end to end sil2 wireless - wireless compliance institute

ISA100 Wireless | 67 Alexander Drive, Research Triangle Park, NC 27709 USA | direct (919) 990-9222 | fax (919) 549-8288

https://isa100wci.org/

End to end SIL2 wireless

Presenter:

ISA100 WCI WebinarWebinar date: 24 July 19.

Ådne Baer-Olsen [email protected]

1. Introduction Industrial Wireless

2. ISA100 Wireless Industry Standard

3. Technology for wireless gas detection

4. System Architecture

5. SIL Certification and Safety Function

6. SafeWireless and PROFIsafe

7. Fault Tolerant Wireless Network

8. Case Study

9. Summary

Agenda

2

Introduction to industrial Wireless

3

Applications examples

• Machine health monitoring

• Basic process control

• Monitoring of well heads

• Remote process monitoring

• Leak detection monitoring

• Diagnosis of field devices

• Condition monitoring of

equipment

• Environmental monitoring

• Tank level monitoring

• Gas detection

• Fuel tank gauging

• Steam trap monitoring

• Open loop control

• Stranded data capture

• And moreISA100 Wireless

Field Instruments

Field Device Access Point

Process Control Network

Wireless Device Manager

ISA100 Wireless

EthernetISA100 Wireless

Field Instruments

ISA100 Wireless Fast Facts

• International standard IEC 62734 since 2014

• Complies with ETSI EN 300 320 v1.8.1 (LBT)

• Broad Multi-Vendor Portfolio of ISA100 Wireless Devices

• ISA100 Wireless enables SIL-2 Certification

• Ensured Interoperability - best-in-class solutions from best-in-

class suppliers

• Readily available ISA100 Wireless Modules and Stacks

• Enable fast-track development and go to market

4

Benefits of ISA100 Wireless Instrumentation

5

Independent Gateway

• Honeywell, Yokogawa

Access Point (AP)


Integrated Gateway/AP

• Honeywell, Yokogawa, CDS, Nexcom

GW/AP + Recorder

• Yokogawa

Adapter (HART, etc.)


Corrosion

• RCS , Honeywell

Steam Trap

Spirax Sarco, TLV, Armstrong, Bitherm

Vibration

• GE, Divigraph

Gas

• GasSecure, Scott Safety, New Cosmos, Riken Keiki

pH


Temperature


Pressure / Flow


Level


DI/DO, AI


Valve Position

• Eltav, Flowserve, Honeywell

Infr

ast

ruct

ure

HSE +

Life c

ycl

e

Measu

rem

ent

& C

ontr

ol

ISA100 Wireless Product Portfolio

93-00004-01 • Ver. 1.9 200 Galleria Parkway, Suite 440, Atlanta, GA 30339, USA • www.nivis.com • © 2014 Nivis, LLC

VersaRouter 900 Datasheet

The Nivis VersaRouter 900 (VR900) is an all-in-one, industrial wireless router

designed specifically for customers that are ready to deliver market leading

wireless solutions. The VR900 is architected to support Nivis ISA100.11a or

WirelessHART (VR910 model) software running on the same platform. From

temperature sensors to gas monitors, the VR900 helps customers unlock

valuable information about the status of their industrial network at a lower

overall cost of ownership than non-standards based or legacy wired

solutions.

The VR900 offers both hardware and software capabilities to make it the

best choice for any company planning to deploy and manage standards

based, wireless mesh networks. With its rugged enclosure and ATEX Zone 2

and C1D2 nonincendive hardware design, the VR900 can be mounted directly

in your process environment. The included software provides customers with

the network management tools required for fast and comprehensive

management of industrial wireless sensors.

In addition to the viewing of device data such as Device type, EUI-64 ID,

Device Tag, the Monitoring Control System (MCS) provides administrators

with control of their sensors with publish messages rates of 10 per second

and join times as fast as 20 seconds per device. From a full topological view,

to in-depth network health information about sensor devices, the VR900

delivers the information in the MCS console.

Technical Features

Processor/Memory Detail

Freescale MCF5485 ColdFire V4e microprocessor @200MHz with

MMU and Hardware Encryption Engine

RAM memory 64 MB DDR SDRAM

Flash memory 16 MB NOR, 2MB BOOT

EEPROM 128 byte serial EEPROM (used for factory settings

and configuration)

Peripherals/Software Detail

Ethernet Channel 1 x10/100Base-T Ethernet Channel, RJ45

connector

Radio 1 x VN210 IEEE802.15.4 radio module

Operating System Linux Kernel 2.6 Embedded

Modbus Support Modbus TCP

Antenna 2.4GHz, 5.5dBi, OUTDOOR OMNI ANTENNA,

N-TYPE

The VR900 with the MCS allows the administrator to configure alerts, set

advanced parameters, update devices and router firmware, run and view

command logs, and review network health status. Administrators can even

add their own custom sensor icons!

Technical Features cont.

Electrical & Mechanical Specs Detail

Input Voltage 24VDC

Power consumption ~8.5W

Power over Ethernet (POE) 24V

Dimensions 12.4 ‘’ x 11.54’’ x 2.95’’ (L x W x H)

Enclosure /Dust & Water NEMA 4x and IP67

Temperature Range -40…+60C

Relative Humidity Maximum 95%

Certifications Detail

EMC: USA FCC Part 15 Section 247

EMC: Canada IC: RSS 210, must comply with FCC 15.247

EMC: EU ETSI EN 300 328, ETSI EN 301 489-1, ETSI EN

310 489-17

EMC: Japan MPHPT Chapter 3, Section 4.17, Article 49.20

HazLoc: ETL / cETL (USA) ISA 12.12.01, CSA C22.2#213, UL 50, UL50E,

CSA C22.2#94.1, CSA C22.2#94.2, UL 60950-1,

CSA C22.2#60950-1

HazLoc: IEC (Japan) IEC 60079-0, IECEx Zone2, IEC 60529 (Japan)

IEc 60079-15 (Japan)

HazLoc: ATEX (CENLEC) (EU) CENLEC EN 60079-0, CENLEC EN 60079-15,

CENLEC EN 60529, ATEX Category 3G (Zone 2)

Add’l Safety: USA IEC 60950:1999 Ordinary Safety Location

Testing (equivalent to UL)

Add’l Safety: EU CENLEC EN 60950-1 Ordinary Location Safety

Testing

Features: 10 publish messages/second at 5 values each

Backhaul via Ethernet

Supports RS232 for console port

IEEE802.15.4 radio

6

Online resources

7

• Learning Center with White Papers

• Articles, End-user stories, Forum

• Receiving over 20,000 web views per month

• Full list of certified/registered ISA100 Wireless devices

• And more useful content for you and your business

www.isa100wci.org

• Latest news, end-user and expert discussions, insights

• 540 members currently and growing (please join!)

• Receiving over 5,000 web views per month

ISA100 Wireless Interest Group

http://www.isa100wci.org/

https://www.linkedin.com/groups/4840835

1. About the speakers






7. Wireless Communication

8. Summary

9. Q&A

Agenda

8

GS01 Wireless Gas Detector

Features and Benefits

9 | 27

ZZ

ZZ

ZZ

SIL2 capable – SIL2

approval covers hardware,

software and wireless

communication, for seam-

less integration into safety

instrumented systems

Reliable single-beam, triple-

wavelength MEMS IR

technology ensuring lifetime

detection stability, with no need

for re-calibration

Significant savings on

total project cost due to

reduced engineering;

wiring, installation and

documentation demand

Truly wireless, no cables:

Ultra-low power consumption

of ~5 mW allows for a battery

life of up to 24 months

Outstanding

performance:

Only wireless device

to combine 5 sec

response time with

low power operation

and long battery life

Intrinsic safety

approval with field-

replaceable battery

packs

Hydrocarbon

Detection

GS01 Device Alternatives

• GS01 (standard) GS01-EA

• Fixed 2 dBi antenna Extended 6 dBi antenna

• 5, 10 or 20m cable

• Installed with two 8mm bolts Improves flexibility in areas

• antenna pointing up or down with weak radio coverage

10 | 27

MEMS for Gas Detection

• The GasSecure MEMS filter is key to the following achievements:

▪ Reduce the power consumption with 3 orders of magnitude (from watt to milliwatt).

▪ Thereby enabling up to 2 years battery life.

▪ High-speed (1 kHz) operation of the optical bench for short response times.

11 | 27

MEMS, Micro Electromechanical System

• GasSecure optical bench replaces conventional infrared components with MEMS.

12 | 27

Lamp

Window Mirror

MEMS

Chip

PhotodetectorGas state

Reference state

Wireless Gas Detector EC

13 | 27

ZZ

ZZ

ZZ

SIL2 capable – SIL2

approval covers hardware,

software and wireless

communication, for seam-

less integration into safety

instrumented systems

Robust design for reliable

usage in harsh environments

Significant savings on

total project cost due to

reduced engineering;

wiring, installation and

documentation demand

Truly wireless, no cables:

Ultra-low power consumption

of ~5 mW allows for a battery

life of up to 24 months

A variety of sensors

detect a wide range

of hazardous gases

Intrinsic safety

approval with field-

replaceable battery

packs

Electro

Chemical

Polytron 6100 EC WL

14 | 34

• Supports all DrägerSensors (EC, 140 gases)• ISA 100.11a communication• SIL 2 capable• No cable• Battery Lifetime >24 month (battery pack, soldered)• Bluetooth interface for easy maintenance• Hand Held as GUI (Windows 10, Polysoft)• Intrinsically safe (no hassle with declassifications)• Extended antenna (5, 10 & 20m)• Performance certification• Dust approval• Local power possible• Option without sensor compartment as repeater

• Temperature range -40°C to 65°C (-40°F to 150°F)

• Humidity continuously 5% to 95% r.h.

• 100% leak-proof because of patented vent system

• Huge electrolyte reservoir for long lifetime (usually >5 years)

• Length 67 mm (2.64’’), dia 50 mm (1.97’’)

• 3-electrodes electrochemical

• Colour-code for easy identification

• Replaceable dust- or gas-filter

• Orientation independent

Electrochemical

Technical detailsDrägerSensors: Specification

System Architecture

16 | 27

Field devices

Wireless gas

detectors

Network infrastructure

Access points and

gateways, in redundant

setup if required

Central Control Room

Data acquisition, safety-

related controllers and

connection to actuators

< Product

picture >

Wireless communication

ISA100 Wireless /

PROFIsafe

Wired communication

Modbus TCP/RTU

PROFINET / PROFIsafe

Wireless Network Range & Size

17 | 27

50m / 160ft Wireless RangeDense pipework, machinery, structures; eg. offshore platform, pipe racks, etc.

200m / 650ft Wireless RangeMinor structures, machinery; eg. refinery, terminals

500m / 1640ft Wireless RangeOpen space without obstacles; eg. tank farms, pipeline facilities

Network Size (Yokogawa)

Gateway 60 to 120 GS01

Access point Up to 32 GS01

GS01 Router Up to 15 GS01

Radio link(or «hop»)

GS01 SIL2 Certification

• The SIL2 assessment included– GS01 Hardware

– GS01 Software

– Wireless communication (PROFIsafe)

•Key SIL parameters– λDU = 1.08E-07 h-1

– SFF = 91 % (for HFT = 0)

– PFDAVG = 1.61E-03 (for TP = 2 years)

•Note– PFDAVG is well within the allowed range for SIL2 (< 0.01)

– PFDAVG is claiming less than 35% of this range (< 3.50E-03)

18 | 27

GS01 Safety Function

Safety functionThe detection of potentially explosive gas concentrations in %LEL. The gas concentration is converted into a digital measured value and provided as a PROFIsafe message to a safety controller.

Failsafe values and safe state– Internal diagnostic functions provide Failsafe Values (NaN*) for gas concentration.

– Communication issues result in a PROFIsafe safe state to flag unavailability of field devices.

Timeout

– Unavailability is flagged within predefined time limits (process safety time typically 60 sec in hydrocarbon gas detection).

* NaN = (0x7FC00000) per float definition in IEEE754

19 | 27

GS01 Wireless Communication

• Based on the ISA100 Wireless™ Standard

• ISA100 Wireless Strengths

▪ ”Tunnelling” of foreign protocols through the network facilitates the integration of safety protocols.

▪ Contract based communication (uplink and downlink) guarantees Quality of Service through limits for bandwidth, latency, and priority.

▪ Superior coexistence with WiFi

▪ Device interoperability supports communication of devices from multiple vendors on one network.

20 | 27

Suitable for fast and low-power safety communication

SafeWireless™

SafeWireless is a communication concept to combine low power with short response time developed by GasSecure.

Principle– Different response time in the presence and absence of hydrocarbon gas

• Short publish rate (all timeslots used) when GAS Default = 2 sec

• Longer publish rate (not all timeslots used) when NO GAS Default = 12 sec

– SafeWireless supports cyclic communication, as required for SIS• Request from controller must be answered within “process safety time”

• Detector “armed” with safe downlink packet

• Response delayed, but instantly when gas detected

21 | 27

SafeWireless™ - Cyclic Communication

LegendUplink slots

Downlink slots

Comm. w/o gas

Comm. with gas

22 | 27

GAS

Controller Gateway GS01

PROFIsafe Protocol

PROFIsafe

▪ Protocol developed by PROFIBUS and PROFINET International (PI)

▪ An additional layer on top of PROFINET

▪ Certified for up to SIL3 use

Black channel principle means– PROFIsafe is independent of the communication method.

– Covering the entire communication path from the sensor over the controller to the actuator on one channel.

– Protection for all eventual failures in communication.

23 | 27

Wireless Network with PROFIsafe

PROFINETISA100 Wireless

PROFIsafe PROFIsafe

Black Channel

GW

GS01 gas detectors

Safety controller ISA100 gateway with PROFINET

Handling Security Threats to ISA100 Wireless

Systems

The combination of four security elements provides full cover.

Wireless Threats

Wireless Defence

Data Sniffing Data Delay / Replay

Data Falsification

Data Spoofing

Data Encryption Secure Not Secure Not Secure Not Secure

Device Authentication

Secure Not Secure Secure Secure

Data Authentication Secure Secure Secure Secure

Data Freshness Not Secure Secure Not Secure Not Secure

25 | 27

Availability versus Functional Safety

• Redundancy improves availability and on-time.

• Availability requirements are the driver to select redundant devices.

• Redundancy does have no impact on the detector safety function.

• The SIL rating determines the required average probability of failure on demand.

• SIL2: PFDAVG at least 1.0E-02

• GS01: PFDAVG = 1.61E-03 (for TP = 2 years) / 1.22E-03 (for TP = 1 year)

• The SIL rating does not determine the availability.

Fault-tolerant Wireless Network Design

Redundancy implemented

at all levels (GS01, AP, GW)

GS01 Primary link

GS01 Secondary link

Design without any “single

point of failure”

AP 1 AP 2

GW 1 GW 2

GS01 A GS01 B GS01 C

GS01 D

Wireless Can Enhance Safety

Flexibility due to simple mounting (two 8mm bolts)

– Freedom for optimal detector placement

– Deployable in hard-to-wire areas (turrets, cranes, confined spaces)

– Easy to rearrange detectors (upgrades, revamps)

– Simple to extend coverage with additional detectors (extensions)

From SIL-capable Detector to Safety

Integrated System

Risk Analysis (described in IEC 61508 / 61511)

risk

Riskdangerous

safe

Air inlet positioning

Ventilation rate

Emergency shut-down

residual risk

risk

reduction

necessary

risk reduction

actual risk

reduction

tolerable risk

Gas Detection

GS01 Case StudyClient / Country Equinor Refining / Denmark (formerly Statoil)

Project / Facility Fire & Gas Extension / Kalundborg Refinery

Process / Plant /

ApplicationFill-in detectors for 3 process areas after risk assessment

determined inadequate coverage by current system

Equipment /

Infrastructure114 units GS01 / 8 units GS01-EA / Other detectors

3 Gateways / 18 Access Points / Siemens S7

Design SIL certified detectors and controller, gateway with

PROFINET / PROFIsafe, client assessments &

verifications → SIL2 capable

Challenges Large, congested plant area. Enclosed spaces.

Key Notes Significant cost reductions with wireless.

GS01 Case Study

Aerial View

• Project was split into 3 phases (3 geographical areas)

• Placement of access points was based on existing knowledge for wireless on this site

Area covered with wireless gas detection(about 75.000 sqm)

GS01 Case Study

Site LayoutPhase 1 Block 1

Detector locations

Green = GS01

Purple = Other

Block 1 area has wireless challenges due to heavy machinery blocking communication.

Detectors with extended antenna were chosen to overcome this challenge.

GS01 Case Study

Site pictures

Elevated dual access points for good radio coverage

GS01-EA, detector with extended antenna

Summary of Experiences from Kalundborg

•Planning of wireless infrastructure placement can largely be done by

visual inspection.

•Recommended to have some extra infrastructure and instruments ready

for use in case challenges occur during commissioning.

•Wireless technology increases the flexibility in placing and moving of

equipment.

•Expanding wireless installations is very easy.

•Using wireless for safety is a step change for any organization. Local

competence of wireless has to be developed.

Wrap-up






6. SafeWireless and PROFIsafe

7. Fault Tolerant Wireless Network

8. Case Study

9. Summary

For Your Attention!

37

Questions?

Ådne Baer-Olsen

[email protected]

end to end sil2 wireless - wireless compliance institute

Documents