WO2015169352A1 - Flexible controller utilization in a process control system - Google Patents

Flexible controller utilization in a process control system Download PDF

Info

Publication number
WO2015169352A1
WO2015169352A1 PCT/EP2014/059346 EP2014059346W WO2015169352A1 WO 2015169352 A1 WO2015169352 A1 WO 2015169352A1 EP 2014059346 W EP2014059346 W EP 2014059346W WO 2015169352 A1 WO2015169352 A1 WO 2015169352A1
Authority
WO
WIPO (PCT)
Prior art keywords
controllers
physical
control
virtual
controller
Prior art date
Application number
PCT/EP2014/059346
Other languages
French (fr)
Inventor
Johan Gunnar
Kjell-Joar Alme
Mats Gunnmarker
Tommy Lillehagen
Original Assignee
Abb Technology Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Abb Technology Ltd filed Critical Abb Technology Ltd
Priority to PCT/EP2014/059346 priority Critical patent/WO2015169352A1/en
Publication of WO2015169352A1 publication Critical patent/WO2015169352A1/en

Links

Classifications

    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B19/00Programme-control systems
    • G05B19/02Programme-control systems electric
    • G05B19/418Total factory control, i.e. centrally controlling a plurality of machines, e.g. direct or distributed numerical control [DNC], flexible manufacturing systems [FMS], integrated manufacturing systems [IMS], computer integrated manufacturing [CIM]
    • G05B19/41845Total factory control, i.e. centrally controlling a plurality of machines, e.g. direct or distributed numerical control [DNC], flexible manufacturing systems [FMS], integrated manufacturing systems [IMS], computer integrated manufacturing [CIM] characterised by system universality, reconfigurability, modularity
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/16Error detection or correction of the data by redundancy in hardware
    • G06F11/20Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements
    • G06F11/202Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements where processing functionality is redundant
    • G06F11/2023Failover techniques
    • G06F11/203Failover techniques using migration
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5005Allocation of resources, e.g. of the central processing unit [CPU] to service a request
    • G06F9/5027Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resource being a machine, e.g. CPUs, Servers, Terminals
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5083Techniques for rebalancing the load in a distributed system
    • G06F9/5088Techniques for rebalancing the load in a distributed system involving task migration
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/20Pc systems
    • G05B2219/22Pc multi processor system
    • G05B2219/2239Reallocate, reschedule execution of controlled functions if one processor fails
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/30Nc systems
    • G05B2219/31From computer integrated manufacturing till monitoring
    • G05B2219/31264Control, autonomous self learn knowledge, rearrange task, reallocate resources
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/30Nc systems
    • G05B2219/31From computer integrated manufacturing till monitoring
    • G05B2219/31355Fault, if one station defect, stop it, other stations take over
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/30Nc systems
    • G05B2219/33Director till display
    • G05B2219/33334Load balancing, distribution between processors
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/02Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]

Definitions

  • the embodiments described herein relate generally to process control systems and in particular to devices and methods that allows for flexible controller utilization in a process control system.
  • Computer controlled process control systems are used for controlling and/or monitoring of industrial processes in many different types of industries and utilities such as automotive, chemical, pharmaceutical, food, metal, mines, steel mills, consumer products, power generation, power distribution, pure and waste water handling, oil refineries, gas pipe-lines and off-shore platforms.
  • Field devices which are instruments or actuators such as motors, valves, valve positioners and sensors of different types perform functions within the process such as driving conveyor belts, opening or closing valves, and measuring process control parameters. Controllers perform control functions to monitor and control the field devices. Such control functions may involve receiving signals indicating process control measurements, processing the received information and generating control signals that are transmitted to the field device(s) to control and/or monitor the operation of the process.
  • An operator is generally able to perform desired operations with respect to the process by means of an operator workstation that is communicatively connected to receive process information from field devices and controllers.
  • the operator may e.g. be able to view the current state of the process via a user interface, perform evaluations of the process and modify the operation of the process by using the operator workstation.
  • a primary digital controller is responsible for operating the control logic and a backup digital controller receives process inputs from the primary controller and executes the control algorithm in parallel to the primary controller according to a synchronous execution method.
  • logic runs on dedicated controllers and redundancy is managed locally, close to the controlled hardware.
  • Input/output (I/O) signals from field instruments and actuators are typically terminated in local I/O units and controllers.
  • I/O Input/output
  • fault tolerance is implemented by means of adding redundant counterparts to each controller and/or I/O unit, but this also restrains the extent of where recovery can take place and how faults can be detected and reverted.
  • An object of the present invention is to provide an improved process control system and method which at least partly overcome some of the above mentioned problems.
  • a first embodiment provides a process control system comprising a plurality of physical controllers for controlling a plurality of field devices and a field network interconnecting the plurality of physical controllers and the plurality of field devices.
  • the process control system also comprises a control function manager for setting-up and managing a set of virtual controllers, allocating control functions for controlling the field devices to the set of virtual controllers and allocating physical controllers for executing the control functions allocated to the set of virtual controllers.
  • the field network is configured to provide a communication connection between any one of the plurality of physical controllers and any one of the plurality of field devices.
  • the plurality of physical controllers are configured as a shared pool of hardware resources of the set of virtual controllers such that any one of the physical controllers is capable of executing one or several control functions allocated to any one or several virtual controller of the set of virtual controllers in accordance with an allocation instruction from the control function manager to control any of the plurality of field devices.
  • a second embodiment provides a method to be carried out in a process control system comprising a plurality of physical controllers for controlling a plurality of field devices, a field network (D3) interconnecting the plurality of physical controllers and the plurality of field devices and a control function manager for setting-up and managing a set of virtual controllers.
  • the field network is configured to provide a communication connection between any one of the plurality of physical controllers and any one of the plurality of field devices.
  • the plurality of physical controllers are configured as a shared pool of hardware resources of said set of virtual controllers such that any one of the physical controllers is capable of executing one or several control functions allocated to any one or several virtual controller of the set of virtual controllers in accordance with an allocation instruction from the control function manager to control any of the plurality of field devices.
  • the control function manager allocates control functions for controlling the plurality of field devices to the set of virtual controllers and allocates physical controllers for executing the control functions allocated to the set of virtual controllers.
  • a third embodiment provides a computer program product on a computer readable medium comprising computer program code instructions configured, when said program code is loaded into and executed by a processor provided in a process control system, to cause the method according to the second embodiment to be carried out.
  • An advantage of embodiments of this disclosure is that a flexible controller utilization and flexible controller redundancy may be provided in process control systems that allow for easy operation and maintenance, and reallocation of computational resources,
  • Another advantage of some embodiments is that hot-swapping of components during production is enabled.
  • some embodiments provide for a possibility for extended maintenance interval e.g., in subsea applications.
  • Fig. 1 is a schematic diagram of a process and a process control system according to prior art.
  • Fig. 2 is a schematic diagram of a process control system according to an embodiment of the invention.
  • Fig. 3 is a schematic diagram illustrating allocation of control functions to virtual controllers and physical controllers according to an embodiment of the invention.
  • Figs. 4a and 4b are schematic diagrams illustrating reallocation of control functions to another physical controller according to an embodiment of the invention.
  • Figs. 5a and 5b are schematic diagrams illustrating reallocation of control functions to another physical controller according to another embodiment of the invention.
  • Figs. 6a and 6b are schematic diagrams illustrating reallocation of control functions to another physical controller according to yet another embodiment of the invention.
  • Figs. 7a and 7b are schematic diagrams illustrating reallocation of control functions to another physical controller according to a further embodiment of the invention.
  • Fig. 8 is a schematic diagram illustrating allocation of control functions to physical controllers according to an embodiment of the invention.
  • Fig. 9 is a flow diagram illustrating an embodiment of a method to be carried out in a process control system.
  • Fig. 10 is a flow diagram illustrating an alternative embodiment of a method to be carried out in a process control system.
  • Fig. 1 1 is a schematic block diagram illustrating an exemplary embodiment of a control function manager and a computer program product.
  • Fig. 1 shows schematically a control system 20 for a process 30, i.e. a process control system.
  • the process control system 20 is a computerized process control system for controlling an industrial process 30.
  • the process 30 may comprise a number of different sub-processes and process sections.
  • the process may be monitored through one or more process monitoring computers, which communicate with a server handling monitoring and control of the process.
  • the process control system 20 includes a number of operator workstations or terminals 27, 28 connected to a first data bus D1 .
  • a wireless gateway 25 is connected to a wireless network and is also connected to the first data bus D1 and configured such that portable workstations such as workstation 26 may access the control system 20 wirelessly.
  • the process 30 may comprise process controllers 31 , 32 and monitored equipment collectively referred to as field devices such as a motor 36, valves 34, 38, and measuring equipment such as sensors 35, 37.
  • the controller 31 , motor 36, valve 38, and sensor 37 are part of a first process section, and the controller 32, valve 34 and sensor 35 are part of a second process section.
  • process interface units also referred to as I/O units 64 and 66 for providing a communicative connection between the process 30 and the process control system 20. It should however be realized that there may be more or fewer of each of these interface units 64, 66. It should here also be realized that some of these may only be provided for control, some only for measurements and some for both control and measurements. It should be realized that one or more of sensor units 35, 37 may be connected to such process interface units. Such units are involved in controlling the process 30 and in doing this also involved in measuring physical properties related to the process.
  • the measured properties may here comprise properties of the process itself such as measurements of temperature or pressure in a pulp and paper process, a steel mill, an oil & gas production site, a petrochemical process, a pharmaceutical process or measurements such as current and voltage in electrical power process measurements of generation, transmission and distribution processes.
  • the controllers 31 and 32 would typically be provided in redundant pairs such that another controller is provided to execute the respective control algorithms of controllers 31 and 32 in parallel according to a synchronous execution method.
  • Fig. 1 it can be seen from Fig. 1 that there is a limited flexibility in the arrangement of the controllers. If the controller 31 would become overloaded or fail, control function resources available in the controller 32 cannot assist in the control of the motor 36 or valve 38.
  • FIG. 2 is a schematic diagram illustrating a process control system 220 which has been configured to implement flexible controller utilization according to an embodiment as described in this disclosure. Those elements disclosed in Fig. 2 which correspond exactly to already described elements in Fig. 1 have been given the same reference numerals as in Fig. 1 .
  • the process control system 220 monitors and controls a process 230.
  • the process control system 2 comprises field devices such as actuators and instruments that are connected to the process control system via a field network D3 either directly or via I/O units such as I/O units 67 and 68 shown in Fig. 2.
  • the field devices of the process 230 comprises valves 34, 38, a motor 36 and sensors 35, 37 and 39 as schematically illustrated in Fig. 2, but it should be understood that the process 230 may comprise a much larger number of field devices of different types.
  • the process control system 220 comprises a number of physical controllers 1 1 configured to interact with the field devices 230 and execute control functions in order to monitor and control the process 230.
  • the physical controllers are hardware units that comprise interfaces for input and output of signals from/to the field devices via the field network D3 and from/to overhead system units such as a server 21 and workstations 26, 27, 28 via data buses D1 and D2.
  • the physical controllers also comprise processing means, e.g. processors configured to process received input signals, generate output signals and process software code instructions in order to execute control functions.
  • the field network D3 is configured to provide a communication connection between any one of the physical controllers 1 1 and any one of the field devices 34-39. Depending on e.g. the location of the process 230 and delay requirements the field network may be implemented by means of many different types of communication networks using different types of communication protocols. According to an example embodiment the field network D3 is implemented as a PROFINET network.
  • the process control system 230 also comprises a control function manager 10.
  • the control function manager is a functional entity responsible for setting-up and managing a set of virtual controllers, allocating control functions for controlling the field devices to the set of virtual controllers and allocating physical controllers for executing the control functions allocated to the set of virtual controllers.
  • the control function manager would typically be implemented in software arranged to execute in a dedicated processing unit such as schematically illustrated in Fig. 2 or arranged in a distributed fashion to e.g. execute in the processing means of the physical controllers 1 1 .
  • a virtual controller may be set-up by software logic to emulate a hardware controller according from the view point of overhead control system units such as the server 21 hus the introduction of the control function manager does not require any modification of overhead control system units such as servers and/or workstations.
  • the virtual controllers serve to functionally separate control logic from controller hardware resources to allow for flexible and efficient allocation of controller hardware resources for executing the desired control functions.
  • the virtual controllers make it possible to keep complexity low since control functions that depend on each other may be grouped and allocated to the same virtual controller which make it possible to hide to overhead control system units that a large number of physical controllers are in fact involved in executing a group of control functions.
  • Fig. 3 is a diagram schematically illustrating allocation of control functions to virtual controllers VC1 , VC2, VC3 and physical controllers 1 1 a, 1 1 b, 1 1 c, 1 1 1 d, 1 1 e.
  • Fig. 3 illustrates the overall layout of the process control system comprising overhead control system 29, the control function manager 10, the virtual controllers VC1 , VC2, VC3 managed by the control function manager 10, physical controllers 1 1 a-e and the field network D3 for providing connection to field devices 31 .
  • the control function manager 10 and the virtual controllers VC1 - VC3 form a virtualization layer between the upper-most control nodes of the system, i.e.
  • the lower-most layers of the process control system may be regarded as a shared pool of resources that the overhead control system 29 can allocate control functions and control loops to dynamically.
  • the dynamicity of the system will yield increased robustness and reliability as it takes away the need for low-level and complex hardware to deal with fault-tolerance and redundancy.
  • this architecture has the potential to improve the overall performance of the system significantly, as computation and processing can be distributed more evenly amongst the available controllers and thus reduce the risk of hotspots in the system.
  • the control function manager 10 In terms of redundancy and modularity, the system also enables hot-swapping of faulty or defect components without this having any noticeable impact on the rest of the system.
  • the control function manager 10 regardless of where it resides, such as inside every one of the physical controllers 1 1 a-e or in support hardware separated from the physical controllers, is responsible for spawning virtual controllers and allocating system-wide control functions to the physical controllers depending on availability, load, etc. Say for instance, as illustrated in Fig. 3, that the control function manager allocates control functions F(1 ) through F(n) to the virtual controller VC1 that, say run on a dual pair of physical controllers 1 1 a and 1 1 b.
  • the control function manager 10 may decide to allocate m of the functions to one of the controllers and the rest (n-m) to the other one. Assume likewise that control functions G(1 ) through G(n) are allocated to the virtual controller VC2 and control functions H(1 ) though H(n) are allocated to the virtual controller VC3.
  • the physical controllers 1 1 c and 1 1 d are allocated to execute the control functions allocated to the virtual controller VC2 and the physical controller 1 1 e is allocated to execute the control functions allocated to the virtual controller VC3. Additional redundant controllers may be allocated analogously to synchronously execute the same control functions as the physical controllers 1 1 a-e but this is not described in detail here for simplicity.
  • Figs. 4a and 4b are schematic diagrams illustrating reallocation of functionality in the event of a failure of a physical controller.
  • the virtual controller VC1 controls field devices 34, 35 and 39 by means of the physical controllers 1 1 a and 1 1 b that execute control functions F(1 ) - F(n).
  • the control function manager has allocated the physical controllers such that 1 1 a executes control functions F(1 )-F(m) while the physical controller 1 1 b executes control functions F(m+1 ) - F(n) as illustrated in Fig. 4a.
  • the physical controller 1 1 c might be either idle or executing control functions allocated to another virtual controller.
  • Fig. 4b illustrates a scenario where the virtual controller 1 1 a fails.
  • the control function manager reallocates the physical controllers used by the virtual controller VC1 such that control functions F(1 )-F(k) now are executed by the physical controller 1 1 c and control functions F(k+1 )-F(n) are executed by the physical controller 1 1 b.
  • the control function manager may decide that the physical controller 1 1 c replaces the physical controller 1 1 a and executes the same control functions that the physical controller 1 1 a executed before failing. But if e.g.
  • the control function manager may decide to let the physical controller 1 1 c execute less or more control functions than the physical controller 1 1 a did. This reallocation of physical controllers is transparent to the overhead control system.
  • Figs. 4a and 4b illustrates reallocation triggered by a failure of a physical controller 1 1 a, but the controller function manager may be configured to reallocate physical controllers assigned to execute a particular set of control functions for a variety of reasons such as load sharing between physical controllers and communication links or in response to an operator reallocation command. If e.g. the hardware is to be updated it is possible to reallocate the control functions to make a physical controller that is to be updated idle before it is replaced.
  • control functions allocated to a virtual controller are executed by a single or a plurality of physical controllers.
  • a physical controller is allocated to execute control functions allocated to a plurality of different virtual controllers.
  • the physical controllers are configured to execute control functions allocated to any virtual controller but the physical controllers are only allocated to one virtual controller at a time.
  • the physical controllers are configured into subsets serving a respective virtual controller. If one physical controller of a particular subset fails the control function manager performs a reallocation of the physical controllers within the particular subset.
  • Figs. 5a and 5b illustrate how redundant pairs may be handled according to an exemplary embodiment.
  • Fig. 5a shows that the control function manager has allocated the physical controllers such that the physical controllers 1 1 a and 1 1 b are redundant pairs which both execute control functions F(1 )-F(m). If one of the physical controllers 1 1 a or 1 1 b fails the control operation can continue uninterrupted since one of the controllers is still working. The control function manager can then reallocate the physical controllers such that e.g. the physical controllers 1 1 b and 1 1 c forms a new redundant pair (assuming that it was the physical controller 1 1 a that failed) as illustrated in Fig. 5b.
  • Figs. 6a and 6b illustrate an embodiment in which the physical controllers are divided into subsets and allocated to a respective virtual controller.
  • the physical controllers 1 1 a, 1 1 b and 1 1 c have been allocated to the virtual controller VC1 . If one of the physical controllers of the subset would fail such as the physical controller 1 1 a, the control function manager would perform a reallocation of control functions allocated to the physical controllers of the subset of controllers allocated to the virtual controller VC1 as illustrated in Fig. 6b.
  • Figs. 7a and 7b illustrates an exemplary scenario where the physical controllers 1 1 a and 1 1 b first are allocated to execute control functions allocated to the virtual controller VC1 , but after a reallocation (e.g. due to failure of the physical controller 1 1 a) the physical controllers 1 1 b and 1 1 c execute the control functions allocated to the virtual controller VC1 .
  • Fig. 8 illustrates a scenario with a more complex allocation scheme according to which some physical controllers execute control functions allocated to a single virtual controller while other physical controllers execute control functions allocated to more than one virtual controller.
  • Fig. 8 shows that the physical controller 1 1 b executes control functions allocated to the virtual controller VC1 , the physical controllers 1 1 c and 1 1 d executes control functions allocated to the virtual controller VC2 and the physical controller 1 1 a executes control functions allocated to both the virtual controller VC1 and the virtual controller VC2.
  • the physical controllers 1 1 e and 1 1 f are spare controllers which may be reallocated to execute control functions of either the virtual controller VC1 or VC2 as desired in accordance with allocation instructions from the control function manager.
  • Fig. 9 is a flow diagram illustrating a method to be carried out in a process control system according to an embodiment as described above. The method comprises a step 51 according to which the control function manager allocates control functions for controlling the field devices to the set of virtual controllers and a step
  • control function manager allocates physical controllers for executing the control functions allocated to the set of virtual controllers.
  • Fig. 10 is a flow diagram of an alternative embodiment of a method to be carried out in a process control system.
  • the method illustrated in Fig. 10 comprises steps 51 and 52 corresponding to the steps of the method of Fig. 9 and also a step 54 of the control function manager reallocating a physical controller by changing the physical controller that is assigned to execute a particular control function.
  • the step 54 is performed in response to a step
  • Such an event may according to different embodiments be:
  • control functions F(1 )-F(n) which are assigned to the virtual controller VC1 are safety critical control functions which if not performed might impact the safety of personnel, process equipment and/or the environment.
  • the control functions G(1 )-G(n) allocated to the virtual controller VC2 are assumed to be production related control functions which if not performed have a negative impact on the production of the process but without risking the safety of personnel or equipment.
  • control functions H(1 )-H(n) allocated to the virtual controller VC3 are assumed to be control functions that relate to functions that are nice to have but which do not have a direct impact on the current performance of the process, such as control functions related to condition-based maintenance, collection of statistics etc.
  • the control function manager can easily control the process to run in a reduced mode by deactivating control functions with a lower priority first, in this example by deactivating the control functions allocated to the virtual controller VC3, in order to ensure that there are enough controller resources for executing control functions with a higher priority, namely those allocated to the virtual controllers VC1 and VC2 in the present example.
  • Fig. 1 1 is a schematic block diagram illustrating an exemplary embodiment of a control function manager 10.
  • the control function manager 10 comprises software as well as dedicated hardware of a unit separate from the physical controllers but as mentioned above it is according to other embodiments possible that the control function manager comprises software that is distributed and executed in the physical controllers.
  • the control function manager may also according to some embodiments comprise a central part separate from the physical controllers and local parts comprising software executed in processors of the physical controllers.
  • 1 1 comprises one or several interfaces 73 for communicating with the physical control units and overhead control system, one or several processors 74 for executing software code instructions, a memory 76 and a computer program product 75 loaded into the memory 76 and comprising computer program code instructions configured, when the program code is loaded into and executed by the processor(s) 74, to cause the method shown in Fig. 9 or Fig. 10 to be carried out.
  • the computer program product may also be stored on other types of computer readable media, both volatile and non-volatile, such as portable memory devices e.g. USB-sticks, CD-ROM discs and portable harddiscs which may be loaded into and executed by processors of the process control system.
  • Embodiments described herein may be particularly advantageous to use in subsea applications in which either the field devices or the field devices and the controllers are installed subsea. Since it is particularly difficult and costly to replace or maintain hardware that is placed subsea the possibility for an extended maintenance interval that is provided by the flexible redundancy of the disclosed embodiments is very beneficial for subsea applications. Furthermore the disclosed embodiments makes it easy to provide an overcapacity in terms of controller hardware resources and to allow for such redundant hardware to be used as efficiently as possible to improve system performance. Consider e.g. an example scenario where there is a real requirement of 40 physical controllers to execute the desired control functions but 50 physical controllers are provided to give spare capacity.
  • the control function manager may e.g. allocate the control functions such that 45 of the 50 physical controllers are used to execute control functions as long as all physical controllers are working in order to not overload any of the physical controllers to ensure best possible performance.
  • the control function manager may be implemented to allocate the control functions to the set of virtual controllers in different ways. It is beneficial to group control functions that are mutually dependent within the same virtual controller. Assume for instance that a first control function F(x) implies reading measurements of pressure before and after a pump and computing the differential pressure. A second control function F(y) uses the differential pressure and a detected rotation speed of a motor driving the pump, computes how the rotation speed needs to be changed in order to get the desired pressure conditions for the pump and controls the power supplied to the motor accordingly. Since the first and second control function F(y) depends on the control function F(x) it is appropriate that these control functions are allocated to the same virtual controller.
  • One virtual controller may e.g.
  • Physical controllers according to prior art are usually configured to receive instructions regarding which field devices to control and if software required to communicate with and control these devices are not already present in the physical controller it is common to download such software via a communication network. Such programmable physical controllers are already provided with the properties necessary for interacting with the control function manager. Accordingly implementation of the above described embodiments will generally not require any adaptation of the hardware of the physical controllers. The only requirement is that the physical controllers are connected to the field network interconnecting the plurality of physical controllers and the plurality of field devices and that the physical controllers are configured as a shared pool of hardware resources of the set of virtual controllers. As is apparent from the above description there are numerous advantages associated with different ones of the above described embodiments. Example embodiments:
  • Virtualization can simplify the engineering process for achieving fault-tolerance and high availability.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Quality & Reliability (AREA)
  • Manufacturing & Machinery (AREA)
  • Automation & Control Theory (AREA)
  • Hardware Redundancy (AREA)

Abstract

The disclosure relates to a process control system (220), a method and a computer program product. The process control system (220) comprises a plurality of physical controllers (11) for controlling a plurality of field devices (34-39), a field network (D3) interconnecting the plurality of physical controllers (11) and the plurality of field devices (34-39), and a control function manager (10) for setting-up and managing a set of virtual controllers, allocating control functions for controlling the field devices (34-39) to the set of virtual controllers (VC1, VC2, VC3) and allocating physical controllers (11) for executing the control functions allocated to the set of virtual controllers. The field network (D3) is configured to provide a communication connection between any one of the plurality of physical controllers (11) and any one of the plurality of field devices (34-39). The plurality of physical controllers (11) are configured as a shared pool of hardware resources of the set of virtual controllers.

Description

FLEXIBLE CONTROLLER UTILIZATION IN A PROCESS CONTROL
SYSTEM
TECHNICAL FIELD
The embodiments described herein relate generally to process control systems and in particular to devices and methods that allows for flexible controller utilization in a process control system.
BACKGROUND
Computer controlled process control systems are used for controlling and/or monitoring of industrial processes in many different types of industries and utilities such as automotive, chemical, pharmaceutical, food, metal, mines, steel mills, consumer products, power generation, power distribution, pure and waste water handling, oil refineries, gas pipe-lines and off-shore platforms. Field devices which are instruments or actuators such as motors, valves, valve positioners and sensors of different types perform functions within the process such as driving conveyor belts, opening or closing valves, and measuring process control parameters. Controllers perform control functions to monitor and control the field devices. Such control functions may involve receiving signals indicating process control measurements, processing the received information and generating control signals that are transmitted to the field device(s) to control and/or monitor the operation of the process. An operator is generally able to perform desired operations with respect to the process by means of an operator workstation that is communicatively connected to receive process information from field devices and controllers. The operator may e.g. be able to view the current state of the process via a user interface, perform evaluations of the process and modify the operation of the process by using the operator workstation.
In order to make the process control system more fault tolerant controllers are often arranged in redundant pairs such as described in the international patent application WO 00/62135 A1 where a primary digital controller is responsible for operating the control logic and a backup digital controller receives process inputs from the primary controller and executes the control algorithm in parallel to the primary controller according to a synchronous execution method. In traditional process control systems, logic runs on dedicated controllers and redundancy is managed locally, close to the controlled hardware. Input/output (I/O) signals from field instruments and actuators are typically terminated in local I/O units and controllers. The setup and allocation of logic and control functions to specific controllers in the overall system and supporting inter-process communication tend to be static once deployed. After engineering and commissioning, the system becomes less amenable to change due to the complexity and risks associated with low-level alterations in a large and live production system.
If a controller fails, alongside its redundant counterpart, or if interlinking communication is broken, then the functions of that particular piece of equipment or process section cease to exist in the overall system. As the logic is configured in a master-slave coupling between each controller and I/O unit, and relevant field devices, an internal fault has the potential to break down an entire control loop. Further, there is no easy way to balance the processing load of the system between existing controllers after the engineering phase has been completed. Thus, if the load becomes too high in one part of the system and causes degraded performance, there is no way to compensate for that by reassigning computation resources to other devices.
Typically, fault tolerance is implemented by means of adding redundant counterparts to each controller and/or I/O unit, but this also restrains the extent of where recovery can take place and how faults can be detected and reverted.
In subsea applications wherein field devices and often also controllers are installed subsea it is highly desirable that hardware is maintained or replaced as seldom as possible due to the cost and difficulty involved when performing such operations subsea. There is therefore a need for process control systems and methods that are fault tolerant and allow for flexible use of installed hardware. SUMMARY
An object of the present invention is to provide an improved process control system and method which at least partly overcome some of the above mentioned problems.
The above stated object is achieved by means of a process control system, a method and a computer program product according to the independent claims.
A first embodiment provides a process control system comprising a plurality of physical controllers for controlling a plurality of field devices and a field network interconnecting the plurality of physical controllers and the plurality of field devices. The process control system also comprises a control function manager for setting-up and managing a set of virtual controllers, allocating control functions for controlling the field devices to the set of virtual controllers and allocating physical controllers for executing the control functions allocated to the set of virtual controllers. The field network is configured to provide a communication connection between any one of the plurality of physical controllers and any one of the plurality of field devices. Furthermore the plurality of physical controllers are configured as a shared pool of hardware resources of the set of virtual controllers such that any one of the physical controllers is capable of executing one or several control functions allocated to any one or several virtual controller of the set of virtual controllers in accordance with an allocation instruction from the control function manager to control any of the plurality of field devices. A second embodiment provides a method to be carried out in a process control system comprising a plurality of physical controllers for controlling a plurality of field devices, a field network (D3) interconnecting the plurality of physical controllers and the plurality of field devices and a control function manager for setting-up and managing a set of virtual controllers. The field network is configured to provide a communication connection between any one of the plurality of physical controllers and any one of the plurality of field devices. The plurality of physical controllers are configured as a shared pool of hardware resources of said set of virtual controllers such that any one of the physical controllers is capable of executing one or several control functions allocated to any one or several virtual controller of the set of virtual controllers in accordance with an allocation instruction from the control function manager to control any of the plurality of field devices. According to the method the control function manager allocates control functions for controlling the plurality of field devices to the set of virtual controllers and allocates physical controllers for executing the control functions allocated to the set of virtual controllers.
A third embodiment provides a computer program product on a computer readable medium comprising computer program code instructions configured, when said program code is loaded into and executed by a processor provided in a process control system, to cause the method according to the second embodiment to be carried out.
An advantage of embodiments of this disclosure is that a flexible controller utilization and flexible controller redundancy may be provided in process control systems that allow for easy operation and maintenance, and reallocation of computational resources,
Another advantage of some embodiments is that hot-swapping of components during production is enabled.
A further advantage is that some embodiments allow for flexible load balancing to ensure satisfactory system performance. Yet another advantage of some embodiments is better degradation behavior which makes it possible and easy to run the process control system in reduced mode to a higher extent than some prior art solutions.
Furthermore some embodiments provide for a possibility for extended maintenance interval e.g., in subsea applications.
Further advantages and features of embodiments of this disclosure will become apparent when reading the following detailed description in conjunction with the drawings. BRIEF DESCRIPTION OF THE DRAWINGS
Fig. 1 is a schematic diagram of a process and a process control system according to prior art.
Fig. 2 is a schematic diagram of a process control system according to an embodiment of the invention.
Fig. 3 is a schematic diagram illustrating allocation of control functions to virtual controllers and physical controllers according to an embodiment of the invention. Figs. 4a and 4b are schematic diagrams illustrating reallocation of control functions to another physical controller according to an embodiment of the invention.
Figs. 5a and 5b are schematic diagrams illustrating reallocation of control functions to another physical controller according to another embodiment of the invention.
Figs. 6a and 6b are schematic diagrams illustrating reallocation of control functions to another physical controller according to yet another embodiment of the invention.
Figs. 7a and 7b are schematic diagrams illustrating reallocation of control functions to another physical controller according to a further embodiment of the invention.
Fig. 8 is a schematic diagram illustrating allocation of control functions to physical controllers according to an embodiment of the invention.
Fig. 9 is a flow diagram illustrating an embodiment of a method to be carried out in a process control system.
Fig. 10 is a flow diagram illustrating an alternative embodiment of a method to be carried out in a process control system.
Fig. 1 1 is a schematic block diagram illustrating an exemplary embodiment of a control function manager and a computer program product. DETAILED DESCRIPTION
The following detailed description of the example embodiments refers to the accompanying drawings. The same reference numbers in different drawings identify the same or similar elements. Also, the following detailed description is provided for the purpose of illustration and explanation of some example embodiments and not for the purpose of limitation.
Reference throughout the specification to "one embodiment" or "an embodiment" means that a particular feature, structure, or characteristic described in connection with an embodiment is included in at least one embodiment of this disclosure. Thus, the appearance of the phrases "in one embodiment" or "in an embodiment" in various places throughout the specification are not necessarily all referring to the same embodiment. Further, the particular features, structures or characteristics may be combined in any suitable manner in one or more embodiments.
To provide a good understanding for the following example embodiments, a process control system according to prior art will first be described with reference to Fig. 1 . Fig. 1 shows schematically a control system 20 for a process 30, i.e. a process control system. The process control system 20 is a computerized process control system for controlling an industrial process 30. The process 30 may comprise a number of different sub-processes and process sections. The process may be monitored through one or more process monitoring computers, which communicate with a server handling monitoring and control of the process. In Fig. 1 the process control system 20 includes a number of operator workstations or terminals 27, 28 connected to a first data bus D1 . A wireless gateway 25 is connected to a wireless network and is also connected to the first data bus D1 and configured such that portable workstations such as workstation 26 may access the control system 20 wirelessly. There is furthermore a second data bus D2, and between the first and second data busses D1 , D2 there is connected a server 21 providing control and monitoring of the process 30 and a database 23 where data, such as historical data relating to control and monitoring of the process 30 is stored. The process 30 may comprise process controllers 31 , 32 and monitored equipment collectively referred to as field devices such as a motor 36, valves 34, 38, and measuring equipment such as sensors 35, 37. The controller 31 , motor 36, valve 38, and sensor 37 are part of a first process section, and the controller 32, valve 34 and sensor 35 are part of a second process section. To the second data bus D2 there are furthermore connected process interface units also referred to as I/O units 64 and 66 for providing a communicative connection between the process 30 and the process control system 20. It should however be realized that there may be more or fewer of each of these interface units 64, 66. It should here also be realized that some of these may only be provided for control, some only for measurements and some for both control and measurements. It should be realized that one or more of sensor units 35, 37 may be connected to such process interface units. Such units are involved in controlling the process 30 and in doing this also involved in measuring physical properties related to the process. The measured properties may here comprise properties of the process itself such as measurements of temperature or pressure in a pulp and paper process, a steel mill, an oil & gas production site, a petrochemical process, a pharmaceutical process or measurements such as current and voltage in electrical power process measurements of generation, transmission and distribution processes.
The controllers 31 and 32 would typically be provided in redundant pairs such that another controller is provided to execute the respective control algorithms of controllers 31 and 32 in parallel according to a synchronous execution method. However, it can be seen from Fig. 1 that there is a limited flexibility in the arrangement of the controllers. If the controller 31 would become overloaded or fail, control function resources available in the controller 32 cannot assist in the control of the motor 36 or valve 38.
In contrast to the more fixed controller utilization described in Fig. 1 , embodiments which will be described in further detail below allow for a more flexible controller utilization. By making control software run virtually on top of a shared pool of hardware resources in the form of physical controllers, the available controller resources may be used more flexibly and efficiently. This assumes that field devices are either connected to fieldbuses and thereby available to more than one physical controller in a network, or hard-wired to I/O stations that are reachable from more than one controller node. Further, by loosening up the master-slave coupling and extending a field network to make it available to several controllers, one can allow logic to be moved seamlessly to another controller that still has access to the relevant field devices if the initially assigned controller fails or if there is congestion or contention in the system. Fig. 2 is a schematic diagram illustrating a process control system 220 which has been configured to implement flexible controller utilization according to an embodiment as described in this disclosure. Those elements disclosed in Fig. 2 which correspond exactly to already described elements in Fig. 1 have been given the same reference numerals as in Fig. 1 . The process control system 220 monitors and controls a process 230. The process 230 illustrated in Fig. 2 comprises field devices such as actuators and instruments that are connected to the process control system via a field network D3 either directly or via I/O units such as I/O units 67 and 68 shown in Fig. 2. The field devices of the process 230 comprises valves 34, 38, a motor 36 and sensors 35, 37 and 39 as schematically illustrated in Fig. 2, but it should be understood that the process 230 may comprise a much larger number of field devices of different types. The process control system 220 comprises a number of physical controllers 1 1 configured to interact with the field devices 230 and execute control functions in order to monitor and control the process 230. The physical controllers are hardware units that comprise interfaces for input and output of signals from/to the field devices via the field network D3 and from/to overhead system units such as a server 21 and workstations 26, 27, 28 via data buses D1 and D2. The physical controllers also comprise processing means, e.g. processors configured to process received input signals, generate output signals and process software code instructions in order to execute control functions.
The field network D3 is configured to provide a communication connection between any one of the physical controllers 1 1 and any one of the field devices 34-39. Depending on e.g. the location of the process 230 and delay requirements the field network may be implemented by means of many different types of communication networks using different types of communication protocols. According to an example embodiment the field network D3 is implemented as a PROFINET network. The process control system 230 also comprises a control function manager 10. The control function manager is a functional entity responsible for setting-up and managing a set of virtual controllers, allocating control functions for controlling the field devices to the set of virtual controllers and allocating physical controllers for executing the control functions allocated to the set of virtual controllers. The control function manager would typically be implemented in software arranged to execute in a dedicated processing unit such as schematically illustrated in Fig. 2 or arranged in a distributed fashion to e.g. execute in the processing means of the physical controllers 1 1 . A virtual controller may be set-up by software logic to emulate a hardware controller according from the view point of overhead control system units such as the server 21 hus the introduction of the control function manager does not require any modification of overhead control system units such as servers and/or workstations. The virtual controllers serve to functionally separate control logic from controller hardware resources to allow for flexible and efficient allocation of controller hardware resources for executing the desired control functions. The virtual controllers make it possible to keep complexity low since control functions that depend on each other may be grouped and allocated to the same virtual controller which make it possible to hide to overhead control system units that a large number of physical controllers are in fact involved in executing a group of control functions.
Fig. 3 is a diagram schematically illustrating allocation of control functions to virtual controllers VC1 , VC2, VC3 and physical controllers 1 1 a, 1 1 b, 1 1 c, 1 1 d, 1 1 e. Fig. 3 illustrates the overall layout of the process control system comprising overhead control system 29, the control function manager 10, the virtual controllers VC1 , VC2, VC3 managed by the control function manager 10, physical controllers 1 1 a-e and the field network D3 for providing connection to field devices 31 . The control function manager 10 and the virtual controllers VC1 - VC3 form a virtualization layer between the upper-most control nodes of the system, i.e. the overhead control system 29, and the physical controllers 1 1 a-e and I/O units (not shown in Fig. 3). By extending the connectivity between the field devices 31 and the physical controllers 1 1 a-e, the lower-most layers of the process control system may be regarded as a shared pool of resources that the overhead control system 29 can allocate control functions and control loops to dynamically. The dynamicity of the system will yield increased robustness and reliability as it takes away the need for low-level and complex hardware to deal with fault-tolerance and redundancy. Further, this architecture has the potential to improve the overall performance of the system significantly, as computation and processing can be distributed more evenly amongst the available controllers and thus reduce the risk of hotspots in the system. In terms of redundancy and modularity, the system also enables hot-swapping of faulty or defect components without this having any noticeable impact on the rest of the system. The control function manager 10, regardless of where it resides, such as inside every one of the physical controllers 1 1 a-e or in support hardware separated from the physical controllers, is responsible for spawning virtual controllers and allocating system-wide control functions to the physical controllers depending on availability, load, etc. Say for instance, as illustrated in Fig. 3, that the control function manager allocates control functions F(1 ) through F(n) to the virtual controller VC1 that, say run on a dual pair of physical controllers 1 1 a and 1 1 b. The control function manager 10 may decide to allocate m of the functions to one of the controllers and the rest (n-m) to the other one. Assume likewise that control functions G(1 ) through G(n) are allocated to the virtual controller VC2 and control functions H(1 ) though H(n) are allocated to the virtual controller VC3. The physical controllers 1 1 c and 1 1 d are allocated to execute the control functions allocated to the virtual controller VC2 and the physical controller 1 1 e is allocated to execute the control functions allocated to the virtual controller VC3. Additional redundant controllers may be allocated analogously to synchronously execute the same control functions as the physical controllers 1 1 a-e but this is not described in detail here for simplicity.
Figs. 4a and 4b are schematic diagrams illustrating reallocation of functionality in the event of a failure of a physical controller. Assume that the virtual controller VC1 controls field devices 34, 35 and 39 by means of the physical controllers 1 1 a and 1 1 b that execute control functions F(1 ) - F(n). The control function manager has allocated the physical controllers such that 1 1 a executes control functions F(1 )-F(m) while the physical controller 1 1 b executes control functions F(m+1 ) - F(n) as illustrated in Fig. 4a. There is also a physical controller 1 1 c in the process control system which has not been allocated to support the virtual controller VC1 . The physical controller 1 1 c might be either idle or executing control functions allocated to another virtual controller. Fig. 4b illustrates a scenario where the virtual controller 1 1 a fails. In response to detection of this failure the control function manager reallocates the physical controllers used by the virtual controller VC1 such that control functions F(1 )-F(k) now are executed by the physical controller 1 1 c and control functions F(k+1 )-F(n) are executed by the physical controller 1 1 b. In some cases the control function manager may decide that the physical controller 1 1 c replaces the physical controller 1 1 a and executes the same control functions that the physical controller 1 1 a executed before failing. But if e.g. the physical controller 1 1 c has more limited or higher capacity than the physical controller 1 1 a had, the control function manager may decide to let the physical controller 1 1 c execute less or more control functions than the physical controller 1 1 a did. This reallocation of physical controllers is transparent to the overhead control system.
Figs. 4a and 4b illustrates reallocation triggered by a failure of a physical controller 1 1 a, but the controller function manager may be configured to reallocate physical controllers assigned to execute a particular set of control functions for a variety of reasons such as load sharing between physical controllers and communication links or in response to an operator reallocation command. If e.g. the hardware is to be updated it is possible to reallocate the control functions to make a physical controller that is to be updated idle before it is replaced.
According to the above described examples it is possible that the control functions allocated to a virtual controller are executed by a single or a plurality of physical controllers. According to some embodiments it is also possible that a physical controller is allocated to execute control functions allocated to a plurality of different virtual controllers. According to other embodiments the physical controllers are configured to execute control functions allocated to any virtual controller but the physical controllers are only allocated to one virtual controller at a time. According to yet further embodiments the physical controllers are configured into subsets serving a respective virtual controller. If one physical controller of a particular subset fails the control function manager performs a reallocation of the physical controllers within the particular subset.
Some exemplary embodiments that illustrate how virtual controllers may be set- up and managed and how control functions may be allocated and re-allocated are described in further detail in Figs 5-8.
Figs. 5a and 5b illustrate how redundant pairs may be handled according to an exemplary embodiment. Fig. 5a shows that the control function manager has allocated the physical controllers such that the physical controllers 1 1 a and 1 1 b are redundant pairs which both execute control functions F(1 )-F(m). If one of the physical controllers 1 1 a or 1 1 b fails the control operation can continue uninterrupted since one of the controllers is still working. The control function manager can then reallocate the physical controllers such that e.g. the physical controllers 1 1 b and 1 1 c forms a new redundant pair (assuming that it was the physical controller 1 1 a that failed) as illustrated in Fig. 5b.
Figs. 6a and 6b illustrate an embodiment in which the physical controllers are divided into subsets and allocated to a respective virtual controller. As illustrated in Fig. 6a the physical controllers 1 1 a, 1 1 b and 1 1 c have been allocated to the virtual controller VC1 . If one of the physical controllers of the subset would fail such as the physical controller 1 1 a, the control function manager would perform a reallocation of control functions allocated to the physical controllers of the subset of controllers allocated to the virtual controller VC1 as illustrated in Fig. 6b.
Figs. 7a and 7b illustrates an exemplary scenario where the physical controllers 1 1 a and 1 1 b first are allocated to execute control functions allocated to the virtual controller VC1 , but after a reallocation (e.g. due to failure of the physical controller 1 1 a) the physical controllers 1 1 b and 1 1 c execute the control functions allocated to the virtual controller VC1 .
Fig. 8 illustrates a scenario with a more complex allocation scheme according to which some physical controllers execute control functions allocated to a single virtual controller while other physical controllers execute control functions allocated to more than one virtual controller. Fig. 8 shows that the physical controller 1 1 b executes control functions allocated to the virtual controller VC1 , the physical controllers 1 1 c and 1 1 d executes control functions allocated to the virtual controller VC2 and the physical controller 1 1 a executes control functions allocated to both the virtual controller VC1 and the virtual controller VC2. The physical controllers 1 1 e and 1 1 f are spare controllers which may be reallocated to execute control functions of either the virtual controller VC1 or VC2 as desired in accordance with allocation instructions from the control function manager. Fig. 9 is a flow diagram illustrating a method to be carried out in a process control system according to an embodiment as described above. The method comprises a step 51 according to which the control function manager allocates control functions for controlling the field devices to the set of virtual controllers and a step
52 according to which the control function manager allocates physical controllers for executing the control functions allocated to the set of virtual controllers.
Fig. 10 is a flow diagram of an alternative embodiment of a method to be carried out in a process control system. The method illustrated in Fig. 10 comprises steps 51 and 52 corresponding to the steps of the method of Fig. 9 and also a step 54 of the control function manager reallocating a physical controller by changing the physical controller that is assigned to execute a particular control function. According to some embodiments the step 54 is performed in response to a step
53 of detecting a particular event configured to trigger the reallocation of a physical controller. Such an event may according to different embodiments be:
- detection of a fault of a physical controller,
- detection of a need for load balancing, such as overload of a physical controller or an uneven load distribution, or
- detection of an operator reallocation command, e.g. initiated by the operators desire to do some maintenance work on a particular physical controller.
The flexible redundancy provided by means of using a control function manager and virtual controllers as described above allows for better degradation behavior than process control systems according to prior art. By allocating control functions to the set of virtual controllers in an appropriate way it is made easy to run in a reduced mode if required. Referring again to Fig. 3, assume that control functions F(1 )-F(n) which are assigned to the virtual controller VC1 are safety critical control functions which if not performed might impact the safety of personnel, process equipment and/or the environment. The control functions G(1 )-G(n) allocated to the virtual controller VC2 are assumed to be production related control functions which if not performed have a negative impact on the production of the process but without risking the safety of personnel or equipment. Finally, the control functions H(1 )-H(n) allocated to the virtual controller VC3 are assumed to be control functions that relate to functions that are nice to have but which do not have a direct impact on the current performance of the process, such as control functions related to condition-based maintenance, collection of statistics etc. In such a scenario, if it would be detected that physical controllers have failed to such an extent that all of the control functions cannot be performed the control function manager can easily control the process to run in a reduced mode by deactivating control functions with a lower priority first, in this example by deactivating the control functions allocated to the virtual controller VC3, in order to ensure that there are enough controller resources for executing control functions with a higher priority, namely those allocated to the virtual controllers VC1 and VC2 in the present example.
Fig. 1 1 is a schematic block diagram illustrating an exemplary embodiment of a control function manager 10. In Fig. 1 1 the control function manager 10 comprises software as well as dedicated hardware of a unit separate from the physical controllers but as mentioned above it is according to other embodiments possible that the control function manager comprises software that is distributed and executed in the physical controllers. The control function manager may also according to some embodiments comprise a central part separate from the physical controllers and local parts comprising software executed in processors of the physical controllers. The control functions manager 10 shown in Fig. 1 1 comprises one or several interfaces 73 for communicating with the physical control units and overhead control system, one or several processors 74 for executing software code instructions, a memory 76 and a computer program product 75 loaded into the memory 76 and comprising computer program code instructions configured, when the program code is loaded into and executed by the processor(s) 74, to cause the method shown in Fig. 9 or Fig. 10 to be carried out. The computer program product may also be stored on other types of computer readable media, both volatile and non-volatile, such as portable memory devices e.g. USB-sticks, CD-ROM discs and portable harddiscs which may be loaded into and executed by processors of the process control system.
Embodiments described herein may be particularly advantageous to use in subsea applications in which either the field devices or the field devices and the controllers are installed subsea. Since it is particularly difficult and costly to replace or maintain hardware that is placed subsea the possibility for an extended maintenance interval that is provided by the flexible redundancy of the disclosed embodiments is very beneficial for subsea applications. Furthermore the disclosed embodiments makes it easy to provide an overcapacity in terms of controller hardware resources and to allow for such redundant hardware to be used as efficiently as possible to improve system performance. Consider e.g. an example scenario where there is a real requirement of 40 physical controllers to execute the desired control functions but 50 physical controllers are provided to give spare capacity. These 50 physical controllers may be used flexibly since they according to the disclosed embodiments are configured to be used as a pool of controller resources. The control function manager may e.g. allocate the control functions such that 45 of the 50 physical controllers are used to execute control functions as long as all physical controllers are working in order to not overload any of the physical controllers to ensure best possible performance.
The control function manager may be implemented to allocate the control functions to the set of virtual controllers in different ways. It is beneficial to group control functions that are mutually dependent within the same virtual controller. Assume for instance that a first control function F(x) implies reading measurements of pressure before and after a pump and computing the differential pressure. A second control function F(y) uses the differential pressure and a detected rotation speed of a motor driving the pump, computes how the rotation speed needs to be changed in order to get the desired pressure conditions for the pump and controls the power supplied to the motor accordingly. Since the first and second control function F(y) depends on the control function F(x) it is appropriate that these control functions are allocated to the same virtual controller. One virtual controller may e.g. be allocated all control functions relating to pump control, while another virtual controller is allocated all control functions related to valve control. There may be a large number of physical controllers involved in this pump and valve control but from the view point of the overhead control system only the virtual controllers need to be visible and if it is desired to make changes of e.g. pump control the overhead control system communicates this by communicating with the virtual controller responsible for pump control. Thus from the view point of the overhead control system, complexity may be reduced.
Physical controllers according to prior art are usually configured to receive instructions regarding which field devices to control and if software required to communicate with and control these devices are not already present in the physical controller it is common to download such software via a communication network. Such programmable physical controllers are already provided with the properties necessary for interacting with the control function manager. Accordingly implementation of the above described embodiments will generally not require any adaptation of the hardware of the physical controllers. The only requirement is that the physical controllers are connected to the field network interconnecting the plurality of physical controllers and the plurality of field devices and that the physical controllers are configured as a shared pool of hardware resources of the set of virtual controllers. As is apparent from the above description there are numerous advantages associated with different ones of the above described embodiments. Example embodiments:
allow for easy operation and maintenance, and reallocation of computational resources,
- enable hot-swapping of components during production,
allow for flexible load balancing to ensure satisfactory system performance brings redundancy up to a more global level, removing the need for local and complex hardware. Consequently, cheaper and more reliable components can be deployed (e.g., on the seabed for subsea applications), allow for better degradation behavior - possibility to run at least in reduced mode,
provide possibility for extended maintenance interval (e.g., in subsea applications).
Virtualization can simplify the engineering process for achieving fault-tolerance and high availability.
The above-described example embodiments are intended to be illustrative in all respects, rather than restrictive. All such variations and modifications are considered to be within the scope of protection as defined by the following claims. No element, act, or instruction used in the description of the present application should be construed as critical or essential to the invention unless explicitly described as such. Also, as used herein, the article "a" is intended to include one or more items.

Claims

1 . A process control system (220) comprising
a plurality of physical controllers (1 1 ) for controlling a plurality of field devices (34-39);
a field network (D3) interconnecting the plurality of physical controllers (1 1 ) and the plurality of field devices (34-39); and
a control function manager (10) for setting-up and managing a set of virtual controllers (VC1 , VC2, VC3), allocating control functions for controlling said field devices (34-39) to the set of virtual controllers (VC1 , VC2, VC3) and allocating physical controllers (1 1 ) for executing the control functions allocated to the set of virtual controllers (VC1 , VC2, VC3);
wherein said field network (D3) is configured to provide a communication connection between any one of the plurality of physical controllers (1 1 ) and any one of the plurality of field devices (34-39) and
the plurality of physical controllers (1 1 ) are configured as a shared pool of hardware resources of said set of virtual controllers (VC1 , VC2, VC3) such that any one of the physical controllers (1 1 ) is capable of executing one or several control functions allocated to any one or several virtual controller of the set of virtual controllers (VC1 , VC2, VC3) in accordance with an allocation instruction from the control function manager (10) to control any of the plurality of field devices (34-39).
2. The process control system (220) according to claim 1 , wherein the control function manager (10) is further configured to reallocate a physical controller (1 1 ) by changing the physical controller (1 1 ) that is assigned to execute a particular control function.
3. The process control (220) system according to claim 2, wherein the control function manager (10) is configured to automatically reallocate physical controllers (1 1 ) in response to a detected fault of a physical controller (1 1 ).
4. The process control system (220) according to claim 2 or 3, wherein the control function manager (10) is configured to perform load balancing between the physical controllers (1 1 ) by reallocating physical controllers (1 1 ) to achieve a desired load distribution between the physical controllers (1 1 ).
5. The process control system (220) according to any of claims 2-4, wherein the control function manager (10) is configured to reallocate physical controllers (1 1 ) to remove all allocations of control functions to a selected physical controller in response to an input of an operator reallocation command.
6. The process control system (220) according to any previous claim wherein the control function manager (10) is configured to allocate control functions to the set of virtual controllers (VC1 , VC2, VC3) based on a priority associated with each control function, such that the control functions associated with a high priority is allocated to a first virtual controller and such that control functions associated with a low priority is allocated to a second virtual controller.
7. The process control system according to claim 6, wherein the control function manager (10) is configured to deactivate execution of any control function allocated to the second virtual controller in response to detection of a lack of resources in the physical controllers (1 1 ) for executing control functions.
8. The process control system (220) according to any previous claim, wherein the control function manager (10) is implemented in software (75) executed in a processor (74) connected to the physical controllers (1 1 ) by a communication network (D2).
9. The process control system (220) according to any of claims 1 -7, wherein the control function manager (10) is implemented in software (75) which completely or partly is executed in processors of the plurality of physical controllers (1 1 ) when performing the tasks of the control function manager (10).
10. The process control system (220) according to any previous claim where the process control system (220) is configured to control a subsea process and wherein
the plurality of field devices (34-39) or the plurality of field devices (34-39) and the plurality of physical controllers (1 1 ) are located subsea.
1 1 . A method to be carried out in a process control system (220) comprising a plurality of physical controllers (1 1 ) for controlling a plurality of field devices (34-
39), a field network (D3) interconnecting the plurality of physical controllers (1 1 ) and the plurality of field devices (34-39); and a control function manager (10) for setting-up and managing a set of virtual controllers (VC1 , VC2, VC3), wherein said field network (D3) is configured to provide a communication connection between any one of the plurality of physical controllers (1 1 ) and any one of the plurality of field devices (34-39), and wherein the plurality of physical controllers (1 1 ) are configured as a shared pool of hardware resources of said set of virtual controllers (VC1 , VC2, VC3) such that any one of the physical controllers (1 1 ) is capable of executing one or several control functions allocated to any one or several virtual controller of the set of virtual controllers (VC1 , VC2, VC3) in accordance with an allocation instruction from the control function manager (10) to control any of the plurality of field devices (34-39), the method comprising
the control function manager (10) allocating (51 ) control functions for controlling said plurality of field devices to the set of virtual controllers (VC1 , VC2, VC3) and allocating (52) physical controllers (1 1 ) for executing the control functions allocated to the set of virtual controllers (VC1 , VC2, VC3).
12. The method according claim 1 1 , wherein the control function manager (1 1 ) allocates physical controllers (1 1 ) such that the control functions allocated to a virtual controller (VC1 , VC2, VC3) are executed by a plurality of different physical controllers (1 1 ).
13. The method according to claim 1 1 or 12, wherein the control function manager (10) allocates physical controllers such that a first physical controller executes control functions allocated to a plurality of different virtual controllers (VC1 , VC2, VC3).
14. The method according to claim 1 1 or 12, wherein the control function manager
(10) allocates physical controllers such that each physical controller executes control functions allocated to a single virtual controller ((VC1 , VC2, VC3).
15. The method according to any of claims 1 1 -14, further comprising
the control function manager (10) reallocating (54) a physical controller (1 1 ) by changing the physical controller (1 1 ) that is assigned to execute a particular control function.
16. The method according to claim 15, wherein the control function manager (10) automatically reallocates physical controllers (1 1 ) in response to a detected fault of a physical controller (1 1 ).
17. The method according to claim 15 or 16, wherein the control function manager (10) performs load balancing between the physical controllers (1 1 ) by reallocating physical controllers (1 1 ) to achieve a desired load distribution between the physical controllers (1 1 ).
18. The method according to any of claims 15-17, wherein the control function manager (10) reallocates physical controllers (1 1 ) to remove all allocations of control functions (10) to a selected physical controller (1 1 ) in response to an input of an operator reallocation command.
19. The method according to any of claims 1 1 -18 wherein the control function manager (10) allocates control functions to the set of virtual controllers (VC1 , VC2,
VC3) based on a priority associated with each control function, such that the control functions associated with a high priority is allocated to a first virtual controller and such that control functions associated with a low priority is allocated to a second virtual controller.
20. The method according to claim 19, wherein the control function manager (10) deactivates execution of any control function allocated to the second virtual controller in response to detection of a lack of resources in the physical controllers
(1 1 ) for executing control functions.
21 . A computer program product (75) on a computer readable medium (76) comprising computer program code instructions configured, when said program code is loaded into and executed by a processor (74) provided in a process control system (220), to cause the method according to any of claims 1 1 -20 to be carried out.
PCT/EP2014/059346 2014-05-07 2014-05-07 Flexible controller utilization in a process control system WO2015169352A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/EP2014/059346 WO2015169352A1 (en) 2014-05-07 2014-05-07 Flexible controller utilization in a process control system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2014/059346 WO2015169352A1 (en) 2014-05-07 2014-05-07 Flexible controller utilization in a process control system

Publications (1)

Publication Number Publication Date
WO2015169352A1 true WO2015169352A1 (en) 2015-11-12

Family

ID=50680042

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2014/059346 WO2015169352A1 (en) 2014-05-07 2014-05-07 Flexible controller utilization in a process control system

Country Status (1)

Country Link
WO (1) WO2015169352A1 (en)

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2017166692A (en) * 2016-02-26 2017-09-21 ネル ハイドロジェン アクティーゼルスカブ Communication system for hydrogen fuel replenishment system
CN107783414A (en) * 2016-08-25 2018-03-09 通用汽车环球科技运作有限责任公司 System coordination multi-mode with dynamic fault-tolerant requirement is distributed and switched when running
GB2566603A (en) * 2017-08-21 2019-03-20 Fisher Rosemount Systems Inc High performance control server system
CN110582732A (en) * 2017-05-01 2019-12-17 费希尔-罗斯蒙特系统公司 Open architecture industrial control system
WO2020047951A1 (en) * 2018-09-06 2020-03-12 天奇自动化工程股份有限公司 Multi-level safety redundancy control system for electrified monorail system
CN111427688A (en) * 2020-03-23 2020-07-17 武汉轻工大学 Cloud task multi-target scheduling method and device, electronic equipment and storage medium
EP3715970A1 (en) * 2019-03-29 2020-09-30 Honeywell International Inc. Redundant controllers or input-output gateways without dedicated hardware
EP3722897A1 (en) * 2019-04-07 2020-10-14 Honeywell International Inc. Control hive architecture engineering efficiency for an industrial automation system
EP4174651A1 (en) 2021-10-26 2023-05-03 Abb Schweiz Ag Orchestrating deterministic workload execution
EP4198663A1 (en) * 2021-12-16 2023-06-21 Schneider Electric Industries SAS Method for distributed calculation of calculation tasks
DE102022105472A1 (en) 2022-03-09 2023-09-14 Endress+Hauser SE+Co. KG Automation technology system
US11762742B2 (en) 2020-03-31 2023-09-19 Honeywell International Inc. Process control system with different hardware architecture controller backup
US11874938B2 (en) 2020-11-03 2024-01-16 Honeywell International Inc. Admittance mechanism

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000062135A1 (en) 1999-04-09 2000-10-19 Abb Automation Inc. Digital controller redundancy using neural network fault detection
US20080208361A1 (en) * 2007-02-27 2008-08-28 Rockwell Automation Technologies, Inc. Dynamic load balancing using virtual controller instances
EP2048561A2 (en) * 2007-09-18 2009-04-15 Fisher-Rosemount Systems, Inc. Methods and apparatus to upgrade and provide control redundancy in process plants
WO2012047654A1 (en) * 2010-09-27 2012-04-12 Fisher-Rosemount Systems, Inc. Methods and apparatus to virtualize a process control system
EP2506098A1 (en) * 2011-03-31 2012-10-03 Siemens Aktiengesellschaft Assembly and method for operating an industrial automation assembly with a number of programmable automation components and a number of automation programmes
EP2682829A2 (en) * 2012-07-03 2014-01-08 Yokogawa Electric Corporation Process control device, process control system, and process control method

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000062135A1 (en) 1999-04-09 2000-10-19 Abb Automation Inc. Digital controller redundancy using neural network fault detection
US20080208361A1 (en) * 2007-02-27 2008-08-28 Rockwell Automation Technologies, Inc. Dynamic load balancing using virtual controller instances
EP2048561A2 (en) * 2007-09-18 2009-04-15 Fisher-Rosemount Systems, Inc. Methods and apparatus to upgrade and provide control redundancy in process plants
WO2012047654A1 (en) * 2010-09-27 2012-04-12 Fisher-Rosemount Systems, Inc. Methods and apparatus to virtualize a process control system
EP2506098A1 (en) * 2011-03-31 2012-10-03 Siemens Aktiengesellschaft Assembly and method for operating an industrial automation assembly with a number of programmable automation components and a number of automation programmes
EP2682829A2 (en) * 2012-07-03 2014-01-08 Yokogawa Electric Corporation Process control device, process control system, and process control method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
ANONYMOUS: "Industrial Control Solutions Guide", INTERNET CITATION, 26 January 2007 (2007-01-26), XP002475491, Retrieved from the Internet <URL:http://www.archive.org/web/20070126043519/http://rtcmagazine.com/pdfs/ICSGv3.pdf> [retrieved on 20080408] *

Cited By (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2017166692A (en) * 2016-02-26 2017-09-21 ネル ハイドロジェン アクティーゼルスカブ Communication system for hydrogen fuel replenishment system
CN107783414A (en) * 2016-08-25 2018-03-09 通用汽车环球科技运作有限责任公司 System coordination multi-mode with dynamic fault-tolerant requirement is distributed and switched when running
GB2575758B (en) * 2017-05-01 2023-04-12 Fisher Rosemount Systems Inc Open architecture industrial control system
JP2020518921A (en) * 2017-05-01 2020-06-25 フィッシャー−ローズマウント システムズ,インコーポレイテッド Open architecture industrial control system
CN110582732B (en) * 2017-05-01 2023-06-02 费希尔-罗斯蒙特系统公司 Open architecture industrial control system
JP7257329B2 (en) 2017-05-01 2023-04-13 フィッシャー-ローズマウント システムズ,インコーポレイテッド Open architecture industrial control system
GB2608035A (en) * 2017-05-01 2022-12-21 Fisher Rosemount Systems Inc Open architecture industrial control system
GB2608035B (en) * 2017-05-01 2023-03-22 Fisher Rosemount Systems Inc Open architecture industrial control system
CN110582732A (en) * 2017-05-01 2019-12-17 费希尔-罗斯蒙特系统公司 Open architecture industrial control system
GB2605871B (en) * 2017-05-01 2023-02-08 Fisher Rosemount Systems Inc Open architecture industrial control system
GB2605871A (en) * 2017-05-01 2022-10-19 Fisher Rosemount Systems Inc Open architecture industrial control system
GB2566603B (en) * 2017-08-21 2022-06-22 Fisher Rosemount Systems Inc High performance control server system
GB2566603A (en) * 2017-08-21 2019-03-20 Fisher Rosemount Systems Inc High performance control server system
US10620613B2 (en) 2017-08-21 2020-04-14 Fisher-Rosemount Systems, Inc. High performance control server system
WO2020047951A1 (en) * 2018-09-06 2020-03-12 天奇自动化工程股份有限公司 Multi-level safety redundancy control system for electrified monorail system
EP3715970A1 (en) * 2019-03-29 2020-09-30 Honeywell International Inc. Redundant controllers or input-output gateways without dedicated hardware
CN111752139A (en) * 2019-03-29 2020-10-09 霍尼韦尔国际公司 Redundant controllers or input-output gateways without dedicated hardware
US11481282B2 (en) 2019-03-29 2022-10-25 Honeywell International Inc. Redundant controllers or input-output gateways without dedicated hardware
CN111796563A (en) * 2019-04-07 2020-10-20 霍尼韦尔国际公司 Control cell architecture engineering efficiency for industrial automation systems
EP3722897A1 (en) * 2019-04-07 2020-10-14 Honeywell International Inc. Control hive architecture engineering efficiency for an industrial automation system
CN111427688A (en) * 2020-03-23 2020-07-17 武汉轻工大学 Cloud task multi-target scheduling method and device, electronic equipment and storage medium
CN111427688B (en) * 2020-03-23 2023-08-11 武汉轻工大学 Cloud task multi-target scheduling method and device, electronic equipment and storage medium
US11762742B2 (en) 2020-03-31 2023-09-19 Honeywell International Inc. Process control system with different hardware architecture controller backup
US11874938B2 (en) 2020-11-03 2024-01-16 Honeywell International Inc. Admittance mechanism
EP4174651A1 (en) 2021-10-26 2023-05-03 Abb Schweiz Ag Orchestrating deterministic workload execution
EP4198663A1 (en) * 2021-12-16 2023-06-21 Schneider Electric Industries SAS Method for distributed calculation of calculation tasks
DE102022105472A1 (en) 2022-03-09 2023-09-14 Endress+Hauser SE+Co. KG Automation technology system

Similar Documents

Publication Publication Date Title
WO2015169352A1 (en) Flexible controller utilization in a process control system
EP3715970B1 (en) Redundant controllers or input-output gateways without dedicated hardware
US8132042B2 (en) Method and device for exchanging data on the basis of the OPC communications protocol between redundant process automation components
CN103324156A (en) Process control system
JP4405511B2 (en) Dynamically configurable fault tolerance in autonomous computing with multiple service points
CN106980529B (en) Computer system for managing resources of baseboard management controller
CN102117225B (en) Industrial automatic multi-point cluster system and task management method thereof
US20170114618A1 (en) Method and system for controlling well operations
US20140100670A1 (en) Method and a system for online and dynamic distribution and configuration of applications in a distributed control system
CN111752140A (en) Controller application module coordinator
GB2608893A (en) Discovery service in a software defined control system
US20240086779A1 (en) Industrial process control system as a data center of an industrial process plant
KR101586354B1 (en) Communication failure recover method of parallel-connecte server system
GB2609089A (en) Visualization of a software defined process control system for industrial process plants
GB2609548A (en) Security services in a software defined control system
US20160320762A1 (en) Automation Equipment and Method for Operating Automation Equipment
WO2007075097A1 (en) Processing unit and method for configuring a networked automation system
WO2014195140A1 (en) Process automation system with a central computing unit
EP2798417A2 (en) A relay interface module for a distributed control system
EP2325748A1 (en) Industrial automation system architecture
CN107885099A (en) Emulation and enhancing emulation 2oo2 security platforms equipment, security platform maintaining method
JP2016015065A (en) Process monitoring/control system
JP7349416B2 (en) distributed control system
CN113253635A (en) Multiple synchronization of a primary automation device with a plurality of secondary devices
CN214851313U (en) Upper computer virtualization system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14722210

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14722210

Country of ref document: EP

Kind code of ref document: A1