System Reliability an Essential Support for Plant Operations
Yokogawa has a long history in the area of plant control systems, and is recognized as the developer of the world’s first distributed control systems. The company also uses numerous Renesas processors in their safety instrumented systems and in control systems designed to safely operate and safely shut down equipment. Today we speak with Kuniharu Akabane, the manager in charge of deciding on system hardware.
Reliable Plant Operation and Safe Shutdown
―What type of control systems do you use with plant operations?
Mr. Akabane: If you’re running a plant that operates continuously, you need to maintain control of temperature, pressure, fluid quantities, and other properties while manufacturing remains ongoing. For many years, the main way to do this was with centralized control: you placed sensors at various locations around the plant, and they sent their readings to a central control process. But as time went on, plants became larger, and it became increasingly important to implement precise control from locations closer to the actual machinery. That’s why we developed the world’s first distributed control system (DCS) in 1975. These systems, now in their eighth generation with the CENTUM VP, are known for keeping plants continuously up and running.
We are marketing the ProSafe-RS series of safety instrumented systems (SISs)—systems specifically designed to safely shut down operations in the event of an emergency. Our series complies with SIL (safety integrity level) 3 of the IEC 61508 international safety standard.
In general, where a plant has both a DCS and an SIS, these systems typically run in separate, independent environments. With our systems, however, it is possible to operate both from a single console, as an integrated entity—enabling more effective and easier operation, and reducing maintenance costs. Fortunately, our customers have been very positive about this approach.
The system is comprised of four main components.
1. Human Interface Stations (HIS)
2. Engineering Station (ENG)
3. Field Control Stations (FCS)
4. Network (communication system)
In addition, the operating environment supports full integration with the ProSafe-RS safety instrumented system (SIS).
―These systems are truly designed to deliver reliable plant operation and shutdown.
Mr. Akabane: Yes indeed. And for just that reason, we need to keep the failure rate of the control systems themselves—the DCS and SIS—extremely low. That’s why we need to design extremely high reliability into these systems.
We use the following principles to achieve very high reliability.
1. Fault Avoidance: Use highly reliable components, and use sufficient redundancy to ensure that reliability is maintained.
2. Fault Tolerance: Use system replication and redundancy, with minimal common components, so that operation can continue in the event of a failure in one of the systems.
3. Fault Detection: The system has built-in capability to detect its own faults.
4. Maintainability: DCSs and SISs are designed to continue operating while units are being replaced. These systems can support long-term continuous availability with no or minimal downtime.
As a result of these design methods, the CENTUM VP has achieved a record of 99.99999% (“seven 9s”) availability.
Hardware Choices for the Highly Reliable Systems
―That’s a tremendous track record, isn’t it? Could you tell us the role that Renesas MCUs play in achieving these types of highly reliable systems?
Mr. Akabane: I first encountered Renesas products in 1991–2, when we started using your MCUs in our CENTUM communications modules. I was very impressed at the time about how good the manuals were.
Since then we’ve used Renesas MCUs in numerous products, in particular because we really appreciate their very high reliability. When we design a system, we calculate overall reliability based in part on the defect rates we estimate for each component. But in fact, the defect rate of Renesas components has always fallen well below our estimations. We feel that you are building very high quality into your products, starting from the semiconductor design stages and continuing through all processes through to final production.
―What’s are your feelings about Renesas software?
Mr. Akabane: Renesas delivers good software, too. Your high-performance embedded workshop provides us with full and integrated support that really boosts our development efficiency. And when we change processors, you make the migration work very easy. You provide excellent support for migration into integrated development environments, with strong tools for customizing the environment for each processor.
Another thing we really like about the Renesas environment is your embedded operating systems. As customers, we enjoy a real cost benefit when the semiconductor vendor includes an embedded OS—especially one that is both easy to handle and of very high quality, as yours are.
When users have excellent development environments which are compatible with embedded operating systems, designing becomes easier and work periods get shorter.
Looking Forward to Continued Performance Improvements
―Thank you for your kind words. What kind of expectations do you have for Renesas products going forward?
Mr. Akabane: Our systems and products must answer the environmental issues facing entire facilities. That means that with each generation, we need to achieve lower power consumption. Our customers expect to use less power even as processing loads and clock speeds continue going up. In fact, our customers have sometimes chosen high-end equipment simply on the basis of a lower power profile. So we hope that you will continue working on power reduction as we move forward.
We’re also happy when new high-end equipment remains compatible with legacy equipment. Since our customers demand very high reliability, we investigate every new component very carefully when deciding whether to use it. The time and expense required for this work is much higher if there’s no compatibility. For example, we may want to maintain our existing software assets even when we need to change a processor in order to elevate the performance of some high-end equipment. As another example, we can eliminate the need to change external ASICs if the bus specifications for the new product are the same as for the old. So we will be grateful if Renesas keeps these kinds of work flows in mind as we go forward.
In general, we do indeed look forward to a continued supply of stable, effective Renesas products that will fully support the long-life-cycle high-reliability systems that we produce.
―You remind us, once again, of the important role of Renesas MCUs. We certainly intend to continue supplying MCUs that incorporate new technical developments and that fully support our customers as they work on building their own high-performance, high-reliability systems.
－ All company and product names mentioned herein are trademarks or registered trademarks of their respective owners.
－ This interview was conducted on May 21, 2013. All product performance data and other data cited herein are based on information available at the time of the interview.
－Information herein has not been subject to final review, and is subject to change following review.