Blog2, Inputs/Outputs, PLC, Redundancy / By

Input/Output Architecture in the control system

We will give an overview of most common input/output architectures in a control system, depending on whether the priority is “Safety” or “Availability“.

1-Architectures of Inputs

The following image shows the most common configurations. The letter “D” in yellow stands for “Diagnosis” and usually is associated with the Safety PLC.

1oo2 logic (1 out of 2) provides a plus of safety, so that failure of one channel does not prevent the shut down action when necessary. This logic does not prevent the spurious trips, even worst, probability of spurious trip is doubled.

2oo2 logic (logic 2 of 2) solves the problem of spurious trips since it is necessary that 2 channels fails at a time to initiate shut down. The safety of this logic is lower than 1oo2.

2oo3 logic provides the advantages of the previous two and is widely used in industrial processes. It is based on a voting system, so that at least two channels must fails to cause a trip.

inputs logic

The correct 2oo3 logic design is not completed using three signals and installing three elements in the field, it is necessary to make a deeper analysis, mandatory if we are required to design according to SIL 2 or SIL-3 IEC-61508. For example:

-The field transmitters must not be mounted with common elements (isolation valve, etc.).

-It is important to calculate correctly the total PFDavg (Average Probability of Failure on Demand) of our system according to IEC-61508. Keep in mind that the PFDavg is directly related to dangerous undetected failures.

-etc.

The system design must be done as a whole including PLC and all field elements. Remember that the use of products or components certified for SIL applications is not the only requirement for a Safety Instrumented System (SIS).

2- Arquitectures of Outputs

The considerations to be made, in the case of the outputs, are similar to those already mentioned for the inputs. We will assume, for simplicity, that the field element is unique.

In the outputs there is another element to be considered which are intermediate relays. They may be conventional relays or safety relays. In the case of using a safety PLC, we can wired directly to field element or use intermediate safety relays (link with example).

1oo2 outputs

If our priority is “high availability” we have several options shown in the following images.

2oo2 outputs

2oo3 2oo2D outputs

3- Distribution of signal within the modules

Another aspect to be careful when designing the control system is how to properly distribute the signals on the input and output modules. It must be done consistently to avoid to reduce safety or availability of the whole.

For example:

Double signals (1oo2, 2oo2) or triple ones (2oo3) must be wired to different modules or even different racks.

We have designed an architecture builder that helps a lot to do this and to choose the configuration that best fits the specification.

-Duplicated field units that use non-redundant inputs/outputs (1oo1 logic) must be wired to different modules and racks. Sometimes this means we can reduce the number of redundant signals to get some cost savings.

For example: Boiler with 4 burners and safety PLC SIL-3.

  1. Signals that cause the boiler trip with 2oo3 logic for inputs and 2oo2 for redundant outputs.
  2. Signals that cause burner trip: non-redundant inputs and outputs of each burner mounted in a different rack.

In this way we would need four racks with the following configuration:

Racks 1 with redundant power supply: general I/Os and burner 1.

Racks 2, 3 and 4 with non-redundant power supply: I/Os of burners 2, 3 and 4. The failure of a signal or a rack mean the loss of a burner (25% of the steam production).