Is it? Or is it the primary system power supply for the redundant controller?
I guess you could argue it's redundant for the I\O bus..
If you analyze all possible failure scenarios, this is a superior design as compared to a simple redundant design. Though somewhat rare, there are certain component failure modes where a failed power supply might pull the remaining supply down, causing a complete failure of the redundant controller. With the right hand power supply being dedicated to the right hand controller, this scenario shouldn’t happen ( I am an engineer, I’m unlikely to say never ) .
I’d suggest we give marketing a pass on this one even though the thoughts that come to mind with the word “redundant” don’t quite do justice to the design features that help keep a DeltaV controller running under a lot of different failure scenarios where a very simple redundant design might not.
In reply to Randy Pratt:
Oh, I give everyone a pass. Life is too hard otherwise. But do expect an occasional good natured ribbing!
My real goal of the post was to open up a discussion on redundancy. The S-series design opens up some possibilities that we didn’t see with the M-series. To build the most “robust” system with these new possibilities requires a little more planning. As you pointed out, certain failure modes can potentially lead to nullifying your redundancy.
For example, the S-series has TWO power connections per “power supply/controller carrier” Primary and Secondary.
In the redundant controller scenario shown in the product data sheet, one can envision someone wiring up the scenario like this:
As pointed out in KB NA-0800-0089, if either of the bulk power supplies are to fail resulting in high voltage on the outputs (a common failure mod of switching power supplies), you would end up with both controllers going down.
Or, if you purchase bulk power supplies without OR-ing diodes, thinking the Primary and Secondary power connections are isolated, you may wind up with reverse biasing or a short circuit in one power supply taking out both.
To resolve this, another person may wire it up like this:
One power supply failure, redundant controller kicks in and no loss of control. Here though, you beg the question of two connections on the carrier.
In reply to Travis Neale:
Travis, regarding previous comment ( different topic ) - in case you will use "fuses" and Phoenix PS units you can solve issue for both cases. Additionally for first picture you will need to use terminals with "knife" to prevent issue in case of 2-w carier exchange ( shut down power supply ).
In reply to Radomir Pistek:
Hi Radomir. Fuses protect against high current, not high voltage. They would do nothing for you in the scenario I proposed. The power supply/controller (which is already internally fused) I believe would shut down on high voltage.
I don't understand your second comment. I didn't draw terminal blocks for simplicity. Is that what you are refering to?
Travis,
OK again from zero.
In case of using Phoenix PS units they have "internal" protection for high volatge on the output ( generally say this scenario is not possible or is minimized if you would like to speak as engineer:-) ). In case of PS unit inside cabinet ( together with controller ) there is all clear - wiring is short and there can´t arise any issue with inductive voltage or similar cases. In case of PS units outside of cabinet ( not make me sence why but only for covering all scenarios ) you have enough choices to select proper kind of protection for high voltage ( surge, any kind of separator and so on - this kind of protection is necessary to implement always - according Czech / EU norms and distance / environment - I have no idea how in your WA ).
Regarding fusing / MCB ( fixed between PS and controller ) - as I pointed in previous comment Phoenix PS units aer able to withstand 6x nominal current ( nice ability and clever solution for engineers to propose / design solution where is not possible to shutdown / damage PS unit becase of any kind of "shots" on output side ). There is only necessary to implement MCB or fuse. If you will implement MCB / fuse with nominal value ( means Amps ) under 6x nominal current of Phoenix PS unit you will prevent PS shutdown / damage in case of short on output side. I am not sure whether 2-w carrier has implemented fuses inside ( I am only sure there is possible to order / supply "fuses" for 8-w carrier ( thru connectors ). If will be possible to use the same conenctor ( like for 8-w carrier with implemented fuse ) also for 2-w carrier then of course you can´t think about "external" fuse / MCB solution ( there is only necessary to compare 6x nominal current of the Phoenix supply unit and fuse nominal value - I assume there will be no issue ).
Regarding solution on the pictures above - second one is worst solutin - in case of PS unit fail you will "lose" controller ( no voltage ). On the other side fist one solution is good and I hope we eliminated thru thsi "new" concept external "diode rings" for redundant power supply solution ( eliminated next possible point of failure ). In case of no fusing possibility directly on the 2-wcarrier ( thru any connector ) you will need to impelment fuse / MCB for "every" PS "branch".
Regarding knife terminals - yes you are right - I wanted to highlight only that there is not possible to make "loop" connection on power supply circuits.
Summary - I think instead of develop scenarios in manuals ( regarding all variants of PS units ) we can propose solution which is "clever / cheap / easy to engineer" - generally add any description / requests on PS units and their "intelligence". In case of using own / customized solution you need to know what you are doing :-).
I hope there is all readable for you:-).
Radek
Hi Radomir. Have you read the Emerson KB article? It may explain it a little better. Second picture is actually how it is recommended to wire up controllers now (M-series)!
From my understanding this was written up because of an actual customer failure (with Phoenix Power supplies, although I think any recommendation should be vendor neutral!)
Is it the most likely scenario though? I'm not sure. It is listed as a common failure mode for switched mode power supplies. I've seen a lot of MOV failures in new "intelligent" or "protected" power supplies.
I believe the logic of the arguement is that it is better to lose one controller and force a possible switch over to the secondary controller (even if it's more frequent), than to ever risk losing both controllers and IO!
-Travis
I use Phoenix PS unit from the begining in Emerson and I have never had any complaint / warranty issue with units ( but our market is small compared to other countries ). Vendor neutral recomendation don´t make a sence - do you recommend anything which can be more expensive / less intelligent? I am sure in this case with "clever" proposal / design we can save customer money only. I am also sure we need discussion about our solution / our proposal with engineers / customers to present why we go thru this way with benefits compare to "vendor neutral solution". I present in this post my personal approach to this topic.
I believe Emerson was selling "Magnetek" for a while. They are the power supplies shown in the Books On Line, and were used for the specifications. Their office is just down the street from me here! But I believe Magnetek sold their power converter unit to "Power-One", so I'm not sure if the relationship still exists.
Travis, Your wiring connections shown above are incorrect. The right connector provides bulk power to the right hand slot, and is only used when a System Power supply is intalled in that slot. It does not provide a second connection to the left hand power supply, and is not used by the controller.
Andre Dicaire
In reply to Andre Dicaire:
Thanks for responding Andre! That makes more sense.
So you're saying to only use the right hand side connector for when you have a power supply in the right hand slot? Lets say you're providing a redundant system power supply to a simplex controller and have something like this:
And then with redundant controllers (keeping with KBA and separation of bulk power supplies) something like this:
What would happen if you put power to the right hand side with a controller in the right hand slot (I'm hoping nothing).
I'm assuming this is all coming out in you soon to be release, tell all book" "Site Prep Guide"? You guys almost done?
What's your opinion of KBA (NA-0800-0089)? Do you separate your bulk power supplies?
Thanks again Andre!
Travis, I passed along your post to the documentation team. The text has been reviewed and the graphics are in final review. The team is hoping it will be finished and posted by next week, barring no significant graphics changes required. I've asked them to let me know when it's posted to update this thread with the link.
In reply to Jim Cahill:
Thanks Jim.
Andre, do the primary and secondary connections on the CIOC carrier work the same? Left connection for left slot, right connection for right slot?
Travis. The CIOC treats the power connections as redundant feeds. Each CIOC is connected to both incoming feeds. If you lose one power supply, both CIOC's continue to function. The CIOC's also monitor the Voltage of each power feed. A hardwar alert is set if voltage goes above or below 10%. The voltages are also reported via the primary/active CIOC adn shown in diagnostics.
You should not Diode OR the PS to the CIOC, ensuring that the CIOC can diagnose a loss of power to one of the feeds. If OR-ed together, you then have to connect the diagnostic contacts of the power supply to a DI to create a custom alert on the Power supplies. We included the voltage readings to facilitate maintenance checks on power supplies. Users can check voltages without having to go out to a field JB.
Thanks Andre. Looking purely from a redundancy standpoint, haven’t we gone two different routes? We’ve separated the bulk power supplies to protect from an over-voltage situation with a failing power supply, so we don't crash both controllers, but we have connected both bulk power supplies together at the CIOC, so in the same failure scenario we would crash both CIOC cards. We've protected our controllers, but now have no IO to talk to? Or, are the CIOC’s more tolerant to over voltages? Or am I too concerned with this particular failure mode?
Will this come across the "DeltaV News" RSS feed when it's released?