Dual Redundant ADMAP / Square D Gateway

PROJECT

Opening the Gateway to Reduced Plant Downtime

When Cockburn Cement in Western Australia decided to upgrade its plant automation equipment as part of the installation of a new kiln, it decided that the risk of complete plant failure through failure of a single component was unacceptable. Consequently, the company decided that integration of the plant control equipment and the operator interface equipment could only be effected through a dual redundant gateway system.

The implementation of the dual redundant gateway is based on CSE's Factory Window integration tool. Factory Window, operating on standard PC systems in a Windows environment, provides seamless integration between the plant control equipment and the operator interface equipment.

Operators interface to the system using a Toshiba Distributed Control System (DCS) but the majority of control functions are carried out using Square D PLCs. The gateways implement real time bi-directional data transfers between the Toshiba ADMAP network and the Square D Ethernet network.

Because of the critical nature of the operation, a major requirement is an operator feedback time (operator to PLC / back to operator) of less than one second for all data. This is necessary because all process and system alarms, control signals and other plant critical data are transferred across the gateways. This fast transfer time is a significant improvement over the tens of seconds it took to get data across the old gateway.

Another important requirement is gateway redundancy with automatic failover and recovery. Fault tolerance is achieved with a specific software module, called the Dual Redundant Monitoring Task (DRMT), responsible for failure detection and failover.

A serial communications link between two gateways provides the means for one system to check operation of the other.

The DRMT monitors and controls Factory Window on its own gateway, and constantly communicates with its counterpart on the back-up gateway. Each DRMT can detect failure and initiate a takeover of the operational node.

In the case of failure of the link between the redundant systems, the hot standby system assumes failure of the active system and initiates failover to itself. Where the active system detects failure of the standby system, it initiates a shutdown procedure including removal of power from the failed system and the raising of an alarm.

The Cockburn cement plant in WA, a dual redundant gateway has eliminated unexpected downtime