Alspa System Definition

Series 5
ALSPA P320
System Definition Manual
Edition 10/00 – series 5
.
P-TP20-A40543 E C REV C
ALSPA P320 System Definition Manual Sheet 2
Table of contents
1. PRESENTATION OF THE SYSTEM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

1.1. ADVANTAGES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
1.2. FUNCTIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
1.3. TECHNOLOGY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
1.4. SERVICES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
2. DESCRIPTION OF COMPONENTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
2.1. CENTRALOG COMPONENTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
2.2. CONTROBLOC COMPONENTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
2.3. CONTROCAD COMPONENTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
2.4. ASSOCIATED PRODUCTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
3. SYSTEM ARCHITECTURE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
3.1. ARCHITECTURE OF THE F8000 FIELDBUS . . . . . . . . . . . . . . . . . . . . . . . . . . 26
3.2. ARCHITECTURE OF THE S8000 UNIT NETWORK . . . . . . . . . . . . . . . . . . . . . 27
3.3. ARCHITECTURE OF THE SITE NETWORK . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
3.4. EXAMPLES OF SYSTEM ARCHITECTURE . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
4. PLANT OPERATION FUNCTIONS - CENTRALOG . . . . . . . . . . . . . . . . . . . . . 44
4.1. REAL-TIME CONTROL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
4.1.1. Mimics function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
4.1.2. Control Mimic function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
4.1.3. Control by Operational Schedule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
4.1.4. Automatic Sequence Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
4.1.5. Alarm Management function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
4.1.6. y = f(t) Curves function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
4.1.7. y = f(x) Curves function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
4.1.8. Bargraph function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
4.1.9. Zoom View Function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
4.1.10. HDSR function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
4.1.11. Office interface function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
4.1.12. Printer functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
4.1.13. Multi-entity function . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
4.1.14. Other functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
4.1.15. Variable processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
4.1.16. Computation functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
4.2. PMP - CONTROL ASSISTANTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
4.2.1. Hydroset: hydro-electric plant management package . . . . . . . . . . . . . . . . . . . 81
4.2.2. OPTIPLANT+ The plant management suite of software and services . . . . . . . 82
4.2.3. SPDS - Nuclear control assistant . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
4.2.4. Total Process Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
.
5. CONTROBLOC - CONTROL FUNCTIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
5.1. INTRODUCTION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
5.2. ALSPA C80-75 MULTI-FUNCTION CONTROLLER . . . . . . . . . . . . . . . . . . . 84
5.2.1. Presentation of the ALSPA C80-75 Multi-function Controller . . . . . . . . . . . . . 84
5.2.2. Overall Dimensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
5.3. ALSPA C80-35 CONTROLLER . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
5.3.1. ALSPA C80-35 Multi-function Cell Controller . . . . . . . . . . . . . . . . . . . . . . . . . . 87
5.3.2. ALSPA C80-35 Field Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
5.3.3. ALSPA C80-35 IHR Field Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
5.3.4. Controller Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
5.3.5. I/O Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
5.3.6. P320-TGC cell - modules dedicated to machine control . . . . . . . . . . . . . . . . 92
5.4. CE2000 FIELD CONTROLLER . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
5.4.1. Presentation of the CE2000 Field Controller . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
5.4.2. Functions performed by the CE2000 Controller . . . . . . . . . . . . . . . . . . . . . . . . . 96
5.4.3. Overall UT150 Specifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
5.4.4. Interface Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
5.4.5. I/O Power Supply . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
5.4.6. AS112 Control Actuator Command Module and Associated Stations . . . . . . . 104
5.5. SMART INSTRUMENTATION CONNECTION BOX (DI80) . . . . . . . . . . . . . . 106
5.6. DIGITAL ELECTRICAL PROTECTION - DI103 CONNECTION BOX . . . . . 107
5.7. MV/LV ACTUATOR CONTROLLER . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
5.8. LOCAL COMMAND TERMINAL (LOCAL MACHINE CONTROL BY PC) . . 109
5.9. UNIT NETWORK GATEWAY (CSS-F) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
5.10. PACKAGING (CUBICLES) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
6. ENGINEERING FUNCTIONS - CONTROCAD . . . . . . . . . . . . . . . . . . . . . . . . . 111
6.1. CONTROCAD - POWERFUL ENGINEERING SUPPORT . . . . . . . . . . . . . . . 112
6.2. CONTROCAD - ENGINEERING SUITE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
6.3. CONTROCAD-C - CONTROL FUNCTION MODULE . . . . . . . . . . . . . . . . . . 120
6.4. CONTROCAD-S - CONTROL ROOM MODULE . . . . . . . . . . . . . . . . . . . . . . 123
6.5. CONTROCAD-P - CELL MANAGEMENT MODULE 127
6.6. CONTROCAD-R - CONNECTION MODULE 127
6.7. CONTROCAD - METHODOLOGY 130
6.8. CONTROCAD - ELEMENTARY OPERATOR LIBRARIES 133
6.9. CONTROCAD - PRINCIPAL STANDARD FUNCTION BOXES 134
6.10. ASSOCIATED TOOLS 136
6.11. CONTROCAD CA MODULE 136
7. TUNING ASSISTANCE AND SIMULATION TOOLS 137
7.1. CONTROSET - TUNING ASSISTANT 137
7.2. CONTROSET - CONTROL LOOP SETTING ASSISTANT 137
7.3. CONTROTEST - TEST AND SIMULATION FUNCTIONS 140
7.4. TRAINING SIMULATOR 142
.
8. MAINTENANCE 145
8.1. SYSTEM MAINTENANCE 145
8.1.1. Principles 145
8.1.2. Indication to Supervisor 146
8.1.3. Identifying Faults and Determining Maintenance Needs 147
8.2. PROCESS MAINTENANCE 148
8.3. REMOTE MAINTENANCE 149
9. SYSTEM OPERATION 150
9.1. DYNAMIC SYSTEM OPERATION 150
9.1.1. Operation of a C80-75 Cell Controller 150
9.1.2. Operation of a C80-35 Cell Controller 151
9.1.3. Operation of a Field Network 152
9.1.4. Operation of a Unit Network 153
9.1.5. Operation of the Site Network 156
9.1.6. Main Characteristics of the Networks 157
9.2. TIME SYNCHRONIZATION - GENERAL PRINCIPLE 158
9.3. DATA HANDLED BY THE APPLICATION 159
9.4. REACTION TO POWERFAIL 160
9.4.1. Power Supply of the Electronic Blocks 160
9.4.2. Process Power Supply 160
9.5. PROCESSING OF VALIDANTS, FORCING, SYSTEM MALFUNCTIONS 161
9.5.1. Validants 161
9.5.2. Forcing or "Simulation" 161
9.5.3. System Malfunctions 161
9.6. ON-LINE MODIFICATION 162
9.6.1. Modification of Control Loop Parameters (ES Configuration) 162
9.6.2. Modification of Program Versions (ES Configuration) 162
9.6.3. Minor Resource Modification (ES Configuration) 162
9.7. MAJOR MODIFICATIONS 163
9.8. MANAGEMENT OF OPERATIONAL RESOURCES 163
10. DEPENDABILITY AND PRINCIPAL QUALITY CONTROL STANDARDS 164
10.1. GENERAL PRINCIPLE 164
10.2. SELF TESTS AND REDUNDANCY 169
10.2.1. Self Tests 169
10.2.2. Redundancy 169
10.2.3. Processing Block Redundancy 172
10.3. SECURE COMMUNICATIONS - NETWORK FEATURES 178
10.4. COMPLIANCE WITH STANDARDS 180
10.5. QUALITY PROCEDURES 181
10.5.1. Development of Generic System Versions 181
10.5.2. System Customization 181
11. PERFORMANCE 185
.
ALSPA P320 System
An unparalleled power plant control system
F Hydro–electric plants
G small / medium power
G major installations
D Thermal plants
G gas turbine, combined cycle, diesel
G fluidized bed plants
G coal or oil–fired plants
D Nuclear plants
D EHV, HV, MV substations
D Chemical processes (desulfurization

and all industrial processes requiring a
high level of availability)
E – ALSTOM Power – 2000.ALSTOM Power, the logo ALSTOM Power and their frameworks are trademarks and service
trademark applications of ALSTOM Power. The other names mentioned, registered or not, are the property of their respective
companies.
You are authorized to copy this document. The authorization is limited to:
(i) Non–commercial use within your organization
(ii) Use for informational purposes only
This authorization is given on condition that any copy of these documents or extracts therefrom made by you shall retain all
proprietary notices, including this Intellectual Property Notice.
Note that any product, process or technology described in the document may be the subject of other Intellectual Property Rights
reserved by ALSTOM Power or a third party. No right to use such Intellectual Property Rights is granted hereunder.
ALSTOM Power provides access to internationally used ALSTOM Power data and, therefore, may include references to ALSTOM
Power products, processes, programs and services not available in your country. This does not mean that ALSTOM Power intends
to offer such products, processes, programs and services in your country.
This publication is PROVIDED ”AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
PARTICULAR PURPOSE, OR NON–INFRINGEMENT.
This publication may include technical inaccuracies or typographical errors. Changes may be periodically made to the information
herein and will be incorporated in new editions of this publication. ALSTOM Power may make improvements or changes in the
products, processes or the programs described in this publication at any time without notice.
ALSTOM Power – Electrical & Control Systems – 2 quai Michelet 92309 Levallois–Perret cedex – France
www.power.alstom.com
.
The ALSPA P320 System at a glance
. Unparalleled experience...
ALSTOM Power – The Full Service Provider
ALSTOM Power is the most complete supplier of power generation services and equipment in
the world.
ALSTOM employs 140,000 people in 70 countries. ALSTOM Power is its power sector.
Global solutions for a changing market

The market is experiencing substantial change. We are seeing more privatization and
deregulation, the growth of IPP’s, and merchant plants.
At ALSTOM Power, the continuing challenge is to provide our customers with more
cost–effective solutions, increased efficiency, better environmental technologies and full
through life services. Also, in nature markets, there is a growing demand for new technology
retrofits, which will improve the performance and profitability of existing power plants.
ALSPA P320
The ALSTOM Power range of plant and machine automation products is marketed as the ALSPA
P320 system.
The ALSPA P320 implements a highly distributed fieldbus–based architecture integrating widely
available industry standard hardware elements. The resulting assembly is especially suited to
power production processes. Keeping the architecture flexible means the system can be
adapted to all types of project, from the supervision of individual rotating machines through to the
overall control of very large power plants.
For ALSTOM Power customers, our longstanding experience of processes and systems means:
• in–depth knowledge of the different processes that we are specialized in:
— conventional thermal and combined cycle power plants,

— hydro–electric plants and river system installations,
— EHV, HV, MV substations,
— nuclear plants,
— high availability industrial processes.
.
• flexibility and adaptability with regard to different contractual agreements,
— system integrated to a total plant package,
— separate control & supervision system,
— control & supervision of individual machines (integrated into larger systems),
either in the context of wholly new plants or in the case of total or partial revamping of
existing plants.
As early as 1971, thanks to the original ALSPA product range, we were the first to market
computer–based automatic control systems for power plants. Today, ALSTOM Power’s ALSPA
P320 system equips circulating fluidized bed plants, very large conventional plants (2x600MW)
and nuclear plants, as well as smaller production units and individual machine control systems.
ALSTOM Power ...

... the ALSPA P320 System
The ALSPA P320 system around the world:

in service or on order in over thirty countries.
ALSPA P320 System
Centralog
ÏÏ
Controcad
Internet /
Intranet Controset
C50 C30 C10 Controtest
Optiplant+
(includes AMS)
Ethernet site network
S8000 unit network
ÏÏ
C80-35/C80-75
multifunction MFC MFC Controbloc
controllers
Centralog
simulation
F8000 fieldbus
Smart CE2000 C80-35

instruments
.
CENTRALOG CONTROSET
realtime suite process observation
& setting suite
Single window
on the process
Performances
Operator
help
OPTIPLANT+
PMS suite
CONTROCAD control
observation & modification
Plant management suite
.
. A system which guarantees lifetime support for your unit
The ALSPA P320 system provides service support in the following areas for both new and
reconditioned installations throughout the various phases of the life of your plant:
• engineering
• training
• trials
• operation and maintenance
The system is based on open technologies (Internet, Ethernet, field–buses, Unix, WinNT,
client–server).
The hardware is composed of a platform which uses industry standard components,

workstations and PCs. The system implements ALSPA controllers for process control functions
(CONTROBLOC). These components are connected by open networks designed to enable
flexible configurations.
The system integrates the following service support software suites:
• operator/user interface and control system: CENTRALOG for a high performance

communications room, supporting knowledge–based process–oriented control
systems,
• engineering: CONTROCAD allows group work in the design of the control system,
• testing: CONTROTEST is used to perform full–run tests by simulating the process

circuits in software engineering workshops hosted on workstations,
• dynamic simulation and training: Centralog simulation enables specific control functions
to be reproduced accurately in combination with the simulation of the process in order to
test the dynamic operation of the plant unit and to train operators,
• commissioning: CONTROSET is used to observe the process and to fine tune control
loop algorithms, from the simplest to the most complex,
• OPTIPLANT+ is a framework for operation and maintenance: asset management,

performance monitoring, operator help and unit automation, remote maintenance,
machine monitoring.
The system is developed, manufactured and implemented in accordance with ISO 9001 quality
standards.
.
1. Presentation of the System
1.1. ADVANTAGES
. Current trends
Designed from the outset to be responsive to market requirements, the ALSPA P320 control and
supervision system incorporates:
• communication standards which are open and widely used in both power production and
manufacturing industry,
• widely available hardware elements and devices (workstations, PCs, ALSPA range
controllers, used in both power production and industry),
• integration of software suites using open technology: Unix, Windows NT, X–Window
(X11), Posix software, client–server architectures,
• utilization of INTERNET/INTRANET technology enabling remote consultation of

Centralog data using a browser (Netscape, Explorer),
• compliance with IEC 61508 recommendations regarding the dependability life cycle and
with European directives on electromagnetic compatibility, both vital for power
production applications.
. Special features
• ruggedness (resistance to vibration, temperature, electromagnetic interference),
• operational dependability (”à la carte” redundancy, self–testing, etc.),
• man–machine interface ergonomics specifically designed for the supervision of power

plants and substations,
• the system is conceived around the WorldFIP fieldbus (EN 50170 standard) in order to
take maximum advantage of the use of distributed intelligence. The system consists of
small stand–alone blocks (one rack or one station) connected together via
communication networks.
This system is the first to be designed from the outset to incorporate flexible architectures
distributed on a high security fieldbus.
.
. Open system
The design of the ALSPA P320 system features:
• architectural flexibility while maintaining application standards,
• system upgradability, enabling the installation to develop and expand without changing
technologies,
• introduction of field devices (partner hardware and software products) on the F8000
fieldbus:
— smart instrumentation
— smart LV/MV actuator
— electrical protection
• secure remote or local access to system data thanks to the incorporation of operational
help tools utilizing Internet technologies and based on leading database systems
(Oracle)
• a full range of components enabling optimum technical and economic choice,

— providing the dynamic performance levels required in the power production
industry: no deterioration in operational performance during major transients, data
timetagging to 1 ms, overall response times under one second, etc.
— system integration of engineering tools, based on re–usable standard objects (in
accordance with IEC 1131.3), thus enabling standards (tagging, actuation control)
to be maintained in different applications. During the design phase, these tools are
open to receive data provided by partners in the project.
.
1.2. FUNCTIONS
The functions performed by the system encompass all areas of process control and data
processing and provide a total solution to the problem of site automation and management.
. PLANT OPERATION SUITE - CENTRALOG
The CENTRALOG system is the essential element in the control room, integrating
screen–based plant control and supervision functions with an operator help facility for in–depth
analysis of the process.
To meet the problems posed by the control and supervision of demanding processes such as
power production, the Centralog system features an ergonomically sound man/machine
interface, high quality software guaranteeing dynamic performance, an extensive range of
high–reliability operational functions, and selected standard hardware components. The system
offers a library of standard calculation, process simulation and production management
resources. It also provides the interface with site office software and with external sites.
The ALSPA P320 range comprises a series of supervisory systems. The Centralog 10,
Centralog 30 and Centralog 50 are characterized by their processing capacity and dynamic
performance, the number of operator stations, the number of unit networks and the number of
automation cells which can be supervised.
• The CENTRALOG 10, constitutes the control station of the Centralog range. It provides
all the control and supervision facilities necessary for a local station or a small system.
• The CENTRALOG 30 provides an integrated set of standard functions and is designed

for medium–sized applications.
• The CENTRALOG 50 is designed for larger applications or for applications with special
requirements. It can be customized to meet specific needs.
CENTRALOG 10, 30 and 50 systems are all compatible among themselves. Several
CENTRALOG 10, 30 and 50 systems can be combined in a single global structure to enable
different architectures to provide solutions for all types of technical or budgetary constraints.
The CENTRALOG 10 system can also be utilized to facilitate the introduction of automatic
control functions or to meet the need for progressive investment spread over time.
.
. THE AUTOMATION CELL - CONTROBLOC
Each coherent functional sub–set as seen from the process is managed by an automation cell or
a controller.
CONTROBLOC automation cells provide a wide range of functions specifically developed for
the control and supervision of power production processes:
• sequential command,
• standard and advanced control loops,
• interlocks,
• formation of signals associated to process control and alarms,
• acquisition and display of process data,
• validation of sensor data and formation of sensor/actuator signals,
• timetagging of events and sample measurements.
A range of controllers enables the system to be adapted to meet the size and distribution of the
process.
• C80–35 (EL) and C80–75 (ES) multi–function cell controllers,
• Field controllers and smart instruments.
. ENGINEERING SUITE - CONTROCAD
The CONTROCAD engineering suite supports all the services involved in the
implementation of the control and supervision of the installation.
CONTROCAD is implemented by the engineering center in the form of multi–user and multi–site
applications, thus enabling team programming. CONTROCAD can be integrated into the system
hardware on site to allow documentation to be updated or to facilitate automatic application
production. CONTROCAD is also used to co–ordinate the management of documentation and
application program releases and to manage process I/O connections.
.
1.3. TECHNOLOGY
. CENTRALOG and CONTROCAD
The plant operation (Centralog) and engineering (Controcad) suites are installed on
workstations (Sun) and PCs, with open–systems standard software, including operating
systems (Windows, Unix), graphic interfaces (Motif, X–Window/Windows) and a relational
database (Oracle).
Client/server architectures are implemented over standardized communication networks and by

means of the relational database.
. NETWORKS
The F8000 fieldbus is based on WorldFIP technology meeting the EN 50170 open fieldbus
standard, implemented on ALSTOM Power products in the ALSPA F8000 protocol.
The S8000–E unit network is based on the industrial Ethernet standard (10/100 Mbits/s).
The site network is based on a secure protocol using Ethernet technology. The network also
allows the use of standard 10/100 Mbits/s Ethernet protocols (FTP, TCP/IP, etc.).
Open networks provide a wide range of external communications (ELCOM, ICCP, CEI 870.5,
TCP/IP, Ethernet, Internet, Intranet).
Deterministic with Internet

switches
Ethernet TCP/IP
Site network the way to the
future
10/100 Mbs
Unit network Connection to others:

GSM, IEC, Modbus,
X25, OPC, other
Cyclical & deterministic Fieldbus protocols
automation traffic
Field controller
Message traffic superim-
Modbus
posed on automation traffic
Redundant medium Field controller
backup/50ms galvanic
isolation Field I/O controller
Time–tag at source LV/MV actuator

Electrical bus IEC870–5 CS103
TCP/IP
Instrument fieldbus (HART)
EMI level 3/4 copper Other protocols/fieldbus
.
. CONTROL FUNCTIONS
Control functions are performed by controllers classed in several categories:
• simple controllers,
• multi–function controllers; these controllers manage communications with operational

and engineering functions. They also handle the formation of sequential control
functions, control loops, measurement processing and diagnostics management
together with the supervision of the associated fieldbus and its subscribers (field
controllers and partner products). They represent the main processing units of the
automation cells.
• field controllers; these are distributed over the fieldbus. They can be used either as I/O
controllers or as stand alone controllers depending on the configuration chosen.
Instrumentation and actuation are performed by partner products.
.
1.4. SERVICES
The functions offered by the system are used

Services to support the services throughout the life
cycle of the installation thus providing total
control of all process and system operations.
ALSTOM
Power for the
whole life of
your unit
Operational help
• Engineering: the CONTROCAD suite is used to support document production, receive

data from various partners, produce the control mimics, program the distributed control
blocks and manage connections. Controcad guides the user within the framework of a
rigorous methodological approach.
• Training: training is provided at ALSTOM Power training centers and on test platforms;
training is supported by extensive and detailed documentation.
• Testing: the CONTROTEST suite enables applications to be fully validated using

non–specific hardware requiring no special test wiring.
• Simulation: the replica TRAINING SIMULATOR constitutes a powerful teaching and

analysis tool; the simulator uses process simulation software and control and
supervision algorithm emulation software on a man–machine interface identical to that
on site.
• Commissioning and site tests: the system’s on–board operational resources and
man–machine interface allow progressive implementation of the system, thus enabling
parameter adjustment and detailed control loop observation.
• Optimization of process settings: implementation of tuning assistance and

observation software (including advanced control algorithms).
• Operational and maintenance assistance: process monitoring, deviation and

execution check calculations provide assistance for the operator during all operational
phases.
• Maintenance: integrated system fault signalling resources and data validity processing
provide vital assistance in the maintenance of the system. These resources are
managed by the AMS suite (Fisher Rosemount).
• Upgrading: modular hardware and software structure enables the system to be

upgraded in order to take advantage of future improvements.
.
2. Description of Components
2.1. CENTRALOG COMPONENTS
The Centralog system consists of a set of operator workstations, X–terminals and servers
communicating over the site network. The Centralog 10 is a single station configuration. The
Centralog 30 or 50 multi–station configurations comprise a CIS server station and one or more
CVS operator stations.
A CVS operator station consists of a workstation which runs the man–machine interface
functions and which hosts the configuration, maintenance and HDSR (Historical Data Storage
and Retrieval) functions. The CVS is equipped with a standard keyboard and pointer device
(mouse), and up to three high definition color screens. A multi–screen mimic wall can also be
managed from one or more CVS screens.
The station uses 64 bit architecture RISC technology and provides excellent performance levels.
The Centralog 10 station integrates an S8000 unit network coupler board.
The choice of readily available software such as Unix, Motif and Windows allows high
performance graphic interface generators (DataViews) to be used while at the same time
guaranteeing the long lifespan of the system.
The choice of the Oracle relational database allows real time data to be interchanged with
customer office–oriented applications (spreadsheets, data–center tools). These applications
may be distributed in multi–user and multi–platform architectures.
The provision of data consultation facilities using Internet browsers opens new organizational
possibilities, in production management for example, or in remote incident analysis.
.
The Centralog suite software components used are based on open system standards to provide
dynamic performance levels (availability and peak load resistance) and specific functions
tailored to meet the requirements of power production processes.
The software is organized into sub–sets which can either be installed on different stations or
grouped together on a single station depending on the preferred architecture:
• servers (CIS): data processing
• viewers (CVS): mimic display processing (man–machine interface)
In Centralog C30/C50 configurations, the hardware used is based on stations implementing 64

bit RISC architecture. The Centralog C10 is available on a UNIX station or on a WinNT PC.
Centralog hardware can be used to host other system software suites.
The site network is also based on proven standards, in particular on the ISO OSI model and on
the ISO 8802.2 and 8802.3 standards. The Ethernet standard, TCP (Transmission Control
Protocol), UDP (User Datagram Protocol) and IP (Internet Protocol) protocols are widely
regarded as industry standards, and are used world–wide.
This network is used to connect peripherals such as printers.
The Centralog stations are equipped with Fast Ethernet boards enabling communications at 10
or 100 Mbits/s.
The printers are used to produce the different logs processed by the Centralog system and/or
print out graphic images.
Flexible architecture allows the system to be modified during its life time by the addition of new
operator stations, new peripherals or new gateways to other systems, so that continual
development of the customer’s installation is possible without disturbing the initial system.
.
. C30/50 VIEWER . CIS SERVER . C10 VIEWER/
C10 VIEWER/SERVER STATION SERVER
= Reference: SUN SPARC ULTRA = Reference: Station SUN SPARC = Reference: Pentium
or equivalent ULTRA or equivalent
= 1 to 3 screens: 21” color = Architecture 32 bits
= Screen definition: = Architecture 64 bits
= Memory 128 MB
1280 x 1024 = Memory 128 MB
= Architecture 64 bits = Disk 9.1 GB = Disk 6 GB
= Memory 128 MB
= = Network coupler board
Disk 9.1 GB = Manufacturer: DELL
= Keyboard, mouse or trackball = Manufacturer: SUN
= Manufacturer : SUN
.
2.2. CONTROBLOC COMPONENTS
The automation cell is the basic

ALSPA P320 System CONTROBLOC structure. The automation
cell performs the logic control and control
D dependability recommendations loop functions, and enables the acquisition
(IEC 61508) and output of process data via the field bus.
D connection to field devices
D reduction in wiring costs (fieldbus)
D electromagnetic resistance
D range of I/Os and controllers
D IEDs
The automation cell consists of:
• ALSPA C80–75 (ES) or C80–35 (EL) multi–function cell controller, which can be
configured as a single or redundant unit. This controller includes modules providing
communication with the unit network and with the fieldbus. It is the backbone of the cell.
• F8000 fieldbus,
• subscribers to the F8000 fieldbus:
— CE2000 high quality controllers (redundancy, precision timetagging and

self–testing, power–up maintenance etc.) handle I/Os and timetagging with a local
processing capability which enables logic controls to be processed with very fast
response times; these units include remote Modbus connections to other devices,
— C80–35 controllers handling local control functions,
— DI80 connection boxes for smart instrumentation providing interoperability with 8
Smart ”Hart” protocol sensors/actuators,
— specialized controllers (using C80–35 technology) for turbine governors or
generator excitation control,
— specialized controllers for logic input acquisition and timetagging (to 1 ms): C80–35
IHR,
— DI103 connection box for electrical protection (protocol IEC 870.5 profile 103),
— controller for MV/LV actuator on F8000: contactor control unit.
.
Type of cell ES EL
Cell composition
Cell controller C80-75 C80-35
Fieldbus F8000 F8000
CE2000 controller X
C80-35 field controller X X
C80-35 IHR X X
DI80 connection box for smart X X (*)
instrumentation
DI103 connection box for electrical X X (*)
protection
Gemstart MV/LV actuator controller X X (*)
(*) in development
.
2.3. CONTROCAD COMPONENTS
The ALSPA P320 System engineering suite, CONTROCAD, meets the quality requirements
necessary for the production and maintenance of control and supervision applications.
CONTROCAD is the application builder suite. It comprises control function descriptions,

Centralog supervision mimics and calculations, connections, interfaces with aliens, system
configuration descriptors and system downloading and observation tools.
CONTROCAD is structured around a central database with a navigation system to provide

access to the following modules:
• CONTROCAD C : Control diagrams and supervision data, generated from generic

object models.
• CONTROCAD S : Description of mimic displays and internal supervision

processing, and link to control room devices for downloading
and maintenance purposes.
• CONTROCAD P : Description of devices, networks, I/Os, and connection with

cells (downloading, maintenance).
• CONTROCAD R : Connections to devices and the process (wiring documents).
The choice of widely used software (relational databases and graphic interfaces), provides a
high degree of flexibility for multi–site and multi–user architectures based on a client/server
structure.
This architecture enables the tool to be adapted to the structure of the project teams, both during
the design phase and during the commissioning and maintenance phases on–site.
.
2.4. ASSOCIATED PRODUCTS
The products in the ALSPA P320 range are available alongside a series of rotating machine
controllers that use the same standard components. These products are interconnectable in the
control room on the S8000 network and perform the following functions:
• turbine governor and protection systems,
• generator excitation regulator,
• synchronizer.
The range may be supplemented by partner products:
• controller command terminal using PC technology for rotative machine control functions,
• electro–technical measurement scanner,
• software accessible from the system MMI screens:

— instrumentation, tuning and monitoring,
— electrical protection, tuning and monitoring,
— actuation, tuning and monitoring,
— rotative machine vibration monitoring.
.
3. System Architecture
The ALSPA P320 system consists of a

Configuration of the system number of functional blocks on
communication networks.
Site network The communication networks divide the

Contronet system into three levels thus enabling
architectural common modes to be reduced
Unit network Unit network and allowing system construction on a 'made
S8000 S8000
to measure' basis, using the same hardware
blocks and operating software.
Fieldbus Fieldbus Fieldbus
F8000 F8000 F8000
In Ethernet technology, the unit and site
networks can be implemented on the same
transmission medium.
The three levels of network structure are, from the process up:
• F8000 fieldbus: The F8000 network (WorldFIP) connects each of the hardware blocks
concerned in the control of a functional subset of the process in an ”automation cell”.
• S8000 unit network: The S8000 network provides the link between the multi–function
controllers and also handles communications with the operator stations.
• Site network: The site network handles operational and engineering function
communications via an Ethernet medium. The network is configured to meet operational
requirements. With the Ethernet technology, the unit and site networks can be supported
within the same framework.
Communication blocks, associated with an open–network technology, provide ”openness” for

external systems.
Each subset of the plant is controlled by an “automation cell”.
.
3.1. ARCHITECTURE OF THE F8000 FIELDBUS
Automation cell
Turbine control Cell controller

Excitation regulator
I/O controller
F8000 I/O controller

Synchro
control
fieldbus
Modbus
Local I/Os
Electrical protection Smart instrumentation MV/LV MCC drawer
The F8000 fieldbus connects the major components of the automation cell.
The automation cell subscribers which can be connected to the fieldbus are as follows:
• single or redundant ALSPA C80–75 or C80–35 multi–function cell controller,
• CE2000 safety field controllers,
• C80–35 controllers handling local control functions,
• DI80 connection boxes for smart instrumentation,
• specialized controllers (using C80–35 technology),
• DI103 connection boxes for electrical protection (protocol IEC 870.5 profile 103),
• MV/LV actuator controllers (CCU: Unit Contact Command).
.
3.2. ARCHITECTURE OF THE S8000 UNIT NETWORK
Controbloc: multi-function controllers
S8000 Unit
control network
Automation Controller Gateway

cell Turbine governor
Excitation regulator
Alien
systems
The S8000 unit network connects the automation cells and the controllers to each other and to
the supervisory system.
The subscribers which can be connected to the unit network are as follows:
• single or redundant multi–function controllers (C80–75 or C80–35),
• specialized controllers (turbine governor and excitation regulator),
• gateways (CSS–F) to alien subsystems,
• C10/C30/C50 systems supporting the operator stations.
The S8000 unit network transports remote loading and observation data relative to the
automation cells connected to the network. The network also transports the time signals required
for timetagging purposes.
.
3.3. ARCHITECTURE OF THE SITE NETWORK
Centralog C10, C30, C50
Gateway
Contronet (Ethernet)
site network
This network is the basis of the plant production management data system. It connects the
following subsystems:
• supervision stations based on Sun workstations and/or servers,
• stations based on PCs and X–terminals,
• multi–VDU large screen display systems,
• engineering stations.
Gateways to external systems utilize open communication protocols (ELCOM, ICCP, IEC 870.5,
TCP/IP, Ethernet, Internet, Intranet).
The choice of Centralog server (C10, C30, C50) in the ALSPA P320 range is determined by:
• the support stations, selected to provide the computing power required,
• processing capacity,
• dynamic performance,
• the number of Centralog operator stations,
• the number of unit networks and automation cells controlled by a single system,
.
• the software integrated to the stations (calculation, engineering, etc.).
The site network is the vector for intercommunications and openness at the operational level.
The use of open communications technology (Ethernet, TCP/IP, X–Window) allows access from
each operator station to software suites running on other machines on the network. The network
also provides the interface with standard office tools (Oracle, Excel, Lotus etc.) running on other
workstations and with Internet/Intranet communications for maintenance, commissioning and
site management functions.
. DIVISION INTO TECHNOLOGY SUITES
“SUITE INTEGRATOR”
In the communications room the system can be seen as a suite integrator i.e. capable of
providing access to different functions supported by software applications distributed around the
site network (communicating or not via the unit network).
These different software packs are applications which are wholly controlled by the system
constructor (critical core) but which also integrate partner applications.
The notion of SUITE
A suite is a set of services available to an operator on a given station for a given function e.g.
— immediate control/assisted control
— general documentation
— asset management
— supervisory system documentation
— commissioning assistance and process tuning/observation.
An operator station may not have access to all the services in the suite.
An operator station may have access to services from more than one suite.
SUITES COMPOSING THE ALSPA P320 COMMUNICATION ROOM PRODUCT
Real–time operation suite: Centralog organized around a real–time database; this suite
performs the basic control system functions:
— real–time supervision
— control views (mimics)
— load programming
— automated sequence monitoring (or operator guide)
— alarm management by alarm files
— y = f(t) curves
— y = f(x) curves
.
— bargraphs
— HDSR
— process calculations
— procedure files
— SPDS functions (nuclear)
Service suites – Observation and tuning assistance suite:
— real–time display of control block inputs (Controcad control blocks)
— monitoring and logging of synchronous measurements for ID purposes
— identification and tuning calculation tools, control loop synthesis
Supervisory system configuration suite (Controcad) organized on a pivot DBMS:
— module C: control blocks
— module R: plant control wiring incliuding I/O connections
— module S: mimics and internal calculations + import alarm and procedure files
— module P: link with target turbines/generators (loading)
and OPTIPLANT+ including:

— a modular set of functions for a better management of the plant,
— asset management functions (smart instruments, electrical protections, smart LV
and MV motors).
.
. SINGLE WINDOW SYSTEM & PROCESS OBSERVATION
The use of the Ethernet site network and open–systems technology enables the operator to
access all the system engineering functions from a single PC. This resource constitutes the
single observation window.
A single process observation

window giving access to all
Spreadsheet/ Word system functions
processor
Centralog displays
Controcad displays
Controtest displays
Controset displays
Associated products
Site network (client/server Ethernet TCP/IP)
.
3.4. EXAMPLES OF SYSTEM ARCHITECTURE
Modifying the interconnections between the different elements in the system, within the confines
of the configuration rules, enables the development of complex systems and economic
architectures (using only a part of the different levels).
This flexibility provides ”a la carte” redundancy, either by duplicating the network elements (e.g.
dual Centralog systems on the site network), or by backing–up important modules
(multi–function controllers, field controller, data server, etc.), in accordance with the availability
required on a given project.
The configuration rules are based on:
• the number and type of subscribers on a network,
• the data communications standards,
• the guaranteed data flows,
• the processing capacity of the functional blocks,
• the external connection rules,
• the rules for implementation of functions on supervision stations.
This results in a system with a finite number of communication protocol configurations but which
in fact permits an infinite range of architectures. The role of the engineering department is to
implement the most cost–effective solution for a given project, in terms of the required level of
availability, by the judicious use of hardware and by maximizing the total savings in
installation/wiring.
With large systems (multi–unit thermal plants, nuclear plants etc.), the unit network can be
divided into several ”units” corresponding to different operational subsets, for example:
• unit n¨ 1 or unit n¨ 2; common auxiliaries (thermal),
• turbine–condensate control; reactor; general auxiliaries in a nuclear unit.
In smaller systems, a single unit network may suffice for the control of the whole plant.
This flexibility can also be exploited during the progressive implementation of a system and the
consequential increase in capacity resulting from extension of the site.
.
Example 1 : ALSPA P320 typical architecture
Example of architecture
Internet
Intranet
The operational facilities comprise two twin–screen CVS operator stations (Centralog C30/C50),
a maintenance and configuration station (engineer station), a link with plant office software and a
link to a dispatching center.
Several automation cells are required, together with connections to alien hardware.
A test and local operation station has been implemented using a Centralog C10.
A local control function has been introduced using an ALSPA C80–35 controller connected to the
F8000 combined with a PC–based local command station.
.
Example 2: Control of a 2 x 600 MW twin unit thermal plant
The auxiliary unit network is common to both units and enables a preliminary startup of the
auxiliaries, with a dedicated supervision station. The auxiliaries are controlled from the
supervision stations of each of the units.
Thermal plant
Gateway
Gateway Gateway
Alien Alien
Unit 1 Unit 2
Gateway
Alien
Common auxiliaries
The diagram of the installation shows that networks can be used for installations which are
geographically remote from the control and supervision hardware, which can be located in local
cubicles or buildings (integrating local LV withdrawable “intelligent“ contactors) or in a
combination of these solutions.
.
Example 3: Machine control equipment
Control equipment dedicated to rotating machine functions are available on the ALSPA P320
technological framework, using widely available hardware components and integrating all the
experience and knowledge of the machines.
The different basic functions related to the machine control are provided either in separate
equipment for each function, either as a consistent package for the auto–generator set of all
types of plant. These basic functions include:
• AVR: automatic voltage regulation and control (from 10 to 6000 Amp excitation current)
• STG: turbine governing and control for all types of turbine (from 1MW to 1500 MW)
• STP: turbine protection
• CSR generator automatic synchronization
• Range of specific sensors and actuators
Machine control S8000 Site Network
S8000 Unit Network
ALSPA C80–35
PLC cell controller
1ms logic ALSPA C80–35

timetag IHR field controller Vibration
measurement
I/Os ALSPA C80–35
field controller
Generator
Turbine measurement
governor
ALSPA C80–35
P320–STG
AC Generator
AC generator safety
regulation
ALSPA C80–35
P320–AVR
P320–CSR
Synchronizer
Turbine
safety
ALSPA C80–35
P320–STP
.
Distributed design
This design based on a high speed fieldbus and use of standard components offers new
possibilities for machine control:
• “à la carte” redundancy for each function,
• computation power rangeability of standard controllers,
• easy integration of new monitoring functions,
• better safety by integration of functions in independent blocks,
• seamless integration with ALSPA P320.
P320–TGC: integrated package for machine control
• Integrated package covering all functions with the same technology (fully compatible
with Plant Automation System): AVR, STG, STP, Man Machine Interface and
disturbance recording,
• Use of industry standard components,
• Fully distributed architecture on fieldbus: each function in a separate field controller with
“à la carte” redundancy (1/1, 1/2, 2/3),
• Easy expansion of monitoring function by block adjunctions,
• Easy adaptation of computing power by rangeability of controller,
• Same basic training and engineering tools.
.
Example 4: Control of a hydro–electric plant.
Hydro plant
Centralog Centralog
Gateway
ÏÏ
Redundant optical loop
S8000 – E
(Ethernet 10/100 Mbits/s
Cell controller Cell controller Cell controller
ÏÏ
Field
ÏÏ
Field
ÏÏ
Field
ÏÏ
Engineering tools
controllers controllers controllers
Automation cell Automation cell Automation cell
This EL type configuration concerns a medium–sized installation comprising a power production

plant with a dam located some distance away geographically. The dam is remotely controlled
from the plant.
The Centralog supervision level communicates with a dispatching center (EMS) or a Centralog
system controlling a series of plants.
Each of the generators (and the auxiliary circuits) are controlled by means of a C80–35
multi–function controller which handles communications with the supervisory system and with
the general control functions (changes in configuration, alarm formation etc.).
On each machine, the logic input data that requires fine timetagging is collected on the C80–35
IHR controllers which timetag the data to the microsecond.
The dam is controlled by a multi–function controller which federates the field controllers
associated to each gate. Supervision data is timetagged in accordance with the multi–function
controller cycle.
In the HV substation, as for the electrical auxiliaries, bay control functions are performed by field
controllers federated by a multi–function controller acting as a substation micro–computer. Data
requiring fine timetagging is acquired via the IHR field controllers.
The network used is an S8000–E network implementing redundant optical loops (automatic
re–configuration on malfunction)
.
Example 5 : Control of a complex hydro–electric installation (pump–turbines)
Hydro-electric plant
Gateway
Substation
computer Dam Water intake Pump
Bay computer and

protection link
Groups and auxiliaries Bay computer and

protection link
Here, the process control system is scattered geographically over zones which are liable to earth
voltage variations. The unit network is composed of fiber optic sections and/or fiber optic stars to
isolate supply voltages between buildings.
In the installation shown, ES cells have been used for control purposes.
Substation control functions are performed by the ES cell bay controllers, with a connection to
the electrical protection (IEC 870.5) and by the electrical measurement connection boxes.
The substation functions are managed by a multi–function controller (substation computer).
.
Example 6: Control of a nuclear unit
The system consists of several unit networks comprising ES cells.
• nuclear island
• conventional island
• general auxiliaries
The networks can be linked together by a federating network.
Nuclear Plant
DUAL O.F.
CONTRONET
O.F. O.F. DUAL S8000
To other unit O.F.
F8000
dual
1E *
*
O.F. O.F. O.F. O.F.
* actuator and in-

terlock control
RPR RPR
AUXILIARIES TRAIN A TRAIN B
Each of the unit networks is redundant and linked directly to the supervisory system.
Reactor protection systems and fuel rod controls are connected to class 1E instrumentation
hardware.
Transmission by fiber optic sections ensures:
• isolation between control functions on different safety divisions,
• isolation between control and supervision functions.
.
The Centralog supervision system allows the implementation of any of the following installations:
• a refitted control room,
• a control room with mixed technology: control by hardwired individual stations with
supervision data on screen (1300 MW EDF type),
TSC Backup panel

Engineer Engineer
station station
Integrated open system with MMI and CAD
ALSPA P320
Reactor protection
Fuel rod position Turbine
Nuclear measurement controller
Fuel rod command
Reactor BOP
• a computerized control room.
Computerized control
functions
Fall–back
panel
TSC Backup panel Engineer Engineer

station station
Integrated open system with MMI and CAD
ALSPA P320
Reactor protection
Fuel rod position Turbine
Nuclear measurement
controller
Fuel rod command
Reactor BOP
.
Example 7 : HV substation control
ES configurations are used to control EHV/HV substations:
• CE2000 field controllers are used as bay controllers to provide bay interlocks and to
acquire electro–technical values (using the electro–technical measurement scanner).
Electrically protected data is exchanged on the fieldbus by means of the IEC 870.5
(CS–103) connection box.
• C80–75 cell controllers act as substation computers, linked to the Centralog supervision
system.
• Communications with the dispatching center are ensured from the Centralog stations
(ELCOM, ICCP, IEC 870.5 CS–101, etc.).
Stations
Gateway
substation
computer
Bay computer
and protection link
Bay computer
and protection link
For certain installations, EL configurations are also used.
.
Example 8: Coordinated site control system
Power plants and substations
EMS
WAN
This diagram shows the different types of system which can be implemented for:
• control of a remote site using a Centralog system,
• link with dispatching center,
• control of a thermal unit,
• control of a hydro–electric installation,
• control of an HV substation. The bay control functions are performed by the CE2000
controllers which provide links to the digital protection relays.
.
Example 9 : industrial process of fumes desulfurization
The process requires a high level of availability to guarantee the production level of two 600 MW
thermal units without affecting the environment.
The process is characterized by geographical distribution of the control function cells in several
specialized workshops, with control stations for each workshop and for each control room of the
600 MW units. The function control transfer authorization from one point to another is ensured by
the ”multi–entity” function which enables assigning one or more workshops to one control
station:
• fumes cleaning workshop for elimination of the sulfur dioxide of each unit,
• gypsum production and transport workshop,
• workshop for the chemical treatment of the desulfurization water,
• electric distribution workshop,
• workshop for the chemical treatment of site water.
Desulfurization
Control room Control room

U1 600MW U2 600MW
Site
ÎÎÎ ÎÎ
ÎÎ ÎÎ
ÎÎÎ ÎÎÎÎ
ÎÎÎÎ network
Unit
ÎÎ
Î
network
Desulfurization Electric distribution Gypsum Desulfurization Desulfurization Chemical treatment

water workshop workshop production/transport workshop workshop of site water
workshop U1 U2 workshop
The examples above show that complex architectures can be constructed using the same
basic elements. The flexibility of the ALSPA P320 system enables the system architecture to
be implemented in progressive steps in line with the development of the main plant installation.
.
4. Plant Operation Functions - CENTRALOG
4.1. REAL–TIME CONTROL
USER–FRIENDLY INTERFACE
Access to information is quick and easy. The man/machine interface operations are
simplified by use of a mouse, multi–windowing and pull–down menus. All functions can
be directly accessed using the mouse.
Sophisticated mimics and multiple pre–formatted views are combined effectively to cater
for all types of process and to different operational modes.
On pre–defined views, the operator uses the mouse to pinpoint the variables he wants
displayed or deleted.
A dialogue zone at the bottom of the screen contains a series of icons corresponding to
the main functions and a second line of icons representing secondary functions.
Operator commands may be executed by:
— pinpointing direct access icons

— pinpointing icons and selecting an option
from a pull–down menu or a window,
— using hot function keys to access the most frequently used views.
The operator moves between the different views easily and rapidly by following the
instructions displayed on the views themselves:
— to access a mimic describing a neighboring area or representing a detail,
— to access a view representing the same variables in the form of curves or bargraphs,
— to re–access previous views.
A second language can be used for operator communications and/or for the main
database labels (Greek, Cyrillic, Chinese, Korean , etc.). This language can be changed
on–line on a screen–by–screen basis. The languages available use standard or special
ASCII fonts (Greek, Cyrillic, etc.) or more complex characters (Chinese, Korean, etc.)
.
.
GRAPHIC INTERFACE
The man–machine interface is based on the market leader DataViews (more than 25,000
graphic application licences in use all over the world).
DataViews permits multi–platform utilization (Unix and Windows) providing access to the most
advanced technologies in each area:
• ActiveX Control,
• Plug–In,
• Database interface via ODBC,
• Object oriented structure based on a high level C++ class graphic library.
.
4.1.1. CENTRALOG – Mimics function
The Mimics function is used to display and

monitor the state of various process
parameters including the state of actuators,
valves, or complete process systems, on
diagrams with dynamic representations of
the process schematics.
Mimic views are organized into a hierarchical mimic structure, displaying information with
different levels of detail to provide the operator with a global or more detailed analysis of the
process.
Level 1 : overview of the installation
Level 2 : overview of the principal functions of the installation
Level 3 : control view and possibly supervision view
Level 4 : detail view
The overviews show the operation of the installation, while the detail views allow corrective
action or provide precise diagnostics.
The operator can move about in the hierarchy by means of easy–to–use access functions which
allow functionally associated views to be linked together:
• same level mimic views (continuation of circuit, etc.)
• higher level mimic views (overview)
• lower level mimic views (detail)
• variable monitoring views (curves, bargraphs, operator groups, etc.)
• operational schedule views (operational schedules, etc.)
• surveillance views (alarm lists, variable lists, etc.)
.
Displays are standardized (in terms of colors and shapes) in order to simplify interpretation of the
views and animated so that the operator can easily identify different states (color of outline or
frame, etc.). The symbols used in the mimics are stored in a library. The measurement units used
are those of the KSI international system. Measurements may be represented in the form of
numerical values, curves (trends) or bargraphs.
Mimic views consist of static (fixed frame) and dynamic elements. The shape, color or content of
dynamic elements change in accordance with the process status.
The operator can display the ID tags of dynamic objects, display the trend curves of analog
values on the mimic and access zoom views to obtain a detailed static and dynamic description
of an object.
.
4.1.2. CENTRALOG – Control Mimic function
The Control Mimic function provides the

operator with command resources in the
form of easy-to-use control windows
facilitating the actions of the operator.
Control mimic views are designed for the

execution of control tasks (commands,
setpoints controls, or running automatic
sequences) relating to functional sub-sets.
These views provide the operator with three levels of command :
• individual commands (binary or modulating actuator),
• grouped commands enabling several functionally linked actuators to be controlled by a

single command,
• automatic sequence commands linking several individual or grouped commands

sequentially.
The operator’s man–machine interface is specifically designed for the management of process
control functions.
Graphic objects representing actuators are defined and animated on the basis of the following
parameters:
• the state of the actuator (open, closed, in service, out of service, opening, closing, etc.),
• the fault condition of the hardware (acquisition validant),
• the status of the control block (locked, test, commandable).
Different methods are used to represent objects according to the extent to which they can be
controlled from the view (i.e. object controllable from current mimic, from other mimics, not
controllable etc.).
Clicking on a controllable block opens a control window which can be used to input commands
or setpoints. Control windows contain dynamic information related to the control block in
question.
.
Control loop windows contain all the elements necessary for the modulation of a control loop:
value of a parameter, setpoint, auto/manual switching command and control block offset bias.
The representation of the object is animated in such a way as to inform the operator as to whether
or not his command has been executed and of the resulting state of the process.
Depending on the authorization rights defined during customization, the transmission of a

command will be accepted if the authorization data related to the command or setpoint value so
permit.
.
4.1.3. CENTRALOG – Control by Operational Schedule
The Control by Operational Schedule

function is used to generate operational
setpoint schedules for periods of 48 hours.
The function thus enables the plant to be run
automatically without an operator.
The operational schedules generated by an

operator can be analyzed by application
software in order to check that the scheduled
setpoints correspond to the operational
constraints of the process.
These applications can also generate new operational schedules depending on operational
criteria (e.g. calculation of the power setpoint schedule depending on the availability and
characteristics of the generators in an installation, the water level, network occupancy,
calculation of operational setpoint schedule for the following day etc.).
To facilitate analysis and monitoring of the scheduled setpoints by the user, the setpoints are
represented graphically in the form of operational schedules while the process measurements
can be displayed in the form of curves enabling the deviation between the setpoints and the
actual process variables to be analyzed in real time.
Power
in MW
Schedule setpoint
produced by the
operator
Schedule setpoint
calculated by applica-
tion software Monitoring of process t
0 24 hours
Operational schedules are organized into groups comprising schedules and curves.
A schedule is divided into two different sections: section 1 corresponds to day D, and section 2 to
day D + 1.
.
The analog variable associated to each curve represents the result of setpoint commands
generated by the schedule or the instructions of an operator reacting rapidly, for example, to a
demand for power production.
Operational schedules are displayed at a minimum measurement interval defined during

customization. Permissible values are 5, 10, 30 min, 1 h.
The operator can perform different schedule operations (data entry, modification, validation).
Clicking on a point on one of the schedules or curves opens a window containing the ID tag and
value of each of the schedules or curves at the time concerned.
.
4.1.4. CENTRALOG – Automatic Sequence Monitoring
The Sequence Monitoring function enables

the operator to run and monitor an automatic
sequence. At each step, the function
indicates the conditions required to progress
to the following step.
A sequence may be represented in different

ways on screen. These representations may
or may not be implemented depending on
the type of information required by the
installation.
The sequence is activated from a control window on a mimic view. Animated command icons
inform the operator of the general state of the actuators involved in the control sequence.
The main sequences can be represented in graphic form. The operator can run the sequence
and monitor its progress graphically.
A sequence is a series of successive actions known as steps, performed on the process

equipment. A sequence is executed in a given order which is dependent on the presence of
specific logical criteria. The Sequence Monitoring function is used to display the progression of
sequences step by step in real time. Sequence steps can be logged on a printer and recorded by
the HDSR function.
A sequence may be inactive, in progress, malfunctioning, blocked or aborted. When a sequence

is inactive, it cannot be started without the presence of criteria known as ”initial criteria”. A
sequence remains inactive if any of the initial criteria are absent. When a sequence is in
progress, the progression from one step to the next requires the presence of one or more criteria
defined for each step. A sequence remains blocked if a criterion required to go onto the following
step (blocking criterion) is absent. A sequence in progress can be stopped by the operator; the
sequence is then aborted and reverts to inactive.
Sequences are organized into groups when sequences are linked to obtain a multi–sequence
log. One sequence can belong to up to 6 groups. Sequence groups are defined during
customization of the application.
The operator can follow the progress of automatic sequences in detail by displaying the
sequence monitoring analysis views.
These views can be accessed for consultation purposes at the start or during the execution of a
sequence, or displayed for analysis on the occurrence of a malfunction.
.
The state of the sequence start criteria can be read by displaying the Controcad view relative to
the sequence.
The sequence log view allows the changes in a sequence group to be traced by means of a
chronological list of the state changes occurring during the different sequence steps.
The sequence log view can also be used to provide a chronological list of the malfunctions
which have occurred during the progression of a sequence (list of incorrect criteria when a
sequence is blocked).
Animated Controcad views display a real–time list of the criteria missing from a sequence and
allow the operator to carry out immediate diagnostics.
.
4.1.5. CENTRALOG – Alarm Management function
The Alarms with Operator Help function is

a total alarms manager which is designed to
provide the operator with fast analysis of all
process malfunctions. It constitutes a
powerful management and analysis tool,
offering a wide range of alarm sorting and
filtering facilities.
When a process alarm appears, the operator is guided in his analysis of the malfunction by a set
of views accessed hierarchically according to the situation:
• mimic view representing the general state of the process
• mimic views showing the state of the different functional sub–sets
• process alarm analysis views:

— general alarms view
— alarms by degree of urgency views
— mimic alarms views
— alarms by functional sub–set views
— alarm windows accessible from all types of view
• views associated to alarms:
— associated mimic views

— alarm files
— synthetic alarm views
— variable zoom views (parameters, etc.)
.
WHAT IS AN ALARM?
An alarm is an event representing an operational anomaly in the process or in the system. The
following types of events give rise to alarms:
• State change in a logical variable acquired, calculated or produced by the system,
• The violation of the thresholds or limits of analog variables acquired, calculated or

produced by the system.
• System faults.
Each alarm is time–tagged. Alarms caused by state changes in acquired logic variables are
time–tagged at source. Alarms caused by analog variables are time–tagged by the Centralog.
A degree of urgency is associated to each alarm. Four degrees of urgency are available and
each degree of urgency is allocated a different alarm color code.
The system can be configured to include an audible warning signal activated on the appearance
and/or disappearance of an alarm.
Synthesized Alarms
In order to highlight the most significant information, it is possible

to produce synthesized alarms thus enabling the number of less
important alarms to be reduced.
A synthesized alarm groups events representing state changes

in logical variables and threshold or limit violations in analog
variables. These events can be combined by logical operators.
The result gives a logical ”or” between the direct or inverse inputs.
Synthesized alarms are re–activated on the appearance of a new alarm in the group. The
operator must re–acknowledge the appearance of the new alarm.
The operator can consult the value of the different inputs at any time on the synthesized alarm
view.
.
Alarm screen with alarm file
.
FILTERING ALARMS
Technological Filtering (System)
System mechanisms enable alarms caused by faults to be filtered out without altering the quality
of the signals and without masking important events from the operator. The mechanisms also
enable non–significant alarms to be eliminated in the most systematic manner possible, and
permit peak loads caused by system faults to be reduced.
Alarms are filtered in the following cases:
• On detection of a global inter–controller network fault (simple or redundant) the

Centralog automatically invalidates the information received from the automation cells
connected to the network.
Only the ”Global unit network fault” alarm is transmitted to the operator.
• On detection of an automation cell fault (CPU fault, global inter–controller network

connection fault, etc.) the Centralog automatically invalidates the information received
from the defective automation cell.
Only the alarm ”Fault cell n” or ”Fault link cell n” is transmitted to the operator.
• On detection of input/output unit fault (CPU fault, global I/O inter–unit network
connection fault, etc.) the automation cell automatically invalidates the information
received from the defective I/O unit.
Only the alarm ”Fault I/O rack cell n” is transmitted to the operator.
• On detection of an input board fault (board hardware failure, polarity fault, etc.) the I/O
rack automatically invalidates the information received from the defective board.
Only the alarm ”Fault I/O rack cell n” is transmitted to the operator.
• The logical input boards enable chattering inputs to be eliminated by invalidating the
information until a steady state prevails.
Application Filtering (Process)
The automation cells can be configured to calculate internal variables intended for the Centralog
from process variables, thus enabling alarms to be filtered by the application software.
Application Filtering (Operator)
The operator may use the man/machine interface to inhibit a system variable or set a system
variable off–monitoring .
.
HIERARCHICAL ANALYSIS OF ALARMS
A mimic view showing the overall state of the process indicates the different functional sub–sets
on alarm. The operator has access to data giving the alarm condition for each functional sub–set
(no alarm, alarms acknowledged, alarms unacknowledged).
The operator selects the mimic view of the functional sub–set to be analyzed in order to observe
the state of the different process control blocks and to access the view alarm associated to the
mimic. The alarms indicating the various defective control blocks can then be acknowledged.
Synthesized view of the circuits
Access associated views:

alarm file,
mimic, etc.
Display of the faulty object

shown by its appearance on the
associated view
.
AN ALARM VIEW FOR FOR EVERY SITUATION
All the alarms are listed on the overall alarm view. Five other alarm views are used to display
extracts from this list in accordance with the criteria adapted to the different operating situations.
All of these views offer the same functions (access to the alarm files, access to the variable zoom
views, acknowledgement, etc.). The various views are consistent among themselves and are
updated in real time.
All alarm lists can be printed out.
Alarms by degree of urgency views
Â
??
Â
?
ÂÂ
Â
Alarms per mimic views
Â
Â
General alarm view
ÂÂ
ÂÂ Alarms by functional
Â
sub–set views
– by state (acknowledged
Alarms by criteria views / unacknowledged)
Â
– by character string
– by interval
– by controller
– by variable type
Mimic views – by mimic
– by functional subset
– by degree of urgency
– by operator group
Alarm windows
ÂÂ
.
ASSOCIATED VIEWS
The following associated views accessible by the operator can be defined for each alarm:
• alarm file and procedure file: see overleaf
• mimic view associated to alarm used to monitor process and intervene where needed
• zoom view detailing the characteristics of the variable on alarm
• synthesized alarms view indicating the reasons why the alarm is activated, in the case
of a synthesized alarm.
• other alarm views (by functional sub–set, by degree of urgency, by mimic etc.)
When the general view is not displayed, the operator is informed of a new alarm by an audible
warning and via the reduced window or the window of the 3 last displayable alarms superposed
on all control views. The reduced window shows three alarms amongst the 30 first ones.
ALARM ACKNOWLEDGMENT
The alarm acknowledgement function enables the operator to indicate that he is

aware of the alarm.
The alarm acknowledgement function can be assigned to any of the operator sta-
tions and is accessible from all of the alarm views or windows. However, alarms
can only be acknowledged from one operator station at a time.
The type of acknowledgement required is configurable by degree of urgency. For a

given degree of urgency, acknowledgement may be requested as follows:
– either on appearance of the alarm only

– or on appearance and disappearance of the alarm
Alarms are acknowledged by the operator either:
Individually
by clicking on the button located at the start of
each alarm line.
by page of 20 alarms
by means of a button located in the alarm view
command band
When an alarm has been acknowledged, the

individual acknowledgement button disappears
in accordance with the alarm condition and with
the acknowledgement mode configured.
.
OPERATOR HELP: ALARM FILES
Alarm files are help windows which are used to integrate knowledge–based system operation by
indicating the following data to the operator:
• the probable origin of the malfunction
• possible corrective action
• the commands recommended to execute the corrective action.
These files can be created from an office application such as a spreadsheet, database or word
processor (Excel, Lotus etc.) in accordance with the naming and structure rules.
The views generated directly from these files may be displayed on alarm screens or on
operational mimic views.
.
OPERATOR HELP: PROCEDURE FILES OR INTEGRATED OPERATIONAL
INSTRUCTIONS
Procedure files are help windows giving access to on–line operational procedure manuals in
digital, interactive form. They may contain control action access buttons or mimic display
buttons.
These files can be created from an office application such as a spreadsheet (Excel, Lotus etc.),
database or word processor, in accordance with naming and structural rules.
The views generated directly from these files may be displayed on alarm screens or operational
mimic views.
.
4.1.6. CENTRALOG – y = f(t) Curves function
The y = f(t) Curves function provides the

operator with a powerful and ergonomic
resource for monitoring the changes in
process values and measurements over time.
y = f(t) curves views are organized into

functional groups comprising up to 6 curves.
These groups may be defined at
configuration or modified interactively
depending on the functional criteria defined
by the operator.
The changes in each analog value are logged over 7200 points. Each curve view displayed
comprises 720 points. The ”scroll” and ”zoom” functions can be used to analyze the whole log.
Each new value is displayed at the sampling rate associated to a particular curves group. Each
view represents a maximum of 6 variables over a single time period. Permissible sampling rates
are 1s, 5s, 10s, 30s, 1mn, 2mn, 5mn, 10mn, 30mn, 1h. These rates correspond to memorized
periods ranging from 2 hours to 300 days. The curves are shown in different colors.
Both the time and value scales can be modified by the operator.
Curves views consist of a graphic curve trace zone and a zone containing the dynamic
description of the variables.
Clicking on a point on the curve tracing zone opens a window containing the time of the
designated point and the ID code and value of each of the variables represented at the time
concerned. Clicking on a variable on the curves view gives access to the corresponding zoom
view.
The operator may:
modify the composition of the curves group shift curves in time

temporarily delete a curve modify the period displayed
modify minimum/maximum values (from 12mn to 300 days
on vertical axis depending on the sampling rate)
display the actual scale of each curve access associated views
.
4.1.7. CENTRALOG – y = f(x) Curves function
The y = f(x) Curves function enables the

operator to monitor the changes in several
process values and measurements within a
single functional domain.
y = f(x) curves views are organized into

functional groups comprising up to 3 pairs of
analog values and reference charts which
determine the operating zone. These groups
are defined at configuration.
The changes in each pair of analog values are logged over 50 functional points. The operating
zone shows the authorized operating areas and limits. Each new point is displayed at the
sampling rate associated to the group as defined at configuration. Permissible sampling rates
are 5s, 30s, and 2mn.
Operating points of different y = f(x) curves are differentiated by color and shape.
Curves views consist of a graphic curve trace zone and a zone containing the dynamic
description of the variables.
Clicking on a variable gives access to the corresponding zoom view.
The operator may:
modify the minimum/maximum values of the x and y axes

temporarily mask the operating points of an x,y pair
display the actual scale of an x,y pair
modify the number of operating points displayed
delete the recording of operating points
access associated views
Utilization
This function can be used, for example, to monitor operating zones related to pumps or fans in a
thermal plant, or alternator or water level setpoint operating zones.
.
4.1.8. CENTRALOG – Bargraph function
The Bargraph function enables the operator

to compare analog values which are
functionally associated.
Bargraph views are organized into functional

groups comprising up to 20 bargraphs.
These groups may be defined at
configuration or modified interactively
depending on the functional criteria defined
by the operator.
Bargraph views are composed of a zone showing the bargraphs themselves and a zone
indicating the views associated to the current view. Bargraph views also contain lines of static
and dynamic data related to the variables concerned.
The color and the representation of the bargraph vary according to the value, status, degree of
urgency and position of the variable relative to its thresholds and limits.
The 4 thresholds of the variable may be represented by triangles which are color–coded by
degree of urgency.
The operator can modify the composition and scale of the bargraph group and, by clicking
on a bargraph number, obtain the status and validity of the associated variable. Clicking on a
variable on the bargraph view gives access to the corresponding zoom view. The operator can
also access associated views.
Utilization
This function can be used, for example, to monitor a set of temperatures (metal, turbine bearing),
pressures or fluid levels, etc.
.
4.1.9. CENTRALOG – Zoom View Function VAR
The Zoom View displays data regarding the

state, status, acquisition and processing of
the relevant variable. For analog variables,
the view shows the current value in numeric
form, a bargraph and a curve showing the
historical value of the variable.
Most views provide direct access to the zoom view of any relevant variable.
This view shows the details of all the static and dynamic data associated to the variable (address,
state, threshold, alarms, etc.).
This function is particularly useful during the process startup and maintenance phases or for
identifying the root–cause of operational errors.
A zoom view is associated to each variable.
The view displays data relative to the state and status of the variable:
value and associated message

associated Operative Unit
current status and status value buttons enabling the operator to modify the status
on alarm or not
specification of the alarm
type and name of the acquisition controller, and address of the variable in the controller
specification of printout criteria
The operator may modify the status of the variable as follows:
inhibit a variable
set a variable on monitoring
replace a variable
set a variable off monitoring
modify threshold values
lock a control block
.
4.1.10. CENTRALOG – HDSR function
The HDSR (Historical Data Storage and Retrieval) function provides for the long term storage of
process data.
The function enables immediate analysis (event log function), deferred analysis, storage and
retrieval of recorded data.
Data can be analyzed from any operator station. The information selected by the operator can
be printed out on the printer.
Two types of storage are available:

— periodic storage with data restored in the form of curves,
— event–related storage with data restored in the form of chronological lists.
Several HDSR databases are accessible on–line (7 in standard configuration).
Current database
(today)
Several databases await-

ing storage (configurable Storage on
by project: last 4 days in magneto–optical
standard config.) disk
2 restored databases
(any 2 previous days)
A user–friendly man–machine interface enables a wide range of data to be sorted and exported
to office type applications (spreadsheet, etc.).
All data stored by the HDSR function (samples and events) can be transferred onto
magneto–optical disk (depending on the configuration) for subsequent consultation (incident
analysis, optimization, maintenance, training, etc.).
Storage and retrieval operations are performed at the request of the operator. A system alarm is
however issued to indicate that storage is necessary.
.
Logic and analog variable samples are restored in the form of curves :
6 curves on screen
Sampling every 5s
Zoom on 6mn, 12mn, 30mn,1h, 2h, 6h, 12h,
24h
Time axis scrolling
Detail view of each variable (type, OU,
validity, inhibition, degrees of urgency,
statistics, etc.)
Clicking on any point on a curve displays the
value of each of the samples at the time
concerned (5 s interval).
Restoration on screen in the form of a chronological list of timetagged events:
state changes in logic variables defined in

database (customization),
threshold or scale limit violations, and return
to normal, for analog variables
(customization),
variations in analog variables,
events related to sequence monitoring,
transmission of telecommands or setpoint
values,
control block locks,
modifications to variable or OU status.
A wide range of combinable sort options are available:

– by type of variable, sequence or operator action, by operative entity
– by degree of urgency, by time interval, by date
– by character string (variable, value, threshold, etc.)
A direct command provides restoration of most recent events to display the event log function on
screen.
HDSR data can also be accessed remotely from a PC connected to the site Centralog via a
direct public or private telephone link or by an INTRANET link. The link is secure. Data is selected
and displayed by means of an INTERNET browser such as Explorer or Netscape.
.
4.1.11. CENTRALOG – Office interface function
The purpose of the office interface function is to provide real–time access to CENTRALOG data
in read/write mode from a Unix or Windows environment. This function is available in the form of
two modules: CLOGSQL et CRW.
CLOGSQL module
The CLOGSQL module is based on the ORACLE Relational Database Management System
which allows a multi–platform distributed client/server architecture.
Thanks to this architecture a wide range of applications can be envisaged to optimize the use of
commercial office software interfacing with the ORACLE RDBMS (e.g. Oracle’s Report Writer
Oracle, Lotus, Excel spreadsheets etc.).
• Real time observation, complex process calculations, production of data originating from
or intended for the Centralog system,
• Production of customized reports,
• Constitution of a mini plant supervisor to optimize operations of more than one unit,
production of plant balances, centralized storage of principal data, single interface with
external system externe (dispatching, customer office etc.),
• Assistance in the management of installation maintenance.
• Maintenance management tool interface such as Maximo.
The Centralog system can also provide an office application utilizing the data center GQL tool.
This application enables the user to consult the data available in the Centralog ORACLE
database and to produce specialized reports to meet operational needs both locally and from a
remote station via the switched network. The remote station can be a PC running Windows.
.
CENTRALOG - Office interface function
CRW module – Spreadsheet logs

The CRW Centralog Management System constitutes a software interface between the
Centralog real–time database and office applications running in a Windows environment. By
means of this link customized logs can be edited in the form of spreadsheets which can then be
used for production management applications: complex thermodynamic calculations,
balances for maintenance of the installation, statistics etc.
CRW logs are established on the basis of standard spreadsheets which can subsequently be
defined by the operator.
A system of automation enables logs to be generated, printed and archived each hour, day,
month or year. Centralog data can be selected, and logs modified, on–line without interfering
with the Centralog.
Hardware architecture
The CRW module runs in the MS–Windows environment on a PC connected to the Ethernet
network. In a Centralog 10 type architecture on PC, CRW can even be integrated to the operator
station.
Communications
Data is transferred cyclically from the Centralog real–time database to the CRW base for
processing. It is possible to send the results of this processing back to the original database to be
managed like any other Centralog variables (mimic display, curves etc.).
In an architecture which comprises a UNIX server, the Centralog stores historical CRW data for a
period of 10 days in case of a PC failure.
.
ÂÂ
4.1.12. CENTRALOG – Printer functions
ÂÂ
Printer outputs enable the operator to obtain a full set of documents giving a printed record of
changes in process parameters. These documents take different forms: periodic logs, trend
logs, event log for operational and maintenance purposes, disturbance logs and sequence of
event logs for incident analysis.
Logs are displayed on the operator station screens; from the log displayed, the operator may
select the printout device of his choice in accordance with the configuration of the application.
Logs are stored on hard–disk and can be archived onto magneto–optical disk at the request of
the operator.
The event log (HDSR) provides the operator with a detailed historical and chronological record
of events such as state changes, transmission of commands, threshold violations, etc.
The sequence of events logs (SOE) provide a historical record of the state changes in a
predetermined set of logic variables during the period following the occurrence of an incident for
the purposes of off–line analysis. State changes are dated at source.
The disturbance logs provide a historical record of predetermined analog and logic variables
during the periods which precede and follow the occurrence of an incident in order to permit
subsequent off–line analysis.
The shift logs provide a list of the principal events occurring during the shift (variable state
changes, threshold violations, etc.), or enable of a set of analog variables to be monitored during
the shift period.
The daily, weekly, monthly logs supply data on the changes in a set of analog variables over
periods of 24 hours, a week or a month.
The monthly maintenance logs supply data relevant to the maintenance of the principal control
blocks, including running times, threshold violation times, number of actuator start/stop cycles.
The trend logs supply a historical record of analog and logic variables, either predefined or
configured on line over a given period at a sampling rate defined by the operator. These logs can
either be initiated by the operator or triggered by trip criteria.
Operational lists enable the operator to print relevant process data on the basis of a number of
interactively defined sort criteria (alarm lists, lists of inhibited, replaced, forced, invalid
variables, etc.).
.
ÂÂ
CENTRALOG - Printout examples
ÂÂ
DAILY LOG
HEADER
ZONE
DAILY LOG
DAILY LOG
DAILY LOG
The daily log shows the
changes occurring over a 24
NOMENCLATURE hour period in a set of analog
ZONE variables organized into
groups. In addition to the val-
ues for each variable the log
DATA ZONE may show the sums and
averages of these values.
SUMS
& AVERAGES
SHIFT LOG
HEADER
ZONE
SHIFT LOG
SHIFT LOG
The shift log shows the prin-
SHIFT LOG cipal events to occur during
the shift and enables the
NOMENCLATURE
changes in a set of analog
ZONE
process values over the shift
period to be monitored.
DATA ZONE
SUMS
& AVERAGES
.
ÂÂ
CENTRALOG - Incident logs
ÂÂ
DISTURBANCE LOG
LOGIC
VARIABLES
ANALOG
VARIABLES
The purpose of the
DISTURBANCE LOG
disturbance log is to provide
HEADER ZONE
a historical record of analog
TRIP and logic variables during the
CRITERIA periods which precede and
DATA follow the occurrence of an
ZONE incident in order to permit
subsequent analysis.
SEQUENCE OF EVENTS LOG
The purpose of the SOE log

SEQUENCE OF EVENTS LOG
is to provide a historical
HEADER ZONE record of state changes
TRIP
occurring in logic variables
CRITERIA
during the period following
the occurrence of an incident
in order to permit subsequent
DATA
analysis.
ZONE
Events are timetagged at
source.
.
4.1.13. CENTRALOG – Multi–entity function
Unit 1 and Unit 2 (and The Multi-Entity function is used to

commons commons)
supervise and control an installation in terms
of functional entities.
ÇÇÇ
ÇÇÇ In particular, it enables the operator to
ÇÇÇ
ÇÇÇ
supervise and control a site which comprises
several production units.
This facility allows separate parts of the plant

to be supervised to be configured within the
Centralog system.
Unit 1 Commons Unit 2
An operative entity may represent either a portion of the plant, eg. the water or effluent treatment
unit, a pumping station, a dam, etc. or a complete production unit, eg. a hydro–electric generator
or a thermal unit.
On a two unit site for example, one operative entity may be defined for each of the two units and
one for the auxiliaries and the elements common to both units.
An operative entity is a subsystem of the process consisting of one or more functional subsets
known as Operative Units (OU). An operative entity represents a group of Operative Units.
A variable may belong to only one Operative Unit. Like Operative Units, operative entities are
defined during system configuration.
One or more operative entities can be assigned to an operator station at any one time. The
operator station concerned can then be used to access the alarm views of these entities and
other associated views, and to command the control blocks that belong to these operative
entities.
The operator can modify on–line the operative entities assigned to a station. A data window
shows the overall state of the entities assigned to the station.
Entities are assigned by means of an assign window. The assign window lists all the operative
entities defined in the system and enables these to be assigned to, or de–assigned from, the
operator station in question.
Via the CVS, the operator has access to all the functions related to the operative entity or entities
assigned to the station.
.
The following functions may be structured by operative entity:
• alarm function
• mimic function
• control mimic function
• sequence monitoring function
• y = f(t) and y = f(x) curve functions
• bargraph function
• operator groups function
• variable monitoring function
• HDSR function (filtered by entity)
• analysis list function (filtered by entity)
.
4.1.14. CENTRALOG – Other functions
Operator Groups
Operator groups are used to display real time data concerning logic and analog variables
grouped together by the operator.
Operative Units
Operative Units are used to display real time data related to a single functional subset.
Variable monitoring
The variable monitoring function is used to display changes over time in a group of variables in
the form of continuously updated tables.
Lists
The lists function is used to display and print variables listed according to various sort criteria as
configured by the operator.
.
4.1.15. CENTRALOG – Variable processing
The wealth of different variable types and the variety of processing operations associated to
them means that the process is managed with a high degree of surveillance and security.
The processing operations ensure the validity of acquired variables thus guaranteeing the
quality of processing and of the application programs using the variable concerned.
Specific processing operations prior to transmission of a command check that all requisite
conditions are met to ensure that the process is not disturbed or operational integrity
compromised.
The data used in real time by the CENTRALOG system can be classified as follows:
• Operative Units (OUs): all the variables corresponding to the customization of the
system are divided into functional subsets known as an ”Operative Unit”. This division
facilitates the customization and implementation of the system. Each OU is assigned an
ID code up to 8 characters in length and a label of maximum 32 characters.
• variables : a variable corresponds to a basic entity utilized as a system input/output for

the supervision and/or control of the process. Each variable belongs to one, and only
one, Operative Unit. Each variable is assigned an ID code of up to 20 characters in
length, a label of maximum 32 characters and a set of static and dynamic data the
characteristics of which depend on the type of variable.
VARIABLE TYPES
The principal variable types utilized in real time by the CENTRALOG system are as
follows:
— TS (TeleSignal) : logic input or internal logic variable
— TM (TeleMeasurement) : analog input or internal analog variable
— TC (TeleCommand) : logic command variable
— TVC (Setpoint command) : analog command variable
— VR (Multi–state variable ) : control function object (pump, valve, etc.)
.
4.1.16. CENTRALOG – Computation functions
The Centralog system is provided with a standard library of computation modules which can
be used to perform complex calculations in accordance with proven methods.
The computation functions available are either arithmetic, logical or algebraic, or functions
requiring sampling over time such as the calculation of derivatives, averages and integrals, or
thermodynamic functions (saturation temperatures, enthalpy, entropy, dryness fraction, etc.).
Calculations are performed by combining these basic functions. Calculation formulas are
integrated into the configuration of the database. Calculations linked to the application are
defined during customization and users can insert or delete calculations by modifying the
database. The formulation of a calculation is simple and based on the principle of Polish notation.
PRISCA standard application software is utilized for the development of automatic process
control applications or for calculations specific to the installation. PRISCA offers a host structure
which simplifies the creation of specific application programs adapted to particular operating
conditions.
The results produced by the standard application software and the computation functions are
presented to the operator on the standard CENTRALOG man/machine interface (alarms,
mimics, curves, historical records, logs, HDSR, etc.) and can be utilized to control the process
through commands and setpoints in automatic mode without intervention of the user.
The flexibility provided by utilization of workstations and by the Oracle relational database
manager (CLOGSQL function) permits specific application programs such as office tools
(spreadsheets, data center tools), maintenance management, expert systems, etc. to be
integrated using database variables.
.
The standard library of calculation modules available from Centralog includes:
Analog calculation functions
These calculations are performed on both logic and analog variables. The variables produced by
these calculations are analog variables. These general computation functions are activated
cyclically at intervals specified in the database.
The following standard types of calculations are defined:
• Calculation of derivatives in time,
• Algebraic calculations (addition, subtraction, multiplication, etc.),
• Trigonometric calculations (sine, cosine, etc.),
• Statistical calculations (lowest, highest value of n),
• Reference charts (interpolation y=f(x,p) or x=f(y,p)),
• Thermodynamic calculations (saturation temperatures, enthalpy, entropy, dryness

fraction, etc.)
• Calculation of average over time,
• Pulse count,
• Calculation of running time,
• Calculation of the current average from several valid analog variables,
• Calculation of the typical deviation of an average.
The permissible periods for each variable for each type of calculation are 1, 2, 5, 10, 15, 20, 30
seconds, 1, 2, 5, 10, 30 minutes, 1 hour, shift hours, 1 day and 1 month.
Logic calculation functions
These calculations are performed on logic variables or on threshold violations by analog

variables. The variables produced by these calculations are logic variables. These computation
functions are activated cyclically at one second intervals.
Multi–state variable calculation functions
These calculations are performed on logic variables or on threshold violations by analog

variables. The variables produced by these calculations are multi–state variables. These
computation functions are activated cyclically at one second intervals.
.
4.2. PMP - CONTROL ASSISTANTS
The process control can be assisted by a set of software applications adapted to each domain of
utilization: the Plant Management Package (PMP).
4.2.1. Hydroset: hydro–electric plant management package
HYDROSET is ALSTOM Power’s standard configurable package for automatic control of the
installations. The package reduces plant operating costs through automatic general control, load
scheduling and management of hydro resources, and economical or production management.
Hydroset can be used to control a cascade of hydro plants in the same valley, optimizing overall
production through coordinated control of water flow. It also enables the reduction of local
operating staff.
The control of an installation is based on four principal functions:
• Surveillance of the reservoir, water level regulation,
• Control of the dam,
• Control of the plant,
• Special calculation functions.
For each of these functions, HYDROSET provides a library of standard modules which can be
configured by choice of option. The designer of the application can thus select and configure
modules in accordance the specifications of the project.
Context
The standard modules were developed following a rigorous methodology in a CASE

environment allowing exhaustive validation by unit tests. Each application was subjected to
simulator trials reproducing the behavior of the principal elements in the installation (generators,
valves).
These different test resources resulted in the compilation of a library of dependable high quality
standard modules. Modular architecture enables changes to be introduced following the
requirements of the process.
After validation, the application software is installed in the PRISCA host structure of the
Centralog system. The operator accesses the automatic control functions through the
man–machine interface.
Experience
Hydroset has been implemented in the ALSPA P320 system in a large number of hydro–electric
projects (pump–storage, high head, low head, watercourse) and river system hydro–electric
installations.
.
4.2.2. OPTIPLANT+
The plant management suite of software and services
Power stations are now run as commercial entities, they operate in a highly competitive
environment and are focused on maximizing commercial availability whilst driving costs down to
secure their market share. To be effective the operator needs an extensive and comprehensive
range of information to enable him to keep track of his performance. He needs tools to enable him
to measure, monitor, analyze and report plant performance, commercial performance and plant
management. Most Power Plants have developed their own systems to provide the information
and analysis that they need to run their business but in general these are not integrated systems
and most times fall shorts of the real requirements in–term of cost of implementation,
communication with the control system and long term maintenance problem. Use of state of the
art tools (Win NT, spreadsheets and flexible computation, basic functions of the Centralog)
allows to integrate now these functions within the P320 system.
OPTIPLANT+ offers a framework for a full set of integrated services in a tailor made
implementation adapted to the plant owner’s needs and operational budgets.
The implementation starts from the implementation of the basic functions of the system up to a
complete plant management system, integrating partner software packages from ALSTOM
Power (or others).
The engineering efforts necessary to collect the expertises in different field can be implemented
in a progressive mode, following the plant life (for instance: post commissioning add on is
possible in relationship with the plant operation team).
The functions covered by OPTIPLANT+ includes :

— operation support : alarms, events, trends, steam and water quality, x–y curves,
HDSR function, remote integration through Internet technology and optional feature
such as interactive alarm files from operator help, IT supported procedures, flexible
computation
— performance and efficiency survey
— availability – maintainability monitoring according to standards (IEEE, Nerc, MOEP
annual report...)
— model based operator help (drift detection, what–if simulation, comparison of the
values of the thermal cycle to the values computed by the model
— maintenance management including spare parts management including asset
management (AMS from Fisher Rosemount)
— environment monitoring and regulatory compliance reporting
— sales and cost management
— electronic documentation storage and consultation
.
4.2.3. SPDS – Nuclear control assistant
THE CONCEPT OF SAFETY FUNCTIONS
The Safety Parameters Display System (SPDS) concept assumes that a nuclear plant can be
maintained in a safe and stable condition, as long as a limited number of safety functions can be
executed correctly.
THE CHARACTERISTICS OF SPDS
• Permanent display of data enabling the safety status of the plant to be easily and reliably
assessed.
• Complete and accessible safety status data enabling the operator to decide on the
procedures to be applied following a given incident and how to implement them.
SAFETY FUNCTIONS
• Subcriticality : detection of the production of excessive core heat whether a reactor is

tripped or not.
• Core cooling : monitoring of core cooling process
• Reactor Coolant System (RCS) integrity and inventory
• Heat sink : monitoring secondary heat transfer capability
• Containment integrity: monitoring of containment activity and pressure
• Radioactivity: monitoring of radioactivity
ALARM AND PROCEDURE FILES
Alarm and procedure files provide an additional safety support during incident periods and
during startup or shutdown phases.
REMOTE MAINTENANCE
Maintenance can be done from a remote site. See Maintenance chapter.
4.2.4. Total Process Control
The incorporation of open–system technologies and PMP software guarantees the availability of
a full range of installation control and management functions including, where necessary, plant
office applications using the hardware elements provided by the system.
.
5. CONTROBLOC – Control Functions
5.1. INTRODUCTION
CONTROBLOC groups all the components used to acquire data transmitted from sensors, to
process both logic and continuous controls, to command the actuator and to provide
communication functions.
The automation cell comprises the following functional blocks linked on the F8000 fieldbus:
• ALSPA C80–75 or C80–35 multi–function cell controller,
• ALSPA CE2000 I/O controller,
• ALSPA C80–35 field controller,
• ALSPA DI80 and DI103 connection unit, MV/LV actuator controller and speed control
drive.
5.2. ALSPA C80-75 MULTI-FUNCTION CONTROLLER
5.2.1. Presentation of the ALSPA C80–75 Multi–function Controller
The ALSPA C80-75 multi-function

Multi-function controller controller is available in single and redundant
versions.
S8000
It includes the communication modules
linking with the unit network and the fieldbus.
P P
O C O
W C W
P P
E U E
R U R
F8000
.
The multi–function cell controller performs the following tasks:
• processing of binary control functions and control loops, in association with any
processing operations performed by the elementary controllers,
• communications processing,
• storage of the application programs,
• continuous execution of self–tests designed to monitor correct operation,
• interface with programming, downloading and observation facilities via the unit network,
• interface with the unit networks: data exchanges with the supervisory system and
between the automation cells,
• timetagging of state changes in internal variables utilized in the supervisory system,
• re–transmission to supervision of data validators and variables associated to control

function objects (VRE),
• redundancy management,
• recording of system malfunctions and re–transmission of grouped malfunctions to the

supervisory system.
Programmed processing operations are organized according to IEC 1131.3 recommendations.
The multi–function controller is assembled in the ”processing unit” rack which is available in two
versions :
• ”single” version,
• redundant version,
and in two packages:
• 19” rear fastening rack,
• 19” flush–mounted rack.
In the redundant version, the same rack houses two identical controllers, connected together by
a specialized link which guarantees the consistency of the redundant controllers.
Each controller consists of:
• a processing unit,
• an S8000 unit network interface unit; an Ethernet interface module is used. Redundancy
is provided with industrial Ethernet solutions by the connection with the secure optical
loop.
.
• an F8000 fieldbus interface unit; the interface of the C80–35 with the F8000 is provided
by a coupler module. The network connection is dual medium.
• service units (exchanges between redundant structures).
• a power supply module from 230 V AC or 120 V AC or 48 V DC power sources.
5.2.2. Overall Dimensions
PU module:
• Frequency 100 MHz
• User memory 1 MB
• Total memory 2 MB
• Flash memory 4 MB
Ethernet module:
• Memory 2 MB
• Flash memory 1 MB
.
5.3. ALSPA C80-35 CONTROLLER
The ALSPA C80-35 is utilized in the ALSPA

C80-35 P320 system either as a multi-function cell
controller or as a field controller.
Structure of the controller: The structure of the ALSPA C80–35 is based on a 3 U rack which
may be supplemented by one or more expansion baseplates. The optimum configuration for the
application can be selected by using 5 or 10 slot baseplates, and up to 7 expansion baseplates.
5.3.1. ALSPA C80–35 Multi–function Cell Controller
Processing units available: UT352, UT360, UT363 and UT364 (see below)
S8000 unit network: An Ethernet connection module is used. Redundancy is provided by the
connection with the secure optical loop.
F8000 fieldbus interface: The interface between the C80–35 and the F8000 network is
provided by a BEM340 connector module. Connection to the network is by dual medium. This
connection enables the C80–35 cell controller to communicate with the field controllers.
Operating mode: The controller is tested on initialization and operation is monitored by a

watchdog.
C80–35 processing: The C80–35 cell controller provides:
• binary or continuous control function processing in association with any processing

operations performed by the field controllers,
• communications processing,
• operational tests,
• the interface with downloading and test facilities,
• the interface with the unit network,
• controller cycle timetagging of variables used in supervision,
• optional management of cell controller redundancy.
.
5.3.2. ALSPA C80–35 Field Controller
Processing units available: UT350 and UT360 (see below)
F8000 fieldbus interface: The C80–35 controller interface with the F8000 fieldbus is provided
by a BEM340 module. Connection to the network may be by single or dual medium. This
connection enables the C80–35 field controller to communicate with the cell controller.
The processing operations performed by the C80–35 controller are asynchronous relative to
data exchanges with the F8000 fieldbus.
5.3.3. ALSPA C80–35 IHR Field Controller
The IHR (input high resolution) is a dedicated field controller to allow acquisition of logic inputs on
fieldbus for automation purpose simultaneously with a capability of time tagging of events up to 1
ms resolution for integrated SOE reporting.
The ALSPA C80–35 IHR field controller is fitted with a UT360 board and a board interfacing with
the F8000 field network. It provides:
• acquisition of logic inputs (up to maximum 256 logic inputs),
• logic input filtering,
• logic input timetagging at source to one millisecond,
• communication with the F8000 fieldbus.
Hardware time is updated via the F8000 network and synchronized by the acquisition of a logic
input time signal.
.
5.3.4. Controller Features
352 350 360 363 364

CPU
Math processor Yes No No No No
User RAM 246 KB 32 KB 246 KB 246 KB 246 KB
Total RAM 320 KB 320 KB 320 KB 320 KB 320 KB
User flash 256 KB 256 KB 256 KB 256 KB 256 KB
System flash 1 MB 1 MB 1 MB 1 MB 1 MB
WorldFIP module BEM340 BEM340 BEM340 BEM340 BEM340
RAM 512 KB 512 KB 512 KB 512 KB 512 KB
Flash 1 MB 1 MB 1 MB 1 MB 1 MB
Ethernet module EM3 EM3 EM3 EM3 EEM (daughter
board)
RAM 1 MB 1 MB 1 MB 1 MB 1 MB
Flash 1 MB 1 MB 1 MB 1 MB 1 MB
Serial port for local Yes No No Yes No
terminal
.
5.3.5. I/O Modules
The I/O modules available for the ALSPA C80–35 controller are listed in the table which follows:
Type (number of points) Level Module

C80–35
Logic inputs IC693
Logic inputs (8) 125 V DC (Pos/Neg) MDL 632
Logic inputs (8) 24 V DC (common supply) MDL 634
Logic inputs (16) 24 V DC (Pos/Neg) MDL 645
Logic inputs (16) 24 V DC (Pos/Neg–Fast) MDL 646
Logic inputs (32) 5/12 V DC (Pos–Neg) MDL 654
Logic inputs (32) 24 V DC (Pos/Neg–1 ms) MDL 655
Logic inputs (16) 48 V DC (Pos/Neg–Fast) MDL 100
Logic inputs – (8) 120 V AC (no com pt – isolated) MDL 230
Logic inputs – (8) 240 V AC (no com pt – isolated) MDL 231
Logic inputs – (16) 120 V AC (1 common) MDL 240
Logic inputs – (16) 24 V AC or V DC (Pos/Neg) MDL 241
Logic outputs IC693
Logic output (8) 12/24 V DC 2A (Pos) MDL 730
Logic output (8) 12/24 V DC 2A (Neg) MDL 731
Logic output (8) 12/24 V DC 0.5A (Pos) MDL 732
Logic output (8) 12/24 V DC 0.5A (Neg) MDL 733
Logic output (6) 125 V DC (isolated) MDL 734
Logic output (16) 12/24 V DC 0.5A (Neg) MDL 741
Logic output (32) 5/24 V DC (Neg) MDL 752
Logic outputs (12) 120 V AC (0,5 A 1 com./6) MDL 310
Logic outputs (8) 120/240 V AC (1A 1 com./4) MDL 330
Logic outputs (16) 120/240 V AC (0,5 A 1 com./8) MDL 340
Logic outputs (5) 120/240 V AC (2 A no com. pt.) MDL 390
Logic output (8) Relays 24 V to 240 V AC – 24 V / 125 V DC MDL 930
Logic output (8) Relays 5 V to 240 V AC – 24 V / 48 / 125 V DC MDL 931
Logic output (16) Relays 24 V to 240 V AC – 24 V / 125 V DC MDL 940
Combined logic inputs/outputs IC693
Relay inputs (8) and outputs (8) I = 24 V DC, O = 24 V DC –120/240 V AC MDR 390
Relay inputs (8) and outputs (8) I = 120 V AC, O = 24 V DC – 120/240 V AC MAR 590
.
C80–35
Analog inputs IC693
High level input (4) + 10 V ALG 220
High level input (4) 0/20 mA or 4/20 mA ALG 221
High level input (8/16) 0–10 V (16 inputs), +10 V (8 inputs) ALG 222
Analog outputs IC693
Voltage output (2) + 10 V ALG 390
Current output (2) 0/20 mA or 4/20 mA ALG 391
Current output (8) 0/20 mA or 4/20 mA ALG 392
Combined analog inputs/outputs IC693
Analog inputs (4), analog outputs 0 – 10 V, +/– 10 V, 0–20 mA, 4–20 mA ALG 442
(2)
Counter module IC693
Fast counter module 80 kHz APU 300
Smart modules HE693
RTD input (6) Pt, Cu, Ni, Si RTD 660
Thermocouple input (6) J, K, T, R, S, E, B, N, C THM 668
Voltage input (4) + 10 V ADC 410
Current input (4) 0/20 mA or 4/20 mA ADC 420
Thermocouple inputs with 50 Hz J,K,T,R,S,E,B,N,C THM 665
filter (6)
Thermocouple inputs with 60 Hz J,K,T,R,S,E,B,N,C THM 666
filter (6)
RTD inputs with 50 Hz filter (6) Pt,Cu,Ni,Si RTD 665
RTD inputs with 60 Hz filter (6) Pt,Cu,Ni,Si RTD 666
Isolated voltage outputs (1 500 +/– 10 V DC DAC 410
Veff) (4)
Isolated voltage outputs (1 500 4–20 mA or 0–20 mA DAC 420
Veff) (4)
The I/O modules for the ALSPA C80–35 controller are described in the ALSPA 80–35 PLC I/O
Module Specification Manual. This document specifies the limitations of use of the modules for
each type of CPU.
.
5.3.6. P320–TGC cell – modules dedicated to machine control
The modules available for the machine control P320–TGC cell are listed in the table which
follows:
Type Characteristics Module
Speed measurement 2 channels between 0 and 2400Hz ENVI

acquisition module
Digital speed measurement 2 channels 0 thru 20KHz, 0,01% precision, line break detection. STI161
acquisition module
Positioning control module 4–20 mA amplifier to +/– 0,5 A and measurement of differential RAPA
transformer position
Digital positioning module Module dedicated to servo–motor positioning by means of one SPC160
to three 4–20 mA setpoints, cycle time 2 ms, output currents
configurable between –100 / +100 mA (possibility of using an
APUR current amplifier up to 1 A peak).
Generator parameter mea- U ave, U network, Isin, frequency MPA157

surements
Line break and threshold 2 channels check speed sensor and 2 channels monitor the RUSE
surveillance module electrovalve current
Static switch module 1 A / 125 V or 3 A / 48 V ISTA
Digital pulse generator Drives thyristor bridges up to 1,500 A typ. Cycle time 2,5 ms. GENI
module
. INSTALLATION IN CABINET
.
5.4. CE2000 FIELD CONTROLLER
5.4.1. Presentation of the CE2000 Field Controller
The CE2000 field controllers interface with the process and handle local control functions.
They are connected to the C80–75 multi–function controller by a communication bus based on a
WorldFIP critical time network: the F8000 fieldbus.
This network enables the host structure CE2000 to be installed either remotely or in a central
cubicle, depending on the requirements of the project.
In the host structure, a processing unit manages:
• the I/O modules and associated local processing,
• the interface with the other subscribers on the fieldbus and the C80–75 multi–function
controller,
• continuous self–testing to monitor operation.
A complete range of I/O modules covers the

CE2000 - I/O controller requirements of the logical and analog
F8000 F8000
interfaces and Modbus communications.
The modules can be replaced in a

powered-up state without interrupting the
operation of the equipment. They are
connected to the processing units by a fast
Stations
I/O bus.
Logic/analog
I/Os
Modbus
.
The CE2000 field controller can be incorporated to several types of rack differentiated by:
• the power supply mode: power supply integrated into a remote independent rack or
power supply separate and global for 3 racks in the same central cubicle,
• the connection mode:
— remote connection using DIN connectors

— connection integrated by screw terminal: (rear or front face)
The screw terminals allow the connection (depending on the integrated terminal block
model) of wires up to 2.5 mm2 in cross–section.
• the number of slots for I/O modules:

— 16 slots (19” fixing)
— 10 slots (19” flush–mounted rack).
The CE2000 field controller contains a processing unit module which manages the I/O modules,
the preprocessing and local control functions and the F8000 fieldbus exchange functions. The
CPU can be doubled to ensure greater system availability.
The F8000 fieldbus connection enables medium redundancy.
The CE2000 rack is equipped with a backplane distributing internal voltages, process voltage,
and signals between modules.
The illustration below shows a connection rack fixed to the rear of the CE2000 rack to receive the
connection adaptor modules.
CE2000 - I/O controller
Bus connector
Process connection
Front panel
Power supply
connector
I/O connector
.
The diagrams below show the options in respect of the power supply mode and type of mounting,
and in each case specify the number of slots available for the I/O modules.
CE2000 - Centralized rack (standard)

Integrated power supply
19 " 19 "
16 slots 16 slots
Rear-mounted Remote
terminal block terminal block
CE2000 - Centralized rack (option)

External power supply
19 " 19 "
1616slots
slots 16 slots
Rear-mounted Remote
terminal block terminal block
CE2000 - Decentralized rack

Integrated power supply
19 " 19 "
1616slots
slots 16 slots 10 slots
19 "
Rear-mounted/ Remote
Front-mounted terminal
remote terminal
terminal block block
block
.
5.4.2. Functions performed by the CE2000 Controller
The UT150 processing unit module can be dual. Each module is located at one end of the
CE2000 rack.
The UT150 processing unit of the CE2000 field controller manages:
• The interface with the F8000 fieldbus
The interface with the F8000 fieldbus enables the CE2000 CPU to exchange data with
the C80–75 multi–function controller. The UT150 is a slave subscriber to the network.
• The interface with the inter–module bus
The UT150 utilizes the inter–module bus to communicate with the I/O interfaces and to
ensure the redundancy of the system if necessary.
The UT150 processing unit of the CE2000 controller performs the following functions:
• Acquisition of logic inputs
The UT150 acquires the current state of the process inputs at each scan cycle. The CPU
produces valid states on the basis of the current states and the filtering mode. These
states and their validants are transmitted cyclically on the F8000 fieldbus for the use of
the control function.
• Filtering
The filtering of the logic inputs consists in only validating a state which remains stable
over a given period. If during n I/O scan cycles, the current state of a logic input has not
varied, the state is confirmed. The value of n is chosen for the application as 1 v n v 10.
• Detection of state changes and timetagging
On the basis of the valid states produced by the previous function, the UT150 detects the
state changes, timetags them and groups them in a table. The unit of time used for
timetagging is the scan cycle (1, 2, 5 or 10 ms) defined during configuration. On each
F8000 cycle, a table of timetagged events is transmitted to the C80–75 multi–function
controller for supervision purposes.
• Processing of chattering variables
This processing function consists of invalidating an input when the number of state
changes exceeds a value X during a time period T. X and T are parametered per module.
The input becomes valid again after it returns to a stable state.
.
• Logic output processing
On reception of logic outputs from the C80–75 multi–function controller, the UT150 runs
a logic output program. This ensures that the logic outputs from the modules match the
outputs transmitted by the F8000 fieldbus. The UT150 rereads these outputs
immediately to check they have been correctly set. The frequency of flashing in static
flashing outputs can be set at either slow or fast.
• Acquisition of analog inputs
Analog inputs are acquired cyclically. The acquisition rate is fixed globally for each class
of variables: 50 ms for high level measurements, 250 ms for temperature
measurements. The UT150 module synchronizes the acquisitions with the cycles of the
F8000 fieldbus.
• Analog output processing
After reception via the F8000 fieldbus of the analog outputs to be transmitted, the UT150
runs an output program similar to that for the logic outputs.
• Transmission and reception on the F8000 fieldbus
The UT150 handles the functions of communication with the F8000 fieldbus. Logic and
analog variables and their validants are transmitted periodically on the F8000 fieldbus for
purposes of application processing in the C80–75 multi–function controller and for
exchanges with the other controllers on the cell network. In the same way, the UT150
periodically processes the logic and analog outputs originating from the F8000 fieldbus.
These periodic exchanges are supplemented by the transmission of timetagged event
messages for supervision purposes.
• Time synchronization
CE2000 controller time is set by transmission of correct time over the F8000 fieldbus and
hard wired synchronization of a time signal on the UT150 in the event that precision
greater than10 ms is required. This mechanism guarantees the same time reference for
state changes occurring in different CE2000 controllers. UT150 processing operations
are performed in synchronization with the F8000 fieldbus and the tasks of the C80–75
multi–function controller.
• Redundancy management (see Chapter 10).
• Fault management
In the UT150, the maintenance function signals the state and any malfunctions of the
CE2000 to the application program, and supplies a detailed analysis of the malfunctions
to the observation and CONTROCAD P maintenance tool via the C80–75 multi–function
controller.
• Operating modes
In the event of a malfunction in the C80–75 multi–function controller, the CE2000

controller is capable of operating autonomously as regards local control functions and
exchanges between CE2000 controllers.
.
• Forcing
The UT150 will ”force” process inputs on the basis of commands received from the
observation and maintenance tool CONTROCAD P.
• Operational tests
The UT150 performs both initialization tests and continuous electronic tests. The
processing unit activates a security signal (independently of the I/O bus) permitting the
process outputs to be set to a fail–safe state (relays de–energized).
• Test of the I/O modules
The UT150 tests the I/O modules in operation: presence of the modules, integrity of the
configuration, control of the I/O bus, presence of the process voltage, control of the logic
I/O modules. Analog modules are tested by their own controllers. The description of
these control functions is downloaded via the cell networks and saved by the UT150 in
the battery–backed RAM.
• Processing of local control functions
The UT150 processes the local control functions (structured in block language). The
standard cycle for execution of binary control functions is parametrable: 10, 20, 50 and
100 ms.
5.4.3. Overall UT150 Specifications
• Motorola 68040 32 bit processor
• Program memory – Flash 4 MB,
• Configuration data memory 2 MB,
• Battery–backed memory SRAM 512 KB,
• Data memory 4 MB.
Note: the safety qualified version (Veritas) of the CE2000 CPU is the UT129 module.
.
5.4.4. Interface Modules
Each CE2000 controller can contain up to16 logic and/or analog I/O modules (10 modules for the
19” flush–mounted rack). Each slot is non–dedicated and can receive either logic or analog I/O
modules.
The I/O modules all have the same general design organized around two zones electrically
isolated from each other:
• a ”low level” zone comprising:

— an inter–module bus connector
— a circuit interfacing with the inter–module bus
— a register containing the ID tag and version number of the module
— circuits enabling the interface components to be written/read,
• a ”high level” zone comprising:

— a process connector
— a connector designed for distribution of voltages
— elements of protection and adaptation for the interface components
— different interface components ensuring the electrical isolation of the two zones.
ÉÉ
INTERFACE BUS
BOARD ID
ÉÉ INTER-MODULE
LOW LEVEL ÉÉ CONNECTOR
ÉÉ
ÉÉ
& PROTECTION
HIGH LEVEL
DISTRIBUTION
POWER SUPPLY
CONNECTOR
ÉÉ
ADAPTATION
ÉÉ PROCESS
ÉÉ
CONNECTOR
All the I/O modules are designed with electrical isolation between the internal electronics and the
process.
The modules are tested in operation and can be repaired without powering off the rack and
without disturbing the operation of the other modules. When a module is extracted, the data
associated to it is automatically invalidated.
Since distribution of the process voltages is integrated, the modules can be connected directly
without wiring to the intermediate terminal block.
.
Logic I/O modules are equipped with an EMI filter enabling their utilization in a disturbance prone
environment without shielded cables (within the limit of the resistance specified by IEC level 3
standards).
Analog modules are tested and self–calibrated thus eliminating the need for periodic adjustment
and verification, and consequent operations on the equipment.
The processing performed on thermocouples permits all cold junction compensation

arrangements and reduces wiring costs:
• cold junction compensation on the input module itself,
• compensation by temperature correction from a remote temperature controlled cold

junction unit,
• compensation by temperature correction from an isothermal remote cold junction unit

whose temperature is measured.
In this case, the signal necessary for compensation is selected by software. The
compensation value is distributed by the communication networks, with no necessity for
hard–wired signals.
.
The interface modules available for the CE2000 controller are shown in the table below:

Logic input (16) 48 VDC (common supply) with 0/1 input tests, LE108A–1
guaranteed 10 mA readout current (neg. input)
Logic input (16) 125 VDC (common supply) with 0/1 input tests LE108A–2
(neg. input)
Logic input (16) 24 VDC (common supply) with 0/1 input tests (neg. LE108A–3
input)
Logic input (32) 48 VDC (4 groups of 8, pos/neg. input) LE109A–1
Logic input (32) 24 VDC (4 groups of 8, pos/neg. input) LE109A–2
Logic input (24) 48 VDC (channel isolation – pos/neg. input) LE111–1
Logic input (24) 125 VDC (channel isolation– pos/neg. input) LE111–2
Logic input (24) 24 VDC (channel isolation– pos/neg. input) LE111–3
Logic actuator input/output 24 VDC (common supply) with wiring check pos. LS108–1
(20 I /10 O) input/ neg. output
Logic actuator input/output 48 VDC (common supply) with wiring check pos. LS108–2
(20 I /10 O) input/ neg. output
Logic output (16) 48 VDC (powered contact – neg. output) LC105
Logic output (16) 48 VDC (powered contact – pos. output) LC105A–1
Logic output (16) 42 VDC (powered contact – pos. output) LC105A–2
Logic output (16) 24/48 VDC (non powered contact –neg.output) LC106–1
Logic output (16) 125 VDC (non powered contact –neg.output LC106–2
Logic output (16) 48 VDC (static switching, powered –neg.output) LD106
Low level / thermocouple input (8) J, K, T, R, S, E, B, N –10 mV to + 100 mV AB120
RTD input (8) 100 ohms AB121
High level input (8) 0/ +5 V + 1/+ 5 V 0/+ 10 V AH115
0/20 mA or 4/20 mA
High level input (8) 0/1 V 0/0.5 V 0.1/0.5 V AH116–1
High level input (8) 0/5 V 1/5 V 0/10 V 0/20 mA 4/20 mA AH116–2
(channel isolation)
Analog output (8) 0/20 mA or 4/20 mA (48 V DC) AS111–1
Analog output (8) 0/20 mA or 4/20 mA (24 V DC) AS111–2
Analog actuator output (2) 0/20 mA or 4/20 mA AS112
Modbus link 4 Modbus links IR139–1
The interface modules are detailed in the Technical Data Sheet Manual.
.
The main functions of these modules are as follows:
• all the logic acquisition modules provide timetagging on the basis of 1 ms with the
exception of the LS 108 module (2 ms).
• The LS108 modules provide wiring integrity checks and static sensor acquisitions
(proximity detectors).
• The AH115 and AH116 modules can be customized channel by channel for voltage
inputs (0 to +5V; +1V to + 5 V ; 0 V to + 10 V) or current inputs (0 to 20 mA ; 4 to 20 mA).
• The AS112 module is an analog output module (4/20 mA) which is used to interface two
control actuators. It also possesses an isolated serial link enabling the connection of
manual command stations and/or setpoint stations (up to 4 stations). This module can be
used in a dual–redundant configuration.
• The IR139–1 module is used to implement Modbus links (RS232 or RS485) between the
master CE2000 I/O controller and external slave equipment. An automation cell can host
several IR139–1 modules, up to a total of 63 Modbus subscribers per cell. One IR139–1
module can run up to 4 Modbus links. Each link supports a maximum of 32 subscribers.
Transmission speed is parametered by link and ranges from 300 to 19,200 bauds.
However, the sum of the speeds of the four links from an IR139–1 Module is limited to a
total of 19 200 bauds.
Serial links are connected to the front panel. An additional isolation module is
recommended.
• The input–output modules utilize a dual power supply:
— power supply for the electronic portion of the module which is taken from the
backplane bus of the CE2000 I/O controller;
— process power supply to power the sensors and the actuators (except AS112,
LC106 and LE109 modules). This power supply can be distributed either by the
backplane bus of the CE2000 I/O controller (up to 10 A per CE2000 I/O controller),
or by direct connection to the I/O module (except LS108 module).
In the case of the LE109 module, the process power supply is external and
connection must be provided via the process connector.
In the case of the LS108 and AS112 modules, the process power supply is provided
by the backplane bus.
• The following modules are provided with channel isolation; LE111, LC106, AH116 and
AS112.
.
5.4.5. I/O Power Supply
Two power supply arrangements are available:
• Integrated power supply (standard): power is provided by one or two switch–mode power
supplies integrated to the racks. These power supplies deliver isolated 5V–10A and
12V–4A and are available in 120/230 V AC and 24/48/125 V DC.
Each power supply can be doubled to increase the availability of the unit. In this case,
power supplies of the same type are placed in parallel by means of a diode bridge which
ensures the availability of the internal power supplies in the event of the loss of one of the
power supplies.
Each power supply generates a voltage signal which is used to monitor correct
operation. In addition, the 5 V supplies generate a signal which enables primary power
cuts to be anticipated.
• Centralized power supply (option): the power supply for the CE2000 racks can be
provided by two switch–mode power supplies with the following characteristics :
— Input V /5 V convertor at 30 A,
— Input V/12 V convertor at 12 A,
where input V = 230 V AC or 120 V AC (50 or 60 Hz).
These power supplies are installed in a rack and the power is distributed to the I/O racks
via flat cables connected to the backplane.
.
5.4.6. AS112 Control Actuator Command Module and Associated Stations
The AS112 module is used to command two valve or electro–pneumatic servomotor type control
actuators by means of a current signal.
The module is equipped with an isolated serial link which is used for connections to the manual
command stations and setpoint stations.
Manual command Manual setpoint

stations stations
RCM RCM RPC RPC

+ 85.7 + 85.7 + 350.8 + 350.8
% % % %
100 100
80 80
+10 +10
60 60 +5 +5
40 + 40 + 0 + 0 +
-5 -5
20 20
0 - 0 - -10
- -10
-
Interface
module
Actuator 1
Actuator 2
AS 112 Module operation
The module enables the actuator to be adjusted manually in the event of a higher level
malfunction.
Control availability is further increased by the possibility of doubling up the AS112 module
(redundancy).
AS112 actuator command management consists in:
• processing the commands issued by the controller,
• positioning analog outputs cyclically,
• checking the correct execution of the outputs,
• enabling smooth switchover to manual mode,
• detecting open lines.
The AS 112 module also provides an interface between conventional setpoint stations and the
C80–75 multi–function controller.
The two outputs are processed separately and are isolated from each other.
.
RCM Station
RCM
The RCM command station performs three main
+ 85.7
functions:
% D manual positioning of control loop actuators,
100
D switching actuator control from auto mode to
80 manual mode,
D bias on the output signal
60
40 + The station enables both high and low speed
actuator positioning.
20
0 - The changes from auto to manual mode take place
smoothly.
All hardware malfunctions are indicated on the front

panel of the station.
RPC Station
RPC
The (RPC) setpoint station performs two main
+ 350.8
functions:
D adjustment of the loop setpoint value with
%
indication of the setpoint and of the measurement,
+10 D command for switchover to ”manual setpoint” or
”auto setpoint ” mode.
+5
Two speeds are available in "manual setpoint" mode.
0 + The change from "auto setpoint" to "manual
setpoint" takes place smoothly.
-5
-10 -
.
5.5. SMART INSTRUMENTATION CONNECTION BOX (DI80)
The development of instrument, analyzer and

DI80 valve technology is leading to a migration
towards “smart” devices based on the use of
microprocessors.
Hart technology analog instruments deliver 2

signals: a 4 ---20 mA signal, and a
superimposed digital signal at a frequency
which does not affect the measurement. This
digital signal carries a wide range of data
internal to the instrument.
The DI80 is connected to the C80--75 or C80--35 multi--function controller by a F8000 fieldbus.
The instrument is set remotely by the Hart protocol using a portable terminal or centralized
multiplexed software, Fisher Rosemount AMS instrument management and preventive
maintenance software (consult ALSTOM Power).
The wiring is the same as that used with analog instruments, an interesting feature when
replacing older sensors.
It is thus possible to combine traditional analog sensors and digital sensors.
A locally installed DI80 connection box can be used to connect up to 8 smart instruments and the
sensor power supplies.
Two types of DI80 unit are available:
· acquisition of 8 4--20 mA inputs and associated Hart interface,
· acquisition of 6 4--20 mA inputs, generation of 2 4--20 mA outputs and associated Hart

interface,
The DI80 connection box powers the 4--20 mA line (and the associated sensor), converts the
4--20 mA signal (inverse conversion for command outputs) and encapsulates the command
signal exchanged with the control functions in the deterministic traffic on the F8000 fieldbus. The
Hart messaging is superimposed on the F8000 traffic and is decoded by the AMS software.
.
P---TP20 ---A40543 E C REV C
5.6. DIGITAL ELECTRICAL PROTECTION -- DI103 CONNECTION BOX
The integration of electrical protection

DI103 functions into systems supervising electricity
distribution and substations has led to their
being connected on the F8000 fieldbus which
links the cells in the ES configuration. This
solution implements the IEC 870 ---5 profile
103 protocol, specialized in digital protection
interfaces.
This allows multi---vendor protections using

this protocol to be used without the system
having to be modified.
The DI103 is connected to the C80--75 or C80--35 multi--function controller by a F8000 fieldbus.
The protection relays are connected by using the DI103 connection box to interface between the
IEC 870--5 (CS--103) serial links of the protection relays and the F8000 bus.
This connection enables:
· access to internal relay data for supervision purposes (logic data and measurements),
· exchange of non time critical data between the automation cell and the protection relays
(configuration of operating choice, e.g. automatic serial reset or not, etc.).
Protections are connected by means of an RS 485 link with a capacity of 9.6 ou 19.2 kb/s. Fiber
optic options are provided for by the addition of a fiber optic connector rack enabling up to 4 wired
connections.
One DI103 connection box can manage up to 4 protections and requires supply voltages of 48 V
DC or 125 V DC.
A special link between protection relays and the associated configuration and observation
software of each relay (including where necessary disturbance processing integrated to the
relay) allows debugging and observation from a central station (which may be incorporated to a
supervision or engineering station).
Fast trip links are directly wired from the protection relay.
.
P---TP20 ---A40543 E C REV C
5.7. MV/LV ACTUATOR CONTROLLER
ES configuration automation cells can be

Actuator controller connected to MV/LV draw---out chassis fitted
with ”Gemstart” digital actuator controllers
(consult ALSTOM Power).
The single actuator controller (Gemstart single start motor command) is connected to the
C80--75 or C80--35 multi--function controller by a F8000 fieldbus.
It enables each drawer to be connected to the relevant automation cell for:
· the start motor command from the cell controllers,
· the acquisition of timetagged data ( to ? 10 ms) regarding the motor startup state,
· the acquisition of electrical measurements associated to motor startup.
The local unit handles local disturbance processing, electrical protection and commands.
This solution offers multiple advantages:
· significant reduction in wiring,
· centralized tuning of electrical protection and tuning tracability,
· improved monitoring of motors enabling preventive maintenance.
A special link to each panel provides a connection with the Gemstart drawer observation and
tuning software.
.
P---TP20 ---A40543 E C REV C
5.8. LOCAL COMMAND TERMINAL (LOCAL MACHINE CONTROL BY
PC)
Local command terminals can be connected

Local terminal to the ALSPA P320 system.
These terminals consist of a specially packaged PC.
The terminal is miniaturized and can be assembled to the front end of a local housing or panel.
The terminal is configured by a software tool associated to the terminal.
The command terminal can be connected to the C80--75 and C80--35 controllers and used for
local control of machines managed by the controller.
.
P---TP20 ---A40543 E C REV C
5.9. UNIT NETWORK GATEWAY (CSS---F)
The purpose of the CSS--F gateway is to provide a specific interface between the unit network
and multi--vendor equipment communicating by serial link or by Ethernet using a protocol which
does not implement the standards used for the ALSPA P320 system.
The gateway is based on a PC running the Windows--NT environment.
It provides the interface between supervisory system (Centralog) and the other controllers
connected to the same unit network (consult ALSTOM Power).
5.10. PACKAGING (CUBICLES)
Different types of packaging are available depending on the requirements of the application:
· bare chassis for integration into existing cubicles,
· cubicles for air conditioned or ventilated premises (relay room) or decentralized

buildings (dust--free areas). These cubicles can accommodate 4 racks as standard
installation.
· local cubicles for remote devices. Cubicles can be supplied with air conditioners to
provide suitable ambient conditions in terms of temperature, dust and humidity.
In respect of control functions, the C80--75, CE2000 and Hart Fip connection devices are
packaged to meet IEC level 3 EMI standards with regard to both the bare chassis and the cubicle
versions. For other products, the stipulations concerning housings and connections must be
complied with to ensure the performance levels specified in the reference standards.
.
P---TP20 ---A40543 E C REV C
6. Engineering Functions - CONTROCAD
The documentation and data production software integrated into the ALSPA P320 system
supports all the services involved in the implementation of control and supervision for the project.
The Controcad Engineering Suite

The Controcad engineering suite provides the resources required to design Control and
Supervision applications on the basis of information provided by the partners in the project, and
to produce the associated design documentation (process schematics, calculations and
man–machine interfaces, connections, configuration of the communication networks, etc.). The
application is structured to match the division of the process into operative units (or elementary
systems). Controcad is object–oriented for a better reuse of standard plant devices.
Within each operative unit, the associated schemes are divided into sub–sets in accordance with
the hierarchical organization of the control functions:
• actuator control, implemented on the basis of libraries associated to the process control
blocks; these libraries determine both the behavior of the control function and the
behavior of the associated man–machine interface; these libraries utilize either standard
elements provided by ALSTOM Power or can be adapted to meet special requirements
(open control function object approach),
• control of interlocks, protections, production of alarm signals,
• sequential control,
• control of control loop block structure using a standard operator library; the system also
allows the creation of specific blocks and the implementation of advanced control loops
(control loops with associated models, thermodynamic or hydro–electric variable
calculation blocks, RST digital control loops, generation of injection signals for process
identification purposes, etc.).
Controcad manages process variables using symbolic representation: each variable is identified
according to the coding standard used for the site (EDF, KKS, IEEE, etc.) supplemented by
system data symbols. The system checks the consistency and the uniqueness of each variable.
Graphic description languages and structures comply with IEC 1131.3. standard
recommendations.
On the basis of schematic diagrams and mimic view descriptions, Controcad automatically
generates the programs to be installed by the appropriate software tools on each of the system
hardware blocks (Controbloc for control functions and Centralog for supervision and
management).
.
6.1. CONTROCAD – POWERFUL ENGINEERING SUPPORT
The Controcad software implements a design methodology based on the utilization of

application standards. Controcad guarantees consistency of design for each individual site,
secure software operation (proven standards) and optimum performance readings.
Controcad can interface with data sourced from project partners with respect to the operation of
the plant (alarms, labels, etc.) and the characteristics of sensors and actuators transmitted by
software means by project partners.
CONTROCAD guarantees high quality production and maintenance of applications and

integrates automatic on–board project documentation and the management of application
program versions.
Database
Server Documentation
Users +
access rights
Client stations
CENTRALOG
ÎÎ
Cell controller
Field controllers
CONTROSET
Automation cell
CONTROCAD is present in all the production phases of the project:
• in the design office for the implementation of the control and supervision system and the
production of documentation,
• on site for the implementation of the system and the generation of ”as built” files and for
maintenance applications.
.
CONTROCAD – Powerful Engineering Support
Consistency
The Controcad software is based on an open relational database guaranteeing the consistency
of data on the site.
The Controcad software also provides the maximum degree of control over syntactic
consistency from the data input phase, in order to avoid the necessity of inserting modifications
during final compilation before downloading, which is both time consuming and costly.
Ease of use
Control function diagrams and control and supervision mimics are designed using simple
graphic editors providing on–line help and effective on–screen editing functions (copy, search,
delete, zoom, move, multi–windows, cross references, etc.). These functions facilitate the
consultation of pages on screen.
Controcad handles the automatic division into worksheets, automatic management of

references between worksheets, the problem of cross references and multi–page management
facilites.
The hardware utilized offers a high resolution graphic interface providing user–friendly facilities.
Configurability
Controcad integrates configuration tools which can be used to define the project language
(English, French, Spanish), the document format or special control function element
representations or animations, and to parameter the identification system (IEEE, KKS, EDF,
etc.).
Malfunction analysis
CONTROCAD users benefit from fault analysis mechanisms which are used to identify any
inconsistency or incompleteness in the implementation of the system.
Automatic documentation
At any stage, the user can access high quality design or maintenance documentation. This
documentation, which can be printed out either partially or in its entirety, corresponds precisely to
the applications executed in the system.
Management of changes
Changes are managed by means of logs which record application updates and index numbers
which identify the different application versions.
.
CONTROCAD – Powerful Engineering Support
Backup
Controcad is provided with utilities enabling data to be stored and retrieved locally on disk or on
other external media.
Flexibility
The Controcad software, based on a client/server architecture, permits several different modes
of use:
• utilization in the engineering design office:

— multi–user: several persons or groups share the development of a project,
— multi–site: several teams can share development work and testing, on different
sites, linked to the same server via the internal telecommunications networks of the
corporations involved,
— multi–project: the standard libraries provided enable the management of several
projects and the recovery of existing schematic diagrams or standards.
• utilization on site:
— multi–user during the commissioning phase and single user in operation,

— single site,
— single project (that on the site in question).
Security of access
Controcad software ensures secure access by the control of privileges hierarchically organized
into user categories :
• ”configurator”: gives access to the creation and selection of elements in libraries for the
purpose of configuring the standards of a project in the design office,
• ”control engineer” user : permits the creation and modification of schematic diagrams,
data and mimic formats from the library predefined by the ”configurator” (this mode of
management is used in the design office and on site),
• ”consultant”: enables consultation of schematic diagrams, of data and of mimic views

relative to a project as it advances. Authorizes delivery of engineering documentation by
software means.
.
CONTROCAD
Design office configuration
ÎÎ
Test
Workstations/PCs platform
ÎÎ ÎÎ
Data (engineer
server access)
LAN/WAN
Configuration of Consultant
(electronic document
multi–project
ÎÎ
transmission)
multi–user
ÎÎ
libraries
SITE CONFIGURATION
Configurator
PC/UniWin NT Library configuration
Project management
Engineer
Diagrams and
man/machine interfaces
Consultant
Download Read only
.
6.2. CONTROCAD – ENGINEERING SUITE
The ALSPA P320 CONTROCAD engineering tool is designed to meet quality standards
required for the production and maintenance of Control and Supervision applications.
The CONTROCAD engineering workshop consists of a series of modules organized in an

unique consistent environment built around the CONTROCAD server integrating the central
ORACLE relational database for the engineering modules and a navigator affording access to
the other modules (single window).
• the CONTROCAD–C module is used to design the Controbloc binary and continuous
control functions on the basis of generic object models; in addition, the module can be
used for automatic program generation, document production and control function
observation,
• the CONTROCAD–R module is used for the description of cabling.
• the CONTROCAD–S module is used to describe internal CENTRALOG processing

functions and application mimic views, and to download data to the Centralog stations.
• The CONTROCAD–P module is used to describe control function devices, unit and field
networks, I/Os, and to download programs into the controllers via the unit network.
.
CONTROCAD – Engineering suite
Navigation
Controcad organizes its engineering activities in the form of trees representing the principal
functions, which can be accessed either vertically or transversely by descending through the
branches to reach the simplest elements. This tree structure is the basic means of navigating
within the application.
The main screen comprises 3 zones which are used to select and copy elements easily from the
libraries for customization purposes.
• the navigation zone with tabs to access the different tree structures,
• the main working zone which, depending on the type of element selected in the
navigation zone, contains either the control block diagram editor, the supervision data
editor or a mimic display directory,
• the grid used to create, update and consult variables on–line.
Navigation
Supervision
Main working zone:
Functional Block diagram editor or
architecture supervision data editor or
Hardware mimic directory
architecture
Configuration
Tabs to trees
Variable grid
.
Access to
diagram editor
Access to
Access to Variable
variables
variables assignment
Navigation between diagrams & variables
Group editor:
bargraphs,
curves etc.
201POH CDE ONDV PP RECIRC 2
201PO1 CR PP RECIRC 2
201PO1E CR PP RECIRC 2
201PO1V CR PP RECIRC 2 (VALD)
201PO1T CR PP RECIRC 2 (VA TR)
Assignment of
variables to
groups by drag &
drop
Further variable
Access to definition
variables
Supervision data navigation
.
Display Selection
mimic & access to
component graphic
directory and editor
preview
Supervision mimic navigation
.
6.3. CONTROCAD–C – CONTROL FUNCTION MODULE
The CONTROCAD–C control engineer user module is used to produce binary and continuous
control block diagrams, to describe control function variables, to produce documentation and to
generate the controller code.
Production of binary and continuous control diagrams:

Binary and continuous control functions are designed graphically by combining
logical or analog operators with standard control functions in the form of ”black
boxes”.
The executable code in the controllers is produced automatically on the basis of the
graphic description of the control functions.
The graphic block editor is presented in the form of one or more multi–windowed
working zones, icon bars used to configure standard editing functions (copy, paste,
zoom, etc.) and control function configuration functions (connection, edit variables,
etc.).
The configuration editor is used to input or modify processing functions and to check
the consistency of data used for control and supervision purposes.
Creation and characterization of control data:
Data is created and characterized by means of dynamic input windows
super–imposed over control function diagrams. Data is configured by identifying the
variables manipulated (name, comment, etc.), and by characterizing them (alarm,
scale, etc.).
CONTROCAD–C also allows data characteristics to be imported via text format
files, originating from other tools.
Modifications are recorded in a modification log.
CONTROCAD–C enables all alphanumeric data to be output to a printer or to any
other utility.
Generation of project documentation:
CONTROCAD–C generates the documentation associated to the applications (with
page numbers, indexed contents page, cross references, etc.).
.
CONTROCAD–C – Control Function Module
On–line observation
Diagram editor
.
CONTROCAD–C – Control Function Module
The CONTROCAD–C configurator module is used to create control block libraries and data
creation models in order to facilitate the creation of control functions and database inputs in the
user module.
Control blocks are standard control functions presented in the form of black boxes. The graphic
representation of these boxes can be configured, as can the nature of the relevant control
function, which is written in language which can be understood by the controller. Variable ID tag
rules can be included in the control block parameters.
Data creation models enable control function objects and their characteristics (scale, alarm,
etc.) to be created automatically.
Example of a data creation model:
LV contactor motor
Characteristics
Identification of data Comment Type Alarm level
(Motor) E Start command Telecommand
(Motor) D Malfunction Telesignal 2
(Motor) 1 Motor state Contact input 0
.
6.4. CONTROCAD–S – CONTROL ROOM MODULE
SUPERVISION MIMICS
CONTROCAD–S is the CENTRALOG mimic configuration tool. Like CONTROCAD–C, it is

based on standard animation functions managed in a library (configurator module) and utilized
for the creation of mimic views (user module).
Mimic User Module
The mimic editor is a development of the DATAVIEWS graphic software package and is used to
perform the following operations :
Design of mimic views:

Mimics are designed using a combination of fixed frames and dynamic blocks.
The mimics are linked to the data by associating an animated block to a variable.
Variation in the value of this variable generates the various animations.
Document production:
The documentation produced includes a compilation of mimics together with the
data references with which each element is linked.
Mimic Configurator Module
Animated blocks are created by describing the different representations of a symbol (shape,
color, flashing, etc.) associated to a numerical value. The numerical value is supplied by the
variable with which the animated mimic element is linked. Animated blocks are managed in
graphic libraries.
.
.
CONTROCAD–S – Control Room Module
SUPERVISION DATA
CONTROCAD–S is responsible for configuring the CENTRALOG architecture, operating

functions and control blocks, and for the description of internal CENTRALOG calculations.
Configuration of the CENTRALOG database:

CONTROCAD–S is used to characterize the data used to supervise the control
functions.
Configuration of CENTRALOG architecture:
CENTRALOG architecture is configured by using CONTROCAD–S to declare the
communications networks implemented, and the subscribers connected to these
networks (controllers, operator stations, gateways, etc.).
Configuration of CENTRALOG operating functions:
The following CENTRALOG operating functions are customized by the
CONTROCAD–S tool: groups (y=f(t) curves, y=f(x) curves, schedules, bargraphs,
etc.), logs, reference charts.
Configuration of CENTRALOG control blocks:
A control block corresponds to a CENTRALOG control window, to which the
variables exchanged with the controllers are associated (TCs, TVC setpoint
instructions, TS logic variables, TM, analog variables, etc.).
Control blocks are configured by assigning the relevant control variables, the type of
window and the type of algorithm to be be applied.
Configuration of CENTRALOG internal calculations:
CENTRALOG internal calculations are described in the form of literal equations
using data acquired from the process.
.
CONTROCAD–S – Control Room Module
CONTROCAD–S/CCC
CCC software runs on one of the Centralog workstations. It is used to download data produced
by Controcad to the other Centralog stations. It also enables specific and standard Centralog
programs to be loaded and can be used for observation purposes during second level
maintenance operations.
CCC software incorporates the MSNV (Management of Supervisory New Versions) function
which enables program and data modifications to be loaded on–line using Centralog
redundancy.
.
6.5. CONTROCAD–P – CELL MANAGEMENT MODULE
Controcad–P is structured in accordance with IEC 1131.3, and uses Controcad data to produce
the code used by the automation cells (Controbloc). It is used for the description of the
configuration, and the hardware startup and shut–down procedures. It also supervises the
downloading of the cell devices (C80–75, C80–35, CE2000).
Controcad–P is used for the elementary observation of cell variables and supplies detailed cell
malfunction data. It also is used to tune parameters and to force inputs/outputs.
6.6. CONTROCAD–R – CONNECTION MODULE
The Controcad–R module is used to manage control function wiring. Automatically, or with
assistance, the module generates the cables required to implement the links between the device
terminal blocks (automation cell cabinets, intermediate equipment, motors, valves etc.).
Cables are generated from a list of the connections between devices. This list is obtained by
using models whose cable route is defined and characterized by the user from the inlet device to
the final device on the cable.
Depending on the project, the signals transported by these cables are either input directly by the
user or recovered from Controcad–C control function studies.
Controcad–R comprises the following steps:
• input of the standard project configuration data, such as the type of cable used,
• input of project specific configuration data, such as the hardware elements and the
signals to be cabled,
• input of the terminal block and device terminal update algorithm and automatic
generation of cables on the basis on cabling rules,
• generation of cabling or cable servicing documents.
.
Controcad R – choice of working context
Controcad R – Instantiation of a signal module or connection model
.
Controcad R – Consultation of cable use
.
6.7. CONTROCAD – METHODOLOGY
On the basis of an analysis of the process and in accordance with control and supervision
principals, the CONTROCAD design methodology can be divided into the following phases:
• determination of the hierarchy and the structure of mimic views and control functions in
accordance with the control levels required,
• analysis and design of basic control function entities (control diagram types) and mimic
entities (symbols)
• graphical design of the control functions on the basis of diagram types in order to develop
the process control diagram. This phase also includes the input and characterization of
the control and supervision system data (sensors, actuators, operator commands, etc.).
• design of mimics based on standard fixed or dynamic symbols to develop the graphic
process control and supervision interface.
TECHNICAL
PROCESS DIAGRAM
SPECIFICATION
OPERATING
OF PROJECT
INSTRUCTIONS
CONTROL/SUPERVISION
LIST OF SENSORS AND
ACTUATORS
GENERAL ORGANIZATION
STANDARD PROJECT
ENTITIES
DESIGN OF LOGIC DESIGN OF

& CLOSED LOOP CONTROL &
CONTROL FUNCTIONS SUPERVISION MIMICS
.
CONTROCAD – Methodology
The standard control and supervision functions are used to define parts of the process (control
function objects) in terms of the different aspects (or facets) of process behavior, animation, etc.
A control function object is the generic description (for the purposes of a project or an area of
activity) of a set of processing operations executed by both the control and supervisory systems.
A model enabling the instantiation of repetitive elements is developed on the basis of a functional
block (function box or ”POU” in accordance with IEC 1131–3, to execute the operation), an icon
descriptor (for CONTROCAD and for supervision purposes) and the data manipulated by the
supervisory system.
These elements are linked by the CONTROCAD relational database. The procedure is open, ie.
it allows the creation of objects tailored to the customer’s standards.
Aspects of control engineering
Standard control Process Functional Standard

MMI types data groups functional blocks
windows
Composition of Technical alarm Command Connections

mimics sheets
I/O
wiring
.
CONTROCAD – Methodology
Facets of control engineering and

objects
Surveillance and maintenance
(logs, historical records, etc.)
Process Immediate command and
supervision interface
object
Settings (time–outs,
parameters, etc.) Command and protection
control function
Simulation of operational por- Configuration of I/Os and

tion for trials connection
Link
Control and supervisory

system data
.
6.8. CONTROCAD – ELEMENTARY OPERATOR LIBRARIES
Functions Functions
Library of standard logical operators
Logical AND Time–out on reset
Logical OR Time–out on reset
Exclusive OR Enable/disable memory
Logical NOR Transfer operator
Pulse on excitation Logical AND on words
Pulse on de–excitation Logical OR on words
Monostable on excitation Exclusive OR on words
Monostable on de–excitation Logical NOR on words
Library of standard control loop operators
Integrator Function generator
HL/LL analog input adaptor Logic inversion
Advance – delay Pulse
Analog output adaptor Logarithm
Temperature input adaptor Limiter
Low comparator Logic memory
Counter – Discounter Logical NOR
High comparator Exclusive OR
Logic command Logical OR
Numerical command High–pass filter
Analog command output PID controller
Type conversion Product
Z corrector Quotient
Deviation Square root
Integer–real conversion Real–integer conversion
Logical AND Ramp
Exponential Delay
Exponential filter Setpoint station management
Logic forcing Setpoint station management
Numerical forcing Command station management
Truncated filter Logic timed out
.
6.9. CONTROCAD – PRINCIPAL STANDARD FUNCTION BOXES
Command and signaling circuit breaker 5 criteria sequence steps

2–way contact motor 12 criteria sequence steps
2–speed contact motor Additional group step criteria 16 to 31
LVA contact Additional group step criteria 32 to 47
LVA motor contact with unballasting Additional group step criteria 47 to 63

HVA contact motor Additional group sequence criteria 16 to
31
LVA circuit breaker motor Additional group sequence criteria 32 to
47
HVA circuit breaker motor Additional group sequence criteria 47 to
63
Motorized valve Two actuator backup
Motorized valve with block Three actuator backup
Bistable electro–valve Group or subgroup signaling
Monostable electrovalve with closed Sequencer
excitation
Monostable electrovalve with open Electrical panel source transfer
excitation
End of sequence LV backup panel transfer
.
CONTROCAD : Description of an Actuator
CSM SIC0101PO
MOTOR
CONTROL AND SIGNALING
SIC0101MOE
MOTOR COMMAND
ON ON
SICBI086 1 COMMAND
DEMINERALIZED WATER STARTING
T 0 INDIV. SIC0101MOX
TANK LEVEL DISABLED
LOW
> 1 02 00 CONDITIONS
MN S
SIC0102VC4’E
SOLENOID VALVE 1 SICVT007 AUTOMATIC
POSITION COMMAND
OPEN
SICBI088
ACTIVATION STEP 4 ON SIC0101MOO’S
START. SEQUENCE 1 ORDER MOTOR ORDER
P:19 C:21 ON
SIC0101MOH OFF
MOTOR COMMAND ON SIC0101MO1’E
OFF FEEDBACK MOTOR STATE
COMMAND ON
SICBI089 STOP-
INDIV. SIC0101MOY
ACTIVATION STEP 1 PING
STOP. SEQUENCE 1 CONDITIONS DISABLED
P:19 C:21
SICBI087
DEMINERALIZED WATER
FLOW CIRCULATION
LOW &
AUTOMATIC
SIC0101VC4’E COMMAND
SOLENOID VALVE
POSITION
OPEN T 0
FORCED STOP
> 1 00 15 CRITERION
SIC0103VE6’E MN S
R
SOLENOID VALVE
POSITION CLOSED SICVT005 AVAILABILITY
SIC0002VS6’E CELL
SOLENOID VALVE TAKING OVER SICMI003
POSITION CRITERION
CLOSED
SWITCHBOARD
SIC0101MO1’E
MOTOR STATE
ON &
SIC0102VC4’E SIGNALING
SOLENOID VALVE TTLE
POSITION VALUE
OPEN ACTUATOR SIC0101MOS
SIC0101M02’E STATE
PUMP SIC0101PO
MOTOR CELL 02
AVAILB S FAULT SIC0101MON
LKS001TUR’E
ELECTRICAL
SWITCHBOARD LKS
AVAILB
ACT.CC S/G DEMINERALIZED WATER Division

ERE P
SGFC.A01 CIRCULATION LINE 1
FOLIO VOIR
CIRCULATION PUMP SIC0101P0 P S M 2 7 A 4 0 2 0 8 A SHEET SEE
21
20
.
6.10. ASSOCIATED TOOLS
Smart actuator and sensor configuration software (Hart)
This optional software is used with smart instrumentation. It enables detailed setting and
observation of parameters for instrumentation maintenance purposes.
Integrated documentation
Controcad software provides on site electronic documentation of the system programs.
Animated diagram display
Controcad enables the display of control function diagrams animated in accordance with the
data acquired by the controllers.
6.11. CONTROCAD CA MODULE
The CONTROCAD–Ca module uses Grafcet instead of block language to provide a graphic
description of control functions, integrating initialization and crippled mode management.
.
7. Tuning Assistance and Simulation Tools
7.1. CONTROSET – TUNING ASSISTANT
CONTROSET is a control function variable observation and tuning assistant for all ALSPA P320
system controllers. CONTROSET is shipped in the form of two functional modules; P–REG et
P–OBS.
• P–REG is the control loop setting assistant function.
• P–OBS is the control variable observation and tuning assistant for all types of variable,
provided in the form of a variable table associated with on–line animation of Controcad
diagrams. This function is accessible from CONTROCAD.
CONTROSET is structured around a control function data server (SDA) in a multi–client

architecture provided with the CONTROCAD, P–OBS and P–REG functions.
7.2. CONTROSET – CONTROL LOOP SETTING ASSISTANT
The P–REG function is available in ES configurations.
Longstanding experience in the field of automatic control has led ALSTOM Power to develop a
library of control loop algorithms (regulators, filters, etc.). This library includes not only traditional
PID regulators (numerical emulation of continuous PIDs), but also advanced regulators such as
digital PID or RST. These are true advanced regulators used for complex control loops (pure time
delay, transfer functions greater than 2, hysteresis, disturbance).
The implementation of digital regulators has led ALSTOM Power to develop powerful setting
assistance tools suitable for digital control techniques.
These setting assistance tools are integrated into a single workstation (PC Windows NT) and
can be used to calculate settings for control function algorithms. From this single workstation, an
engineer can:
• observe the process and the control function in question,
• perform the tests required by the setting assistance tools,
• specify setting constraints,
.
• test the calculated settings by means of analysis and simulation tools,
• transmit settings to the controllers.
Setting assistance operations can be divided into several phases:
• Observation of the process
The P–REG function, a true setting assistance toolbox, displays control function
variables in the form of curves. The recording is performed and synchronized at the
control loop processing rate (300 ms normally). This level of recording synchronization
and precision is necessary for identification of all plant transfer functions.
From P–REG, the engineer can run a series of test programs and record the
measurements necessary for the identification of the process.
• Identification of the process
On the basis of the measurement file supplied by P–REG, the engineer proceeds to the
identification of the process using WinPIM to provide the process transfer function.
• Specification and testing of settings
On the basis of the file containing the numerical transfer function supplied by WinPIM,
the engineer uses the WinREG tool to specify the closed loop behavior that he wishes to
obtain and to test, by simulation, the results obtained against the setting calculated by the
tool. He can then monitor the robustness and the behavior of the setting in the frequency
domain.
• Transfer of calculated settings
From the file containing the controller settings supplied by WinREG, the engineer can
use P–REG to install the target controller settings (multi–function controller).
The advantages provided by the ALSPA P320 system setting assistance tools are as follows:
• control of the definition of performance requirements,
• control of the robustness of the controller settings obtained,
• the integration on a single workstation of all the tools required for each of the phases of a
setting operation,
• simplicity of implementation.
.
These technological advantages allow optimization of the overall performance of the process
while guaranteeing the robustness of the settings.
Digital controllers set using these facilities and implemented by ALSTOM Power:
• ensure greater process stability at normal loads thereby optimizing the overall output of
the plant,
• enhance performance (speed, robustness) to provide a more rapid response to

disturbances and network demands.
• reduce demands on the actuator and consequent stress on plant control facilities thereby
reducing maintenance requirements and increasing availability,
• reduce process instrumentation costs by eliminating certain difficult measurement

points,
• improve the control of CO, NOx and SO2 emissions so as to protect the environment.
.
7.3. CONTROTEST – TEST AND SIMULATION FUNCTIONS
The CONTROTEST simulation tool is used to validate an application both at the automation cell
level, and at control room and Centralog levels. It enhances understanding of the system and its
internal functions for purposes of operator training in both site control and maintenance.
The system test, previously performed by means of special test wiring which was both costly and
difficult to repeat in the event of a problem or modification subsequent to delivery, is now carried
out on non–dedicated devices and equipment which do not require the assembly of a complete
system in the works and which enable operational tests to be divided into Operative Units (OU)
(the system is tested generically).
The Operative Units (OU) tests are carried out on a workstation comprising:
• the man–machine interface (sub–set of the Centralog database),
• engineering and downloading/observation tools,
• software replacing the I/Os and emulating the response of the process (library of
available responses).
The tests are thus provided with observation and logging tools and can be rerun without
re–wiring in the event of a problem simply by re–configuring the test system.
Controtest
I/O & process
emulation;
simulation of
Supervision responses
Cell controller
test logs
FIELDBUS
THEN NOW
.
At the automation cell level, the SI80 simulation station replaces the I/O controllers and is
connected directly to the F8000 fieldbus. This enables:
• the programmed application to be validated within the controller by using the process
input–output variables of the application. These are defined on pre–configured screens
showing a realistic image of the process.
• the local control functions programmed for the CE2000 controller to be validated.
• GEMSTART units to be simulated.
• the behavior of the process to be reproduced, i.e. inputs from section switches, circuit
breakers, and outputs to valves, etc.
• the state of a certain number of selected variables to be monitored and traced on screen
or on printer, either on variable state changes or at regular intervals.
Object–oriented programming permits the simple and modular configuration of this tool, which is
thus reduced to the creation of the operator screens and the programming of the simulation
models to permit in–depth tests.
The SI80 simulation station consists of a PC compatible micro–computer equipped with a

standard keyboard, a mouse and a color screen.
It is possible to use Controtest to create simple simulators to provide training in the use of the
control and supervision system.
On site, the Controtest simulation tool enables the end user to develop and modify the software
applications supplied. Modifications can be validated by Controtest and, once fully tested, they
can be downloaded to the controllers without shutting down the system.
.
7.4. TRAINING SIMULATOR
The replica TRAINING SIMULATOR developed by ALSTOM Power constitutes a powerful

teaching and process analysis tool. The tool simulates not only the process but also the
sequence and continuous control functions, in different operating conditions, including
transients.
The simulator emulates the actual plant control room as faithfully as possible in order to recreate
identical control conditions. It consists of a replica of the Centralog project control room functions
connected to a powerful computer (instead of the unit network) which simulates both the process
(knowledge models) and the control functions (customized by the Controcad engineering tool).
The training simulator enables different users to be trained in optimum conditions:
• utilization of Centralog control resources,
• training in normal control functions,
• control during process transients,
• maintenance courses for experienced operators.
The skills acquired result in more efficient utilization of the plant and procure appreciable gains
in terms of maintenance and commissioning operations (simulated system trials).
The training simulator can also be used as a design tool enabling the analysis of trip situations
and the evaluation of new process control strategies over the life time of the plant.
The quality of the simulator derives from the quality of the models used: models must be modular,
precise, operate in real time and be valid for a wide range of operating conditions:
• Modular: simulation models are divided into elementary systems corresponding to those
of the actual plant.
• Precise: the models can be parametered, which enables them to be modified to mirror
the plant. In addition, models are based on physical laws (thermodynamic, hydraulic,
mechanical), and in particular the conservation of mass and energy is always complied
with in both steady state and transient conditions.
• Real time: the computer calculates the system of equations in less time than the time
period simulated.
• Range of validity: in addition to allowing for the normal range of plant operating
conditions from cold start and full load operation, the models also cover abnormal or
emergency situations.
.
Models are configured in object oriented graphic language .
.
The following functions can be accessed via the user–friendly interface of the instructor station:
• choice of initial conditions,
• storage of data files at one minute intervals for analysis,
• snapshot file,
• replay mode for dynamic analysis of previous simulations,
• fault simulation (pump trip, fluid leakage),
• exercise scenarios: sequence of malfunctions or disturbances.
The trainee is thus placed in situations which are identical to those encountered during normal
operation. The different operational facilities available to the trainee operator are identical to
those provided by the Centralog system on site.
Training simulator (replica of Centralog control room)
Operator station Operator station Operator station

Trainee station
ÂÂÂÂ . control
. supervision
CONTRONET
Controcad
Instructor station
Instructor station
Â
SIMULATION . initialization
Â
SIMULATION . replay
. real time . freeze
. modular . malfunction
Control function models . exercise
. coherent
. precise
Process models
This structure guarantees the emulation of the actual control and supervision system and allows
the simulator to be updated from observations of real control and supervision data.
.
8. Maintenance
8.1. SYSTEM MAINTENANCE
8.1.1. Principles
To facilitate maintenance and improve operational availability, the ALSPA P320 system
incorporates integrated system fault signaling functions.
The system is designed to detect faults in both control function and supervision hardware.
The basic principle resides in the separation of fault signals into two types according to how they
are to be used, ie. according to the personnel they are intended for:
1 – Control operator
2 – Maintenance technician
In power production plants, control room operators and maintenance technicians normally
belong to different teams and therefore require different types of information.
The control operator needs to know:
• whether the data displayed on his screen is valid,
Validity is indicated for each variable and in the case of a link failure, partial invalidity
detected by the controller, inconsistency of data etc. the variable is marked as invalid.
Validity is processed by the supervisory system, which uses the validity signals
transmitted from the controllers, supplemented by its own checks.
• whether the integrity of the system is affected in terms of control functions (ie. any
functional loss which could impair control),
• whether there is any need to call in maintenance personnel and if so how urgently,
• whether a given device needs routine inspection (eg. cabling or temperature checks,
etc.).
.
The maintenance technician needs to be able to access the full range of fault indicators available
on all the control and supervision equipment, including the first line indicators providing direct
identification of a defective module and, in certain cases, more detailed diagnostic indicators
requiring the use of maintenance manuals.
Different signalling functions are thus allocated to different system tools:
• operator control functions are handled by the Centralog supervisory system
• maintenance functions are handled by diagnostics software supplied with the products
comprising the system (CONTROCAD–S/CCC for supervision, CONTROCAD–P for
control functions).
8.1.2. Indication to Supervisor
System faults are normally indicated to the Centralog supervisor as follows:
• a mimic view showing the state of connections between the different controllers and
supervision stations,
• the operational state of the system resources (normal, degraded operation, malfunction,
etc.),
• display of fault grouped together by controller.
Supervisory system fault data therefore takes either the form of telesignals (TS) transmitted by
the controllers, or of data produced by the supervisory system. This data can be recorded in the
daily event log and alarm log, etc., and be displayed on the control views.
Fault data can in fact be exploited in the same way as process variables and can be customized
to meet the requirements of individual customers.
.
8.1.3. Identifying Faults and Determining Maintenance Needs
The control operator is warned of the occurrence of a fault by the appearance of an alarm.
The operator accesses the view associated to the alarm (generally the system mimic).
The type of fault and the controller (or other device) in question are identified on the system
mimic.
In the case of a controller malfunction, the control operator accesses the detailed information in
order to be able to determine the type of action required:
• request immediate intervention by maintenance staff (loss of connection with controller,

etc.),
• alert the routine maintenance personnel,
• stand–by (maintenance operation in progress on the control function: intervention mode)

and contact the maintenance personnel. (normally maintenance operations are
scheduled ahead of time),
• request non–emergency maintenance (eg. after the weekend) if a redundant device has
taken over,
• alert the design or development departments (inconsistent database versions).
The maintenance personnel is informed as to which the device requires attention, and therefore
knows which type of diagnostic software to use (CONTROCAD–S/CCC or CONTROCAD–P)
and where in the system the diagnostics are needed.
In the case of an I/O board fault, analysis of the invalidated inputs or outputs enables the
seriousness of the fault in terms of the process to be assessed.
.
8.2. PROCESS MAINTENANCE
One of the main tasks facing the user is the maintenance of his installation. The quality of this
maintenance has a direct influence on the cost of operations and on the overall performance of
the process.
The processing power and the ease of use of the ALSPA P320 system, together with the
thousands of hours invested by ALSTOM Power engineers on site alongside end users have
resulted in an integrated set of functions which enable maintenance to be optimized.
CONTINUOUS EQUIPMENT MONITORING
One of the problems of maintenance is to assess the exact usage of equipment and the severity
of the stress to which it is subjected, in order to program periodic maintenance operations in the
most effective way. More generally, the residual life time of equipment can also be estimated in
order to plan for refurbishment or replacement.
The ALSPA P320 system provides of maintenance personnel with a periodic log showing the
accumulated running time of the equipment being monitored, together with the number of
start/stop cycles. To assess the conditions under which the equipment has been operating, it is
also possible to obtain the duration of violations of physical thresholds set by the maintenance
engineer.
Additional data such as the date of the most recent maintenance operations may also be
included in the maintenance log.
More complex calculations are performed on steam turbines or other rotating machines, where
the metal temperature conditions undergone with the equipment on start–up, or during load
changes, can be precisely assessed. These calculations take account of the length of time high
temperatures have been sustained and the number of temperature variation cycles. This data
can enable the user to optimize the number of start/stop cycles per device.
Remote process maintenance and remote commissioning tests monitoring are available using
an Extranet network (Internet with safe access for partners to Centralog data).
.
8.3. REMOTE MAINTENANCE
REMOTE PROCESS MAINTENANCE VIA INTERNET
The utilization of Internet technology enables read access to operating data (HDSR, static
displays) via a secure network (Intranet) by means of a PC running an Internet browser. This
affords all the project partners quasi–immediate access to operating data for test or analysis
purposes, and allows remote assistance by the most qualified specialists.
REMOTE SYSTEM MAINTENANCE
In addition, a remote maintenance function is supplied to complete the range of facilities

provided by the Centralog. This function enables the system configuration and maintenance
tools available on the engineer station to be used from a geographically remote location and
allows results observed to be recovered by specialist teams.
The system may also be linked to the ALSTOM Power remote maintenance center via the
switched telephone network thus saving consultation time.
.
9. System Operation
9.1. DYNAMIC SYSTEM OPERATION
The dynamic operation of the system is managed by the communication system
9.1.1. Operation of a C80–75 Cell Controller
Control function operations are cyclical. The standard interval is that of the fieldbus cycle, i.e. 50
ms.
Processing operations are performed synchronously with data acquisitions. Synchronism is

ensured by F8000. The period required to perform the processing operations is known as a
macro–cycle: this period is a multiple of the standard cycle.
The fastest applications (logic controls) are executed at the standard cycle (50 ms) or at a
multiple of this standard cycle depending on the constraints of the process and on the loading of
the cell controller.
The slower applications (control loops, measurements) are divided for execution over more than
one standard cycle determined as an integer multiple of the logic processing cycle.
The tasks of the C80–75 multi–function controller in an automation cell are performed at rates
which depend on the requirements of the applications for each type of processing operation.
Three rates are defined: for logic controls, for control loops and for processing monitoring
measurements.
Depending on the size of the automation cell (number and type of subscribers), it is possible to
choose a rate from the following:
• logic task: 50*, 100*, 150, 300 ms
• control loop or measurement task: 150*, 300*, 600, 900 ms
• measurement updating: 900 ms
(* = typical value).
Local control functions are processed by the CE2000 controller. The processing rate is a multiple
or a sub–multiple of the application tasks of the cell controller. The following cycle times are
permissible: 10, 20, 50 and 100 ms.
.
Performance in normal operation:
The response time of a cell depends on the cycle time chosen for the application.
Depending on the configuration chosen and the type of controller used, the minimum overall
response time of a cell, from the change in an input variable to its effect on the output, is 100 ms
for logic functions and 280 ms for control loops functions.
The C80–75 multi–function controller also handles inter–automation cell transfers, the transfer
of messages to the supervisory system and the processing of commands issued by the
supervisory system.
Communications
Logic
Command Setpoint state Measurement
Data
C80–75 exchange
controller application program with other
controllers
Periodic Asynchronous
exchange data exchange
CE2000 Logic Commands Timetagged Information

controller states & and set- logic state systems
measurements points changes
9.1.2. Operation of a C80–35 Cell Controller
Processing types and rates
The ALSPA C80–35 cell controller can be configured with a processing cycle time of 50 or 100
ms.
The ALSPA C80–35 processing cycle is as follows:
• Reception of data transmitted by the field controllers,
• Reception of data from the S8000 unit network (supervision and inter–controller),
• Execution of control function processing,
• Transmission of data to the S8000 unit network (supervision and inter–controller),
• Transmission of outputs to the field controllers.
.
9.1.3. Operation of a Field Network
The automation cell operates at a rate determined by the F8000 fieldbus.
This network is based on the WorldFIP standard. The network is said to be a ”time critical
network”, as the network access time allotted to each of the subscribers on the fieldbus can be
pre–determined (deterministic). Network access time is regulated by a ”bus arbiter”. The bus
arbiter is redundant. Each subscriber with the function can become the arbiter if a fault occurs in
the current active arbiter. An election mechanism avoids conflict in the choice of the arbiter.
Management of data exchanges:
The network is based on a standard redundant medium. It is designed to ensure management of:
• the cyclical exchange (MPS) of control function variables. These are updated
periodically to ensure correct operation of the system. Response times are thus fixed and
guaranteed, with no queueing.
• messages: message traffic is superimposed on the cyclical traffic. Message traffic is

interleaved in unused MPS exchange time.
In the ALSPA P320 system, MPS traffic is used for the exchange of variables performing control
functions (action functions) between the various controllers. This results in the cyclical and
synchronous linking of the different processing operations:
• local acquisition
• central processing (C80–75, C80–35)
• outputs etc.
Message traffic is used for information functions:
• for ”service” data: downloading, observing controllers etc.

• to transfer state change messages produced by the I/O controllers for supervision
purposes.
To avoid loss of data due to transmission faults, the system is reset to a cyclical snapshot of the
state of the inputs.
The measurement samples used for supervision are also re–transmitted cyclically to the cell
controller (MPS traffic) in order to avoid loss of samples and thus guarantee historical data
logging during major transients.
.
9.1.4. Operation of a Unit Network
The unit network distributes control function and supervision function data between cell
controllers and to the supervisory system.
Data exchange management
The industrial Ethernet S8000 network guarantees the transient data flows of the largest units
controlled (carrying measurement samples, supervision state changes and inter–controller
exchanges).
The diagram overleaf shows the peak loading obtained on a unit network for a 600 MW unit. The
operating margin remains comfortable.
At this level, measurements are transmitted cyclically to the supervisory system. Logic state
changes (timetagged at source by field controllers or unit controllers) are transmitted on event,
with a reset to a cyclical snapshot in the event of a fault.
Outputs are transmitted on command.
Inter–cell controller exchanges are cyclical.
Intrinsically, the operation of a distributed database system is particularly resistant to peak data
flow events during major transients (variation in all measurements, logic state change overflow).
The database representing the real time state of the process variables is distributed among the
controllers and the input/output devices. The exchange mechanisms are used to update the
supervisory systems, and enable access for observation of variables.
.
EMILE HUCHET
1x600MW THERMAL UNIT
NOMBRE D’EVENEMENTS
210
DECLENCHEMENT MAJEUR
180 DISTRIBUTION DES EVENEMENTS
DEFAUT BT SUIVI DE:

150 1–DISJONCTEUR HT
2–DECLENCHEMENT TURBINE
3–TRANSFERT SOURCES
RATES
4–DECLENCHEMENT
CHAUDIERE
120
DECLENCHEMENT CHAUDIERE CONSEQUENCES DECLENCHEMENT CHAUDIERE

90
60
30
TEMPS
0
0 10 20 30 40 50 60 70 80 90 100 110 120
15.56.0 15.56.30 15.57.0 15.57.30 15.58.0
(TOTAL 800 RVTS)
POURCENTAGE DE LA BANDE PASSANTE UTILISABLE

%
100
90
80
CHARGE DU RESEAU F900
PENDANT LE DECLENCHEMENT
70
MAJEUR DE L’UNITE 600MW
RESERVE DE CHARGE
60
50
40
30
CONSEQUENCES DECLENCHEMENT CHAUDIERE
20
10 TRAFIC PERMANENT DE TRANSMISSION DE

MESURES ET DES INTER AUTOMATES
TEMPS
0
0 10 20 30 40 50 60 70 80 90 100 110 120
15.56.0 15.56.30 15.57.0 15.57.30 15.58.0
NOTE 1 : UN DECLENCHEMENT GENERALE PRODUIT UN TRAFIC SUPPLEMENTAIRE DE MOINS DE

8% DE LA CAPACITE DU F900
NOTE 2 : PENDANT LE TRANSITOIRE, LA CHRONOLOGIE ”1ms” RESTE CESSUREE
.
Time synchronization
The S8000 network also enables the time synchronization of the supervisory system, controllers
and smart I/O devices.
This synchronization is necessary to maintain a dynamic image of the process variables with
enough precision to enable the data to be used effectively by the supervisory system:
• consistency of variable state change times (without the implementation of specialized

equipment providing precision chronology functions etc.),
• analysis of the ”source” alarm (first–out) and direct display of the initiating event for the
operator.
Variable observation mechanism
Zoom views allowing detailed observation of variables are supported by the S8000 network.
The variable observation mechanism enables any control variable (selection by list) to be read or
written from the supervisory system at the controller cycle time and without alteration of the
sampling. It is used to generate observation files which can be displayed on the Centralog
man/machine interface and which can also be used by process identification and control loop
tuning programs.
Message services used for downloading and observing the system of each cell via the network
are superimposed on these services.
.
9.1.5. Operation of the Site Network
The site network is a data processing network linking the supervision stations, control data
management stations (version management, redundancy management), system configuration
stations and site management stations.
The site network is based on Ethernet technology.
Within each of the supervisory systems a fast, secure client–server data distribution mechanism
is used to ensure consistent and immediate updating (without controller interrogation) of the
man–machine interface stations and of the calculation and logging software. This mechanism, in
particular, makes it possible to perform logging functions on each of the supervision stations,
without affecting the dynamics of the man–machine interface.
The network enables mimic oriented data to be exchanged via the Xwindow (X11) exchange
protocol.
The network operates with TCP/IP for general functions, and with a safe collision avoidance
mechanism, for control functions.
This safe protocol, known as PCP, is based on a mechanism of cyclical interrogation of the
stations connected to the CONTRONET network. The role of bus master is performed by the
active CIS server. Based on the UDP (User Datagram Protocol) protocol for the transmission and
the reception of frames, PCP handles:
• end to end control of data exchanges,
• subscriber presence monitoring,
• network determinism guaranteeing response times whatever the state of the process
and the actions undertaken by the users.
Utilization of the Oracle database manager enables Centralog SQL format data to be exchanged
with external applications via TCP/IP. This data can be used by multi–vendor office applications
running in Windows or Unix environments.
.
9.1.6. Main Characteristics of the Networks
The table below summarizes the main characteristics of the networks utilized in the ALSPA P320
system.
Name CONTRONET S8000 E F8000

Contronet included
Function Site network Unit network Fieldbus

Standard Ethernet Ethernet WorldFIP =
ISO 8802.3 ISO 8802.3 IEC 1158.2
EN 50170
Protocol Ethernet Ethernet F8000
UDP and TCP/IP UDP and TCP/IP deterministic
Speed 10 or 100 Mbits/s 10 or 100 Mbits/s 1 or 2.5 Mbits/s
Medium pair optical ring pair
coaxial fiber optic
fiber optic
Maximum length 2.5 km copper optical ring, 4 km copper
> 5 km optic 4.8 km for 10 Mbits/s > 7 km optic
100 km for 100 Mbits/s
Network access CSMA/CD CSMA/CD deterministic
(100% of bandwidth
usable)
Redundancy Yes Yes WorldFIP
available (integrated)
Subscribers 25 13 hubs / 64
50 switches
IEC EMI level up to 3 up to 3 up to 4
.
9.2. TIME SYNCHRONIZATION – GENERAL PRINCIPLE
Time synchronization is used to provide a common reference time for all distributed devices in
order to obtain consistent timetagging of data utilized in the chronological logs (Sequence Of
Events, etc.).
Time synchronization is performed independently of the control functions (it is not necessary for
their operation).
Each hardware ”block” which needs to supply timetagged data: supervisor, cell or field controller,
etc. is synchronized by a site clock.
This clock may itself be synchronized by radio or satellite signals.
The clock delivers a reference time to the Centralog supervisory system and provides wired
synchronization signals.
The supervisory system distributes the reference time to the controllers via the unit network. The
cell controllers redistribute this reference time in turn towards the subscribers on the F8000
network. This ”objective” time is delivered before the synchronization pulse.
Depending on the required precision, the synchronization pulse is distributed to the field
controllers either by direct connection or by the networks:
• direct hardwired connection to the CE2000 and IHR controllers,
• software distribution through S8000 and F8000 networks.
In the event that time distribution is lost, operation is maintained from the internal clocks on each
device.
Time management
Absolute time
transmitted by network
Mother
clock Centralog
To other users
Synchro * Cell controller

Controbloc
CE2000
CE8035
Block synchronization:
pulse received, time previously
Wired for precision of 1ms transmitted by network is saved
* Synchro pulse Network (F8000) for precision of 10ms or
upper
.
9.3. DATA HANDLED BY THE APPLICATION
The data manipulated by the application is identified by a tag composed of a code derived from
the general standard ID system used on the site and managed by Controcad.
Data is classified in two categories:
• variables manipulated by the control functions, structured in function boxes (or ”POU” in
compliance with1131–3) and including I/O variables:
— logic variables
— analog variables
— variables transmitted by serial link (Modbus or other, etc.) exchanged at control
function level
— computation variables internal to each control function block,
• supervision variables comprising essentially:

— variables transmitted from control function controllers,
— internal computation variables specific to the supervisory system,
— variables originating from external links.
Variables exchanged with the control functions are listed below:

— Input Boolean Signal / Cell Controller Boolean Signal: logic state signal originating
directly from a field device or from an internal calculation; TSEs are timetagged ”at
source” (input or production cycle for internal variable)
— Input Analog Signal / Cell Controller Analog Signal: measurement value transmitted
cyclically to the supervisor (the cycle time can be customized depending on
requirements)
— Cell Controller Command: logic command originating from the supervisory system
— Cell Controller Setpoint: analog setpoint value originating from the supervisory
system
— Cell Controller Multi–state Signal: multi–state variable corresponding to a ”control
function object” (pump, valve, etc.) utilized for on screen animation in conjunction
with the control window associated to the object.
.
9.4. REACTION TO POWERFAIL
9.4.1. Power Supply of the Electronic Blocks
Failures in the hardware block power supply lasting less than 20 ms have no effect on the
system.
In the event of a powerfail lasting between 20 ms and a time configured by the user, the hardware
blocks are shut down and outputs are reset to zero.
When power returns, all blocks must be restarted by the user with the exception of CE2000 high
quality controllers. The I/Os of these controllers are resumed automatically under the control of
local processing functions. Outputs from the C80–75 controller are reset at the values frozen on
occurrence of the powerfail.
C80–75 controller outputs become operational again once the controller is put back into service
by the user.
9.4.2. Process Power Supply
Powerfails in process voltages lasting less than 10 ms have no effect on inputs. The behavior of
outputs directly supplied from the process voltage is dependent on relay reaction times or on the
actuators being controlled.
If process voltages are lost for longer than 10 ms, all the CE2000 controller modules are declared
as faulty. Process inputs are fixed in their last state and invalidated. Outputs are reset to zero.
When the process voltage returns, normal operation may be resumed automatically depending
on the option selected for the application.
.
9.5. PROCESSING OF VALIDANTS, FORCING, SYSTEM MALFUNC-
TIONS
9.5.1. Validants
Data is manipulated with a validity indicator (validant) generated by self–testing and

transmission checks.
The validant is used by the control functions to ensure backup operation and/or reconstitution of
variables.
Validants are utilized in the Centralog system to inform the operator whether the data presented
can be considered as valid.
9.5.2. Forcing or ”Simulation”
The forcing function is applicable to the CE2000 field controller.
Data from elements considered to be malfunctioning (sensors, etc.) or temporarily withdrawn

from service can be ”forced”. Forcing consists in substituting a value set by the user for the value
read by the system. This function is used generally during on site tests. Forced input variables
are signaled to the supervisory system. The forced state of all variables is accessible on the
observation tools.
9.5.3. System Malfunctions
System malfunctions are signaled to the supervisory system by means of faults grouped per
automation cell. The general system views show the known operational state of the subscribers
on the site network.
The validants associated to acquired data inform the operator about the validity of the data.
The observation tools provide access to detailed Centralog and Controbloc data.
The multi–function controllers also log automation cell malfunctions for second level
maintenance analysis.
.
9.6. ON–LINE MODIFICATION
The system allows on–line modifications which do not affect the safety of the equipment being
controlled.
Modifications which can be performed after system downloading and initial startup may be
classified in different types:
• modification of a control loop parameter,
• modification of program version,
• minor resource modification.
9.6.1. Modification of Control Loop Parameters (ES Configuration)
Control loop parameters are modified on–line by means of functions integrated to the system.
9.6.2. Modification of Program Versions (ES Configuration)
Supervision or control function program versions are modified in two phases:
• a preparation phase executed off–line using design tools,
• a downloading phase executed on–line, i.e. without interrupting process control

operations, in accordance with procedures which are dependent on the equipment in
question, e.g.
— at supervision level, if centrally managed redundancy has been chosen, the
operation consists in changing the database by using the redundant structure; if
multiple supervision station redundancy has been selected, each of the stations is
modified in turn without interrupting overall operation,
— at automation cell level, minor modifications to a multi–function controller are
performed by switching between program zones,
— on–line modifications to safety control functions are performed via the CE 20000,
by stopping the block concerned (the automation cell remains in operation),
— C80–35 controllers must be stopped before modification.
9.6.3. Minor Resource Modification (ES Configuration)
An I/O module can be added if it has been declared as being ”in reserve” during initial
configuration of the CE2000.
.
9.7. MAJOR MODIFICATIONS
Major modifications, i.e. those which affect ”resources” (addition of non–configured blocks, as a
reserve, re–dimensioning of variable zones, re–dimensioning of network configurations, etc.)
are carried out during periods when the unit is shut down as safety checks normally must be
re–validated.
9.8. MANAGEMENT OF OPERATIONAL RESOURCES
Operational resources are managed at each level:
• the fieldbus load is managed in accordance with the deterministic procedure provided by
WorldFIP (pre–configuration with large operating margins),
• controller loads are managed:
— by calculating the execution time of the control loop algorithms,

— by provisional calculation of the resources associated to actuators using application
library function box execution times and by measurements from over 50 systems,
• unit network and supervisor loads: calculated from maximum peak load (by computation
software). The calculation parameters are verified by reference trials on a generic
configuration tested to its limits.
.
10. Dependability and Principal Quality Control
Standards
10.1. GENERAL PRINCIPLE
The operational dependability of the ALSPA P320 ES (Enhanced Safety) system complies with
the requirements of the IEC 61508 standard in respect of design and analysis methodologies
applied to strategic elements (C80–75, CE2000, F8000, S8000):
• operational dependability has been integrated into the system design and test life cycle
(dependability life cycle)
• operational dependability is adapted to the function to be performed:

— Information processing (supervision) where the most important factors are the
validity of the data concerned (validant) and the response to incident situations
(peak loads) with no loss of functionality.
— Continuous control where the most important factor is the absence of events
affecting the availability of the plant (i.e. spurious commands generated on faults).
— Automatic protection where the most important factor is being able to respond to an
emergency situation requiring protection.
• dependability analysis can be divided into several categories:

— quality of the software components based on strict ”Modal” internal methodology
supported, in the case of design engineering, by Controcad and Controtest.
— immunity to electromagnetically aggressive environments ensured by compliance
with EMI environmental resistance standards, and as verified by an accredited
ALSTOM laboratory.
— internal operational mechanisms validated by methods and analyses: fault tree,
Markov chain, analysis of self–test coverage, success diagram enabling availability
calculations.
• manufacturing quality control procedures complying with ISO 9002
• design procedures complying with ISO 9001
.
OPERATIONAL DEPENDABILITY
DURING SYSTEM LIFE CYCLE
Robustness Dependability
Quality of Quality of verified by assessment by
elementary software physical probabilistic
components
tests methods
Organizational Software Resistance to: FMEA modules

Methodology Methodology – electromagnetic
for the Development of (MODAL) disturbance Assessment of internal
Hardware Elements – electric shocks fault coverage
MODEM System validation and – mechanical/
integration tests by climatic aggression Analysis by system
independent teams – human error fault tree
(disconnection, etc.)
Structuring of application – short circuits Markov graph
software (supported by – powerfail
tools associated to the Computation tools
system) Elimination of
equipment repair calls:
Application software – self–calibration of
test platform analog modules
– remote monitoring
Verifiable load and diagnostics
rate (observation tools)
.
The components of dependability are:
• component reliability
• maintainability
• integrity
• resistance to environmental aggression
The diagrams below list the definitions of dependability components and show how they are
incorporated in the design of the ALSPA P320 system. The diagrams also show the resources
implemented to attain dependability targets.
Reliability and dependability calculations are available for all the components of the architecture
and provide the requisite bases for precise availability prediction in respect of each type of
assembly at system level.
These elements are themselves validated by feedback from systems installed on site, thus
enabling actual product availability data to be updated in accordance with values obtained by
using the reliability databases of specialist organizations (MIL, CNET, etc.).
.
DEPENDABILITY
*entity = system
RELIABILITY MAINTAINABILITY OPERATIONAL SAFETY/INTEGRITY RESISTANCE TO ENVIRONMENTAL

INTERFERENCE
Capability of an entity* to perform a Capability of an entity*, under given Capability of a system to behave Capability of a system to resist external
required function under given conditions conditions, to be maintained in or tolerably, i.e. to control outputs interference (notion of immunity):
over a specified period of time repaired to, a state in which it can (normal operation or configured fall- – mechanical
perform a required function, when main- back), on internal failure of a compo- .vibration
tenance is performed under specified nent .earth tremor
conditions and using prescribed – EMI
procedures and resources – climatic
For the P320 system: – electrical
MTTF: Mean Time To Failure (after – in continuous test<==>no – human error or sabotage
startup or repair) unwarranted commands (to 1)
– protection <==>unwarranted Contributes to ensuring reliability and
event is dependent on design safety
MTTR: Mean Time To Repair principle
––> manufacturer dependent ––> essentially dependent on user ––> essentially dependent on ––>anti–interference packaging
organization: the system enables: manufacturer and application (compact stand–alone blocks connected by
– fast detection and repair networks)
– repair of one element
without affecting others
AVAILABILITY ROBUSTNESS
Capability of an entity to be in a state to perform a required function under given Capability of a system to behave tolerably (no spurious commands) in specified environ-
conditions, at a given instant or over a given period of time, on condition that the required ment)
external resources are ensured.
Availability=1–MTTR/MTBF where MTBF=MTTF+MTTR
P-TP20-A40543 E C ALSPA P320 System Definition Manual REV C Sheet 167

RESOURCES IMPLEMENTED TO ATTAIN DEPENDABILITY TARGETS
DEPENDABILITY
RELIABILITY MAINTAINABILITY OPERATIONAL SAFETY/INTEGRITY RESISTANCE TO ENVIRONMENTAL

INTERFERENCE
– Intensive self–testing (including
– Proven technology – Integrated fault detection – Compliance with IEC standards:
I/Os)
– Manufacturing procedures designed – Grouped operation–oriented – EMI
– Software quality: multiple tests by
to meet ISO 9002 standards faults signaled to supervision – Electrical
independent teams
– Software quality: multiple tests – Centralized localization of detailed – Mechanical/climatic
– Quality of redundancy management
by independent teams malfunctions – Architectural precautions designed
– Designed to meet: IEC 61508:
– Quality of C80–75/CE2000n, – Replacement of faulty element in to improve resistance to
– Failure Mode and Effect Analysis
C30/C50 redundancy management operation without stopping other malfunctions originating
– Safety oriented outputs in event
– Utilization of international standards devices elsewhere in the system:
of loss of supervision
– Automatic normal/backup of – Signal validity processing compact stand–alone blocks
– Strict methodology for design
C80–75/CE2000–C30/C50 linked by communication
engineering application (software
processors networks using protocols
structuring) and associated test
– I/O redundancy adaptable to to ensure tolerance to
procedures
application transitory faults
– Signal validity indicators
– Single fault tolerance (with freeze of – For supervision purposes:
faulty C80/75/CE2000–C30/C50 – signal validity indicator
signals) – hardware configuration
– Direct control of C80/75/CE2000– consistency test (system and
C30/C50 control actuators application)
– transmission test
– application check of actuator
commandability
AVAILABILITY ROBUSTNESS
P-TP20-A40543 E C ALSPA P320 System Definition Manual REV C Sheet 168

10.2. SELF TESTS AND REDUNDANCY
10.2.1. Self Tests
Systematic self tests are carried out on the electronic blocks and the communications networks
(initialization test, watchdog).
Component check self test levels are adapted to the type of control system architecture in
question (tailor–made dependability, choice of range).
Strategic equipment for the supervision of large units is tested intensively at the level of the I/O
modules and other major components (C80–xx, CE2000, F8000, S8000). These tests include
operational tests (cyclical testing of processors and memories, I/O self tests). Back–up
equipment used in dual/redundant configurations is tested to avoid switchovers to faulty
equipment.
In the event of an I/O module fault on a CE2000 controller, the inputs/outputs of the module
concerned are frozen and invalidated. Output states are reset to zero.
At supervision level, important criteria in the determination of dependability include data

availability and validity and the integrity of the hardware.
Availability of information is ensured by the reliability (and/or the redundancy) of the hardware
structures and by the computing power and organization of the real time database, which
provides guaranteed data validity and resistance to peak loads.
Blocks are self tested (watchdog, memory checks) by using the resources provided by the
support blocks.
10.2.2. Redundancy
Redundancy is available at all levels. In accordance with the principles of tailor–made

dependability, redundancy levels are customized to meet the requirements of the design
engineering department, the process to be controlled and the project, while optimizing the
hardware required to perform a given task.
The diagram below illustrates the main forms of redundancy at different levels in the
architecture.
Redundancy is possible at each level:
• communication networks
• processing units
• I/Os
• supervision units and operator stations
.
Redundancy of networks
On the F8000 fieldbus: each of the subscribers is provided with direct connection to two
electrically isolated media. It is possible to use a single medium network, although the cost of
backing up Worldfip technology is relatively low.
Redundancy is implemented using the following principle: each subscriber transmits on both
channels but receives on one channel. In the event of a reception fault on the selected channel,
the subscriber switches to the other.
The traffic management system benefits from multiple backup. When loss of traffic
management is detected, any of the subscribers allocated the function of bus arbiter (CE2000,
MFC) can take over after an election procedure between the standby units. Takeover is
instantaneous.
Normal Standby
Fiber
optic
P C C
P P C C
P
w P P w w P P w
r U U r r U U r
Normal Standby Normal Standby

CONTROBLOC
Medium 1
Medium 2
communication Galvanic
module isolation
Data transmitted
simultaneously on both Subscribers receive Automatic switchover
channels data from one channel on loss of reception
The S8000–E unit network uses a secure fiber optic loop (industrial Ethernet).
.
Ethernet redundant fiber optic loop
Engineer Multiple VDUs

station Internet
Other site /100 Mbs
100 Mbs redundant site network
Site office applications

Operator
stations Auxiliary
unit
Ethernet network
unit
network
Filed controller
Instrument/
actuator/
protection
F8000 redundant
fieldbus
B
Normal
B
Malfunction
A
B ?
”Repair” A
The site network links operator interface subscribers to the medium by single or dual
connections (back–up connection board).
X–terminals, PC stations or configuration stations have a single network access connection.
Control screens can be multiple. The loss of one screen therefore has no effect on control
capability.
Subscribers having a single connection point remain accessible on malfunction of a network

connection by means of a device which enables the two Ethernet sections used for redundancy
to be linked together.
.
“A la carte” redundancy
Backup Control Station
Processing unit redundancy
Control function processing blocks can be configured with dual redundancy by the system
(different types of redundancy are processed by the application via the communication
networks):
• multi–function cell controllers
• CE2000 processing unit
Two (combinable) redundancy strategies are available for the supervisory system:
• centralized integrated redundancy management: data servers are configured with dual
redundancy and provide total operational back–up, including historical logging and
calculations, in the event of a single malfunction. The operator stations are backed up
by duplicating stations on the Contronet network.
• redundancy by multiplication: this consists in duplicating the supervision applications

on more than one machine.
10.2.3. Processing Block Redundancy
10.2.3.1. Redundancy of ES Multi–function Cell Controller
The multi–function controller used in a redundant configuration consists of two identical

processing and communication blocks each of which is linked to:
.
• F8000 fieldbus
• S8000 unit network
• specialized redundancy management link.
In normal operation only one of the blocks operates normally, while the other acts as backup.
The operational block can be selected by the operator.
In normal operation each of the two blocks receives the same I/O data simultaneously over the
F8000 fieldbus. Each of the blocks performs the calculations required by the control functions,
and runs continuous hardware self tests, but only the block selected as ”normal” transmits
output data to the F8000 fieldbus and controls transmissions on the unit network.
The normal block transmits persistent variables (time–outs, state memories, integrators, etc.)
periodically to the backup block over the redundancy link to ensure consistency. The
redundancy link is also used to re–transmit commands from the supervisor and parameter
modifications from the back–up block.
Each block functions asynchronously and is re–synchronized with the neighboring block on
each standard cycle.
If a malfunction is detected in the normal block by the continuous self–tests, the normal blocks
stops and the backup block becomes operational. The backup block then takes over control of
F8000 outputs and data exchanges with the unit network.
Maintenance operations are performed by changing the faulty block, copying the application
software and transferring internal variables (at 10 s) from the master to the backup unit. After the
operation the controller is switched back to its original setup and the repaired block becomes
operational again.
This response provides a hot standby configuration. The backup unit can take over at current
values without having to re–initialize the automation cell.
Exchanges over the redundancy link are subject to checks to avoid the risk of corrupting the
backup block with faulty data.
To ensure consistency of processing the master block transfers its memorized internal variables
(timeouts, integrators etc.) to the backup block via the redundancy link at a rhythm of one packet
per standard processing cycle. The entire memory is transferred in around ten seconds.
.
10.2.3.2. CE2000 Controller Redundancy
The CE2000 processing unit can also be configured as redundant.
In this case, the CE2000 rack is fitted with two processing blocks (one at each end) connected to
both an I/O bus and the F8000 network (in general by a dual medium).
One of the units is selected as operational (or normal), while the other is the backup.
The operational unit (normal unit) controls I/Os and transmits data over F8000.
The backup unit listens in and receives reset data (parameters, persistent values, etc.) from the
operational unit over the I/O bus, which is continuously tested. The unit also receives
information from F8000 and runs continuous self–tests to be ready to take over from the normal
unit at any time.
When a self test detects a malfunction on the operational unit, the unit is withdrawn from service
and the backup unit becomes operational, i.e. the backup unit takes over control of I/Os, local
control functions and F8000 exchanges. Again take over is instantaneous. The backup unit
runs continuous self–tests to be sure of being able to take over from the normal unit.
The I/O bus is subjected to extensive testing (self test, high MTBF, power up maintenance for
subscribers)
Analog actuator outputs from the CE2000 controller can be processed with dual redundancy by
the AS112 module.
.
Controbloc redundancy
Commands and parameters from
Unit network supervisory system and tools
Normal Backup
F8000 F8000
Command Update persistent values and
to process settings to avoid long term
deviation
Hot standby:
Immediate take over =
Both controllers are active and Hot standby:
calculate control functions No need for
Each controller receives process reinitialization of
information by F8000. calculations
Each controller is fully tested cyclically
F8000
The redundancy of the other I/O modules is generally defined on a case by case basis by the
applications.
A typical example is the management of boiler safety systems either in 1/2, or 2/3 availability (in
security terms) in accordance with integrity level SIL3 (CEI 61508).
Class SIL 3 CEI 61508
Communication with the

rest of the system
Protective/scanning
functions
Determinist
fieldbus
OR 2/3
Dependability hardwired hardwired
functions (cyclical
operation) Availability: 1/2 Availability
Dependability: 1/2 & dependability: 2/3
.
10.2.3.3. C80–35 Controller Redundancy (used as EL Cell Main Processing Unit)
The approach is similar to that for the ES configuration, with data being updated between blocks
via the F8000 field network, instead of by a dedicated redundancy management link.
The transfers to be executed are configured by the application.
Operational tests are performed by a software watchdog.
10.2.3.4. Centralog Station Redundancy
Supervision stations used for direct process control can be configured either with integral
redundancy or with multiple station redundancy, or with a combination of both strategies
(several Centralog C30 or C50 supervisors with integral redundancy can be connected on the
same unit network while a Centralog C10 can be used as a backup on the same network, etc.).
. Integral redundancy
Stations on which integral redundancy is useful are the Centralog C30 and C50 CIS data
servers and unit network concentrators installed in very large systems.
The redundant data server consists of two CIS stations both of which have the same hardware
and software configuration. They operate in normal/backup mode with the active (normal)
station managing site and unit communications and processing operations as well as updating
the passive (backup) station.
As long as at least one of the stations is operational all the Centralog functions are available.
Start–up of the second station and switchover from one station to the other are completely
transparent for the operator.
This architecture ensures that processing operations and application data remain entirely
consistent under all operating conditions.
Integral redundancy (CIS stations) Redundancy by using multiple

Centralogs on the unit network
Contronet Plant network (Ethernet)
CIS server
S8000 unit network
100Mbs Operator
Ethernet
Station
S8000 unit
Redundancy by
network
using multiple oper-
ator stations
Hot redundancy of the servers:

Backup of configuration data, Loss of one station implies a partial
historical data, operator selections resource loss
Hot switch–over
Fault
Operation continues on
other stations
.
Mechanisms guaranteeing maximum availability, consistency and transparency:
In a dual–redundant configuration, the first CIS station to be started acts as the active station.
This station communicates with the operator stations via the Contronet network, and with the
controllers via the S8000 unit network.
When the second CIS station (passive station) is started, it is initialized with the full set of data
and historical records present on the active station via a special Fast Ethernet link (100 Mb
/sec). During operation, the active station keeps the passive station up to date.
Processing operations are performed on the passive station exactly as on the active CIS station
in order to ensure total consistency of processing and application data on both stations.
Both CIS stations perform their own self tests and in addition monitor each other. If a
malfunction occurs on either of them an alarm is generated.
If the malfunction occurs on the active station, the station stops and processing is continued on
the second station which then becomes the active station.
The new active station carries out a general check of the automation cells on the unit networks
to ensure that the process data is totally consistent.
The process of mutual backup can be repeated between the two stations with absolutely no loss
of data, thus guaranteeing maximum availability.
. Redundancy of operator stations

Operator station redundancy is provided by the use of multiple stations. The loss of one station
results in no loss of command facilities, though operators may suffer a temporary reduction in
the number of VDU screens available.
. Redundancy by multiple systems

Multiple system redundancy is achieved by using multiple Centralog systems on the same
network. The loss of one Centralog system is processed in the same manner as the loss of an
operator station.
.
10.3. SECURE COMMUNICATIONS – NETWORK FEATURES
The networks and buses used in the system provide a level of security appropriate for each type
of communication network (field, unit and plant).
The security of the network resides in:
• the availability of the link: each level can be equipped with dual media and line driver
circuits,
• guaranteed response times appropriate for each level (criticality),
• secure transmission (no modification in transmitted messages),
• guaranteed continuity of service, expressed by the length of time the process will
tolerate an interruption.
In the ALSPA P320 system, continuity of service is based on redundancy and on recovery
mechanisms during resource switchovers.
Another important parameter to which particular attention is given is resistance to

electromagnetic interference: the ALSPA P320’s guaranteed robustness means less need for
the implementation of transmission error correction procedures (operational ruggedness).
If a network is well protected, data recovery will be needed less often. The network will be less
vulnerable.
Use of a network based on standard and/or proven technology provides a guarantee of

resistance to all specified levels of interference, and of the robustness of transmission error
correction procedures.
The table below shows the features of each type of network.
.
Fieldbus Unit network Plant network
Controller Supervision
link link
Availability Yes Yes Yes Yes
Redundancy of
medium
Resistance to High Interference–prone Office
environmental interference environment environment (fiber
interference environment optic between
buildings)
Recovery of lost Cyclical Cyclical Recovery on cyclical message
frame (control process process and/or repetition on loss of data
functions)
Recovery of loss of On command supplemented by
frame (message) periodic reset to a snapshot
and information
Recovery on loss of Approx. cycle <1s <5s < 10 s
medium period
Use of fiber optic Yes Yes Yes Yes
possible on sites
with different earth
potentials
.
10.4. COMPLIANCE WITH STANDARDS
Compliance with international standards is a guarantee of the robustness of the system’s

component parts.
The system was moreover deliberately designed from the outset to integrate international
standards with particular respect to:
• resistance to the environmental conditions,
• power supplies,
• fieldbuses.
Environmental conditions:
The reference standards used are those of the IEC.
The main standards applied to equipment comprising the ES automation cell are as follows:
1 – ELECTRICAL CHARACTERISTICS
50 Hz dielectric withstand voltage IEC 950 1 500 V rms

Impulse rated dielectric withstand voltage 1.2/50 us IEC 664 3 kV peak
2 – MECHANICAL/CLIMATIC OPERATING ENVIRONMENT
Ambient air temperature IEC 654–1 5_ C to 40_ C

Vibration withstand IEC 654–3 10 to 57 Hz: 75 m m peak
57 to 500 Hz : 1 g peak
3 – ELECTROMAGNETIC FIELDS
Immunity to radiated interference
HF radiation field IEC 61000–4–3 Level 3 10 V/m

Electrostatic discharge IEC 61000–4–2 Level 3 8kV (air)
Immunity to conducted interference
Damped oscillating wave IEC 61000–4–12 Level 3 CM 2,5 kV peak PS voltage

CM 1 kV peak I/O voltage
Impulse IEC 61000–4–5 Level 3 CM 2kV peak PS voltage

Rapid burst transients IEC 61000–4–4 Level 3 CM 2kV peak PS voltage

Electromagnetic emission
Radiation and conduction EN 55022 class A
.
10.5. QUALITY PROCEDURES
The as–built quality of the ALSPA P320 system contributes significantly to the system’s
operational dependability.
The system consists of products which include both hardware and software.
The software can itself be divided into two categories: system operating software (system
software), specific to the manufacturer and engineering software, specific to the applications,
which is used to customize the system for a particular site or process (project).
The system is therefore developed with a dual life cycle as explained below:
10.5.1. Development of Generic System Versions
Each product comprising the system is developed in accordance with ALSTOM Power
methodology, which incorporates the latest standards (IEC 1508, IEEE, ANSI, BS, IEC 880 for
software) and which is based on a strictly defined life cycle
(specification–production–validation). Cross checks are performed by independent teams and
environment tests (EMI and mechanical–climatic) are carried out in ALSTOM approved
laboratories. Methodology is formalized in ALSTOM quality manuals (Modal for software,
Modem for hardware).
A system series comprises a strictly defined set of component products which together form a
generic version of the system.
Each system series is produced with an identical degree of rigor (specification, integration,
validation by independent teams, functional tests, performance tests) thus enabling totally
validated versions of the system to be put into production.
Software and hardware versions are managed by computer–based tools. Re–validation

checks are carried out on each modification of a system version.
10.5.2. System Customization
The development of a project requires the production of application software and customized
systems specific to the project configuration.
Control function design
The activity of the application engineering department includes the definition of the system
components. Application engineering is subject to a strict methodology supported by the
Controcad design tools, Controtest testing tools and Centralog observation, debugging and
tuning tools.
Standard factory acceptance tests are run on a system with a reduced configuration for the
purposes of contractual factory acceptance, without integrating the whole platform system.
Functional tests are carried out Operative Unit by Operative Unit on the Controtest simulation
tool. This allows progressive delivery of the plant system without having to await completion of
all tests.
.
Any specific software (interfaces or processing, etc.) is developed in compliance with the
standards applicable to generic system products. An appropriate development life cycle is
implemented in accordance with Modal methodology.
Manufacture
System manufacture is characterized by strict control of bought–in components, rigorous

production procedures, dielectric voltage withstand tests and functional tests which guarantee
that the hardware and software versions produced are in conformity with the versions validated
on completion of the generic system.
Temperature cycle tests are carried out on control function products.
Environment tests of the type performed on the generic system are not repeated on projects,
since manufacturing procedures guarantee conformance with the reference model.
The components of the equipment used in each project are described in a manual. This manual
is the reference document used to verify conformance with specifications on completion of the
project.
.
Copies of ISO 9000 certificates covering the different activities involved in the life cycle: design engineering,
development, production of electronic equipment and certificate of accreditation of ALSTOM Power test
laboratories.
.
VERITAS Certificate
. The development and

integration of the
BOILER SAFETY Application
has been certified by “bureau

VERITAS” as compliant to
IEC 61508 SIL 3 level
SEI Assessment
. The development and integration of ALSPA P320 system software has
been awarded an quality assessment classification of:
SEI level 2.
This classification is based on the CMM – Capability Maturity Model – developed

by the Software Engineering Institute at Carnegie Mellon University in Pittsburg,
Pennsylvania, USA. This model is the reference in terms of quality as regards
software engineering activities in high technology industries (especially
defense).
. The award of this classification is indicative of the achievement of a very
high level of control of software production and system integration, with the
capability of reproducing quality levels and results.
.
11. Performance
The ALSPA P320 System is designed to provide optimum performance for power production
processes under both normal and peak operating conditions.
The system’s range of I/O controllers offers at–source timetagging of logic inputs with the fine
resolution required for power applications.
I/O controllers Precision of timetagging Max. inter–controller

resolution
CE2000 1 ms 1 ms to10 ms (configurable)
C80–35 IHR 1 ms or 10 ms depending on PU 2 ms
Response times are fast to suit rapidly changing processes, enabling efficient and convenient
process operation.
• Logic input acquisition time <1s

to display on Centralog screen
• Command transmission time <1s

from operator station to process
• Setpoint transmission time <1s

from operator station to process
These response times are obtained in the ES configuration, on dedicated operator stations, by
optimizing the use of deterministic networks (F8000 fieldbus, S8000 unit network,
CONTRONET plant network), and by the consistency of processing throughout the system.
Convenience of operation is a determining factor for operators. The Centralog system provides
optimum mimic display times to enhance the efficiency of process control operations.
• Standard view display times on dedicated operator stations
— Simple mimics <1s

— Normal mimics =1s
— Complex views <2s
.
System processing capacities are dependent on the range of products selected.
Centralog Analog variables per Peak rates

second Logic variables/s
10 200 120
30 600 300
50 1200 600
The system is designed to deal with normal and exceptional peak loads for periods of
approximately 1 minute following the progressive decrease in process logic state changes and
measurement variations.
The dynamic load model is used to compute performance and procure the maintenance of
optimum economic conditions even in the most serious or exceptional cases.
Supervision
1s response time
(or faster)
Standard
50ms cycle
D No loss of operational
performance during peak load
periods (no loss of historical
data)
D deterministic management of Fieldbus

network load (S8000/F8000) subscribers
1ms
CE2000
cycle
ALSPA P320 System - Series 5 ES/EL
.

Alspa System Definition

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Alspa System Definition

Uploaded by

Copyright:

Available Formats

Series 5

1. PRESENTATION OF THE SYSTEM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

D EHV, HV, MV substations

D Chemical processes (desulfurization

Global solutions for a changing market

• in–depth knowledge of the different processes that we are specialized in:

— conventional thermal and combined cycle power plants,

ALSTOM Power ...

The ALSPA P320 system around the world:

ALSPA P320 System

Smart CE2000 C80-35

• operation and maintenance

The hardware is composed of a platform which uses industry standard components,

The system integrates the following service support software suites:

• operator/user interface and control system: CENTRALOG for a high performance

• testing: CONTROTEST is used to perform full–run tests by simulating the process

• OPTIPLANT+ is a framework for operation and maintenance: asset management,

• utilization of INTERNET/INTRANET technology enabling remote consultation of

• ruggedness (resistance to vibration, temperature, electromagnetic interference),

• operational dependability (”à la carte” redundancy, self–testing, etc.),

• man–machine interface ergonomics specifically designed for the supervision of power

The design of the ALSPA P320 system features:

• architectural flexibility while maintaining application standards,

• a full range of components enabling optimum technical and economic choice,

. PLANT OPERATION SUITE - CENTRALOG

• The CENTRALOG 30 provides an integrated set of standard functions and is designed

• standard and advanced control loops,

• formation of signals associated to process control and alarms,

• acquisition and display of process data,

• validation of sensor data and formation of sensor/actuator signals,

• timetagging of events and sample measurements.

• C80–35 (EL) and C80–75 (ES) multi–function cell controllers,

• Field controllers and smart instruments.

. ENGINEERING SUITE - CONTROCAD

. CENTRALOG and CONTROCAD

Client/server architectures are implemented over standardized communication networks and by

Deterministic with Internet

Unit network Connection to others:

Time–tag at source LV/MV actuator

Control functions are performed by controllers classed in several categories:

• multi–function controllers; these controllers manage communications with operational

Instrumentation and actuation are performed by partner products.

The functions offered by the system are used

• Engineering: the CONTROCAD suite is used to support document production, receive

• Testing: the CONTROTEST suite enables applications to be fully validated using

• Simulation: the replica TRAINING SIMULATOR constitutes a powerful teaching and

• Optimization of process settings: implementation of tuning assistance and

• Operational and maintenance assistance: process monitoring, deviation and

• Upgrading: modular hardware and software structure enables the system to be

2.1. CENTRALOG COMPONENTS

The Centralog 10 station integrates an S8000 unit network coupler board.

• servers (CIS): data processing

• viewers (CVS): mimic display processing (man–machine interface)

In Centralog C30/C50 configurations, the hardware used is based on stations implementing 64

Centralog hardware can be used to host other system software suites.

This network is used to connect peripherals such as printers.

The automation cell is the basic

D connection to field devices

D reduction in wiring costs (fieldbus)

D range of I/Os and controllers

The automation cell consists of:

• subscribers to the F8000 fieldbus:

— CE2000 high quality controllers (redundancy, precision timetagging and

CONTROCAD is the application builder suite. It comprises control function descriptions,