilities
Detailed test items via verification test facility
Step of the verification test
Test Method • Network Load Test
• Response Time Test
• Reactor Power Cutback System Test
• Scenario Test
Sub. Contents
25
Satisfaction of Reliability Requirement
3yr or 3, 000 Operating yr As subsystem
moduleIn power plant
3yr or 3, 000 Operating yr As entire systemIn other than power
plant
• According to the requirements of KURD Chapter 10, the proven technology in Man Machine Interface Systems is supposed to be applied.
• The MMIS using at nuclear power plant should be satisfied more than one of below requirements.
Prototype TestingSoftware
Qualification Process (Simulator)
KURD Requirement
Purpose of Test Facility• Basically, the developed product should be needed a permission of the
regulatory organization according to the rules.• In addition, the requirements of a user (KURD) should be satisfied.
Background of Integrated Verification Test Facilities
26
Overall Structure of integrated test facility
27
APR1400 Simulator
• Real-time Modeling- Thermal-Hydraulic Model- 3D Core Model- Dynamic Primary Aux System Model- Dynamic Secondary Aux System Model- Computer and Control System Model
• Emulation/Stimulation Technology of Digital MMIS
• Computerized Procedure System Modeling
• This simulator is similar to SKN 3&4 simulator (Some of the simulator codes were modified from the original simulator code for the verification test of protection, control and information systems)
APR1400Simulator
Interface Panel
28
Test System of Integrated Verification Test Facilities
Section System Number of Cabinets Scope
PPS 124
8Safety System
Non-Safety System
LDP(Large Display Panel) 14 Fully
Safety Console, RO/EO/TO, SS/STA Console 6 FullyMCR
EquipmentsServers (Database, HDSR, Alarm, Time, Computation) 13 Almost Fully
5
5
7
6
4
RCOPSFully (CH-A,B,C&D)Partially (CH-C&D)
Partially (representative function)
Fully
Partially (representative function)
ESF-CCS
QIAS-P&N
PCS
Almost Fully
Partially (representative function)
NPCS
P-CCS
NIMS Fully
29
Detailed test items via verification test facility
Test Detailed Test ItemsElectrical & PlatformFunction Test
Electrical Test & Redundancy TestNetwork Communication TestController & I/O Module Performance TestPLC Function Test/DCS Function Test
F.A.T. System Applications Software Module TestSystem TestFailure Mode Test/Redundancy Test
Integration Test (with APR1400 Plant Simulator)
Interface Test /MMI TestSystem Function/Performance Test Response Time TestNetwork Load Test Alarm TestReactor Power Cutback System TestUnit Load Transient Test/Load Cycle TestLoad Rejection TestScenario Test
Long Term Reliability (with APR1400 Plant Simulator)
Long Term Reliability Test
30
Step of the verification test
System TestObject System : 11 system
System Test for verification of separate system function and performanceInterface Test for verification of Interface status between System and SimulatorPerformance Test for verification of interface Function and performance between systems
Integration Test- Verification of MMIS Integrated Performance
- Network Load Test, Response Time Test,MMI & Alarm Test, etc
Operating Test- Load Rejection Test- Unit Load Transient Test- Load Cycle Test- Reactor Power Cutback System Test- FWCS Valve Transfer Test
Large Scale TestLarge Scale Test((’’08.05~08.05~’’08.1OE)08.1OE)
Small Scale Small Scale TestTest((’’07.7~07.7~’’07.10E)07.10E)
Test System
• PPS• PCS• NIMS
• RCOPS• ESF-CCS• NPCS• DIS• IPS
• Integration Test• Operating Test
• P-CCS• QIAS-P• QIAS-N
Final TestFinal Test((’’09.02~09.02~’’09.05E)09.05E)
Long Term Reliability TestLong Term Reliability Test((’’09.08~09.08~’’10.06E)10.06E)
STEP
PLC/DCSPLC/DCS
Integration Test
31
Test Method - Network Load Test
C o n t r o l N e t w o r k
I n f o r m a t io n N e t w o r k
L D PM D B S e r v e r
O p e r a t o r C o n s o le C o n t r o l l e r C a b in e t A d d i t i o n a l L o a d G e n e r a t o r 1 A d d i t i o n a l L o a d G e n e r a t o r 1 0
B a s i c L o a d
A d d i t i o n a l I m i t a t i o n L o a d
• Basic Network Communication Load- 61,000 Registered Tag in Server (Maximum 65,000
Tag)- Running Communication Data
• Safety : PPS, RCOPS, ESF-CCS, QIAS-P• Non-Safety : PCS, P-CCS (NPCS, BOP)• Other Plant : APR 1400 Plant Simulator
• Additional Imitation Load for Communication1. Installed Imitation Load Generator at 12 Operator
Console which connected to Network2. Each Imitation Load Generator produce data load
the same as 20 controllers3. Each Imitation Controller generates 2Kbyte at most 4. Increase Imitation Controllers from 0 to maximum
240(0~480[Kbyte])
To verify that the measured response time of tag satisfy the requirement.
32
Test Method - Response Time Test
< Test Configuration for Safety System > < Test Configuration for Non-Safety System >
• Response Time Test - The response time between the safety/non-safety systems and the MCR display consoles.
• the sections between the ESF-CCS input and the MCR display consoles (requirement : 2500 msec)• the sections between the ESF-CCS Loop Controller’s input and the DCS Loop Controller’s (P-CCS)
output (requirement : 600ms)
• Response Time Test Method- To measure the response time precisely, a dedicated measuring computer was used
• The computer captures the time of the input signal from the simulator and then the time of the display output in the consoles using the USB type data acquisition device.
• Then, the computer calculates the difference of times
33
Test Method - Reactor Power Cutback System Test
The reactor power cutback system test is to verify the functions of overall plant control systemsin case 2 of 3 main feedwater pumps are failed at 70% and 95% of reactor power, which is similar to the plant performance test at a plant startup stage.
34
Test Method - Scenario TestStep 1. Operation at 100% reactor powerStep 2. CEA manual operationStep 3. Automatic load following operation (100% ->90%->100%) Step 4. Operation when failure of 2 out of 3 main feed-water pumps Step 5. Reactor trip caused by PZR low pressure Step 6. Check operation logging(To check the time and sequence of events through Historical Data
Storage & Retrieval Server(HDSR Server) during scenario test)
35
• The fully digitalized nuclear I&C system was developed. • The Licensing (topical reports of the PLC, the PPS, the ESF-CCS and
the RCOPS reviewed by KINS) was completed. • The full scope of the digitalized integrated verification test facility was
constructed and the verification test has been completed. • The evaluation of the application to the SUN #1&2 project has been
completed. • Finally contracted to supply for the SUN #1&2.• We want to propose the DHIC’s prototype testing methodology for a
method to meet the proven technology requirement.
Conclusion
36
END OF DOCUMENT
