EE32E Control Systems

Application
Lecture: EE32E_3
Computers in Control- Part 1

NOTE PAGES to accompany EE32E lecture series on …

Computers in Control

B Copeland
September 2003

1
Overview
This lecture series covers computers and how they are applied in
industrial measurement and control.
Topics:
Computers in Control – Part 1
1. The History of computers in Industrial Control
(DDC, Supervisory, Hierarchical, SCADA and DCS technology)
2. Industrial Data Communications
(Communication basics, network topologies and protocols)
3. Serial Communication Standards (EIA 232C/D, 432A, 422, 485)
4. The MODBUS communication protocol (brief on a popular protocol)

Computers in Control - Part 2

• DDC Computers
(examples of DDC computers, including custom-built computers)
• Real Time Control (the heart of a good DDC machine)
2

The History of Computers in Industrial Applications

Computers have been used for industrial measurement and control since the early
1960s. The measurement problem is well understood and involves data acquisition
and appropriate processing of the acquired data. Similarly those aspects of the
feedback control problem involving measurement, implementation of the control
algorithm and outputting of the control signal are also fairly mature.
The one aspect of the computer control problem that is still experiencing significant
evolution is the structural configuration of the computer/plant system. This issue
deals with the specific role the computer plays in the control strategy and its
consequent ability to effectively handle all the relevant tasks of monitoring multiple
points and calculating the control levels for multiple outputs while setting off alarms
when triggered. All of this and more must be done with a high degree of reliability; a
computer crash can result in the loss of life and investment. Several structures have
evolved over the years; the most significant ones are presented in what follows.

2
 1. Introduction – the history of computers in industrial control
1.1 Direct Digital Control (DDC) DDC computers directly
monitor system variables,
then compute and output
Plant a signal to an actuator that
Management control the system.
Communication Link
DDC computers therefore
are comprised of :
Human/Machine Interface: •A CPU
DDC Computer • Punched Cards •Analog I/O ports
• Line Printers •Digital I/O Ports
• Plotters
•Appropriate control
Analogue and • VDU terminals
digital Signaling m • LC Displays software
n •Other ancillary hardware,
• Touch screens
particularly for interface with
humans
Process

Figure 1: Direct Digital Control

3

Direct Digital Control (DDC) was introduced in the 1960s; it represents the first attempt at using
computers in industry. In DDC, computers are linked to the plant through their analogue and digital I/O
interfaces. DDC computers are therefore tightly coupled with the plant.
At the same time, PLCs1 (actually DDCs themselves) were being introduced to replace the older relay-
based sequential controllers and NC2 machines started to make an appearance in the manufacturing
sector. Today’s DDC computers include PLCs for sequential control, microprocessor based PID
controllers and custom designed industrial computers that target for specific high-performance
processes such as boiler control.
Success with DDC computers eventually tapered off when the engineers of the time tried to do too
much with them. In some cases they tried to control the ENTIRE plant or too large a section of the plant
with a single central computer - a strategy which was problematic from the start because the computer
represented a single point of failure. The problem was exacerbated by the fact that the computers of the
day were low powered and not as reliable as they are today (!?). In addition there was, with the large
amount of signal wiring required, the attendant problem of reliably transmitting analogue plant data to
and from the computer. Changes in control strategy were not easily effected. This led engineers to
evolve the next approach: supervisory control. The practice of using a central control room was
introduced with DDC.
Most importantly the experience gained with DDCs ushered in the concept of Flexible Manufacturing
Systems (in FMS computers facilitate the rapid reconfiguration of resources to make new products) and
the notion of Computers in Manufacturing (CIM) whereby manufacture actively and optimally
integrates computers and production machinery.

1 PLC = Programmable Logic Controller

2NC = Numerically Controlled. NC machines are used to manufacture precision mechanical subassemblies.

3
 1.2 Supervisory Control
Supervisory control
deploys digital or analog
Hierarchical
Manager Element controllers on the field, all
• Resources
• Production Scheduling
monitored and directed by
• Accounts etc. one or more supervisory
computers.
Man/Machine Interface:
Supervisory Computer • Punched Cards
Setpoint determination via • Line Printers
• Recipes Supervisory computers
• Plotters
• Optimisation etc. • VDU Graphic terminals allowed for the adjustment
Analog or PV Setpoi nt • Touch Screens of setpoints and
Digital monitoring of plant
Signalling variables from a central
Controller Controller
control room.

PROCESS

Figure 2: Supervisory AND Hierarchical Control System

The introduction of supervisory control represented the first step towards distributed computer
control. The supervisory computer is given the task of adjusting setpoints and controller parameter
settings, usually the task of the human supervisor, to local controllers (digital or otherwise) distributed
across the plant. Note that instead of one massive computer based controller, several controllers are
deployed across the plant, all under the guidance of the supervisory unit(s).

Benefits:
1.Improved control from the ability to monitor and control from a central location. This was
significant particularly for larger plants
2.Reliability improved because the plant could now operate with manual supervision in the event of a
supervisory computer failure.
3.Reliability was even further enhanced by the use of digital communication between computer and
controller.
4.Management could more easily implement production scheduling and plant wide optimisation for
determination of setpoint values and control parameter settings.

One direct consequence of the transition to Supervisory Control was the evolution of the Man
Machine Interface (MMI) – the more politically correct term is Human-Machine Interface (HMI) -
whereby the dials, gauges and switches in the control room were replaced by computer driven graphic
displays, keyboards and interactive touch screens.

4
1.3 Hierarchical Control
This is a natural extension of supervisory control that mimics the management structure of a
typical company (Figure 2). In hierarchical control, the supervisory system is augmented
by a management level machine. The "manager" would be responsible for
• Resource Allocation
• Production Schedules
• Process Accounts
Note that the Manager interfaces with the supervisor only; the supervisor has sole
responsibility for the plant level controllers. This establishes a "chain of command. "

1.4 Distributed Control Systems (Decentralised process control)

Distributed control systems (DCS) were first introduced by Honeywell in the mid-70s. DCS
essentially combines DDC, supervisory and hierarchical control in a structure which
makes maximum use of computer technology.
The fundamental underlying assumptions of an ideal DCS are
1.There are groups or clusters of computers carrying out similar tasks at each hierarchical
level (e.g. measurement, DDC control, supervision etc.)
2.If any unit fails in a given cluster, other computers in that cluster can take up the excess
load
In an ideal DCS environment there is only one cluster of computers carrying out ALL of the
necessary tasks at any given level; this requires sophisticated dynamic task allocation
techniques and is extremely difficult to implement for the range of tasks that must be
performed in a normal plant environment.

The need for a computer network in a distributed environment is obvious; in practice an

organisation may employ different network protocols1 in order to meet the communication
requirements at each level of the hierarchy (see below).
In most modern schemes, dynamic task allocation may or may not be employed.
Nevertheless a hierarchical approach is used to define various types of clusters. Most
hierarchies are variants of the ISO2 Factory Automation Reference Model (Figure 3) and
have been motivated by the requirements of specific industry sub-sectors, most notably
manufacturing automation and process control

1 The protocol of a particular bus type is the set of rules that govern the structure and extent of messages
and the order in which they can be issued
2 ISO = International Organization for Standardization

5
 Definition
FIELDBUS: generic term for serial communication systems used for control in
the industrial work place
Example: A PLC controlling primary plant devices.
Without a Fieldbus:
• Each primary plant device needs a separate cable connecting it to the PLC
• The PLC must be fitted with input and output modules
• For applications with many I/O devices there can be hundreds of wires that are
bulky, expensive and difficult to troubleshoot
PLC I/O modules

PLC

Fieldbus Advantages over point-to-point wiring (Comprehensive)

1. Reduced cabling (from n wires for n devices to 1 wire (typically) for a cluster of
devices)
2. Reduced controller hardware ( requires no I/O modules apart from network interface.
There is now a common I/O interface across all devices to the network)
3. Reduced assembly and installation time
4. Reduced costs
5. Potentially Better diagnostics (can be really comprehensive if devices on the network
have built-in intelligence)
6. Increased reliability due to less cabling Ù Reduced machine downtime
7. Increased productivity
8. System modifications, e.g. adding a new sensor or actuator on the network, easily made

6
 7

Fieldbus Advantages over point-to-point wiring (Comprehensive)

1. Reduced cabling (from n wires for n devices to 1 wire (typically) for a cluster of devices)
2. Reduced controller hardware ( requires no I/O modules apart from network interface.
There is now a common I/O interface across all devices to the network)
3. Reduced assembly and installation time
4. Reduced costs
5. Potentially Better diagnostics (can be really comprehensive if devices on the network
have built-in intelligence)
6. Increased reliability due to less cabling Ù Reduced machine downtime
7. Increased productivity
8. System modifications, e.g. adding a new sensor or actuator on the network, easily made

7
 • With a fieldbus communication:
• There is reduced wiring
• The PLC needs no physical I/O modules
• Ideal for I/O that is widely distributed
• Ideal for large amounts of I/O

Fieldbus

NOTE:
There are many different fieldbus systems operating in industry. Some have basic capabilities
while others are quite sophisticated. Some work over long distances others over shorter
distances. Some are open systems while others are proprietary or closed systems.
A proprietary or closed system is one developed and offered by a single manufacturer to the
exclusion of all else. Examples include Sysmac (Omron), Pneubus (Norgren), Link Bus (Allen
Bradley), Melsec (Mitsubishi)
An open system is available to different manufacturers. The system is usually set up by
common agreement reached in a consortium. Controllers, and I/O devices from various
manufacturers fitted with the same bus interface will be compatible and will communicate when
fitted to the bus. Examples include Device-Net , Interbus-S, Profibus, and AS-I (Actuator Sensor
Interface)
A modern industrial network hierarchy may contain several levels. Machines at the same level
generally share a common network protocol; the networks at different levels communicate via
dedicated gateways1. In general, devices at the bottom of the hierarchy have lower costs and
lower functionality (highly dedicated) and devices at the top have higher costs and higher
functionality

1 A gateway converts one protocol to another to allow them to communicate

8
 Hierarchy Levels (discrete manufacturing automation)

Organisation Network Communication

Hierarchy Hierarchy Requirements

Management networks
Increasing time
6. Enterprise constraints and
reliability

5. Facility/Plant Decreasing
message lengths

Workshop networks
4. Section/Area

3. Cell

2. Station

networks
Process
control
1. Equipment

Figure 3: ISO Factory Automation Reference Model

9

Manufacturing Automation Reference Model

Level 1- Equipment: This is often also called the element or sensor level. This level targets data acquisition,
conversion and transmission as well as actuation through “field” devices such as sensors and actuators. No
processing is done except for calibration adjustments and protection. The communication standards employed here
include analog signalling (4-20mA etc.), hybrid networks such as HART, multi-drop RS232 or RS485 serial
communication line utilising simple ASCII based protocols and more complex networks such as CAN (discussed
later).
Level 2 – Station: Feedback control, sequencing control, monitoring, protection and interlocking1 functions of a
functional subgroup (cell) of the larger production operation. This level includes DDC elements such as
microprocessor based PID controllers and PLCs. Industrial networks, such as Foundation Fieldbus, Profibus,
ARCbus, are typically used here because of the requirement for low network time delays and high reliability.
Level 3 – Cell: Supervisory control of a well-defined part of the plant. Main functions: include co-ordination of the
devices at the Station level, adjustment of setpoints and controller parameters, loading of station device programs
(e.g. PLC and NC machine programs), parameter and data. Communication “messages” vary widely in length at this
level – a few bytes for setpoint changes to several kilobytes for a program change in a PLC. There are also
deterministic2 and real-time communication 3 requirements.

1 Interlocking is a mechanism whereby a process is blocked from execution until another is completed. For example, a
boiler would have an interlock mechanism that ensures that the heaters are not turned on until the level of fluid it
contains is above a certain level. Interlocking very often has implications on safety.

2 A communication system is deterministic if there is a high degree of confidence (>>95%) that a transmitted message
would be received intact within a minimum specified time.

3 A real-time communication system is one which guarantees accurate message communication within a minimum
specified time. It is understood that the system would have experienced failure if the time limit is exceeded for any
single message.

9
 Control Panel
Temperature Flow

Typical process network hierarchy Pressure Alarm Conditions

STOP

Control Panel
Enterprise Temperature Flow

Pressure Alarm Conditions

STOP

Control

Fieldbus

Fisher

Device bus
N N N

Sensor bus
N N N
Typical Network Protocol Selection for various levels
Enterprise bus (Ethernet)
Control bus (HSE, ControlNet)
Fieldbus (Foundation Fieldbus, Profibus PA) Netwars!
Device bus (DeviceNet, Profibus DP, Interbus-S, CANOpen)
Sensor bus (CAN, AS-I, Seriplex, LonWorks)

10
 Figure 4: DCS Example - AB Industrial IT (redundant system)

11
 Figure 5: DCS Example – Emerson’s PlantWeb (Delta V)

12
 1.5 SCADA systems

Communication
via broadcast
facilities: radio or
line modem
Control room

RTUs RTUs RTUs access

Plant 1 Plant n plant usually via
direct interface
i.e. point-to-point
wired DDC
(embedded)
Plant Site 1 Plant Site n computers
13

SCADA( Supervisory, Control and Data Acquisition) networks were developed before computer
networks really became popular, to deal with the issue of remote site monitoring and control. They
are therefore most commonly used where the “plant” is distributed over a large physical area. This
includes: water and electricity utilities, oil drilling and piping operations. The configuration is shown
in Figure 6. Although a SCADA network conceptually fits within the ISO Reference Model, the
name is usually reserved to cases involving remote field units that communicate to the control room
via radio or line modems.
The field element in the SCADA system is the Remote Terminal Unit (RTU) – DDC units that
read and write data to their plant interfaces generally only on command from the operator’s control
computer; very little autonomous control action is done. With increased power in computers, more
full function RTUs are now available. Motorola and OPTO22, for example, manufacture RTUs that
can be instructed to perform local PID control.
The SCADA communication network is usually a low speed medium. To optimise the available
bandwidth vendors may opt for a variety of schemes. This includes “Respond by Exception” where
an RTU will only automatically transmit data if there is a change in parameter from that which was
last sent or “Respond on request” where the RTU will only respond when interrogated by the main
computer. . In addition special protocols, e.g. MODBUS, have been developed to improve the
reliability of transmission over long distance, noisy media.
TTEC (Trinidad and Tobago Electricity Commission) has a classical SCADA implementation. The
RTUs, located in various substations, have Digital inputs (to measure breaker status), digital outputs
(to activate remote breakers) and analog inputs (to monitor line voltages, currents and frequency).
Communication is done via a microwave network.

13
 2. Industrial Data Communications
2.1 Inter-device communication Simplex, half- and full-duplex
A simplex system is one that is designed for
sending messages in one direction only. This is
TX RX
of limited interest in an industrial
communications system as feedback from the
instrument is essential to confirm the action
requested has indeed occurred.

Half duplex communications occurs when data TX TX

flows in both directions but in only one
direction at a time. Half duplex is used when RX RX
communication in each direction must utilise
the same physical medium. The advantage is a
cost reduction if the communication medium is
wire or fibre. TX TX

RX RX

In a full duplex system, the data can flow in

both directions simultaneously. Most TX TX
communication hardware standards systems,
e.g. RS232C or RS485, can be configured to RX RX
operate in half or full duplex mode.

14

Data can either be transmitted between two devices in one of three modes:
• Simplex
• Half Duplex (bi-directional communication on the same path)
• (Full) Duplex (bi-directional communication on separate paths)

14
2.1 Inter-device communication Synchronous and asynchronous communication
Synchronous TX

Frame Check Sequence (e.g. checksum) for error

detection and correction
Message data

Synchronous TX bit-stream Number of bytes in the data field

Preamble SFD Destination Source Address Length Data FCS

Address

Start Of Frame delimiter indicates the beginning of the

frame

Synchronising data stream (one or more bytes)

In synchronous transmission, the receiver and transmitter both reference a

synchronized clock. One bit of data is assumed to be sent within each clock
period. Synchronisation is achieved by first transmitting a string of bits (in
the SFD) to the receiver prior to sending the data. Synchronous systems
operate by detecting bit changes rather than by reading absolute data
values as in asynchronous systems
15

2.1 Inter-device communication Synchronous and asynchronous communication

Asynchronous TX

Asynchronous TX bit-stream

START bit Data bits Parity Bit Stop bits

Indicates Message data, 5 to 8 bits If used, an error 1, 1.5 or 2

start of detection bit added bits used
new to make the to indicate
frame number of 1-bits the end of
even or odd as the frame
agreed apriori

In asynchronous systems, the transmission clock rate is agreed to

apriori. Each character or byte is sent within a frame. The receiver does
not start detection until it receives the first bit, known as the start bit.
The start bit is in the opposite voltage state to the idle voltage and
allows as a trigger for the receiver to synchronise to the following bits.
The asynchronous format is character oriented and was developed for
early teletype machines. A typical asynchronous frame used in RS232C
communication follows:
13

15
2.1 Inter-device communication

Note that:
1. Communication between devices with address identifiers can be accommodated
in the above asynchronous format by building a message string that incorporates
all the pertinent information (command, addresses, data length etc.).

An example is the MODBUS1 protocol, used extensively in SCADA applications,

which has the following message format in ASCII mode (MODBUS also uses an
alternative format called RTU mode):

Header Address Function Data Lrc Trailer

: 2 CHARS 2CHARS n CHARS 2 CHAR CR LF

: 06 03 006B0003 2 CHAR CR LF

e
pl Each address or function character uses ASCII reference to a single HEX digit of
xam the address.
E
An example is shown in row 3 – a command to send 3 register values starting from
logical address $006B in slave $06

The asynchronous frame uses 1start bit, 7 data bits, odd/even/no parity, 1 or 2 stop
bits in this mode.

In the RTU mode, no coding is used; the binary data is sent directly in asynchronous
frames of 1start bit, 8 data bits, odd/even/no parity, 1 or 2 stop bits.

2. Asynchronous mode is limited to low speed communication, typically less

than 115kbaud. Synchronous communication is much more reliable than
asynchronous at high speeds and is therefore used high speed networks.

1“MODBUS® Protocol is a messaging structure developed by Modicon in 1979, and is used to establish

master-slave/client-server communication between intelligent devices. It is a de facto standard, truly open

and the most widely used network protocol in the industrial manufacturing environment.. “
http://www.modbus.org

16
 2.2 Network Fundamentals
Network Topologies
Mesh Topology: Every node has a physical
connection to every other node on a network. For N
nodes there must therefore be N(N-1)/2 interconnections
(each device must have N-1 network connection ports).
The mesh topology is not feasible for large networks as
the cost and difficulty of implementation increases
exponentially

Star Topology: Contains a central controller or

hub, to which all nodes are directly connected. The
central controller routes messages between any pair of
source and destination node. This allows for easy
interconnection in small networks. However, additional
nubs must be added (a network of hubs!) once a
maximum number of nodes are reached. The failure of a
node in a star configuration does not affect other
nodes.

17

Star Topology Advantages:

1. Easy troubleshooting and fault isolation.
2. Easy addition and removal of nodes and cable layout modification.
3. Other nodes are unaffected by a failed node
4. The central hub facilitates traffic monitoring.

Star Topology Disadvantages:

1. If the hub fails, the entire network fails.
2. This topology requires a lot of cable.

There are not very many examples of Star Topologies; the best example is ARCnet1

1ARCnet = Attached Resource Computing Network. It was developed by Datapoint Corporation in the mid-
1970s. This networking architecture is popular in smaller installations. It is relatively fast (2.5 Mbit/s) and
reliable, and it supports coaxial, twisted pair and fiber optic cable-based implementations.
(www.manufacturing.net)

17
2.2 Network Fundamentals
Network Topologies

Bus Topology: In bus topology, each node

is directly attached to a common communication
channel.

Messages transmitted by one node are received

by every other node and accepted only by the
node whose destination address is included in
the message.

The destination node is also responsible for

transmitting an acknowledgement to the
transmitting node.

If a single node fails, the rest of the network

continues to work as long as the failed node
does not affect the media.

18

Advantages:
1. Uses relatively little cable as compared to other topologies with the simplest
wiring arrangement.
2. Since nodes are connected to the bus by high impedance tappings it is easy to
add nodes to extend the network
3. Architectures based on this topology are simple and flexible.
4. The broadcasting of messages is advantageous for one-to-many data
transmissions (this is frequently used in industrial controls).

Disadvantages:
1. Possible security issues as all nodes see every message.
2. Fault isolation can be difficult, as problems can occur anywhere on the bus.
3. No automatic acknowledgement of messages
4. The bus cable can be a bottleneck when network traffic gets heavy

18
 2.2 Network Fundamentals
Network Topologies
Ring Topology: Ring Topology: As a
physical ring topology, the cable forms a loop
linking nodes at intervals around the loop.

Messages from a transmitting node must be

sent through adjacent nodes until they reach
the destination node. Each node, then, must
be able to receive messages from the
preceding node and relay the message to the
following node if the message is not intended
for it or if the message is sent as a broadcast
(in which case the message is intended for all
nodes).

In general a node will have separate network

input and output ports ⇒ in general,
messages travel around the ring in one
direction.

Advantages: 19

1. Minimal cable requirements.

2. A wiring centre or closet is not required.
3. Messages are automatically acknowledged.
4. Each node acts as a repeater, regenerating the token signal.

Disadvantages:
1. A single node failure crashes the network.
2. Fault isolation is difficult because communication is only one-way.
3. The network must be disrupted to add/remove nodes.
4. There is a limit on the distance between nodes.

19
 2.3 Network Access
Problem: How to avoid contention on a shared bus
Solution: Use an arbitration scheme to determine which node gets control of
the bus
Token Passing: Discussed previously
1. Every node accesses the network within a given length of time, usually
in the order of a few milliseconds (deterministic access).
2. More efficient on networks that have heavy traffic.

Network architectures that support the token passing access method

include Token Bus, ARCnet, FDDI, and Token Ring.

CSMA/CD (or Contention Protocols or Random-Access Protocols)

CSMA/CD = Carrier Sense Media Access/ Collision Detection

Before transmission check bus for traffic

If no traffic, transmit
Else
Hold off transmission for a time determined by an accepted rule
End
20

CSMA/CD
The first node to seek access when the network is idle is allowed to transmit. If contention (message
collision) is detected, all potential transmitting nodes immediately cease transmission and attempt to
resend some time later. The actual time taken to attempt retransmission is determined on a
probabilistic basis to minimise the chance that the same nodes do not simultaneously contend for
the bus again.

1.Used in the IEEE 802.3 standard and the original Ethernet networks
2.A probabilistic system, since access cannot be ascertained in advance.
3.Network performance degrades rapidly with increasing traffic as nodes spend more time competing
for the medium than transmitting data.

Token Passing
A token is a special packet, or frame, consisting of a signal sequence that cannot be mistaken for a
message. At any given time, the token can be available or in use (busy).
When an available token reaches a node, that node can access the network for a maximum
predetermined time, before passing the token on. To transmit, the node first marks the token as “in
use”, and then transmits a data packet, with the token attached. In a ring topology network, the
packet is passed from node to node, until the packet reaches its destination. The recipient
acknowledges the packet by sending the message back to the sender, who then sends the token on
to the next node in the network.

20
2.3 Network Access (ctd…)
Master/slave Protocol
In addition to the two protocols mentioned above, control networks
also add another layer of arbitration through the master/slave protocol.

In this protocol, one and only one device connected to a network is

designated as master; all others are slaves. Network communication
can only generally be initiated by the master; a slave device responds
only upon a request from the master. As a consequence only one
device controls the bus at any given time,

This protocol is clearly of no value to computer networks in general;

however, it brings reliability and real-time character to station/field level
devices in the control hierarchy.
Request

MASTER SLAVE
(Client) (Server)
Response
21

21
 2.4 Software Interconnectivity : OSI Reference Model for Network Architecture

End User A End User B Data Packing

Layer
Layer 7Protocol Headers
Application Application ApplicationData

Layer 6 Protocol
Presentation Presentation Application Data

Layer 5 Protocol
Session Session Presentation Data

Layer 4 Protocol
Transport Transport Session Data

Layer 3 Layer 3
Protocol Protocol
Network Network Network Transport Data

Layer 2 Layer 2
Data Protocol DLC DLC Protocol Data Network Data

Physical Physical Physical Physical Packet Frame

System 1 Subnet Node System 2 Data Link Trailer

22

In order to facilitate software connectivity in an orderly manner, network communications

employ some form of layered protocol to define the required sequence of processes. Each
layer regards the next as a “black box” with well defined functionality, interfaces, rules and
conventions. This allows for the resolution of the communication problem as a set of well-
defined functions. Most network standards utilise the 7-layer OSI reference model shown in
Figure 5.

Communication proceeds as follows: End User A on System 1 wishes to send a message to

end user B on System 2. Note that the “End User” in either case could actually be a software
application. Layer 7(1) (we will use the notation k(i) to represent layer k on system i)
establishes a peer connection with layer 7(2). It does so by requesting a service from 6(1)
which, establishes a peer connection with 6(2), by making a request of 5(1). The peer to peer
connections are repeated down to layer 1 where the actual physical communication takes
place.

The peer to peer communication between layer k protocols is actually established by framing
the message passed on by the k+1 protocol (Figure 7). As such, the only real communication
takes place between layer 1 protocols; 2 to 7 are actually in virtual communication with their
peers. Each of the layers can be implemented in hardware or software.

22
 2.4 Software Interconnectivity: Layer Definition

ALL Application Application interface

PEOPLE Presentation
Data conversion, coding and decoding

SEEM Session
Establishment of Comm Links

TO Transport Network traffic management

NEED Network Address resolution

DATA Data
Data formatting, arbitration, physical addresses

PROCESSING Physical Electrical and mechanical n/w parameters

2.4 Software Interconnectivity: Layer Definition 23

Layer 7 (Application): L7 provides application software with communications. Note that the actual
software application is not contained in the OSI model. It is at this level that the File Transfer
Protocol (FTP) and Simple Mail Transfer Protocol (SMTP) operate

Layer 6 (Presentation): 1. provides for the coding and conversion of data

2. ensures that the exchange is understandable
3. provides for the exchange of data from one application to another through common data formats
such as ASCII for text and Graphics Interchange Format (GIF)
4. provides for data encryption and compression.

Layer 5(session):
1. Establishes, manages and disconnects the communication session between computers
2. Ensures that data is sent and retrieved from other computers

Layer 4(Transport):
1. manages traffic across the network to another computer and ensures that the packets arriving are
not coming too quickly, out of order
2. determines if packets are missing
3. The Transport Control Protocol (TCP) included in this layer ensures that the data is received
correctly.

23
 2.5 Fieldbus Networks

OSI Fieldbuses In instrumentation and control, the OSI Reference Model

is often simplified to utilise just three (3) layers:
Application Application
OSI Layer 7 – Application,
OSI Layer 2 – Data Link,
Presentation
OSI Layer 1 - Physical.

Session In some cases, such as Foundation Fieldbus, a 4th layer,

the User Layer, is added.

Transport
EXAMPLES:

Network The serial standards RS232, 422, 485 are physical (Level 1)
protocols
Data Data • The Modbus Protocol uses Layer 2

Physical Physical • Ethernet comprises the Physical and Data Link Layers

• The HART smart instrumentation protocol, Profibus and

Foundation Fieldbus use the Physical, Data Link and
Application Layers
24
Fieldbus is a generic name that describes an all-digital signalling method where sensors, actuators and
controllers are networked together to exchange information. Fieldbuses were developed to provide an
alternative to analog transmission.
NB: Foundation Fieldbus is a specific fieldbus network technology that originates from the Fieldbus
Foundation, a worldwide consortium of manufacturers and industry groups.

As we have already seen, the range of fieldbus systems is varied, targeting different levels of the industry bus
hierarchy. They may be categorised as follows:
[ ] Open systems or proprietary systems
[ ] Maximum Transmission Rates
[ ] Response Times (Latency) – the time it takes between the issue and execution of a command or request.
[ ] Throughput: the average number of information bits over the time for transmission.
[ ] Utilisation - Bandwidth utilization is the engagement of capacity, usually represented as a ratio of usage
(actual througput (see below)) over maximum transmission rate. Ethernet throughput is known to drop
exponentially when utilisation exceeds 35%
[ ] Reliability/Availability – Ideally one wants a network to have 100% reliability. This can be approached by
adding redundancy at critical parts of the network, appropriately segmenting the network so that critical sub-
networks are isolated and keeping the network design as simple as possible.
[ ] Bus Powering – Following HART, the ability to provide power on a bus is advantageous

24
 2.5.1Fieldbus Examples

Protocol Comment Levels: Commun. Max Tx Latency: Arbitration Bus Power

Industrial Method/ rates [256 DIO
Bus Topology on 16
Hierarchy nodes x
/OSI Ref. 16 IO]
Model
Modbus Designed for original Device/ Master – Slave/ 300 bps - Depends None n/a
SCADA. No physical Data All 38.4Kbp on on network
layer

Foundation Field Client-server/ 31.25kb/s <100ms Token YES

Fieldbus H1 Star, bus typ. passing

Profibus DP: Decentral DP: Device, Mater/ slave- DP to < 2ms typ Token Profibus PA
DP/PA Periphery PA: Process PA: Field Peer to peer/ 12Mb/s; passing only
automation Line, star ring PA to
31.25kB/s

Industrial Same as regular Originally Client- 10, 100 Depends CSMA/CD NO. Only
Ethernet ethernet with additional Enterprise. server/Star, Mb/s on now
physical specs for Now All bus, daisy application proposed
rugged environments layers incl. chain layer
sensor via
gatways

CAN = Control Area Network Sensor and Master slave, 10K, 20K, < 1ms CSMA with NO
device peer to peer, 50K, 125K, non-
muticast, 250K, 500K, destructive
multimaster/ 800K, bitwise
linear, trees, 1Mbps arbitration
star or combo.

Profibus family:
This is the most widely accepted networking standard for industrial automation. 25
PROFIBUS FMS (Fieldbus Message Specification)
The original version of this bus system. Can be slow for use with simple I/O systems (solenoid valves and sensors) due to long
message structure. This is a universal solution for both the field and cell level of the industrial communications hierarchy

PROFIBUS DP (Decentral Periphery)

Targets time-critical communications between automation
and distributed peripherals. Fast baud rate and shorter message structure than FMS

PROFIBUS PA (Process Automation)

The same as DP but with an intrinsically safe hardware specification
RS485 at OSI level 1
See Tutorial 6 of from idconline.com.

Foundation Fieldbus
See handout from http://www.idconline.com.

CAN
Originated in the automotive world but is now probably the leading embedded microcontroller network. It usually works over a
twisted-pair differential bus, which is very noise-resistant. It includes built-in message rescheduling in the event of collisions, 5
types of error detection (CRC, bit stuffing, frame checking and others). CAN is able to run at 1MB/s over up to 10m or several
km at 50KB/s. There are a number of higher level fieldbuses such as DeviceNET and CANopen that run on CAN. Because of
its properties, CAN is mainly used for high speed, deterministic
latency data transfer between microcontrollers units, usually within the same machine or factory. See
http://www.hitex.co.uk/can.

25
 2.6 Migration to Ethernet

All main legacy fieldbus standards have started conversion to ethernet

e.g.
•DeviceNet --- Ethernet/IP There are arguments for and against!!
•Profibus on Ethernet
•Foundation Fieldbus --- Foundation Fieldbus HSE

HMI Eng. Workstation

PLC
Ethernet

gateway
E.g. “Terminal
servers” from Sensor and field
Newport and networks
Moxa

Figure : Simplified Industrial Ethernet Architecture 26

Benefits of using Ethernet as a fieldbus[4]

1. It’s a well established standard
2. It has low cost by virtue of large commercial installed base
3. It is readily available technology (currently default packaging in almost every PC)
4. By virtue of the above it provides opportunities to integrate most/all levels of industrial networks, reducing the
confusion of having several competing standards

Arguments and Counter-arguments

CSMA/CD affects determinism, bandwidth and real-time performance since Ethernet technology is based on
collision detection and avoidance. This slows down the response of the network as traffic increases. In
addition, all traffic on Ethernet is seen at every node, thus increasing the probability for collisions and making
the performance of any one networked application dependant on the network usage of all the other
applications.
This can be addressed as follows:
• The statistical probability of delays can be lowered when setting up an Ethernet system by keeping traffic
significantly below its theoretical limits to avoid collisions (typically 35% to 45% load). Faster Ethernet networks
(100Mb/s and Gigabit) will not eliminate collisions, but will increase the probability that data will be delivered in
a predetermined time and greatly reduce the probability of data packet collision
• Furthermore, this can be complemented by segmenting Ethernet networks into separate 'collision domains'
using techniques such as switched Ethernet. By using dedicated subnets, mission critical industrial network
applications can be removed from the collision domain of other network traffic, improving determinism by
eliminating extraneous traffic from critical applications.
Its all about managing traffic!

Ethernet was not designed for industry: But …industrial Ethernet takes this into account and provides an
industry hardened version of the commercial system. Its use is growing rapidly

26
 2.7 Vendor Integration via OPC

The problem: User applications require specific drivers to communicate with devices made by
different manufacturers.

This situation indicates a potential lack of interoperability between the components of a network.

1. Duplication of effort: Everyone must write a driver for a particular vendor’s hardware.
2. Inconsistencies between vendors’ drivers: Hardware features not supported by all driver
developers.
3. The drivers vary with operating system
4. The drivers may not be available for some applications, particularly custom-made
applications.
5. Little support for hardware feature changes: A change in the hardware’s capabilities may break
some drivers
6. Access Conflicts: Two packages generally cannot access the same device simultaneously since
they each contain independent Drivers.
Solution: OPC = OLE for Process Control
SCADA Physical
OPC I/F Physical I/F
System I/O

OPC
Application OPC I/F
Server

Physical
Physical I/F
I/O
OPC Client
OPC Client 27

The OPC Specification is a non-proprietary technical specification. Originally based on Microsoft's

Object Linking and Embedding (OLE (ActiveX)) Component Object Model (COM) and Distributed
Component Object Model (DCOM) technologies, the specification defines a standard set of objects,
interfaces and methods for use in process control and manufacturing automation applications to facilitate
interoperability.

In OPC, a vendor needs only write a driver (OPC server) for the operating system rather than for each
application. An OPC Client (source or destination of data) can connect to OPC Servers provided by one or
more vendors. Vendor supplied code determines the devices and data to which each server has access, the
data names, and the details about how the server physically accesses that data.

Although OPC is primarily designed for accessing data from a networked server, OPC interfaces can be
used in many places within an application. At the lowest level they can get raw data from the physical
devices into a SCADA or DCS, or from the SCADA or DCS system into the application.. The architecture
and design makes it possible to construct an OPC Server which allows a client application to access data
from many OPC Servers provided by many different OPC vendors running on different nodes via a single
object.

27
2.7 Vendor Integration via OPC: OPC on Ethernet

OPC Client (HMI Application) OPC Clients (SCADA)

OPC Server

OPC Client (Control PLC)

PLC
Ethernet

gateway
E.g. “Terminal With OPC we can
servers” from now easily
Newport and communicate with
Moxa devices from
different vendors
without worrying
OPC Clients about specific driving
software (plug and
play) 28

28
Guess where else networks are showing up!! [3]

Monitoring redundantes
ECU und Bordnetz
Bordnetz ECU
Diagnose ECU 12V und 48V

c
Betätigungs-
einheit
Bremsen
ECU ECU
ECU
4

29

29
 Serial Networks for Control and Instrumentation EIA232/422/485

RS232 C/D RS423A RS-422 RS-485

Mode Single-ended Single-ended Differential Differential

Max #drivers 1 1 1 32

Max # receivers 1 10 10 32

Max cable length 15m 1200m 1200m 1200m

Max baud rate 20k 100k 10M 10M

Transmit levels ±5V to ±15V ±3.6V to ±6.0V ±2.0V min ±1.5V min
(diff’l)
Receive sensitivity ±3V ±0.2V ±0.2V ±0.2V

Load Impedance 3k to 7k 450Ω min 100Ω min 60Ω min

Common Mode voltage, n/a n/a -7 ≤Vcm ≤+7 -7 ≤Vcm ≤+12

Vcm
Output current limit 0.5A to Vcc or 150mA to gnd 150mA to gnd 150mA to gnd
gnd 250mA to -8V
or +12V

Driver output impedance 300Ω 60k 60k 120k

(mn, pwr off i.e. tristate)
30

NOTES:
1. RS423A standard is an improvement on RS232 by virtue of its lower impedances and higher data rate. It is
the least common of the RS- protocols.
2. RS232 implements its maximum data rate at the maximum recommended cable length. This is not the case
for the other standards for which there are limits to cable length are specified as a function of data rate
(Figure 8).
3. Definition:
[] A network is point-to-point if it facilitates a transmitter being connected to no more than 1 receiver.
[] A network is multidrop if it facilitates one transmitter and multiple receivers on the same line.
[] A network is multipoint (party line) if it facilitates multiple transmitters and receivers on the same line
4. RS485 and RS422 share many characteristics. However, RS485 can accommodate up to 32 drivers on a
bus (multipoint) because its enhanced tristate capability reduces the current drain on the one active driver
when the others are off.

[ ] RS422 drivers are prone to clamping a transmission line to ground if there is a potential difference
between the grounds on the drivers.
[ ] RS422 drivers can suffer thermal damage if contention occurs.
[ ] RS422 cannot handle the higher DC currents incurred with resistor terminations (later) on both ends of a
transmission cable, as is required for ½ duplex communication.
5. RS485 tristate line is usually referenced as an RTS (request to send ) handshake as used in RS232
communication.

30
 Serial Networks for Control and Instrumentation RS232/422/485 …ctd

1200

300 RS 422, 485

RS 423
Cable Length (m)

30
RS 232
15

0.1 1 10 100 1000 10000

Data Rate (kbits/sec)

Figure 8: Maximum transmission rates vs cable length for the RS232, 423, 422 and 485 standards

31

31
 Serial Networks for Control and Instrumentation RS232/422/485…ctd

RS232

If the full RS232 standard is implemented as defined, the equipment at the far
end of the connection is named the DTE device (Data Terminal Equipment,
usually a computer or terminal), has a male DB25 or DB9 connector, and
utilizes 22 of the 25 available pins for signals or ground.

Equipment at the near end of the connection (the telephone line interface) is
named the DCE device (Data Circuit-terminating Equipment, usually a modem),
has a female DB25 or DB9 connector, and utilizes the same 22 available pins
for signals and ground.

32

32
 Serial Networks for Control and Instrumentation RS232/422/485…ctd

RS232

• Can only connect one device at a time. Multiple simultaneous device

connection not possible.

• Up to a length of 50ft. – noise and signal degradation make it impractical after

this distance.

• Maximum transmission speed is relatively low.

33

33
Serial Networks for Control and Instrumentation RS232/422/485…ctd

RS422/RS485

34

34
 Serial Networks for Control and Instrumentation RS232/422/485…ctd

RS422/RS485
RS485 functionality

And now the most important question, how does RS485 function in practice?
Default, all the senders on the RS485 bus are in tri-state with high impedance.
In most higher level protocols, one of the nodes is defined as a master which
sends queries or commands over the RS485 bus. All other nodes receive these
data. Depending of the information in the sent data, zero or more nodes on the
line respond to the master. In this situation, bandwidth can be used for almost
100%. There are other implementations of RS485 networks where every node
can start a data session on its own.

This is comparable with the way ethernet networks function. Because there is a
chance of data collosion with this implementation, theory tells us that in this
case only 37% of the bandwidth will be effectively used. With such an
implementation of a RS485 network it is necessary that there is error detection
implemented in the higher level protocol to detect the data corruption and
resend the information at a later time.

35

35
Serial Networks for Control and Instrumentation RS232/422/485…ctd

RS422/RS485

RS232 TO RS485 CONVERTER

36

36
 Serial Networks for Control and Instrumentation EIA232/422/485

RS485 Biasing

37

R eq (V cc + 0.2)
Rb satisfies Rb ≤ Rt = termination resistance
0 .4 Rin = receiver impedance (use 12k as worst case)
R R Vcc is the supply voltage, typically 5V
R eq = t // in
2 N

10. When all nodes in a 2-wire network are in a listening mode this implies that all transmitters are
disabled. The corresponding voltage between receiver inputs can take on arbitrary values
causing erroneous signal detection. It is necessary, in this situation to ensure that a voltage of
at least 0.2V exists between the transmission lines. This can be achieved by using bias
resistors. To indicate an idle state (SPACE) a pullup resistor is used on the B (+) line and a
pull down resistor of equal value (why?) is used on the A (-) line. The actual value used
depends on the number of nodes and the existence of termination resistors. This is shown in
Figure 11

11. Contention can occur in 2-wire systems. There are hardware and software approaches to
treating with this problem. Both approaches ensure that no more than one transmitter is active
at any time by ensuring that only that transmitter is enabled. This can be achieved by enabling
the RTS line immediately before transmission and disabling it immediately after transmission.
This can be problematic if the transmission rate is high compared with the computer execution
rate. Some RS485 interfaces can be set to automatically disable themselves within 1 bit of the
end of transmission.

37
 Serial Networks for Control and Instrumentation EIA232/422/485

Bias Resistors:
The transmission line into the RS-485 port enters an indeterminate state
when it is not being transmitted to. This indeterminate state can cause
the receivers to receive invalid data bits from the noise picked up on the
cable. To prevent these data bits, you should force the transmission line
into a known state. By installing two 620 Ohm bias resistors at one node
on the transmission line, you can create a voltage divider that forces the
voltage between the differential pair to be less than 200 milli-Volts, the
threshold for the receiver. You should install these resistors on only one
node. The figure below shows a transmission line using bias resistors:

38

R eq (V cc + 0.2)
Rb satisfies Rb ≤ Rt = termination resistance
0 .4 Rin = receiver impedance (use 12k as worst case)
R R Vcc is the supply voltage, typically 5V
R eq = t // in
2 N

10. When all nodes in a 2-wire network are in a listening mode this implies that all transmitters are
disabled. The corresponding voltage between receiver inputs can take on arbitrary values
causing erroneous signal detection. It is necessary, in this situation to ensure that a voltage of
at least 0.2V exists between the transmission lines. This can be achieved by using bias
resistors. To indicate an idle state (SPACE) a pullup resistor is used on the B (+) line and a
pull down resistor of equal value (why?) is used on the A (-) line. The actual value used
depends on the number of nodes and the existence of termination resistors. This is shown in
Figure 11

11. Contention can occur in 2-wire systems. There are hardware and software approaches to
treating with this problem. Both approaches ensure that no more than one transmitter is active
at any time by ensuring that only that transmitter is enabled. This can be achieved by enabling
the RTS line immediately before transmission and disabling it immediately after transmission.
This can be problematic if the transmission rate is high compared with the computer execution
rate. Some RS485 interfaces can be set to automatically disable themselves within 1 bit of the
end of transmission.

38
 MODBUS
1. Developed by Modicon for the SCADA market
2. Master/Slave protocol (Layer 7)
3. Two special format for data (Layer 2): ASCII and RTU
4. No dedicated physical format but typically used on RS232, 485, 422

Plant

Plant interface
Can be byte
MASTER Slave 1 Slave n oriented DI,
DO, AI AO

RTU, controllers, PLCs

Communication Network (wire, radio)

Message Structure
The Modbus protocol establishes the format for the master's query by including:
the device (or broadcast) address,
1. a function code defining the requested action,
2. any data to be sent, 39
3. an error-checking field.

The slave's response message is also constructed using Modbus protocol. It contains
fields confirming the action taken,
1. any data to be returned, and
2. an error-checking field.

If an error occurred in receipt of the message, or if the slave is unable to perform the requested action,
the slave will construct an error message and send it as its response.

Assumes 4 types of ports in the slave

•Coils Digital outputs

•Discrete Inputs Digital Inputs
•Holding Registers Byte oriented Output latches that may be associated with
discrete or analogue outputs, internal memory etc.
•Input Registers Byte oriented input latches. These may be associated with
discrete or analogue inputs, internal memory etc

39
 ASCII Mode
HEADER ADDRESS FUNCTION DATA LRC TRAILER

: 2 CHARS 2CHARS n CHARS 2 CHAR CR LF

: 06 03 006B0003 2 CHAR CR LF

1. Each address or function character uses ASCII reference to a single HEX digit of e.g.
the address
2. 1start bit, 7 data bits, odd/even/no parity, 1 or 2 stop bits
3. Delays of up to one second can elapse between characters within the message.
4. If a greater interval occurs, the receiving device assumes an error has occurred and
executes a timeout.
5. Valid slave device addresses are in the range of 0 ... 247 decimal. Address 0 is
used for the broadcast address, which all slave devices recognize
6. Master addresses a slave by placing the slave address in the address field of the
message. Slave responds with its own address in the address field of the response
message. This lets the master know which slave is responding.
7. Function codes (FC) go from 1 – 25510. Master uses FCs to instruct RTU on task
to be executed. In response, slaves use FCs to indicate normal (error-free) status
by repeating the original FC or an error by adding a 1 to the FC MSB.

Sample function codes

40
Hex Code Name Function

01 Read Coil Status to read the ON / OFF status of a group of

discrete coils
02 Read Input to read the ON / OFF states of a group of
Status discrete inputs
03 Read Holding to read the data contents of holding register
Register bytes. Specify start address and number of
bytes to read
04 Read Input to read the data contents of input register
Registers bytes
05 Force Single Coil Set discrete output to a specified level

08 Diagnostics to read the diagnostic status of the slave

13 Program
Controller
15 Force Multiple to write to designated coils
Coils
16 Force Multiple to write to designated registers
Registers

40
 8. DATA FIELD: From a master to slave contains additional information required by the
to take the action specified. Example - discrete and register addresses, the number of
registers to be read. From a slave contains the data requested or, in the case of an
exception, a code that describes the error.
9. LRC (Longitudinal Redundancy Check):The LRC is calculated by adding together
successive eight-bit bytes of the message, discarding any carries, and then two's
complementing the result. It is performed on the ASCII message field contents
excluding the colon character that begins the message, and excluding the CRLF pair at
the end of the message.
Example of a MODBUS message transaction

Master: Request RTU6 to send data in registers 006B – 006D “:0603006B0003890D0E”

: 06 03 006B0003 89 CR LF

Slave: reply Sending 6 bytes of data

(each pair per register) “:0603061D2D3D4D5D6D 7A0D0E”
: 06 03 061D2D3D4D5D6D 53 CR LF

For each register, the data high byte is sent first.

MODBUS sends 2 bytes for each holding register

41

RTU Mode
The RTU mode has the same functionality as the ASCII mode but is more efficient
in composing messages. RTU mode sends the actual binary 8-bit data (not the
ASCII code for the HEX representation of each nybble of the data as in ASCII).
Thus, instead of sending 2 HEX characters to represent a byte, the RTU mode
sends a single digital byte. RTU mode uses a more complex Cyclic Redundancy
Check (CRC) on the frame.

Header Address Function Data CRC Trailer

Nothing for 1- 8 bits 8 bits n bytes 16 bits Nothing for 1-3.5 bit
3.5 bit times times

Complete details, including new variationslike MODBUS Plus and Modbus TCP/IP,
available from www.modbus.org

41
References (this section)
1. Automation Hierarchy, H. Kirrmann, ABB Research Centre, Switzerland,
http://lamspeople.epfl.ch/kirrmann/Slides/ AI_14_Architecture.ppt, accessed 24/09/03
2. Control System Architecture, H. Kirrmann, ABB Research Centre, Switzerland,
http://lamspeople.epfl.ch/kirrmann/Slides/ AI_15_Architecture.ppt, accessed 24/09/03
3. Fieldbus Principles, H. Kirrmann, ABB Research Centre, Switzerland,
http://lamspeople.epfl.ch/kirrmann/Slides/ AI_31_Architecture.ppt, accessed 08/10/03
4. The Future Of Industrial Networking And Connectivity by Chris LeBlanc, National
Instruments, http://www.omimo.be/magazine/00q1/2000q1_p009.pdf, accessed
26/09/03
5. An introduction to industrial networks, Hong-Ju Moon,
http://icat.snu.ac.kr:3333/rain_e/intro/2.html - 27k, accessed 26/09/03.
6. Transactions in Measurement and Control: Volume 2 - Data Acquisition, Omega
engineering Inc.,
http://www.omega.com/literature/transactions/volume2/digitalsignal4.html, accessed
03/10/03
7. Fieldbus for Central Control, John Hyde, Norgren,
8. Digital Communications, S. Haykin, J. Wiley & Sons, 1988.
9. RS-422/485 Application Note, B&B Electronics Manufacturing Co., http://www.bb-
elec.com/../485appnote.pdf

42

42