Blog2, Costs, Inputs/Outputs, IO_Builder, PLC, Redundancy / By

BMS Safety PLC

Let’s see an example of I/Os distribution in the case of a safety PLC for a Boiler Protection and Burner Management System for a Heat Recovery Steam Generator with post-combustion. The boiler has 8 burner ramps as shown in the image. It is advisable to use a safety PLC and verify the design and SIL level of the Safety Instrumented Functions with a tool such as SILcet or others.

bms safety plc

The distribution will be such that the failure of one card does not cause a boiler trip. We group the signals as follows:

a) General I/Os with 2oo3 logic: these are critical signals that trip the boiler, such as a high pressure in the main gas line, a high level in the steam drum, high pressure in the steam output, etc. Most are analog ones.

b) General I/Os with 2oo2 logic: these are redundant signals related to major equipment whose malfunction causes a total or partial trip, for example the main gas shut-off valves.

c) General single I/Os (group “p1” in the picture): these are signals that do not directly cause a trip, for example permissives to start up, signals of general igniter valves, outputs to lamps, etc.

d) Single I/Os for burner ramps 1 to 4 (group “p2“): these are specific signals of the first 4 burner ramps, such as outputs to close/open the gas shut-off valves of each ramp, flame detectors, etc. The failure of a signal (card fault or failure in the field instrument) will cause the trip of some or all ramps.

e) Single I/Os for burner ramps 5 to 8 (group “p3“): these are specific signals of the last 4 burner ramps, such as outputs to close/open the gas shut-off valves of each ramp, flame detectors, etc. The failure of a signal (card fault or failure in the field instrument) will cause the trip of some or all ramps.

bms safety plc

Let’s now see several examples of distribution of signals performed with IO_Builder.
We have considered 2 cases with cards available from manufacturers of safety PLCs.

Cases A and C: with PLC cards of 24 DI, 10 DO and 6 AI (all fail safe).

Cases B and D: with PLC cards of 32 DI, 32 DO and 32 AI (all fail safe). In this case we use high-density modules that are not so common in safety PLCs.

bms safety plc

The data of “I/Os excess” refers to signals we don’t need as in the above amounts we already included spares.

In model 1 we obtain a similar hardware price in both cases so the choice is clearly technical. From the standpoint of availability we prefer the case A.

In the case of model 2 the price is clearly lower in D. This architecture uses a single I/O Rack, and therefore must have a redundant power supply. For the purposes of availability we should analyze what is the MTBF (Mean Time Between Failures) of the common parts (rack and bus at least), and other factors if we go deeper.

The choice between a manufacturer and another will depend on the total cost and other factors (depending on if I’m the end user or the system integrator). In any case this type of analysis is important to do depending on the complexity of the architecture.

case-a

Finally we show a couple of images with architectures of cases A and C generated by IO_Builder.

case-c