+ All Categories
Home > Documents > Remote Handling Control System Design Handbook · 2012. 11. 12. · I&C Instrumentation and Control...

Remote Handling Control System Design Handbook · 2012. 11. 12. · I&C Instrumentation and Control...

Date post: 21-Feb-2021
Category:
Upload: others
View: 5 times
Download: 0 times
Share this document with a friend
24
PDF generated on 23-Nov-2011 Handbook (not under Configuration Control) Remote Handling Control System Design Handbook This handbook provides a common reference for the parties involved in the development of the ITER Remote Handling Control System in order to facilitate the production of a unified system integrated into the ITER infrastructure Approval Process Name Action Affiliation Author Hamilton D. 22-Nov-2011:signed IO/DG/DIP/CIE/AOP/RH CoAuthor Reviewers Tesini A. 22-Nov-2011:recommended IO/DG/DIP/CIE/AOP/RH Approver Kondoh M. 22-Nov-2011:approved IO/DG/DIP/CIE Document Security: level 1 (IO unclassified) RO: Tesini Alessandro Read Access LG: DTP2 Collaborators, LG: RH IPT, LG: EU-DA RH, LG: PBS23.01 CDR attendees, AD: ITER, AD: External Collaborators, AD: Section - Remote Handling, AD: Section - Remote Handling - EXT, AD: ITER Management Assessor, project administrator, RO IDM UID 2EGPEC VERSION CREATED ON / VERSION / STATUS 22 Nov 2011 / 2.3 / APPROVED EXTERNAL REFERENCE
Transcript
Page 1: Remote Handling Control System Design Handbook · 2012. 11. 12. · I&C Instrumentation and Control LAN Local Area Network OMS Operations Management System PBS Plant Breakdown Structure

PDF generated on 23-Nov-2011

Handbook (not under Configuration Control)

Remote Handling Control System Design Handbook

This handbook provides a common reference for the parties involved in the development of the ITER Remote Handling Control System in order to facilitate the production of a unified system integrated into the ITER infrastructure

Approval Process Name Action AffiliationAuthor Hamilton D. 22-Nov-2011:signed IO/DG/DIP/CIE/AOP/RHCoAuthorReviewers Tesini A. 22-Nov-2011:recommended IO/DG/DIP/CIE/AOP/RHApprover Kondoh M. 22-Nov-2011:approved IO/DG/DIP/CIE

Document Security: level 1 (IO unclassified)RO: Tesini Alessandro

Read Access LG: DTP2 Collaborators, LG: RH IPT, LG: EU-DA RH, LG: PBS23.01 CDR attendees, AD: ITER, AD: External Collaborators, AD: Section - Remote Handling, AD: Section - Remote Handling - EXT, AD: ITER Management Assessor, project administrator, RO

IDM UID

2EGPECVERSION CREATED ON / VERSION / STATUS

22 Nov 2011 / 2.3 / APPROVED

EXTERNAL REFERENCE

Page 2: Remote Handling Control System Design Handbook · 2012. 11. 12. · I&C Instrumentation and Control LAN Local Area Network OMS Operations Management System PBS Plant Breakdown Structure

PDF generated on 23-Nov-2011

Change LogTitle (Uid) Version Latest Status Issue Date Description of Change

Remote Handling Control System Design Handbook (2EGPEC_v2_3)

v2.3 Approved 22 Nov 2011

Added reference to RH I&C functional breakdown document

Remote Handling Control System Design Handbook (2EGPEC_v2_2)

v2.2 Signed 22 Nov 2011

Changes made according to DA review report (653PL4)

if(typeof editorarray == 'object'){ editorarray.push('MasterPlaceHolder_DocumentView1_ctl01_ctl00_ctl00_ctl16_ver_description') }

Remote Handling Control System Design Handbook (2EGPEC_v2_1)

v2.1 Disapproved 06 Jul 2011 Corrected mistake in Figure 3. 'Virtual System' changed to 'Viewing System'.

Remote Handling Control System Design Handbook (2EGPEC_v2_0)

v2.0 Signed 28 Jun 2011 The handbook data has been completely re-organized to provide more clarity between requirements and general information. The handbook and its annexes now concentrate on listing requirements and the general information is provided in support documents.

Remote Handling Control System Design Handbook (2EGPEC_v1_2)

v1.2 Approved 09 Jul 2010 First full draft version

Remote Handling Control System Design Handbook (2EGPEC_v1_1)

v1.1 In Work 24 Sep 2009

Wrote some more chapters

Remote Handling Control System Design Handbook (2EGPEC_v1_0)

v1.0 In Work 28 May 2008

Page 3: Remote Handling Control System Design Handbook · 2012. 11. 12. · I&C Instrumentation and Control LAN Local Area Network OMS Operations Management System PBS Plant Breakdown Structure

ITER_D_2EGPEC v2.3

RHCS Design Handbook ITER_D_2EGPEC v2.3

1

RHCS Design Handbook

Contents

1 Introduction ................................................................................................................................... 3

1.1 Document Scope and Structure ........................................................................................... 3

1.2 Acronyms ............................................................................................................................... 3

1.3 Glossary ................................................................................................................................. 4

1.4 Related Documents ............................................................................................................... 4

1.4.1 Applicable documents ....................................................................................................... 4

1.4.2 Reference documents ........................................................................................................ 4

2 RH Control System Architecture ................................................................................................. 5

3 Design Requirements ................................................................................................................... 6

3.1 Standard Terminology .......................................................................................................... 6

3.2 Standard Architecture .......................................................................................................... 6

3.3 High-Level Control System .................................................................................................. 7

3.4 Low-Level Control System ................................................................................................... 8

4 Integration Requirements .......................................................................................................... 10

4.1 Overview .............................................................................................................................. 10

4.2 RH Networks ....................................................................................................................... 10

4.3 RH Control Room ................................................................................................................ 11

4.4 RH Emergency Stop Pushbutton Circuit .......................................................................... 11

4.5 RH Cubicle Rooms .............................................................................................................. 12

4.6 Cable Routing ...................................................................................................................... 12

4.7 RH Supervisory Control System ........................................................................................ 12

4.7.1 RH Plant Controller ....................................................................................................... 12

4.7.2 RH Supervisor ................................................................................................................ 12

4.7.3 Equipment Management System .................................................................................. 13

4.7.4 Plant Interlock System .................................................................................................. 13

4.7.5 Plant Safety System ....................................................................................................... 13

5 Operation Requirements ............................................................................................................ 14

5.1 Overview .............................................................................................................................. 14

5.2 RH Process Control ............................................................................................................. 14

5.3 RH Operations Control ....................................................................................................... 14

5.3.1 Overview ......................................................................................................................... 14

5.3.2 RH Operations Planning ................................................................................................ 14

5.3.3 RH Operations Execution .............................................................................................. 14

5.3.4 RH Operations Analysis ................................................................................................. 15

5.4 RH Non-Functional Operational Requirements ............................................................... 18

Page 4: Remote Handling Control System Design Handbook · 2012. 11. 12. · I&C Instrumentation and Control LAN Local Area Network OMS Operations Management System PBS Plant Breakdown Structure

ITER_D_2EGPEC v2.3

RHCS Design Handbook ITER_D_2EGPEC v2.3

2

5.4.1 Nominal Operations ....................................................................................................... 18

5.4.2 Quality Assured Operations .......................................................................................... 18

5.4.3 Efficient Operations ....................................................................................................... 19

5.4.4 Human Factors ............................................................................................................... 19

5.5 RH Recovery Operations .................................................................................................... 19

6 Maintenance Requirements ....................................................................................................... 20

7 Protection Requirements ........................................................................................................... 21

7.1 Overview .............................................................................................................................. 21

7.2 Investment protection requirements ................................................................................. 21

7.3 Safety protection requirements ......................................................................................... 22

Page 5: Remote Handling Control System Design Handbook · 2012. 11. 12. · I&C Instrumentation and Control LAN Local Area Network OMS Operations Management System PBS Plant Breakdown Structure

ITER_D_2EGPEC v2.3

RHCS Design Handbook ITER_D_2EGPEC v2.3

3

1 Introduction

1.1 Document Scope and Structure

The RH Plant System is a man-in-the-loop system for performing maintenance tasks on the ITER machine and machine components. As such, it differs from the typical plant systems involved in the ITER machine operations that are the main focus of the Plant Control Design Handbook [AD3]. In accordance with the ITER QA process, a deviation [AD4] has been raised for the RH Plant System I&C against requirements of the Plant Control Design Handbook which are seen as unsuitable for the RH I&C. This deviation is to allow the investigation of other standards which may be more optimized for the RH Plant System.

The RH Plant System is a relatively large I&C system that is made up of a number of separately procured RH equipment systems. These systems are focused on the specialized area of remote handling, and the I&C of these systems have numerous elements in common with each other that are not covered by the Plant Control System Handbook. For arguments similar to those that justify the standards for ITER I&C as a whole, the complexity of the RH equipment systems additional I&C elements need to be controlled for integration, operation, and maintenance purposes.

The scope of the RH Control System Design Handbook is, therefore, to perform two functions:-

Define the I&C standards and requirements that the RH Plant System shall apply as approved deviations from the Plant Control Design Handbook,

Define the extended I&C standards and requirements for the equipment systems that are to be part of the RH Plant System and operated from the RH control rooms.

The RH Control System Design Handbook main document is divided into the following chapters:-

Introduction

RH Control System Architecture

Design Requirements,

Integration Requirements,

Operation Requirements,

Maintenance Requirements,

Protection Requirements,

In many cases, the main document only defines outline requirements and references annex documents which contain the detailed requirements. The annex documents are also applicable documents and shall be approved at the same level as the main handbook. The reviewer list of the annex documents will be based on specialists in those particular areas. As well as improving the accessibility of the handbook, this arrangement facilitates the maintenance of the handbook. Some of the Annex documents (such as standard terminology and standard parts) are intended to be updated at relatively regular intervals.

1.2 Acronyms

API Application Programming Interface

CAT Computer Assisted Teleoperation

CIN Central Interlock Network

CIS Central Interlock System

CODAC Control, Data Acquisition, and Communication

COTS Commercial Off-The-Shelf

CSN Central Safety Network

CSS Central Safety System

C&C Command & Control

EMS Equipment Management System

ES Emergency Stop

FSM Finite State Machine

HMI Human Machine Interface

IO ITER Organization

Page 6: Remote Handling Control System Design Handbook · 2012. 11. 12. · I&C Instrumentation and Control LAN Local Area Network OMS Operations Management System PBS Plant Breakdown Structure

ITER_D_2EGPEC v2.3

RHCS Design Handbook ITER_D_2EGPEC v2.3

4

IVVS In-Vessel Viewing System

I/O Input/Output

I&C Instrumentation and Control

LAN Local Area Network

OMS Operations Management System

PBS Plant Breakdown Structure

PCDH Plant Control Design Handbook

PIS Plant Interlock System

PSH Plant System Host

PSS Plant Safety System

QA Quality Assurance

RH Remote Handling

RHCS Remote Handling Control System

RT Real-Time

R&D Research and Development

VR Virtual Reality

1.3 Glossary

Equipment System – a fully functional standalone equipment system (operator interfaces, I&C, mechanical device) that is to be integrated into the RH System and operated from the RH control rooms.

Equipment Controller – the control cubicles that contain the embedded controller for an equipment system.

RH Plant System – the integration of the RH equipment systems that perform remote maintenance of the ITER machine and machine components.

1.4 Related Documents

1.4.1 Applicable documents

[AD1] Project Requirements (ITER_D_27ZRW8)

[AD2] Electrical Design Handbook (ITER_D_2DSPT6)

[AD3] Plant Control Design Handbook (ITER_D_27LH2V)

[AD4] RHPS Deviations and Non-conformances (ITER_D_34H6HG)

[AD5] Annex A: Standard Terminology (ITER_D_2DX65K)

[AD6] Annex B: High-Level Control System Specification (ITER_D_4GTJJP)

[AD7] Annex C: Standard Controller Model (ITER_D_4GUQ22)

[AD8] Annex D: Standard Interfacing (ITER_D_4GVQBJ)

[AD9] Annex E Standard Parts (ITER_D_4H8SJC)

1.4.2 Reference documents

[RD1] RHCS General Information (ITER_D_4H9684)

[RD2] RHCS Analysis (ITER_D_4HAPEQ)

[RD3] RHCS Outline Description (ITER_D_4C2AXC)

[RD4] RHPS Operation and Control (ITER_D_3P2Q7F)

[RD5] RHPS Protection Systems (ITER_D_3VTQZV)

[RD6] RHCS Operational Flow (ITER_D_35PZW2)

[RD7] PBS 23.07 SRD (ITER_D_2DRWQ6)

[RD8] Appendix X – Remote Handling Control System (ITER_D_3PYQMX)

[RD9] RH I&C Functional Breakdown (ITER_D_6KYSYP)

Page 7: Remote Handling Control System Design Handbook · 2012. 11. 12. · I&C Instrumentation and Control LAN Local Area Network OMS Operations Management System PBS Plant Breakdown Structure

ITER_D_2EGPEC v2.3

RHCS Design Handbook ITER_D_2EGPEC v2.3

5

2 RH Control System Architecture

The ITER RH System contains two I&C plant systems operating under the central coordination of the CODAC central systems (figure 1):-

RH Plant System:- The integration of the RH equipment systems that perform remote maintenance of the ITER machine and are operated from the RH control rooms.

IVVS Plant System: The In-Vessel Viewing system provides 3d images of the in-vessel environment and its normal operating mode is from the Main Control Room.

The RHCS Design Handbook is targeted at the equipment systems that integrate to form the RH Plant System.

Figure 1. Schematic of the Overall RH Control System

File Network

RH Networks

Low-Level Control System

CODAC Networks

RH Supervisor System

PSH PIS PSS

CIN CSN

CODAC

High-Level

Control System

CIS CSS

RH Plant Controller

PON PBS 23.07

Device

EMS

PBS 23.01

Low-Level Control System

High-Level

Control System

Device

PBS 23.02

Low-Level Control System

High-Level

Control System

Device

PBS 23.03

Low-Level Control System

High-Level

Control System

Device

PBS 23.05

Low-Level Control System

High-Level

Control System

Device

PBS 23.06

Low-Level Control System

High-Level

Control System

Device

PBS 23.10

IVVS Control System

Device

IVVS Plant System PBS 23.04

PIS PSH

PON

RH Plant System

Page 8: Remote Handling Control System Design Handbook · 2012. 11. 12. · I&C Instrumentation and Control LAN Local Area Network OMS Operations Management System PBS Plant Breakdown Structure

ITER_D_2EGPEC v2.3

RHCS Design Handbook ITER_D_2EGPEC v2.3

6

3 Design Requirements

3.1 Standard Terminology

[RQ-001] The RH equipment systems shall use the terminology according to the definitions defined in Annex A of the RHCS Design Handbook [AD5].

3.2 Standard Architecture

[RQ-002] Each of the RH equipment systems shall be a fully functional system that contains the complete set of operator interfaces and instrumentation and control required for performing its defined remote maintenance functions on the ITER machine and machine components.

[RQ-003] The RH equipment systems shall implement a two level control system architecture that is made up of a high-level control system and a low-level control system.

[RQ-004] The high-level control system shall implement all the operator interfaces that are required for the operation of the equipment system.

[RQ-005] The low-level control system shall implement all the embedded controllers that are required to control the equipment devices.

Figure 2. Schematic of the RH Equipment System Control Hierarchy

The RH standard networks are implemented by PBS 23.07 and consist of:-

File network: General backbone network for control room work-stations,

Control network: Reserved for RH control communications,

Audio/Video network: Dedicated high bandwidth network for transmission of audio/video signals,

Real-Time network: Network with deterministic timing for real-time control communications,

Diagnostic network: Dedicated network for transmission of equipment diagnostic data.

A general purpose communication middleware will be used to manage communications over the non real-time RH networks, and standard protocols will be defined for the communications over all the RH networks.

[RQ-006] The RH equipment systems shall comply with the RH networks standards for communication middleware and communication protocols.

[RQ-007] The RH equipment systems shall comply with the communication data traffic rules defined for the different RH networks.

RH Networks

Low-Level Control System

CIN

CSN

High-Level

Control System

Device

PBS 23.XX

Page 9: Remote Handling Control System Design Handbook · 2012. 11. 12. · I&C Instrumentation and Control LAN Local Area Network OMS Operations Management System PBS Plant Breakdown Structure

ITER_D_2EGPEC v2.3

RHCS Design Handbook ITER_D_2EGPEC v2.3

7

3.3 High-Level Control System

Figure 3. Schematic of the High-Level Control Systems

[RQ-008] The high-level control system shall have a modular design, with the modules delivering a defined functionality and interfacing with the other modules through clearly defined interfaces.

[RQ-009] The high-level control system shall contain a Task Supervisor System that provides the tools for operating the equipment to accomplish the required maintenance tasks.

[RQ-010] The Task Supervisor System shall contain an Operations Management System module that provides the function of managing the procedures for the man-in-loop operations and ensures that the maintenance tasks are carried out safely, efficiently, and with consistent quality.

[RQ-011] The Task Supervisor System shall implement a Command and Control module that provides the operator interface for driving the RH equipment.

[RQ-012] The Task Supervisor System shall implement RH Input Devices to allow the operators to exercise direct control over the motions/forces of the RH equipment devices (e.g. joysticks, force-feedback master arm, emergency stop button).

[RQ-013] The high-level control system shall contain a Virtual Reality System that provides live tracking of the RH operations and related operator assistance using 3D computer generated models.

[RQ-014] The Virtual Reality System shall contain a Virtual Reality Visualization module that provides visualization of the 3D modelling environment with a minimum update rate of 10Hz.

[RQ-128] The equipment system shall provide a mechanism for achieving registration between the VR model and the real-world environment to an accuracy level that will allow the operators to rely on the Virtual Reality system to avoid collisions during equipment motions.

[RQ-015] The Virtual Reality System shall contain a Structural Simulator module that simulates the load effects on the RH equipment structure so that the VR visualization can provide accurate representation of the equipment positioning in the remote environment to sufficient levels that the operator can rely on the Virtual Reality system to avoid collisions during equipment motions.

[RQ-016] The Virtual Reality System shall contain a Computer Assisted Teleoperation module for providing assistance to operations based on 3D collision detection algorithms as a function of the requirements of the individual systems (e.g. collision avoidance for movers, virtual guidance for manipulators).

[RQ-017] The high-level control system shall implement a Viewing System to provide the operators with the viewing required to carry out the required maintenance tasks.

[RQ-018] The Viewing System shall implement a Viewing System module to provide the functions of viewing selection, viewing control, and image improvement.

[RQ-019] The Viewing System shall implement Viewing Monitors for viewing of the images of the remote environment.

[RQ-020] The Viewing System shall implement a Human Machine Interface module that provides the operators with the interface for operating the Viewing System.

[RQ-021] The high-level control system shall implement a Remote Diagnostics System that provides the RH engineers with an interface to the RH equipment performance diagnostic data and tools to assist the detection and investigation of faults.

[RQ-022] The high-level control system shall be designed to satisfy the specification requirements contained in Annex B of the RHCS Design Handbook [AD6].

Command and Control

Operations Management

System

Remote Diagnostics

File Network

Structural Simulator

Viewing HMI

Viewing Monitors

RH Input Devices

RH Operator Interfaces (High-Level Control System)

Computer Assisted

Teleoperation

Task Supervisor Virtual Reality

Virtual Reality Visualization

Viewing System

Viewing System

Page 10: Remote Handling Control System Design Handbook · 2012. 11. 12. · I&C Instrumentation and Control LAN Local Area Network OMS Operations Management System PBS Plant Breakdown Structure

ITER_D_2EGPEC v2.3

RHCS Design Handbook ITER_D_2EGPEC v2.3

8

[RQ-126] The high-level control system shall be compatible with the use of the standard operator interface parts defined in Annex E of the RHCS Design Handbook [AD9].

3.4 Low-Level Control System

Each of the RH equipment systems includes control cubicles (I&C) that control the equipment and tool devices to perform complex remote handling operations. A general schematic of an RH equipment controller is shown in figure 4.

Figure 4. Schematic of a general RH Controller

[RQ-023] The equipment system I&C shall conform to the relevant requirements of the ITER Electrical Design Handbook (ITER_D_2DSPT6).

[RQ-024] The equipment system I&C hardware and software shall comply with the CODAC Plant Control Design Handbook (ITER_D_27LH2V), except where a specific non-conformance or deviation has been approved.

[RQ-025] The equipment controllers shall comply with the standard ITER cubicle dimensions of 0.8m x 0.8m base and 2.2m height.

[RQ-026] The control cubicles shall have a modular rack design that allows the racks to be disconnected and removed from the cubicles for maintenance.

[RQ-027] The equipment controllers shall have a modular physical design, with the modules delivering a defined functionality and interfacing with the other modules through clearly defined interfaces.

[RQ-028] The equipment controllers shall implement a Control Unit module that contains the processor boards and provides the function of controlling the device behaviour.

[RQ-029] The equipment controllers shall implement an Input/Output module that provides the function of linking the software of the control unit to the cubicle hardware.

High-Level Control System

RH Controller

Device

Control Unit

Input/Output

Sensor Drivers

Actuator Drivers

Power

Infrastructure Wiring

Signal Cabling

Control Cabling

Mains Power Distribution

Power Cabling

Communication Networks

Plant Protection Systems

Protection System

Power

Page 11: Remote Handling Control System Design Handbook · 2012. 11. 12. · I&C Instrumentation and Control LAN Local Area Network OMS Operations Management System PBS Plant Breakdown Structure

ITER_D_2EGPEC v2.3

RHCS Design Handbook ITER_D_2EGPEC v2.3

9

[RQ-030] The equipment controllers shall implement a Protection System module that implements in hardware an Emergency Stop Circuit and logic for inhibiting joint motions.

[RQ-031] The equipment controllers shall implement a Sensor Driver module that contains the drivers for sensors and the signal conditioning.

[RQ-032] The equipment controllers shall implement an Actuator Driver module that drives the equipment actuators (motors, brakes, valves, etc.).

[RQ-033] The equipment controllers shall implement a Power module that contains the main transformers for conversion of IO steady-state power to the power requirements of the other units.

[RQ-034] The controller modules shall fit into the control cubicle removable racks, with the exception of the power module which may be fixed to the base of the cubicle.

[RQ-035] The equipment controller shall be designed to separate and screen the noisy modules from the sensitive modules.

[RQ-036] The equipment controllers system shall be designed to comply with the Standard Controller Model requirements defined in Annex C of the RHCS Design Handbook [AD7].

[RQ-037] The equipment controller shall be compatible with the use of the standard controller parts defined in Annex E of the RHCS Design Handbook [AD9].

Page 12: Remote Handling Control System Design Handbook · 2012. 11. 12. · I&C Instrumentation and Control LAN Local Area Network OMS Operations Management System PBS Plant Breakdown Structure

ITER_D_2EGPEC v2.3

RHCS Design Handbook ITER_D_2EGPEC v2.3

10

4 Integration Requirements

4.1 Overview

The RH equipment systems (PBS 23.01, 23.02, 23.03, 23.05, 23.06, 23.10) are to be integrated together with the RH Supervisory Control System (PBS 23.07) to form the RH Plant System. Additionally, some Hot Cell building equipment systems (cranes, trolleys) are to be integrated into the RH control system.

The RH Supervisory Control System (PBS 23.07) is responsible for the supervisory applications and the RH network infrastructure. It also manages the integrated design concepts of the RH control system (control rooms, cubicle rooms, cabling, ES circuit), and the integrated interfaces for control system services (CODAC, CIS, CSS, power supplies, cable trays).

This chapter provides the basic requirements for integration into the RH control system. Full details of the integration requirements will be managed through the Interface Sheets between the equipment systems and the Supervisory Control System.

[RQ-038] The RH equipment system control system shall integrate into the overall RH Control System during site integration as shown in the schematic of figure 5.

[RQ-039] The RH equipment systems shall comply with the Standard Interfacing requirements that are defined in Annex D of the RHCS Design Handbook [AD8].

Figure 5 Integration of Equipment Control System to RH Control System

4.2 RH Networks

[RQ-040] The Equipment Systems shall connect to and communicate using the RH networks:-

Control network: Handles control and status monitoring data,

Diagnostic network: Handles equipment diagnostic data,

Video network: Handles camera video signals,

Real-time network: Handles real-time communication between controllers.

[RQ-041] The Equipment Systems shall communicate using the RH standard middleware technology.

[RQ-042] The Equipment Systems shall communicate using the RH standard communication protocol.

Equipment High-Level

Control System

Equipment Low-Level

Control System

RH Network Infrastructure

RH Plant Supervisory Applications

Communication Middleware

ITER Central Systems

RH Operator

RH Control Room(s)

Main Control Room

RH Cubicle Room(s)

Device

Cable Routing

Page 13: Remote Handling Control System Design Handbook · 2012. 11. 12. · I&C Instrumentation and Control LAN Local Area Network OMS Operations Management System PBS Plant Breakdown Structure

ITER_D_2EGPEC v2.3

RHCS Design Handbook ITER_D_2EGPEC v2.3

11

4.3 RH Control Room

The RH operations are controlled from two control rooms that are located in B24:-

RH Control Room for RH operations around ITER machine,

Hot Cell Operations Control Room for RH operations within Hot Cell Facility.

Each of the RH control rooms support a minimum of 6 flexible work cells and a supervisor station (see figure 6).

Figure 6. Organization of RH Control Room(s) into Flexible Work Cells

[RQ-043] The RH equipment systems shall be designed to be operated from the RH control room flexible work cells.

[RQ-044] The RH equipment systems operator interfaces shall conform to standard hardware specifications for the RH control room as defined in Annex E of the RHCS Design Handbook [AD9].

4.4 RH Emergency Stop Pushbutton Circuit

A hierarchical emergency stop (ES) pushbutton circuit shall be implemented for the RH System. This circuit shall allow grouping of equipment related to work-cells so that a work-cell ES button would trip out all these pieces of equipment. Additionally, the ES buttons at the RH Control Room Supervisor desk can trip out all the equipment under control from the work-cells of the control room (see figure 7). In general, the hierarchical groupings (work islands in figure 7) will correspond to single control room work-cells, but they could extend to multiple work-cells is these are closely coordinated.

[RQ-045] Each RH equipment controller is required to implement an emergency stop circuit and to interface it to the RH hierarchical emergency stop (ES) pushbutton circuit.

[RQ-046] RH equipment systems shall implement emergency stop circuits that form groups of work-cell equipment controllers that will all be tripped by the work-cell ES pushbuttons.

[RQ-047] The RH equipment system group emergency stop circuit shall be compatible with linking to the supervisor station global emergency trip function.

22m

12m

Page 14: Remote Handling Control System Design Handbook · 2012. 11. 12. · I&C Instrumentation and Control LAN Local Area Network OMS Operations Management System PBS Plant Breakdown Structure

ITER_D_2EGPEC v2.3

RHCS Design Handbook ITER_D_2EGPEC v2.3

12

Figure 7. Functional Schematic of RH Hierarchical Emergency Stop Pushbutton System

4.5 RH Cubicle Rooms

The RH control cubicles are located in dedicated cubicle rooms that are removed from the hazardous environment. The cubicle rooms will be maintained within the temperature range 17C to 22C.

[RQ-048] The RH equipment systems I&C cubicles shall be located in the cubicle room space allocations defined for the equipment system.

[RQ-049] The RH equipment system shall be designed to achieve its required functional performance taking into account the cabling distance between the cubicle rooms and the equipment operating location.

4.6 Cable Routing

The cable routing and penetrations between RH cubicles and RH equipment operating locations is defined by IO.

The cabling to cask service connectors needs to be shared by different RH equipment systems and a standard cable and connector wiring arrangements will be defined.

[RQ-050] The RH equipment systems shall provide the cabling, connectors, and supports for the connection between their control cubicles and their equipment operating locations.

[RQ-051] The RH equipment systems cabling shall be compatible with the cable tray space allocations defined for the equipment system.

[RQ-052] The RH in-cask equipment systems will be compatible with the RH standards for cabling and connectors.

4.7 RH Supervisory Control System

4.7.1 RH Plant Controller

[RQ-053] The equipment controllers shall implement a communication interface for integrating with the RH plant controller.

4.7.2 RH Supervisor

[RQ-054] The RH equipment systems Operations Management System shall integrate with the RH Supervisor system to allow monitoring and coordination of the maintenance tasks executing from the RH Control Room.

Supervisor

ES Circuit

Work Island

ES Circuit

Controller

ES Circuit

Controller

ES Circuit

Controller

ES Circuit

Work Island

ES Circuit

Controller

ES Circuit

Controller

ES Circuit

Controller

ES Circuit

Work Island

ES Circuit

Controller

ES Circuit

Controller

ES Circuit

Controller

ES Circuit

……..

Page 15: Remote Handling Control System Design Handbook · 2012. 11. 12. · I&C Instrumentation and Control LAN Local Area Network OMS Operations Management System PBS Plant Breakdown Structure

ITER_D_2EGPEC v2.3

RHCS Design Handbook ITER_D_2EGPEC v2.3

13

4.7.3 Equipment Management System

The Equipment Management System is a software application for managing the equipment lifecycle after delivery to ITER.

[RQ-055] The RH equipment systems Operations Management System shall integrate with the Equipment Management System regarding the operational use of the equipment.

4.7.4 Plant Interlock System

[RQ-056] The RH controller investment protection mechanism shall provide interfaces that are compliant with the ITER Interlock Control System.

4.7.5 Plant Safety System

[RQ-057] The RH controller safety protection mechanism shall provide interfaces that are compliant with the ITER Safety Control System.

Page 16: Remote Handling Control System Design Handbook · 2012. 11. 12. · I&C Instrumentation and Control LAN Local Area Network OMS Operations Management System PBS Plant Breakdown Structure

ITER_D_2EGPEC v2.3

RHCS Design Handbook ITER_D_2EGPEC v2.3

14

5 Operation Requirements

5.1 Overview

The RH System is a man-in-the-loop system to carry out maintenance tasks and is operated from dedicated RH control rooms. This is a significant deviation from the operation of the ITER machine systems that are the main focus of the CODAC handbook.

A scheme has been developed to satisfy both CODAC and RH operational requirements whilst avoiding conflicts between the two systems.

RH Process Control: RH operations are centrally coordinated through the RH process model which provides or denies operating permissions to RH equipment.

RH Operations Control: RH equipment systems are operated by trained RH operators using the specialized interfaces of the RH high-level control system which are deployed in the RH control rooms,

5.2 RH Process Control

The RH process control functional breakdown is shown in figure 8.

[RQ-058] The equipment controllers shall implement state machines managing the main equipment operating states within clearly defined limits appropriate to its function.

[RQ-059] The equipment controllers shall provide command functions through which the RH plant controller can permit or inhibit state transitions.

[RQ-060] The equipment controllers shall provide status, event, and alarm reporting to the RH plant controller based on the data required for the RH process model.

[RQ-061] The equipment controllers shall implement the RH standard operating states and transitions defined for the RH Standard Controller Model in Annex C of the RHCS Design Handbook.

[RQ-062] The RH process model representation of RH operations shall be fully compliant with the ITER Plant Control Design Handbook.

5.3 RH Operations Control

5.3.1 Overview

[RQ-063] The RH equipment system shall implement the operator interfaces as specified in Annex B of the RHCS Design Handbook.

[RQ-064] The RH equipment system controllers shall implement the RH standard controller model functions and interfaces as defined in Annex C of the RHCS Design Handbook [AD7].

5.3.2 RH Operations Planning

[RQ-065] The RH equipment systems shall provide operations planning tools based on the real operation applications controlling simulated operations.

[RQ-066] The RH equipment systems shall provide equipment controller emulation so that operation planning can be performed off-line with no connection to the real equipment controllers.

5.3.3 RH Operations Execution

RH operations execution functional breakdown is shown in figure 9 [RD9].

[RQ-067] The RH equipment systems shall implement the function to manage RH task execution.

[RQ-068] The RH equipment systems shall implement the function to command and control RH equipment.

[RQ-069] The RH equipment systems shall implement the function to visualize and support RH operations.

[RQ-070] The RH equipment systems shall implement the function to view RH operations.

[RQ-071] The RH equipment systems shall implement the function to continuously monitor equipment performance.

Page 17: Remote Handling Control System Design Handbook · 2012. 11. 12. · I&C Instrumentation and Control LAN Local Area Network OMS Operations Management System PBS Plant Breakdown Structure

ITER_D_2EGPEC v2.3

RHCS Design Handbook ITER_D_2EGPEC v2.3

15

5.3.4 RH Operations Analysis

[RQ-072] The equipment system shall implement the function to provide analysis of the RH task execution and fault reporting data.

[RQ-073] The equipment system shall implement the function to provide analysis of the RH equipment performance data.

Page 18: Remote Handling Control System Design Handbook · 2012. 11. 12. · I&C Instrumentation and Control LAN Local Area Network OMS Operations Management System PBS Plant Breakdown Structure

ITER_D_2EGPEC v2.3

RHCS Design Handbook ITER_D_2EGPEC v2.3

16

Figure 8. RH Process Control Functional Breakdown

To set operating limits for RH process

To control RH equipment within operating limits

CODAC work programme

Process status

To monitor and report RH equipment status, events, and alarms

To monitor and report RH process status, events, and alarms

CODAC Updated

RH high-level control system

SSEPN Safety & Interlocks

Equipment operation

Equipment limits

Equipment status data

RH Equipment Controllers

RH Process Controller

Page 19: Remote Handling Control System Design Handbook · 2012. 11. 12. · I&C Instrumentation and Control LAN Local Area Network OMS Operations Management System PBS Plant Breakdown Structure

ITER_D_2EGPEC v2.3

RHCS Design Handbook ITER_D_2EGPEC v2.3

17

Figure 9. RH Operations Control Functional Breakdown

To supervise and coordinate RH Tasks

To manage RH Task procedure execution

RH Work programme

To Command and Control RH equipment

To View RH operations

View of remote operations

Equipment Availability

Equipment limits

To visualize and support RH operations

RH Operator Actions

Task parameters

Instrumented operation step

Non-instrumented operation step

Virtual viewpoint and forces updated

Position and loading data

RH operation step performed

RH Task Status

Viewing requirements

RH Process Controller

Project status (CODAC)

RH Control System

Page 20: Remote Handling Control System Design Handbook · 2012. 11. 12. · I&C Instrumentation and Control LAN Local Area Network OMS Operations Management System PBS Plant Breakdown Structure

ITER_D_2EGPEC v2.3

RHCS Design Handbook ITER_D_2EGPEC v2.3

18

5.4 RH Non-Functional Operational Requirements

5.4.1 Nominal Operations

An important consideration for safety is that the RH operations shall be robust to disturbances from nominal operations.

Robust to operator errors

[RQ-074] The RH equipment systems shall be designed to be robust to operator errors.

[RQ-075] The RH equipment systems shall have simple, intuitive operator interfaces.

[RQ-076] The RH equipment systems operator interfaces shall present status data clearly.

[RQ-077] The RH equipment systems operator interfaces shall have command options driven by status data (only commands relevant to the current status should be available for use).

[RQ-078] The RH equipment systems shall have a standard use of units and terminology.

[RQ-079] The RH equipment systems shall have a standard look and feel to operator interfaces.

[RQ-080] The RH equipment systems shall have standard behaviour for common RH functionalities.

[RQ-081] The RH equipment systems operator interfaces shall take into account the recommendations of a human factors study.

[RQ-082] Operator commands shall be checked for applicability in current controller state,

[RQ-083] Command parameters shall be checked against applicable limits,

[RQ-084] The target position for equipment motions shall be checked in VR for collisions,

[RQ-085] Operator commands shall be checked to conform with nominal operations where possible.

[RQ-086] Soft limits shall be implemented to prevent operators from driving into forbidden areas when in direct control mode (e.g. joystick operation),

[RQ-087] Collision detection and virtual force functionality shall be available to guide telemanipulation operation.

Robust to internal errors

[RQ-088] The RH equipment systems shall be designed to be robust to internal errors.

[RQ-089] The RH equipment systems shall be subject to rigorous, documented testing throughout the development cycle to detect and eliminate errors.

[RQ-090] The software design shall favour a minimal set of execution paths.

[RQ-091] Robust, proven components shall be used in the design as far as possible.

[RQ-092] Sensor data shall be internally cross-checked to detect sensor malfunction.

[RQ-093] Control output signals shall be checked against nominal limits.

Robust to environment variations

[RQ-094] The RH equipment systems shall be designed to be robust to environment variations.

[RQ-095] The equipment control shall be closed loop to be resistant to typical environment variations.

[RQ-096] The process parameters shall be monitored for levels outside nominal bands (e.g. trajectory tracking error).

[RQ-097] The equipment controllers shall implement a condition monitoring system to continuously monitor equipment performance against nominal performance.

5.4.2 Quality Assured Operations

[RQ-098] The RH equipment system shall be developed according to an approved QA plan.

[RQ-100] The RH equipment systems shall be subject to rigorous, documented testing throughout the development cycle to detect and eliminate errors.

[RQ-101] The RH equipment system shall demonstrate compliance with the IO specification through successful testing against an approved test plan.

[RQ-102] The RH equipment system shall be delivered with documentation describing the equipment performance limits, nominal operating criteria, and the commissioning procedures.

Page 21: Remote Handling Control System Design Handbook · 2012. 11. 12. · I&C Instrumentation and Control LAN Local Area Network OMS Operations Management System PBS Plant Breakdown Structure

ITER_D_2EGPEC v2.3

RHCS Design Handbook ITER_D_2EGPEC v2.3

19

[RQ-103] The RH equipment system shall be delivered with an inspection plan to allow the IO to regularly inspect the system and to assure that it meets operational criteria.

[RQ-097] The equipment controllers shall implement a condition monitoring system to continuously monitor equipment performance against nominal performance.

[RQ-104] The RH equipment system design data and development tools shall be provided to IO so that the IO can ensure that the system is maintained at the level required to assure correct execution of the RH operations.

[RQ-105] The RH equipment system shall control the execution of maintenance tasks against validated procedures and provide an auditable trace of the RH operations.

5.4.3 Efficient Operations

Efficiency

[RQ-105] The RH equipment system shall control the execution of maintenance tasks against validated procedures and provide an auditable trace of the RH operations.

[RQ-106] The RH equipment systems shall be designed for easy, dependable operation.

[RQ-107] The RH equipment system shall provide adequate viewing for the man-in-loop execution of RH tasks.

Reliability

[RQ-108] Proven, high reliability components shall be used in the control system where available.

[RQ-109] Reliability tests shall be performed on non-proven components.

[RQ-110] The system shall be designed so that components operate well within their design limits,

[RQ-111] A programme of preventative maintenance shall be provided that is compatible with the RH maintenance schedule and RH does rate limits for manual maintenance,

Quick Repair

[RQ-112] The control system shall be designed to be modular,

[RQ-035] The controller modules shall fit into the control cubicle removable racks, with the exception of the power module which may be fixed to the base of the cubicle.

[RQ-113] The condition monitoring system shall provide tools to facilitate fault finding.

5.4.4 Human Factors

[RQ-114] The RH Equipment Systems shall comply with ITER human factors requirements that are defined in the ITER Operations Handbook.

[RQ-115] The RH Equipment System shall comply with the human factors requirements for operations from the RH control rooms.

5.5 RH Recovery Operations

[RQ-116] The RH equipment systems shall include redundancy in sensing and actuation to allow self-recovery for the higher likelihood failure modes.

[RQ-117] The RH equipment systems shall include an operating mode adapted for the self-recovery and rescue operations (new control parameters, operating limits, etc.).

[RQ-118] The RH equipment systems shall provide the behaviours necessary for the self-recovery and rescue operations as identified in the RH compatibility report (for example remote joint disconnect, joint back driveability, etc).

[RQ-119] The RH equipment systems shall include an operating mode and input device for direct manual control over the device motion in the case of rescue or recovery.

[RQ-120] The RH equipment systems shall include adequate viewing for the manual rescue and/or recovery of the equipment system.

Page 22: Remote Handling Control System Design Handbook · 2012. 11. 12. · I&C Instrumentation and Control LAN Local Area Network OMS Operations Management System PBS Plant Breakdown Structure

ITER_D_2EGPEC v2.3

RHCS Design Handbook ITER_D_2EGPEC v2.3

20

6 Maintenance Requirements

The maintenance of the RH I&C systems is generally covered by the requirements contained in the CODAC Plant Control Design Handbook [AD3].

Some additional RH requirements are listed here:-

[RQ-121] Supplier data and maintenance manuals shall be provided for the COTS items within the RH systems.

[RQ-008] The high-level control system shall have a modular design, with the modules delivering a defined functionality and interfacing with the other modules through clearly defined interfaces.

[RQ-026] The control cubicles shall have a modular rack design that allows the racks to be disconnected and removed from the cubicles for maintenance.

[RQ-027] The equipment controllers shall have a modular physical design, with the modules delivering a defined functionality and interfacing with the other modules through clearly defined interfaces.

[RQ-122] The RH equipment system modules shall be designed to have little dependency on the internal implementation of other modules.

[RQ-021] The high-level control system shall implement a Remote Diagnostics System that provides the RH engineers with an interface to the RH equipment performance diagnostic data and tools to assist the detection and investigation of faults.

[RQ-097] The equipment controllers shall implement a condition monitoring system to continuously monitor equipment performance against nominal performance.

[RQ-123] The RH Equipment Systems shall utilize parts that are fully compliant and interchangeable with the relevant standard parts that are defined in Annex E of the RHCS Design Handbook [AD9].

Page 23: Remote Handling Control System Design Handbook · 2012. 11. 12. · I&C Instrumentation and Control LAN Local Area Network OMS Operations Management System PBS Plant Breakdown Structure

ITER_D_2EGPEC v2.3

RHCS Design Handbook ITER_D_2EGPEC v2.3

21

7 Protection Requirements

7.1 Overview

The RH System does not have any deviation with regard to the ITER Interlock Control System (ICS) and Safety Control System (SCS).

[RQ-127] The RH systems shall undergo hazard analysis exercises at each major stage of design development (CDR, PDR, FDR), and protection measures against the identified hazards shall be implemented in the appropriate part of the I&C control system.

7.2 Investment protection requirements

Investment protection requirements are generated as a result of a hazard analysis. Some general investment protection requirements have been defined below that are common to all the RH equipment systems.

Requirement ID Requirement

RQ-IP-01 RH operators shall be trained and qualified for operation of the RH equipment.

RQ-IP-02 RH operations shall be executed according to validated RH task procedures.

RQ-IP-03 RH equipment shall be designed to fail safe on loss of power. The safe state is halted and holding its position and load against gravity.

RQ-IP-04 The Virtual Reality system shall implement protection measures against collisions with the ITER environment.

RQ-IP-05 The RH equipment system shall implement limit switches at the limit of joint travel range. Tripping limit switches has the immediate effect of tripping the system into the safe state. A tripped limit switch shall disable motion in the direction of the limit switch.

RQ-IP-06 The RH equipment system shall implement limits of travel in the controller software.

RQ-IP-07 The actuation systems shall be designed to have an absolute maximum speed (i.e. runaway conditions) that is no more than 1.5 times the nominal design speed.

RQ-IP-08 The actuator drive amplifiers shall implement current limits.

RQ-IP-09 The equipment control system shall implement protection measures (e.g. cross-check measurements) that ensure that no single point of failure in the sensor/actuator loop will result in uncontrolled movement of the RH equipment.

RQ-IP-10 The equipment controller shall be designed with no single point of failure in the hardware that causes equipment runaway conditions (e.g. independence of amplifier enable and drive signals).

RQ-IP-11 The control system software shall be developed according to an approved QA plan that includes thorough testing and traceability.

RQ-IP-12 The RH equipment system shall be designed to detect unexpected physical contact with external systems and to stop motion immediately.

RQ-IP-13 The RH I&C shall implement an ‘interlock’ relay in its emergency stop circuit in order to allow the ITER Interlock System (both PIS and CIS) to have an independent control which can remove power from the RH equipment device.

RQ-IP-14 The control system shall implement self-monitoring functions to detect deviations from nominal operations, and on detection shall trip to the safe state.

RQ-IP-15 The design of the RH control room shall take into account human factor engineering principles in order to produce a good environment for the safe and efficient operation of a remote handling system.

RQ-IP-16 The RH I&C shall implement an emergency stop circuit that removes power to the amplifiers when tripped. The emergency stop circuit shall include independent trip mechanisms for each of the 3 ITER control tiers (conventional, interlock, safety).

RQ-IP-17 The RH I&C shall interface with the RH hierarchical emergency stop push-button system.

[RQ-124] The RH equipment systems shall comply with the specific investment protection requirements that are generated for the system as a result of the hazard analysis.

Page 24: Remote Handling Control System Design Handbook · 2012. 11. 12. · I&C Instrumentation and Control LAN Local Area Network OMS Operations Management System PBS Plant Breakdown Structure

ITER_D_2EGPEC v2.3

RHCS Design Handbook ITER_D_2EGPEC v2.3

22

7.3 Safety protection requirements

Safety protection requirements are generated as a result of a hazard analysis. Some general safety protection requirements have been defined below that are common to all the RH equipment systems.

Requirement ID Requirement

RQ-SP-01 RH Equipment shall be designed such that the operation, inadvertent actuation, failure or damage shall not prevent Safety Importance Class (SIC) equipment from performing their safety functions when required.

RQ-SP-02 Approved controls and procedures shall be implemented by the project for manual work in radiation controlled areas.

RQ-SP-03 Approved controls and procedures shall be implemented by the project for manual work in beryllium controlled areas.

RQ-SP-04 The IO shall implement a strict procedural policy to protect workers in close proximity to active RH equipment in line with the European machine directive.

RQ-SP-05 The RH control room operator interfaces shall be designed to create an adequate operating environment for safe RH operations taking into account human factor engineering practices.

RQ-SP-06 The RH I&C shall implement a safety qualified trip mechanism in its emergency stop circuit so that the ITER Safety Control System (PSS or CSS) has an independent control which can remove power from the RH equipment device.

RQ-SP-07 The FAT and SAT shall include tests of the safety protection functions.

RQ-SP-08 Maintenance work shall be carried out by suitably qualified and experienced personnel

RQ-SP-09 Maintenance work in the vicinity of RH equipment shall be governed by work permits issued on the basis of risk assessments and work procedures.

[RQ-125] The RH equipment systems shall comply with the specific safety protection requirements that are generated for the system as a result of the hazard analysis.


Recommended