Nonincendive Circuit Parameters: Planning and Installation Guide For Tricon v9-v10 Systems
Nonincendive Circuit Parameters: Planning and Installation Guide For Tricon v9-v10 Systems
This appendix describes the parameters you should use for nonincendive communication
circuits in the field. Parameters that apply to the various Tricon controller communication
modules are shown in the figures in this appendix, which are extracted from Triconex Drawing
9110003-001, Rev. C.
Note FMRC-approved apparatus. The voltage (Vmax) and current (Imax) which the load
device can receive must be equal to or greater than the maximum open circuit voltage
(Voc) and maximum short circuit current (Isc) which can be delivered by the source
device. In addition, the maximum capacitance (Ci) and inductance (Li) of the load which
is not prevented by circuit components from providing a stored energy charge to the
field wiring (for example, a diode across a winding to clamp an inductive discharge) and
the capacitance and inductance of the interconnecting wiring, must be equal to or less
than the capacitance (Ca) or inductance (La) that can be driven by the source device.
Note 1 For more information on signal data, see the user’s guide from the applicable
manufacturer. For information on signal data for the EICM, HIM, and NCM, see the
applicable Triconex guides.
Note 2 N.A. means not applicable. Connections provide output signals only.
This table contains recommended parts that can be used to replace existing Tricon parts, or
customize a Tricon system.
alias
A five-digit number that the Tricon controller uses in place of a variable name when
communicating with an external device. The alias is a convention of Modbus, an industry-
standard protocol adopted by Triconex for use with its communication modules. Each alias
contains a Modbus message type and the address of the variable in the Tricon controller.
ATEX
Stands for “AtomsphËres Explosibles” and refers to the European Union Directive 94/9/EC,
which is one of a number of new approach directives developed by the European Union and
covers all equipment and protective systems intended for use in potentially explosive
atmospheres.
availability
The probability that the controller is operational at some instant of time.
bin
An address range of aliased variables in the Tricon controller, based on Class and Type
combinations. For example, all Read Only Input Discrete variables are grouped into Bin 2, and
all Read/Write Memory Integer variables are grouped into Bin 12.
board
See module.
card
See module.
CE Mark
A type of certification by the European Union which ensures the electro-magnetic compatibility
of the Tricon controller with other pieces of electrical/electronic equipment.
chassis
A metal frame which houses Tricon controller modules and can be mounted inside a standard
20 inch-deep NEMA cabinet. Also called a rack.
communication modules
Modules that enable the Tricon controller to communicate with other computers using serial
and Ethernet communication protocols.
CSA
The acronym for Canadian Standards Association, a not-for-profit membership organization
which develops standards and tests in areas ranging from nuclear power, health care,
occupational health and safety, housing and construction materials to the electrical, electronic
configuration
The arrangement of the programmable electronics within a Tricon controller and the
combination of programmable and non-programmable equipment within the installation.
control system
A system that governs the operation of plant, machinery or other equipment by producing
appropriate instructions in response to input signals.
coverage
The probability that a particular class of fault is successfully detected before a system failure
occurs.
DDE
Dynamic Data Exchange (DDE) is an interprocess communication mechanism provided by
Microsoft Windows. Applications running under Windows can use DDE to send and receive
data and instructions to and from each other.
debug
The act of locating and correcting faults: 1) one of the normal operations in software
development such as editing, compiling, debugging, loading, and verifying; or 2) the
identification and isolation of a faulty physical component, including its replacement or repair
to return the PLC to operational status.
design fault
A defect in the engineering or manufacturing of a process control system.
dual module
A type of digital output module which is optimized for safety-critical applications where low
cost is more important than maximum availability. A dual module is equipped with one parallel
or series signal path and applies the 2-out-of-3 voting process individually to each switch. While
quadruplicated output circuitry provides multiple redundancy for all critical signal paths, dual
circuitry provides just enough redundancy to ensure safe operation.
environment
Refers to the stimuli at an interface (or interfaces) of the system.
error
Occurs when a system resource assumes an undesired state. Such a state is then contrary to the
specification of the resource or the expectation (requirement) of the user.
erroneous state
An internal state which, in the absence of actions for fault tolerance, could lead to a failure by a
sequence of valid transitions.
event
A state change of a discrete aliased variable which has been designated for event logging. An
event is said is to occur if such a variable changes from the normal state. If the variable later
changes back to the normal state, another event is said to have occurred.
event logger
An application that logs, displays and/or prints critical events in real time, based on state
changes of discrete variables in the control program. Proper use of an event logger warns users
about dangerous conditions and printouts of events can help identify the sequence of events
that led to a trip.
event variable
A discrete memory variable or discrete input point that has been assigned to an SOE block.
external device
A device (PC, server, printer or other device) PC that communicates with the Tricon controller
over a network.
fail-safe
Describes the characteristic of a device or system to always assume a safe, predictable state, even
when one or more of its internal elements has failed.
failure
Occurs when a system resource perceives that a service resource ceases to deliver the expected
services. The fault-tolerant Tricon controller masks most failures. (See fault.)
failure rate
Describes the rate at which failures occur over time. Usually expressed in failures per million
hours. The inverse of failure rate is MTTF.
fault
A fault is detected when either a failure of the resource occurs, or an error is observed within
the resource. The cause of the failure or error is said to be a fault.
fault avoidance
The result of conservative design techniques utilizing high-reliability components, system
burn-in, and careful design. The goal of fault avoidance is to reduce the possibility of a failure
by designing a device with performance margins so large that the probability of a detrimental
failure is negligible.
fault masking
Any means of removing failed elements from influencing system operation while enabling
properly operating redundant elements to continue the control process.
fault tolerance
The ability to identify and compensate for failed control system elements and allow repair while
continuing an assigned task without process interruption. Fault tolerance is achieved by
incorporating redundancy and fault masking.
FSR
The acronym for full scale range. Specifies an operating range for input or output signals. For
example, if 0-5V is the “range,” then 5V is the “full scale.”
HART
Highway Addressable Remote Transducer protocol is a bi-directional industrial field
communication protocol used to communicate between intelligent field instruments and host
systems over 4–20 mA instrumentation wiring.
hazardous location
Any location that contains, or has the potential to contain, an explosive or flammable
atmosphere.
host
See external host.
hot-spare module
A unique feature of the Tricon controller which allows you to install a second identical I/O
module which becomes active if the other module fails.
IEEE
The Institute of Electrical and Electronics Engineers (IEEE) is a professional society for
engineers.
ISO
The International Organization for Standardization (ISO) is a worldwide federation of national
standards bodies (ISO member bodies) that promulgates standards affecting international
commerce and communications.
intermittent fault
A fault or error that is only occasionally present due to unstable hardware or varying software
states.
LED
The acronym for light-emitting diode. One of the color-coded signal lights on each Tricon
controller circuit board that indicates the board’s status. Every Tricon controller component
includes at least the Pass, FAIL, and Active LEDs.
logical slot
In a Tricon controller chassis, a logical slot is a repository for a primary module, a hot spare
module, and their associated field termination component.
Markov model
A generalized modeling technique which can be used to represent a system with an arbitrary
number of modules, failure events, and repair events. A Markov model can be mathematically
solved to produce a resultant probability.
module
An active field-replaceable unit consisting of an electronic circuit assembly housed in a metal
spine. Also called board or card.
MS-DOS
Microsoft Disk Operating System (MS-DOS) is the operating system used by most IBM-
compatible PCs. All Triconex-provided applications and utilities run on MS-DOS.
MTBF
The acronym for mean time between failure. The expected average time between failures,
including the time taken to repair the system. Usually expressed in hours.
MTTF
The acronym for mean time to failure. The expected average time to a system failure in a
population of identical systems. Usually expressed in hours.
MTTR
The acronym for mean time to repair. The expected time to repair a failed system or sub-system.
Usually expressed in hours.
node
Any of the machines on a network—in this document, node usually means Tricon controller.
node number
The physical address of a node.
nonincendive
Not capable of igniting a flammable gas or vapor under normal operating conditions.
non-triplicated module
An I/O module with a single set of field-interface circuitry for communication with all three
Main Processor Modules. Non-triplicated modules provide a cost-effective alternative to the use
of TMR modules for non-critical applications.
open network
A network to which an external host can be connected.
Peer-to-Peer
A Triconex protocol that allow multiple Triconex controllers on a proprietary network to
exchange small amounts of process and safety information.
permanent fault
A failure, fault or error in the system that is continuous and stable.
physical slot
In a Tricon controller chassis, a physical slot is a repository for either a primary module, a hot
spare module, or a termination panel. The Tricon controller’s system software uses physical slot
numbers to access individual modules within a rack, and to reference the slot positions of
“system variables” which describe the status of modules and their points.
program
The basic programming unit in a project. A set of instructions, commands, and other directions.
In TriStation MSW, programs can be written in Ladder Diagram language. In TriStation 1131,
programs can be written in Function Block Diagram, Ladder Diagram, Structured Text, and an
optional language, Cause and Effect Matrix language.
proprietary network
A network of Tricon controller chassis only or mixed Tricon and Trident controller chassis only.
protocol
A set of rules describing the format used for data exchange between two entities.
rack
See chassis.
reliability
The probability that no failure of the system has occurred in a given period of time.
scan time
The period of the Tricon controller’s cycle of required control functions. The scan time is
composed of three elements:
• Input poll time (asynchronous with control program execution)
• Time required to execute the control program
• Output poll time
single module
A type of digital input module which is optimized for safety-critical applications where low cost
is more important than maximum availability. On a single module, only those portions of the
signal path which are required to ensure safe operation are triplicated. Special self-test circuitry
detects all stuck-On and stuck-Off fault conditions in less than half a second.
system
Consists of a set of components which interact under the control of a design.
TCP/IP
Transmission Control Protocol/Internet Protocol (TCP/IP) are protocols for the Transport and
Network layers of the OSI network model. TCP/IP provides reliable, sequenced data delivery.
transient fault
A fault or error resulting from a temporary environmental condition.
TMR
The acronym for Triple Modular Redundant architecture, which allows the Tricon controller to
achieve fault tolerance. The controller is triplicated; each of the three identical sub-systems is
called a channel. Each channel independently executes the control program in parallel with the
other channels.
Tricon
A state-of-the-art programmable logic and process controller that provides a high level of fault
tolerance.
trip
A safety-related shutdown of the controlled process, or a portion of the controlled process.
TriStation 1131
TriStation 1131 is Windows-based software for writing and downloading control programs and
for performing maintenance and diagnostics on Tricon controllers.
TriStation MSW
TriStation MSW is DOS-based software for writing and downloading control programs and for
performing maintenance and diagnostics on Tricon controllers.
TriStation protocol
A master/slave protocol used by a TriStation for communication with the Tricon controller. The
TriStation protocol supports a maximum of 10 Tricons, but each master can communicate with
only one slave at a time.
TSAA
Tricon System Access Application (TSAA) protocol is a master-slave protocol in which the
master (an external host) communicates with one or more slaves (Tricons or Tridents) over an
open network. TSAA supports a maximum of 10 Tricons.
TÜV Rheinland
TÜV is the acronym for Technischer Überwachungs-Verein in German, which translates to
Technical Supervisory Association. In Germany, TÜV Rheinland is an authorized technical
inspection agency for a wide variety of products, processes, installations, plants and equipment.
In addition, the agency is authorized to carry out statutory inspections and acceptance tests by
more than 25 other countries.
UCN
The Universal Control Network (UCN) is one of three principal networks of Honeywell’s TDC-
3000 Distributed Control System (DCS). The Tricon controller provides the Safety Manager
Module (SMM) solely for communication with the UCN.
UDP/IP
User Datagram Protocol/Internet Protocol (UDP/IP) are protocols for the Transport and
Network layers of the OSI network model. UDP/IP provides best-effort datagram delivery.
voting
A mechanism whereby each channel of a TMR controller compares and corrects the data in each
channel using a two-out-of-three majority voting scheme.
J spare, 219
jumper cables with fiber-optic installation, 206
junction boxes with fiber-optic cable, 205 N
NCM Module
K description, 155
indicators, 243
keys overview, 16
for Power Modules, 187 replacing, 228
overview, 186 specifications, 156
keyswitch Network Communication Module. See NCM Module
definition, 28
Non-Supervised Digital Output Modules
positions, 28
EPROM locations, 255
NRC
L
certification, 19
LEDs. see indicators
nuclear
logic power installation guidelines, 176
Tricon controller chassis, 166
Nuclear Qualified Equipment List, 176
low-threshold DI Module
3504E specifications, 82
3505E specifications, 79
O
operation with Digital Input Modules, 12
M Output Voter Diagnostics
description, 88
Main Chassis
disabling, 214
alarm behavior, 34
enabling, 218
alarms, 34
operation, 13
backplane, 8
batteries, 27 OVD. See Output Voter Diagnostics
Main Processor Modules overview, 17
3006 and 3007 architecture, 7
3008 architecture, 7 P
architecture, 41 parts
compatible communication modules, 39 recommended for replacement, 293
diagnostics, 44
pin-outs
EPROM locations, 251
EICM Modbus cables, 272
installing slot keys, 188
EICM printer cable, 277
node setting, 191
EICM serial ports, 268
operation, 5
EICM to Honeywell DHP cable, 278
replacing when faulty, 221
EICM to TriStation PC cable, 268
status indicators, 233
I/O bus cable, 286
mechanical installation, 178 TCM copper Ethernet connectors, 279
Modbus RS-232 TCM serial connectors, 280 TCM RS-232 connector, 280
mode TCM RS-485 connector, 281
program, 28 point indicators
remote, 28 described, 236
run, 28 power
stop, 28 distribution, 9
module indicators Power Modules
overview, 232 8311 specifications, 37
modules 8312 specifications, 38
installing, 192 alarm behavior, 185
rules for configuring, 164 alarm connections, 34