100% found this document useful (1 vote)

1K views376 pages

Complete Manual SCADA Systems

Uploaded by

mohdkamalhaziq

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

100% found this document useful (1 vote)

1K views376 pages

Complete Manual SCADA Systems

Uploaded by

mohdkamalhaziq

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 376

SCADA Systems - Transitioning

from Beginner to Advanced

4 DAYS WORKSHOP

Michael A. Crabtree MSc

COURSE INSTRUCTOR
SCADA Systems - Transitioning
from Beginner to Advanced
Course Overview
Supervisory, Control and Data Acquisition System (SCADA) is, without a doubt, one of the most important
aspects of most industries. It does not matter whether you focus on oil or gas, are electricity or another
commodity provider, or manufacture products driven by consumer demand in a factory. The reality is that
you need a specialised device, which “puts extra eyes” in your plant, and this is where the unique features
of a well-designed SCADA system come to the fore. Such a system should be designed to allow for a
seamless transfer of plant knowledge, and access to vital information (especially in situations where
decision-making is critical). Sadly, many organisations install a SCADA system, with the best intentions.
But, as soon as the system has been implemented, it tends to be allowed to stagnate, never keeping up
with plant changes, and being used to its full potential. This is not intentional, but often just due to staff not
wanting to mess with something that is already working well, or perhaps feeling a bit apprehensive about
their own skills and abilities. The aim of this workshop is to encourage SCADA staff to keep pushing the
boundaries, and to consider implementing additional SCADA features, so that they continuously take their
SCADA system up to the next level. Delegates are often caught in a quandary. They are immersed in the
“deep end”, and need to sink or swim. Or else, it has been a few years since they have done the basics,
and an intense refresher may be required. There is also the problem that an introductory course may be
too basic, and an advanced course just kicks off too rapidly. This workshop has been designed to try and
deal with these issues as effectively as possible. It starts off as a basic workshop, and builds the delegates
up. (This is useful for those individuals who are already familiar with SCADA, but require a good, solid
refresher, just to get them up to speed, once again.) Then, the workshop steps up to the next level, and
shares a lot of advanced features. This is really what separates the mediocre SCADA applications from
the really efficient ones.The workshop has been designed to focus on applications and practical examples
that would be deemed relevant, and the working environment of the delegates will be very carefully
enquired about, so that all exercises remain work-related, for the delegates. This course intentionally has a
50-50 split between theoretical and practical work, in order to keep attention spans at optimum levels, as
much as possible

Blaze Avenue (M) Sdn. Bhd.

A20-06, Mercu Summer Suites,
No.8, Jalan Cendana,
Off Jalan Sultan Ismail,
50250, Kuala Lumpur, Malaysia.
+60 3 2713 6185
+60 3 2260 3187
[email protected]
blazeavenue.com.my

Important notice:
No part of these notes or diagrams may be reproduced in any form without permission of
the copyright holder.

© 2017 Crabtree Controls Ltd. All Right Reserved

SCADA Systems - Transitioning
from Beginner to Advanced

Table of Contents

Section 1. Introduction to Controls Systems

Abbreviations and acronyms 1.1
Programmable Logic Controller (PLC) 1.4
Smart instruments 1.5
Distributed Control Systems (DCS) 1.6
Hybrid DCS 1.11
Open DCS 1.11
Advantages and disadvantages of DCS 1.12
Supervisory Control and Data Acquisition Systems 1.13
What is an RTU? 1.15
Traditional bus system 1.16
A universal bus 1.17
Typical FF application 1.19
SCADA versus DCS 1.19

Section 2. Instrument Signal Loops

What is a thermocouple? 2.1
Thermocouple types 2.2
Transmitter loops 2.4
Explosive concentrations 2.10
Loop powering 2.11
Calibration 2.12
Loop splitters/repeaters 2.16
Diagnostic output 2.17
Highway Addressable Remote Transducer (HART) 2.19
Physical layer 2.20
Multipoint mode 2.23
HART commands 2.23
Graphical interface 2.25

Section 3. Accuracy and Resolution

Accuracy and error 3.1
Uncertainty 3.5
Binary numbering 3.7
Resolution 3.8
Hexadecimal 3.10
Hexadecimal to binary conversion 3.12

i
Section 4. Basics of data communications and networks
Historical background 4.2
Typical link 4.3
Bits, bytes and codes 4.4
Half and full duplex communication 4.4
Synchronous versus asynchronous transmission 4.5
Serial asynchronous transmission 4.8
Codes 4.12
UART 4.19
UART timing 4.22
Networking 4.23
Topologies 4.24
Networking approaches 4.29
CSMA/CD 4.30
Token passing 4.31
LAN standards 4.32
Token bus 4.33
Mesh topology 4.35
The OSI model 4.40
Virtual or peer-layer communications 4.42
Simplified model 4.47
Repeaters 4.50
Splitter 4.51
Bridge 4.52
Router 4.53
Gateway 4.54

Section 5. Remote Terminal Units

SCADA layout 5.2
Typical RTU 5.2
RTU environmental enclosures 5.4
Power supply module 5.5
CPU 5.5
RAM 5.6
ROM 5.6
Communication ports 5.7
Digital processing 5.8
Voltage source vs. voltage sink 5.9
Digital input board 5.10
Digital output 5.11
a.c switching 5.12
Current ratings 5.16
Analog processing 5.17
Analog input modules 5.18
Single ended input 5.19
Differential inputs 5.21
Analog output modules 5.23
A/D conversion 5.24

ii
Successive approximation 5.24
D/A converters 5.30
Writing the specification 5.33
Digital sampling 5.35

Section 6. SCADA systems

SCADA features 6.3
System architecture 6.5
Process database 6.8
Software systems 6.10
SCADA database management 6.11

Section 7. Alarm management

Why alarm management is important 7.1
Common issues with alarm handling 7.4
Functions of the operator 7.5
Abnormal upsets 7.6
Defined response 7.7
Adequate time to respond 7.8
Design documentation 7.10
Alarm displays and lists 7.11
Annunciator displays 7.12
Audible alarm warnings 7.12
Alarm generation 7.13
Absolute alarms 7.14
Deviation alarms 7.15
Rate of change alarms 7.16
Discrepancy alarms 7.17
Calculated alarms 7.17
Diagnostic alarms 7.18
First-up alarms 7.18
Statistical alarms 7.19
How do we scan and HMI screen? 7.20
Colours 7.21
ISA-18.2 7.25

Section 8. Data transmission media

Two wire open lines 8.2
Reflection and matching 8.5
Coaxial cable 8.6
Twisted pair cable 8.7
Fibre-optic principles 8.9
Propagation modes 8.12
Fibre-optic advantages 8.14
Patching and installing 8.16
Optical TDR 8.17
Basic radio communications 8.18
Elements of a radio link 8.21

iii
Electromagnetic spectrum 8.25
Electromagnetic waves 8.26
Propagation methods 8.27
Atmospheric refraction 8.28
The radio spectrum and frequency allocation 8.29
Implementing a radio link 8.32
Path profile 8.33
Profile correction 8.34
Fresnel zone 8.36
Diffraction losses 8.38
Reflection losses 8.39
Transmitter power/receiver sensitivity 8.40
Other factors 8.42

Section 9. Basic digital transmission systems

Balanced versus unbalanced 9.1
RS 232 9.3
RS 485 9.12
Drop line versus daisy-chain 9.13
RS 485 standards 9.15
Idle versus active states 9.17
Live termination 9.19
Installation and troubleshooting 9.28
Error detection 9.46
Parity 9.47
Cyclic redundancy 9.48

Section 10. Fieldbus systems

Modbus 10.1
Modbus protocol structure 10.2
Requests and responses 10.7
Write request 10.9
Loop back test 10.9
Exception responses 10.10
Profibus 10.12
Profibus DP 10.14
Profibus PA 10.16
Foundation fieldbus 10.17
Source destination versus producer consumer model 10.20
Link active scheduler 10.21
Cyclic vs. acyclic 10.23
Function blocks 10.25
Profibus vs. foundation fieldbus 10.27
DNP and IEC 60870 10.29
IEC 61850 10.33
DNP3 features 10.36
IEC 61850 10.38
GOOSE 10.40

iv
Sampled value (SV) 10.42
Object modelling 10.42
Comparison of DNP 3 with IEC 61850 10.44

Section 11. Cyber Security

Key questions 11.1
Differences between IT and ICN systems 11.2
Threat sources 11.5
Use of firewalls 11.10
Remote access 11.12
Identifying connections 11.13
Technical audits 11.15
Responsibilities 11.18
USB port blockers 11.19

Section 12. Functional Design Specification (FDS)

Overview of FDS 12.1
Purpose of FDS 12.3
Software and development specifications 12.5

Section 13. SCADA Troubleshooting, Maintenance and Best Practice

Troubleshooting 13.1
Maintenance 13.4
SCADA best practice 13.5

v
SCADA Systems - Transitioning
from Beginner to Advanced

Section 1.
Introduction to Controls Systems
SCADA Systems - Transitioning
from Beginner to Advanced

Section 1.
Introduction to Controls Systems

© 2017 Crabtree Controls Ltd. All Right Reserved 1

Exercise 1. Acronyms and

abbreviations

© 2017 Crabtree Controls Ltd. All Right Reserved 2

1
Abbreviations and Acronyms

AGA American Gas Association

ANSI American National Standards Institute
API American Petroleum Institute
ASME American Society of Mechanical Engineers
ASTM American Society for Testing and Materials
BSI British Standards Institute
CSMA/CD Carrier Sense Multiple Access/Collision Detection
DIN Deutsches Institut für Normung
DNP3 Distributed Network Protocol (Version 3)
DNV Det Norske Veritas

© 2017 Crabtree Controls Ltd. All Right Reserved 3

Abbreviations and Acronyms

EIA Electrical Industries Alliance

EPA Environmental Protection Agency
ESD Emergency Shut Down
FDS Functional Design Specification
HART Highway Addressable Remote Transducer
IEC International Electrotechnical Commission
IEEE Institute of Electrical & Electronic Engineers
ISA The International Society for Automation
ISO International Organisation for Standardisation
LAN Local Area Network

© 2017 Crabtree Controls Ltd. All Right Reserved 4

2
Abbreviations and Acronyms

LOC Loss Of Containment

LOTO Lock Out and Tag Out
MAWP Maximum Allowable Working Pressure
MTBF Mean Time Between Failures
MTTF Mean Time To Failure
MTTR Mean Time To Repair
NEMA National Electrical Manufacturers Association
OIML Organisation Internationale de Metrologie Legale
OSI Open Systems Interconnection
PES Programmable Electronic System

© 2017 Crabtree Controls Ltd. All Right Reserved 5

Abbreviations and Acronyms

PLC Programmable Logic Controller

RTU Remote Terminal Unit
SCADA Supervisory Control And Data Acquisition
SDV Shut-Down Valve
SIS Safety Instrumented System
TCP/IP Transmission Control Protocol/Internet Protocol
TLA Three Letter Acronym
TIA Telecommunications Industries Alliance
UL Underwriters Laboratories
VLAN Virtual Local Area Network

© 2017 Crabtree Controls Ltd. All Right Reserved 6

3
Car seals

© 2017 Crabtree Controls Ltd. All Right Reserved 7

Programmable logic controller (PLC)

● The PLC was developed in the late 1960’s as a

programmable microprocessor-based solid-state
replacement for conventional hardwired relay circuitry.
Intra-PLC communications link

PLC station 1 PLC station 2

CPU CPU
communications link

Local I/O chassis

I/O rack

RIO

Remote I/O chassis

© 2017 Crabtree Controls Ltd. All Right Reserved 8

4
Programmable logic controller (PLC)

● A key feature was the ease with which it could be

programmed through the use ‘Ladder Logic’ programming
that could easily translate to and from conventional relay
drawings.
● Originally PLCs were designed for Digital (or Discrete)
Inputs and Outputs (collectively DIO).
● Users increasingly demanded analog capabilities for
parameters such as pressure, temperature, level, and
flow.
● As a result, manufacturers soon started adding standard
analog inputs and outputs to their (usually 0 – 10 V or 4 –
20 mA)).

© 2017 Crabtree Controls Ltd. All Right Reserved 9

Smart instruments

● Originally coined by Honeywell, the term ‘Smart’ now

applied to any intelligent (microprocessor based) digital
measuring sensor (e.g. temperature transmitter) having
either hybrid (conventional 4 -20 mA analog plus digital)
or full digital data communications.
Programming terminal

Modulator/demodulator
interface CPU

Analog Digital
input
ADC ADC
value
4 -20 mA loop
Scaling/
linearization

Smart instrument PLC

© 2017 Crabtree Controls Ltd. All Right Reserved 10

5
Distributed Control Systems
(DCS)

© 2017 Crabtree Controls Ltd. All Right Reserved 11

Distributed Control System (DCS)

● The term DCS was coined by two major control system

vendors in the early 1970s.
● A DCS is an automated control system that monitors and
controls a number of distributed controllers that are linked
by a redundant data highway.
● Because Distributed Control Systems evolved separately
from different manufacturers there is little commonality –
with system architectures varying considerably.

© 2017 Crabtree Controls Ltd. All Right Reserved 12

6
Distributed Control System (DCS)

● Consequently, three distinct systems have evolved:

 Traditional systems designed to perform ‘process only’ control;
 Hybrid systems that integrate have both process and
sequential control; and
 Open systems based on fieldbus architecture.

© 2017 Crabtree Controls Ltd. All Right Reserved 13

Typical physical layout of traditional DCS

Corporate
MES Computer
Ethernet
Operator
Gateway Workplace
Redundant Data
Plant
Highway
Computer
Remote field
controllers and
interface modules
in cabinet

Field Devices

© 2017 Crabtree Controls Ltd. All Right Reserved 14

7
Traditional systems

● Often referred to as ‘Legacy’ or ‘Heritage’ systems.

● Majority of such systems were provided by:
 Honeywell
 Foxboro
 Fisher Porter
 Bailey
● Most had closed and proprietary system architectures.
● Generally designed for large scale application having
1000’s of control loops.
● Designed to perform ‘process only’ control – integration
with PLC systems for sequential control was difficult.

© 2017 Crabtree Controls Ltd. All Right Reserved 15

Traditional systems

● A key benefit was the ‘systems approach’ where

integration of the different elements of the system was
undertaken by the DCS supplier.
● Used a single database for the complete system.
● The controllers communicate with the process field
devices via I/O modules that are either integral with the
controller or located remotely via a field network.
● In traditional ‘Legacy’ systems the field network linking
the I/O modules to the field devices was an analog (4 to
20 mA) signal carried on a twisted-pair shielded cable.

© 2017 Crabtree Controls Ltd. All Right Reserved 16

8
Typical physical layout of traditional DCS

● The central Plant Computer acts as the ‘traffic director’

coordinating:
 Operator displays
 History recording
 Printing reports
Corporate
 Alarming MES Computer
Ethernet
Operator
Workplace
Gateway
Redundant Data
Plant
Highway
Computer
Remote field
controllers and
interface modules
in cabinet

Field Devices

© 2017 Crabtree Controls Ltd. All Right Reserved 17

Typical physical layout of traditional DCS

● A closely integrated set of Operator Interfaces (or

Human Machine Interfaces (HMIs)) provides easy
system configurations and operator control.

Corporate
MES Computer
Ethernet
Operator
Workplace
Gateway
Redundant Data
Plant
Highway
Computer
Remote field
controllers and
interface modules
in cabinet

Field Devices

© 2017 Crabtree Controls Ltd. All Right Reserved 18

9
Typical physical layout of traditional DCS

● The Data Highway is the backbone of the DCS.

● It serves as a data link between the main control
computer and other parts of the network.
● In practice the Data Highway could comprise several
levels.
Corporate
MES Computer
Ethernet
Operator
Workplace
Gateway
Redundant Data
Plant
Highway
Computer
Remote field
controllers and
interface modules
in cabinet

Field Devices

© 2017 Crabtree Controls Ltd. All Right Reserved 19

Typical physical layout of traditional DCS

● Control functions, simulation and optimization routines are

‘distributed’ to Field Controllers mounted in remote field
locations
● Field Controllers are microprocessors capable of
performing a variety of algorithms on the control signal
Corporate
● These include: MES Computer
Ethernet
 PID functions Operator
 ratio, Gateway
Workplace
Redundant Data
 cascade Plant
Computer
Highway

 linearization, Remote field

controllers and
 alarm and shutdown interface modules
in cabinet

Field Devices

© 2017 Crabtree Controls Ltd. All Right Reserved 20

10
Hybrid DCS

● Introduced to integrate both process and sequential

control the term hybrid combines both DCS and PLC
functionality.
● Hybrid systems were the first to produce a scalable range
of products – from less than 100 I/O points to over 1
million.
● The term Hybrid DCS is also often applied to ‘Open’
systems.

© 2017 Crabtree Controls Ltd. All Right Reserved 21

Open DCS

● In modern ‘Open’ systems both bit-based (on/off) and

message-based (up to 256 bytes) field data is carried on
a single-cable multi-drop open fieldbus network (typically
Foundation Fieldbus or Profibus).
● Fieldbus architecture provides a number of key benefits:
 lower wiring costs,
 smaller expansion costs, and
 multi-vendor interoperability.
● In addition to basic PID control, modern DCS controllers
have extensive advanced process control (APC) and
computational capabilities and can generally incorporate
logic and sequential control.

© 2017 Crabtree Controls Ltd. All Right Reserved 22

11
Open DCS

● Also allowed DCS and PLCs to be closely and efficiently

integrated.
● In many cases this approach still has limitations often
making it complicated to integrate with MES and other
business systems.
● Leading DCS companies today include:
 ABB,
 Emerson,
 Honeywell,
 Invensys,
 Rockwell,
 Siemens, and
 Yokogawa.

© 2017 Crabtree Controls Ltd. All Right Reserved 23

Advantages and disadvantages

Advantages
● Designed to be 100% reliable
 Redundant controllers
 Redundant communications
 Redundant power
 Redundant I/O cards
 Redundant operator interfaces
 Total isolation from all other systems
● Single database management
● On-line maintenance
● Excellent security

© 2017 Crabtree Controls Ltd. All Right Reserved 24

12
Advantages and disadvantages

● Disadvantages
● Support is more complicated and costly
● Highest cost of process control options

© 2017 Crabtree Controls Ltd. All Right Reserved 25

Supervisory, Control and

Data Acquisition systems
(SCADA)

© 2017 Crabtree Controls Ltd. All Right Reserved 26

13
SCADA

● Supervisory Control And Data Acquisition (SCADA)

● A SCADA system enables users to collect data from one
or more distant facilities and provides real-time control.
 Collecting information from sensors
 Storing it and then transferring it back to a central site
 Carrying out necessary analysis and control
 Displaying this data on a number of operator screens
 Sending back set-point changes and actions
● SCADA can be configured in two distinct formats.
● In its most widely used format (particularly in the oil and
gas industries) it acts as an adjunct to a larger control
system.

© 2017 Crabtree Controls Ltd. All Right Reserved 27

SCADA

● Typically, such a system (e.g. for pipeline operations)

comprises a number of remote terminal units (RTUs) that
collect field data and connect back to the system
controller via a communication system:
 on a regular polling interval (seconds to hours)
 by exception
 at fixed times
 any combination of the above

© 2017 Crabtree Controls Ltd. All Right Reserved 28

14
SCADA
Operator stations System controller
Radio
Modem

Modem

Landline link
Radio
Modem

RTU 3
Radio
Modem Modem M

RTU 1 RTU 2
M M

© 2017 Crabtree Controls Ltd. All Right Reserved 29

What is an RTU?

● An RTU (Remote Terminal Unit or sometimes Remote

Telemetry Unit) provides a ruggedized front-end I/O
interface to a variety of field devices.
● In essence, an RTU is a made-for-purpose, cost-
effective solution for data acquisition and remote control.
● Features of an RTU often include:
 multiple types of communications for a variety of field equipment,
 licensed UHF or VHF radio,
 verification of data transfer,
 Store-and-Forward capabilities,
 report-by-exception capabilities,
 low-power operation features, and
 on-board back up battery.

© 2017 Crabtree Controls Ltd. All Right Reserved 30

15
SCADA
● In its other format SCADA is used as a standalone system
to monitor and control a plant using PLCs as ‘hardened’
robust front-end devices.
● May be broadly defined as an industrial automation system
that provides a ‘window’ into the process.
● Provides wide range of services:
 Graphical representation of plant
 Trending
 Limit setting
 Control configuration

17
A universal bus?

TCP/IP (Ethernet)

VME/PC
SCADA
H2 HSE

PLC PLC PLC

4 –20 mA

4 –20 mA H0

4 –20 mA

© 2017 Crabtree Controls Ltd. All Right Reserved 35

A universal bus?

TCP/IP (Ethernet)

VME/PC
SCADA
H2 HSE

PLC PLC PLC

H1 H0

© 2017 Crabtree Controls Ltd. All Right Reserved 36

18
Typical FF application

Control
Flow transmitter
valve

Terminator Terminator Temperature

transmitter

Junction Level
box transmitter
100 
Terminator
1 F

© 2017 Crabtree Controls Ltd. All Right Reserved 37

SCADA vs. DCS

● As the name implies a SCADA system focuses on the

supervisory level.
● Consequently, it was formerly purely a software package
positioned on top of hardware which interfaces with the
field through commercially available modules as such as
the PLCs or RTUs.
● Its primary purpose was to monitor, control, and alarm
regional operating systems from a central point.
● In essence a SCADA system performs four functions:
 Data acquisition
 Networked data communication
 Data presentation
 Control

© 2017 Crabtree Controls Ltd. All Right Reserved 38

19
SCADA vs. DCS

● These functions are performed by four kinds of

components:
 Sensors and control relays/actuators that interface directly
with the controlled medium e.g. temperature transmitter in a
pipeline.
 RTUs/ PLCs – serve as local collection points gathering
information from the sensors and outputting commands to the
control relays/actuators.
 SCADA Master units comprising computer consoles that serve
as the central processor and provide a suitable HMI.
 Communication network connecting the master station to the
RTUs/PLCs

© 2017 Crabtree Controls Ltd. All Right Reserved 39

SCADA vs. DCS

● A DCS is a process-oriented system and treats control of
the process as its main task – presenting data to
operators as part of its activity.
● A DCS operator station is closely connected with its I/O
signals through local wiring and communication buses
(e.g. Fieldbus).
● When DCS operators wish to see information they would
usually make a request directly to the field I/O and get a
response.
● Because a DCS is always connected to its data source it
does not need to maintain a database of ‘current values’.
● Redundancy is usually handled by parallel equipment –
not by diffusion of information around a distributed
database.

© 2017 Crabtree Controls Ltd. All Right Reserved 40

20
SCADA vs. DCS

● The increasing speed of computer networks has blurred

the differences between SCADA and DCS to become
almost meaningless.
● However, the main differences between a SCADA and a
DCS system may be summarized as:
SCADA DCS
● Multivendor highly flexible ● Single-vendor highly integrated
control system. control system.
● Cost of equipment is much ● High level of quality control
lower but this must be weighed tested over and over again.
up against the cost of design ● Scaling up to larger size is
and implementation. comparatively easy
● Scaling down to a smaller size
is much easier.

© 2017 Crabtree Controls Ltd. All Right Reserved 41

21
SCADA Systems - Transitioning
from Beginner to Advanced

Section 2.
Instrument Signal Loops
SCADA Systems - Transitioning
from Beginner to Advanced

Section 2.
Instrument Signal Loops

© 2017 Crabtree Controls Ltd. All Right Reserved 1

What’s a thermocouple?

 In 1821, T J Seebeck, used two different metal wires

(antimony and copper) joined to form two junctions.
 When the junctions were held at different temperatures a
voltage was generated that was a function of the
temperature difference and the composition of the two
metals.
Millivoltmeter

Copper Copper

Antimony

Junctions

Reference Variable
ice bath 0°C temperature
© 2017 Crabtree Controls Ltd. All Right Reserved 2

1
Simplified thermocouple?

 Ice bath replaced by

isothermal block
Cold
offering sufficient mass
junction to withstand minor
(Reference) fluctuations in ambient
temperature.
 Temperature of block is
measured and
compensation applied.

Hot junction
(Measuring)

© 2017 Crabtree Controls Ltd. All Right Reserved 3

Thermocouple types

80
E
70
 Although some 300
60 different types of
50 J K thermocouple have
N been studied and
described…
Millivolts

40
 …only eight type
30 designations are
20
T R officially recognised by
S the generally accepted
B authorities.
10

400 800 1200 1600 2000

Temperature (°C)

© 2017 Crabtree Controls Ltd. All Right Reserved 4

2
Thermocouple types

80
E  So looking at these
70
curves, do you see a
60 general problem with the
K
use of thermocouples?
50 J  That’s right, the outputs
N
are quite small – all in the
Millivolts

40
millivolt range.
30  Furthermore, the outputs
T
are not linear.
R
20
S
B
10

400 800 1200 1600 2000

Temperature (°C)
© 2017 Crabtree Controls Ltd. All Right Reserved 5

Thermocouple types

80
E  As an example, let’s look
70 at type T thermocouple
60  Copper/Constantan (57%
K
Copper, 43% nickel )
50 J  -200 to 350 C
N
Millivolts

T R
20
S
B
10

400 800 1200 1600 2000

Temperature (°C)

© 2017 Crabtree Controls Ltd. All Right Reserved 6

3
Type T thermocouple (mV @ °C)

What temperature would give an output of 4 mV?

Temperature
(°C) 0 1 2 3 4 5 6 7 8 9 10

Answer: 94°C

© 2017 Crabtree Controls Ltd. All Right Reserved 7

Transmitter Loops

 Consequently, the small signal needs to be amplified

into a larger one for transmission over long distances.
 This is accomplished by means of a transmitter.

Thermocouple
Large output
Transmitter
Small voltage
input (mV)

© 2017 Crabtree Controls Ltd. All Right Reserved 8

4
Transmitter Loops

 Assume a signal span of 0 -10 mV … what temperature

range would this cover?

Temperature
(°C) 0 1 2 3 4 5 6 7 8 9 10

Thermocouple
Transmitter Large output

0 -10 mV = 0 to 213°C
© 2017 Crabtree Controls Ltd. All Right Reserved 9

Transmitter signal loops

 What ‘large signal’ outputs could we have?

 Well, there’s quite a range to choose from:

X 1000 0 – 10 V

2 – 10 V

0–5V
Thermocouple

Transmitter 1–5V
e.g. 0 -10 mV
0 – 20 mA

4 – 20 mA

10 – 50 mA

© 2017 Crabtree Controls Ltd. All Right Reserved 10

5
Signal loops

 Assume an output of 0 – 10 V …
 … and a load resistance of 100 
 How much of the output voltage appears across the load?
 Is this realistic?
 Why not?

Thermocouple
0 – 10 V Load resistance
0 - 10 mV Transmitter 100 

© 2017 Crabtree Controls Ltd. All Right Reserved 11

Signal loops

 Assuming there is no internal resistance and a total line

resistance of 10  …
 What is the current?
 And how much of the voltage will appear across the
resistor?

5
Thermocouple

0 - 10 mV Transmitter 0 – 10 V 100 

5

© 2017 Crabtree Controls Ltd. All Right Reserved 12

6
Signal loops

 The current will be:

1 0
0
V R

0
.
0
9
0
9
1
A
I

1
0
1
0
  

 And the voltage developed across the load will be:
V
I
R

0
.
0
9
0
9
1
*
1
0
0
9
.
0
9
1
V
  
 What is this as a percentage error?
 About a 9% error
5
Thermocouple

0 - 10 mV Transmitter 0 – 10 V 100 

5

© 2017 Crabtree Controls Ltd. All Right Reserved 13

Signal loops

 Now let’s examine a constant current generator

 In this example as the input varies from 0 – 10 mV the
output varies from 0 – 20 mA.
 For a resistance of 250  …
 …what is the voltage developed across the resistor?
2 0
0 0

5
.
0
V
*
2
5
0
V
I
R
1
0

  

 So, as the output varies from 0 – 20 mA by how much

does the voltage across the load vary by?
 0–5V

Thermocouple
Constant 0 – 20 mA 250 
0 - 10 mV
current

© 2017 Crabtree Controls Ltd. All Right Reserved 14

7
Signal loops

 Now assume there is a line resistance of 10  …

 What is the current for a 10 mV input?
 Irrespective of the total load (within limits) the current will
be 20 mA
 And thus, irrespective of the line resistance, what
voltage is developed across the resistor ?
 5 V.

5
Thermocouple

0 - 10 mV Constant 250 
0 – 20 mA
current

5

© 2017 Crabtree Controls Ltd. All Right Reserved 15

Signal loops

 We have seen previously that as the input varies from

0 – 10 mV the output varies from 0 – 20 mA.
 Consequently, the voltage across the 250  load
varies from 0 – 5 V.
 Do you see a problem with this setup?
 What happens if there is a line break?

Thermocouple
Constant 0 – 20 mA 0–5V 250 
0 - 10 mV
current

© 2017 Crabtree Controls Ltd. All Right Reserved 16

8
Signal loops

 The solution lies with what is called the ‘zero offset’

 Now, as the input varies from 0 – 10 mV the output varies
from 4 – 20 mA …
 … and the voltage across the 250  load now varies from
1 – 5 V.
 Consequently, when the input is zero there is still an
output (4 mA)
 In the event of a line break, the output current falls to zero
– thus indicating a fault condition.

Thermocouple
Constant 4 – 20 mA 1–5V 250 
0 - 10 mV
current

© 2017 Crabtree Controls Ltd. All Right Reserved 17

Larger currents?

 But why not use a much higher current (e.g. 2 – 10 A) that

would be less sensitive to noise?

Thermocouple
Constant 2 – 10 A 250 
0 - 10 mV
current

© 2017 Crabtree Controls Ltd. All Right Reserved 18

9
Combustion triangle

 What is required to create an explosion?

O2
27.2

Air
(21% oxygen) Fuel
(sufficient vapor)
Bang !

Source of Ignition
(of sufficient energy)
© 2017 Crabtree Controls Ltd. All Right Reserved 19

Concentrations
 The answer lies with the susceptibility of various mixes of
gases to sparks caused by electrical discharges.

1.0
Ignition energy (mJ))

Ignition curve for hydrogen-air

0.1

LFL UFL
0.02 mJ
4% 75%
Minimum Ignition Energy (MIE)
0.01
0 20 30 40 50 60 70 80 90 100
Volume concentration (%)

© 2017 Crabtree Controls Ltd. All Right Reserved 20

10
Concentrations
5A
 Intrinsic Safety is
designed to limit energy
2A within the ignition zone.
1A  Consequently the voltage,
current and power must
500 mA Group IIC
be restricted.
Group A  The maximum voltage is
Short circuit current

set by cable capacitance

200 mA Hydrogen limiting it to 29 V (for a
100 mA 93 mA 400 m length).
 The maximum current is
50 mA set by cable inductance
28 V limiting it to 300 mA (400
20 mA
m length).
10 mA
20 V 50 V 100 V 200 V 500 V
Open circuit voltage

© 2017 Crabtree Controls Ltd. All Right Reserved 21

Loop powering

 The transmitter was usually powered (externally) from a

10 – 30 V d.c. power supply.
 As power requirements of the Tx went down (increasing
use of CMOS), point reached when device could be
powered by less than 4 mA.

10 – 30 V d.c.

Thermocouple

0 - 10 mV Transmitter 4 – 20 mA

© 2017 Crabtree Controls Ltd. All Right Reserved 22

11
Why choose 4 – 20 mA

Five major advantages:

 Long-distance transmission without signal loss
 Allows detection of offline sensors, broken transmission
lines, and other failures
 Uses less expensive 2-wire instrumentation cables
 Using proper wiring (shielded twisted pair), very low
sensitivity to electrostatic and electromagnetic
Interference
 Caters for loop powering

© 2017 Crabtree Controls Ltd. All Right Reserved 23

Calibration

 How do we calibrate the transmitter?

 Two adjustments:

0 - 10 mV

Zero
Transmitter Span
4 – 20 mA

© 2017 Crabtree Controls Ltd. All Right Reserved 24

12
Is this a temperature transmitter?
 But can we call this a temperature transmitter?
 Strictly speaking it’s a mV transmitter.

Thermocouple Zero
0 - 10 mV Transmitter Span
4 – 20 mA

© 2017 Crabtree Controls Ltd. All Right Reserved 25

Signal loops

 What do we need to make this a Temperature Transmitter?

Transmitter
Thermocouple Linearization Zero
Input scaling
0 - 10 mV 4 – 20 mA
Input device selection Span

© 2017 Crabtree Controls Ltd. All Right Reserved 26

13
Signal loops

 What do we need to put in for linearization?

 What else?
 Where does the analog signal go?

Transmitter 4 – 20 mA PLC
Thermocouple
A/D D/A A/D
e.g. 10 mV P 250 
converter converter converter

© 2017 Crabtree Controls Ltd. All Right Reserved 27

Signal loops

Wouldn’t it be sensible to keep it all digital?

 Foundation Fieldbus
 Profibus
 HART, etc.

© 2017 Crabtree Controls Ltd. All Right Reserved 28

14
Multiple devices

 Can supply 4 to 20 mA signal to multiple devices.

 So, what is the limitation?
 Typically need at least 10-12 V at max loop current.
 How many devices can we put into the loop?

Chart recorder in
supervisor’s office PLC in control
cabinet
Field indicator
on side of tank

Pressure transmitter in 75.8

storage tank
̶ + ̶ + ̶ +
250  250  250 
+
Pressure
transmitter
̶
̶ +
24 V
Power
supply
© 2017 Crabtree Controls Ltd. All Right Reserved 29

Multiple devices

 So, can drive multiple devices.

 However, a broken wire anywhere along the loop will
cause a loss of signal to all devices

Field indicator Remote indicator in Chart recorder in PLC in control

on side of tank main control room supervisor’s office cabinet

75.8

PT
Pressure transmitter in
storage tank
© 2017 Crabtree Controls Ltd. All Right Reserved 30

15
Loop splitters/repeaters

 Here, a short-circuit or open circuit on any loop will not

affect the signal of any other device.
 Furthermore, this overcomes the problem of excessive
loading.
Field indicator Remote indicator in Chart recorder in PLC in control
on side of tank main control room supervisor’s office cabinet
75.8

PT Splitter/
Pressure transmitter repeater
in storage tank

© 2017 Crabtree Controls Ltd. All Right Reserved 31

Loop splitters/repeaters

Benefits of loop splitter:

 Allows the reduction of total loop resistance when
loop power supply is not sufficient
 Splits one 4-20 mA input loop into multiple
independently scalable 4-20 mA output loops
 Device removal or failure in any output loop will
generally not affect other loops
 Powers 2-wire transmitters at 24 V d.c.

© 2017 Crabtree Controls Ltd. All Right Reserved 32

16
Loop splitters/repeaters

© 2017 Crabtree Controls Ltd. All Right Reserved 33

Diagnostic output

Based on “NAMUR Empfehlung” NE-43 Standard

20.5 – 21.0 mA - Transmitter Failure Detected

Failure 4 - 20 mA Normal Operating Range Failure

20.0 - 20.5 mA - Normal Overrange

3.8 - 4.0 mA - Normal Underrange

3.6 - 3.8 mA - Transmitter Failure Detected

0-3.6 mA - Open Wire

© 2017 Crabtree Controls Ltd. All Right Reserved 34

17
Diagnostic ootput

 Four sensor states are transmitted:

 State 0: 8 mA
 State 1: 16 mA
 Open circuit: 0 to 3.6 mA
 Sensor fault/diagnostic alarm: 3.7 or 20.7 mA

20 mA 20.7 mA: Diagnostic fault

16 mA State 1

8 mA State 0

4 mA
3.6 mA 3.7 mA: Diagnostic fault
Line break

© 2017 Crabtree Controls Ltd. All Right Reserved 35

Diagnostic output

 Four sensor states are transmitted:

 State 0: 150 Hz
 State 1: 50 Hz
 Diagnostic fault: 0 Hz
 Line break: 0 mA
6.6 ms 200 s 20 ms

20 mA

10 mA

150 Hz 50 Hz 0 Hz
State 0 State 1 Diagnostic fault
Line break

0 mA

© 2017 Crabtree Controls Ltd. All Right Reserved 36

18
Highway Addressable Remote
Transducer (HART)

© 2017 Crabtree Controls Ltd. All Right Reserved 37

Highway Addressable Remote Transducer (HART)

● Developed by Rosemount.
● Open Standard
● Hybrid 4-20 mA and digital communications standard
● Core functions provided by the HART protocol include:
 control of range/zero/span adjustments;
 diagnostics to verify functionality; and
 memory to store configuration and status information.

© 2017 Crabtree Controls Ltd. All Right Reserved 38

19
Hybrid 4 - 20 mA/digital communications

● HART is based on a master/slave communication that

allows two masters to be connected to each HART loop.

● The primary master is

Control system
generally a DCS, PLC or
PC whilst the secondary Interface and
power supply
master can be a handheld
terminal or another PC

Flowrate
+.......-........
totalizer
I..........P
Overrange
Handheld
terminal
Field device

© 2017 Crabtree Controls Ltd. All Right Reserved 39

Physical Layer
● Based on FSK Standard (Bell 202)
● The digital signal is made up all the two frequencies:
 1200 Hz representing a bit ‘1’
 2200 Hz representing bit ‘0’

Average current change during communication = 0

+ 0.5 mA

Analog signal

- 0.5 mA
1200 Hz 2200 Hz
‘1’ ‘0’

© 2017 Crabtree Controls Ltd. All Right Reserved 40

20
Physical Layer

20 mA
Increasing
analog signal

1 0 0 1 1 0 1 1 0

4 mA

© 2017 Crabtree Controls Ltd. All Right Reserved 41

Command and response

20 mA

Analog signal
C R
Analog signal

R
C

R
C
R C = Command
C
R = Response
4 mA

1 2
Time (s)

© 2017 Crabtree Controls Ltd. All Right Reserved 42

21
Digital and analog co-existing

Programming terminal

Modulator/demodulator
interface CPU

Analog Digital
input
ADC ADC
value
4 -20 mA loop
Scaling/
linearization

Smart instrument PLC

© 2017 Crabtree Controls Ltd. All Right Reserved 43

Minimalist Approach

● HART is attractive as it does not impact on your existing

plant systems.
● Cabling remains essentially the same.
● PLC or DCS systems remain the same if only the
standard analog capability is to be used.
● Costs are comparable in many cases to the traditional
‘dumb’ instruments.

© 2017 Crabtree Controls Ltd. All Right Reserved 44

22
Multi-point mode
● Up to 15 field devices are connected to a single twisted-
pair cable and all values are transmitted entirely digitally.
Control
system

HART Up to 15 devices
Interface and
power supply

Field device Field device Field device Field device

+.......-...... ..  I..........P +.......-...... ..  I..........P +.......-... ... ..  I..........P
Flowrate totaliz e r Ov errange Flowra te tota liz e r Ov errange Flowra te tota liz er Ove rrange
+.......-... ... ..  I..........P
Flowra te tota liz er Ov errange

© 2017 Crabtree Controls Ltd. All Right Reserved 45

HART commands

● The HART protocol includes a full set of HART

commands comprising three classes:
 Universal Commands
 Common Practice Commands
 Device Specific Commands

© 2017 Crabtree Controls Ltd. All Right Reserved 46

23
Universal Commands

● Universal commands are used by all devices and provide

access to information used in normal operation:
● These include:
 Read manufacture and device type
 Read primary process variable (PV) and units
 Read current output and percentage of range
 Read up to four predefined dynamic variables
 Read or write 8-character tag, 16-character descriptor, date
 Read or write 32-character message
 Read device range values, units, and damping time constant

© 2017 Crabtree Controls Ltd. All Right Reserved 47

Common Practice Commands

● Common practice commands are implemented by

many, but not necessarily all, devices.
● These include:
 Write device range values
 Calibrate (set zero, set span)
 Set fixed output current
 Perform self-test
 Trim PV zero
 Write PV unit
 Trim DAC zero and gain
 Write transfer function (square root/linear)
 Write sensor serial number

© 2017 Crabtree Controls Ltd. All Right Reserved 48

24
Device Specific Commands
● Device-specific commands are unique to each device
and access set-up and calibration information as well as
information about the construction of the device.
● These include:
 Read or write Low flow cut-off value
 Start, stop or clear totaliser
 Read or write density calibration factor
 Choose PV (mass, flow, or density)
 Read or write materials of construction information
 Trim sensor calibration
 PID enable
 Valve characterisation
 Travel limits

© 2017 Crabtree Controls Ltd. All Right Reserved 49

Full graphical interface

© 2017 Crabtree Controls Ltd. All Right Reserved 50

25
SCADA Systems - Transitioning
from Beginner to Advanced

Section 3.
Accuracy and Resolution
SCADA Systems - Transitioning
from Beginner to Advanced

Section 3.
Accuracy and Resolution

© 2017 Crabtree Controls Ltd. All Right Reserved 1

Accuracy

Total error
(inaccuracy)
Repeatability Random error
(precision)
● So, what do you think?
A good marksman?

● And now?

Target

Systematic error
(inaccuracy)

© 2017 Crabtree Controls Ltd. All Right Reserved 2

1
Accuracy

● By a more less common agreement accuracy is generally

used to express the maximum deviation between the
meter's indication and the true value of the process being
measured.
● Accuracy may be quoted in two ways:
 Relative accuracy – the proportion of the error to the
whole value (i.e. 100°C ±1%)
 Absolute accuracy – the quantity of the error (i.e.
100°C±1C°)

© 2017 Crabtree Controls Ltd. All Right Reserved 3

Measurement

 However, the whole subject of measurement is not only

extremely complicated …
 … it’s also widely misunderstood,
 ….and it’s still evolving.

© 2017 Crabtree Controls Ltd. All Right Reserved 4

2
Measurement

 A measurement tells us about the property of something ...

 …and the result of a measurement is normally in two
parts:
 a number; and
 a unit of measurement; e.g:
• ‘How hot is it?
• ... 65°C.’
● But how sure are we that the temperature really is 65°C?

© 2017 Crabtree Controls Ltd. All Right Reserved 5

Accuracy

 One term often used to describe how close an agreement

there is between the result of the measurement and its
true value, is accuracy…
 …or, as some would claim, more correctly, inaccuracy.
 But the true value can never truly be known, and we can
only estimate it

© 2017 Crabtree Controls Ltd. All Right Reserved 6

3
Accuracy

 Thus the term accuracy can only really be used as a

qualitative concept and no numerical value should be
attached to it.
 Consequently we can say that the measurement is:
 “fairly accurate” or
 “highly accurate”, or
 “not very accurate”
 …but we shouldn’t put a figure to it.

© 2017 Crabtree Controls Ltd. All Right Reserved 7

Accuracy

 However, virtually all manufacturers make use of the term

accuracy as a quantitative figure.
 But that doesn’t make it any less incorrect! …
 … we shouldn’t put a figure to it.

© 2017 Crabtree Controls Ltd. All Right Reserved 8

4
Error

 So what about the term error?

 Whilst we describe accuracy as the closeness of agreement
between a measured value and the true value,
 Error is the difference between a measurement and the true
value.
 But since we still don't know what the actual true value is …
 …they are both quantitative
 … and we still shouldn’t put a figure to it.

© 2017 Crabtree Controls Ltd. All Right Reserved 9

Uncertainty

 So if we cannot put a figure to the terms accuracy or error,

what should we use?
 Since there is always a margin of doubt about any
measurement, we should rather make use of the term
uncertainty …
 ….the doubt that exists about the result of any
measurement.
 But, we also need to ask:
 ‘How big is the margin?’ and
 ‘How bad is the doubt?’

© 2017 Crabtree Controls Ltd. All Right Reserved 10

5
Uncertainty

 This result could be written:

 65°C ±5°C, at a level of confidence of 95%.
 Expressed another way we are saying that we are 95%
sure that the temperature lies between 60°C and 70°C.

© 2017 Crabtree Controls Ltd. All Right Reserved 11

There are 10 types of people in the world:

Those who understand binary, and those
who don't.

Slide 12 © 2017 Crabtree Controls Ltd. All Right Reserved 12

6
Binary numbering

● A number such as 2479 is automatically translated into:

 two thousand, four hundred and seventy-nine …
 …without thinking how it is made up.
● We also assume it is a decimal numbering system
● This means we count up to nine, and then ‘shift’, or
‘carry’ one to the next column – without thinking about
it.
● Our number 2479 is made up of:
(2 x 103) + (4 x 102) + (7 x 101) + (9 x 100)
Base Power 103 102 101 100
Description Thousands Hundreds Tens Units
Number 2 4 7 9

© 2017 Crabtree Controls Ltd. All Right Reserved 13

Binary numbering

 Computers/microprocessors currently only have two states:

‘0’ (NO voltage), and ‘1’, (SOME voltage – the supply
voltage).
 Now, we can only count up to 1, and carry one at the next
count.
 In this case, the number 10112 is made up of:
(1 x 23) + (0 x 22) + (1 x 21) + (1 x 20) = 1011.
= 11 to the base 10
Base Power 23 22 21 20
Description Eights Fours Twos Ones
8 4 2 1
Number 1 0 1 1

© 2017 Crabtree Controls Ltd. All Right Reserved 14

7
Binary numbering

 Each positions that can be a ‘0’ or a ‘1’, is called a bit

(binary digit).
 Bits are commonly grouped into 8 bits, called a byte.
 In a byte, there are 256 possible combinations, including
zero (possibilities range from 0 – 255).
 The next grouping size is normally 16 bits, or even 32.

Base Power 27 26 25 24 23 22 21 20
Description 128 64 32 16 8 4 2 1
Number 1 0 1 0 1 0 1 1
128 0 32 0 8 0 2 1

128 + 0 + 32 + 0 + 8 + 0 + 2 + 1 = 171dec
© 2017 Crabtree Controls Ltd. All Right Reserved 15

Resolution

● The resolution is determined by the number of bits.

● 8 bits would have a resolution of 256 characters
● 9 bits would have a resolution of 512 characters
● … and so on.

© 2017 Crabtree Controls Ltd. All Right Reserved 16

8
Resolution

No. of bits in code No. of CHRS possible

1 2
2 4
3 8
4 16
5 32
6 64
7 128
8 256
10 1024
12 4096
13 8192
14 16384
15 32768
16 65536
© 2017 Crabtree Controls Ltd. All Right Reserved 17

Resolution

● The resolution of an ADC defines the smallest step

between readings.
● Thus an ADC that encodes an analog input to one of 256
discrete values has a resolution of eight bits
 28 = 256
● The voltage resolution of an ADC is equal to its voltage
measurement range divided by the number of discrete
values.
● For a measurement range = 0 to 10 V …
● …and ADC resolution of 8 bits:
 28 = 256 quantization levels
● The ADC voltage resolution is:
 10/256 = 39.063 mV
 = 0.39%

© 2017 Crabtree Controls Ltd. All Right Reserved 18

9
Exercise

● What is the ADC bit requirement to obtain an accuracy of

0.1% – assuming the required resolution is 10 times
higher.

© 2017 Crabtree Controls Ltd. All Right Reserved 19

Hexadecimal

● It is usually too awkward and laborious to talk about

individual bits of 1's and 0's e.g. 10110110 or
011011100.
● An easier way of dealing with these different bit patterns
is hexadecimal − often referred to as ‘hex’.
● Hexadecimal is used as a shorthand notation for dealing
with bytes.
● So, instead of base 10 or base 2, we use base 16.

© 2017 Crabtree Controls Ltd. All Right Reserved 20

10
Hexadecimal
Base 16 makes use of six additional symbols:
Decimal Hex
0 = 0
1 = 1
2 = 2
3 = 3
4 = 4
5 = 5
6 = 6
7 = 7
8 = 8
9 = 9
10 = A
11 = B
12 = C
13 = D
14 = E
15 = F
16 = 10
17 = 11
18 = 12

© 2017 Crabtree Controls Ltd. All Right Reserved 21

Hexadecimal
● Hexadecimal numbers may be expressed in both upper
or lower case:
 2DAF
 2daf
● What is 2daf (hex) expressed as a decimal number?

Base Power 163 162 161 160

Description 4096 256 16 1
Number 2 d a f
2 x 4096 d x 256 a x 16 fx1
2 x 4096 13 x 256 10 x 16 15 x 1
8192 3328 160 15

= 1169510
© 2017 Crabtree Controls Ltd. All Right Reserved 22

11
Hexadecimal

● Hexadecimal notation may be indicated in a number of

ways:
 2daf (hex)
 2dafh
 2daf16
 0x2daf
● A byte (8 bits)

© 2017 Crabtree Controls Ltd. All Right Reserved 23

Hexadecimal to binary conversion

● Hexadecimal numbers are easily converted to binary.
● Each symbol is taken in turn and converted directly (or
indirectly) into binary
● Thus:

Hex 2 d a f

Decimal 2 13 10 15

Binary 0010 1101 1010 1111

= 0010110110101111

© 2017 Crabtree Controls Ltd. All Right Reserved 24

12
Design of SCADA system

Section 4.
Basics of data communications and
networks
SCADA Systems - Transitioning
from Beginner to Advanced

Section 4.
Basics of data communications and
networks

© 2017 Crabtree Controls Ltd. All Right Reserved 1

Introduction

● Transfer of Information From One Point to Another

● Transmitter/Receiver/Link
● Serial Links vs. Parallel Links
● Digital Data vs. Analog
● Mutual Agreement

© 2017 Crabtree Controls Ltd. All Right Reserved 2

1
Historical Background

● In early times a runner was chief means of communication at a

distance
● Immortalised by the courier Pheidippides
● Ran over 26 miles to Athens to announce the victory of the
Greeks at Marathon.
● Also:
 fires on hilltops
 heliograph used successfully for distances of up to 70 miles
 and in the 1790’s the French established a system of
semaphores that relayed messages across France.
● But the true credit must be given to Samuel Morse who
completed his first telegraphic device in 1836 capable of
sending signals of up to 500 m.

© 2017 Crabtree Controls Ltd. All Right Reserved 3

Historical background
● By 1850 over 50 telegraphic companies had been set up in the
USA.
● And in 1866 the first successful transatlantic cable was laid from
the USA to England.
● A major problem with Morse Code lay in its difficulty in
implementing an automatic system due to its variable length –
ranging from a single dot (E) to five dashes (numerical 0).
● This was overcome by Emile Baudot who devised a constant-
length 5-bit code.
● The Baudot code was to become the forerunner of the most
frequently used code in use today – the ASCII code.

© 2017 Crabtree Controls Ltd. All Right Reserved 4

2
Typical serial data communications link

Transmitted Data Analog Signal Received Data

RS 232 RS 232
DTE DCE DCE DTE
Terminal Modem Modem Terminal

© 2017 Crabtree Controls Ltd. All Right Reserved 5

What is a data communications?

● The transfer of original information between two or more
points
● Data - generally in the form of characters
● A character describes:
 Alpha - Numerics
 Control Codes

© 2017 Crabtree Controls Ltd. All Right Reserved 6

3
Bits, bytes, characters and codes
● Bit: (Binary digIT) - Logic 0 or 1
● Byte: an assembly of 8 bits
● Octet: an assembly of 8 bits
● Word: normally, by default, 2bytes – however when
specified can be any length
● Character: Alpha Numerics
● Code: Unique bit arrangement for each character such as:
 BAUDOT
 EBCDIC (Extended Binary Coded Decimal Interchange Code)
 ASCII (American Standard Code for Information Interchange)

© 2017 Crabtree Controls Ltd. All Right Reserved 7

Half duplex communication

Transmitter Receiver

Receiver Transmitter
Half-duplex

© 2017 Crabtree Controls Ltd. All Right Reserved 8

4
Full duplex communication

Transmitter Receiver

Receiver Transmitter
Full-duplex

© 2017 Crabtree Controls Ltd. All Right Reserved 9

Synchronous vs. Asynchronous transmission

● In a synchronous system the clock generator of each

individual node is running at the same frequency and each is
locked in phase.
● This entails sending a burst of synchronising bits at the clock
frequency at the start of each transmission.
● It also entails sending encoded information regarding the clock
frequency for the duration of the transmission
● Such a frame is defined by what is termed a protocol.

Node 1 Node 2 Node 3 Node 4 Node 5

© 2017 Crabtree Controls Ltd. All Right Reserved 10

5
Protocols

● Pattern of bits and bytes

● Rules for transmission of data
● Example:
 Sync Byte
 Destination Address
 Source Address
 Data
 Error Detection

© 2017 Crabtree Controls Ltd. All Right Reserved 11

Basic frame structure defined by a protocol

Sync Destination Source Data to be Error Detection

Address Address Transmitted

© 2017 Crabtree Controls Ltd. All Right Reserved 12

6
Synchronous vs. Asynchronous transmission

● In an asynchronous system (usually 1:1) the clock

generators are more or less at the same frequency and are
not locked in phase.
● This means that the frames are very short (about 10 bits)

Node 1 Node 2

© 2017 Crabtree Controls Ltd. All Right Reserved 13

Asynchronous frame format

Start bit Data Parity bit Stop bit

© 2017 Crabtree Controls Ltd. All Right Reserved 14

7
Serial asynchronous transmission

Typical character frame

Start Bit 7 Data Bits Parity Bit
(Optional)

Logic 0

Logic 1
Idle State
Stop Bit

© 2017 Crabtree Controls Ltd. All Right Reserved 15

Data bits

● Typically 7 or 8 data bits used

● 5 data bits relate to Baudot code
 usually used 1.5 stop bits
● 7 bits often used for ASCII with even or odd parity
● 8 bits often used with numeric or graphically related
data and no parity

© 2017 Crabtree Controls Ltd. All Right Reserved 16

8
Serial asynchronous transmission

Typical character frame

Start Bit 7 Data Bits Parity Bit
(Optional)

Logic 0

Logic 1
Idle State
Stop Bit

© 2017 Crabtree Controls Ltd. All Right Reserved 17

Stop bits

● Most common today is 1 stop bit to minimise overhead

● 1.5 stop bits a hold-over from Baudot/Teletype days
 extra time required for mechanism to recover after each
keystroke
 rarely used - adds to overhead

© 2017 Crabtree Controls Ltd. All Right Reserved 18

9
Parity (Character Redundancy Check)

● A method of detecting errors caused by one bit being

reversed due to noise on the transmission line.
● If NONE chosen at both ends, the UART in the sending
DTE leaves this bit out of frame and the receiving UART
does not look for it.

© 2017 Crabtree Controls Ltd. All Right Reserved 19

Parity (Character Redundancy Check)

● If EVEN parity chosen by both ends the transmitter

counts the number of ones in the character
● It then adds a ‘1’ or ‘0’ to make the total count EVEN

Even
Data character Parity
‘1’ added to make
Sent 1010111 1 total count EVEN

Total count EVEN 

Received 1010111 1 number of ‘1s’

Total count ODD
Received 1010011 1 number of ‘1s’

© 2017 Crabtree Controls Ltd. All Right Reserved 20

10
Parity (Character Redundancy Check)

● ODD parity is the opposite:

 sends an odd number of ones
 expects to receive an odd number of ones

● MARK and SPACE parity doesn’t check errors

 MARK parity simply puts a one in the parity bit
 SPACE parity puts a zero in the parity bit
 Rarely used

© 2017 Crabtree Controls Ltd. All Right Reserved 21

Parity (Character Redundancy Check)

● Parity only detects about 60% of all errors

 if two bits are reversed parity cannot detect it
● Since other error checking methods are more efficient
parity is often not used on modern systems
● If both ends are not set up the results can be confusing

© 2017 Crabtree Controls Ltd. All Right Reserved 22

11
The Baudot code

● The first binary digital code for data

 Invented in 1874 by Maurice Emile Baudot
 Used on early teleprinters - replaced morse
● It is a 5 Bit code allowing 32 unique characters
● Adopted by the CCITT - Int. Std. Alph. #2
● Used for TELEX with SHIFT function allowing characters
to be virtually doubles at 56
● Forerunner of the modern codes such as ASCII and
EBCDIC

© 2017 Crabtree Controls Ltd. All Right Reserved 23

EBCDIC code

Extended Binary Coded Decimal Interchange Code

● Proprietary code, developed by IBM

● Uses 8 bits to represent each character
● Based on Extended 6-bit BCD code
● Little relevance to the industrial environment

© 2017 Crabtree Controls Ltd. All Right Reserved 24

12
The ASCII code

American Standard Code for Information Interchange

● Specified by ANSI X3.4-1986, ASCII is also standardized
as ISO/IEC 646:1991 International Reference Version,
● ASCII has become embedded in its probable
replacement, Unicode, as the ‘lowest’ 128 characters.
● Some observers consider ASCII the most "successful"
software standard ever promulgated.
● The ASCII code is the most common character set used
for digital data communications in the western world

© 2017 Crabtree Controls Ltd. All Right Reserved 25

The ASCII
HEX 0 1 table
2 3 4 5 6 7
HEX BIN 000 001 010 011 100 101 110 111
0 0000 (NUL) (DLE) Space 0 @ P ` p
1 0001 (SOH) (DC1) ! 1 A Q a q
2 0010 (STX) (DC2) “ 2 B R b r
3 0011 (ETX) (DC3) # 3 C S c s
4 0100 (EOT) (DC4) $ 4 D T d t
5 0101 (ENQ) (NAK) % 5 E U e u
6 0110 (ACK) (SYN) & 6 F V f v
7 0111 (BEL) (ETB) ‘ 7 G W g w
8 1000 (BS) (CAN) ( 8 H X h x
9 1001 (HT) (EM) ) 9 I Y i y
A 1010 (LF) (SUB) * : J Z j z
B 1011 (VT) (ESC) + ; K [ k {
C 1100 (FF) (FS) , < L \ l |
D 1101 (CR) (GS) .- = M ] m }
E 1110 (SO) (RS) . > N ^ n ~
_
F 1111 (SI) (US) / ? O o DEL

© 2017 Crabtree Controls Ltd. All Right Reserved 26

13
Exercise 2

● Examine ASCII table in documentation (page 1.11)

● Take my first name (Mick) and look up the BIN value

● Example A = 100 0001 Z = 101 1010

© 2017 Crabtree Controls Ltd. All Right Reserved 27

Exercise 2 - Answer

● M 0 100 1101
● i 0 110 1001
● c 0 110 0011
● k 0 110 1011

© 2017 Crabtree Controls Ltd. All Right Reserved 28

14
Serial asynchronous transmission

Typical character frame

Start Bit 7 Data Bits Parity Bit
(Optional)

Logic 0

Logic 1
Idle State
Stop Bit

© 2017 Crabtree Controls Ltd. All Right Reserved 29

Exercise 3

 Draw the asynchronous frame for the ASCII code for Q

including Start, Even Parity and Stop

© 2017 Crabtree Controls Ltd. All Right Reserved 30

15
Exercise 3 - Answer

ASCII code for Q correctly (again including Start, Even
Parity and Stop

© 2017 Crabtree Controls Ltd. All Right Reserved 34

17
Exercise 5 - Answer

 The reversed ASCII code for Q is: 100 0101

Start Bit 7 Data Bits Even Parity

Bit

Logic 0 0 1 0 0 0 1 0 1 1 1

Logic 1

Idle State
Stop Bit

© 2017 Crabtree Controls Ltd. All Right Reserved 35

Serial asynchronous transmission

In the case of U, it doesn’t matter:

101 0101
The result is the same either way.

The same is true for f with leading zero (eight bits)

0110 0110

© 2017 Crabtree Controls Ltd. All Right Reserved 36

18
Typical connection details of the UART

Data RS 232
UART
CPU bus Driver
Micro- Control Transmit Tx
Tx
processor Rx
Rx Receive
Com

Clock

© 2017 Crabtree Controls Ltd. All Right Reserved 37

The UART transmitter

Serialization
Data status
format register
decoder

Data bus
# Data bits

# Stop bits

select
Parity

TBE
Transmitter holding register

SDU formation

TXE
Transmitter shift register

Serial Data
Transmitter Baud
timing generator
Master CLK Transmitter CLK

© 2017 Crabtree Controls Ltd. All Right Reserved 38

19
The UART transmitter

 In Full Duplex operation the value of the TBE

(Transmitter Buffer Empty) is checked before deciding
to write a byte to the UART
 In Half Duplex operation the modem must swap
between transmitter and receiver states
 Hence software must check both the value of the TBE
and the TXE (Transmitter Shift Empty) as there may
still be data there

© 2017 Crabtree Controls Ltd. All Right Reserved 39

The UART receiver

Serialization
Data
status register
format
decoder

Data bus
# Data bits

# Stop bits

select
Parity

Rx RDY
Receiver buffer (FIFO)

Error logic
Receiver shift register

Rx D Serial
input

Transmitter Baud
timing generator
Master CLK Receive CLK

© 2017 Crabtree Controls Ltd. All Right Reserved 40

20
Errors

 Receiver Overrun
 Bytes received faster than they can be read
 Parity Error
 Parity bit disagreement
 Framing Error
 Detected bits do not fit into the frame selected
 Break Error
 Occurs if start bit detected for more than a frame
time
 Receivers can be equipped with Break Detect to
detect this condition

© 2017 Crabtree Controls Ltd. All Right Reserved 41

Serial asynchronous transmission

Typical character frame

Start Bit 7 Data Bits Parity Bit
(Optional)

Logic 0

Logic 1
Idle State
Stop Bit

© 2017 Crabtree Controls Ltd. All Right Reserved 42

21
Incorrect timing between source and receiver

Logic 0
0 1 0 1 0 1 0
Logic 1

0 1 0 1 0 1 0
Correct sampling

0 1 0 0 1 0 1 0 0
Sampling too fast

0 1 0 0 1 0 0
Sampling too slow
© 2017 Crabtree Controls Ltd. All Right Reserved 43

Error reduction with a clocking factor of 16

Rising edge Mid bit Mid bit

789 789

UART received Start bit D0 bit D1 bit

data

8 clock 16 clock
cycles cycles
UART 16 x
clock

© 2017 Crabtree Controls Ltd. All Right Reserved 44

22
What is a Network ?

● System for interconnecting devices

● All devices have access to common resources
● All devices can communicate with each other

© 2017 Crabtree Controls Ltd. All Right Reserved 45

Local Area Networks - History

● Development of personal computers and distributed

controllers sparked need for networking
● Arcnet and Ethernet early office LAN’s
● Fisher Provox, Bailey Infi90, Honeywell TDC3000 example
of DCS networks
● Modbus+, Data Highway+ examples of PLC network
protocols

© 2017 Crabtree Controls Ltd. All Right Reserved 46

23
Three Topologies

● Bus (or Multidrop)

● Star
● Ring

© 2017 Crabtree Controls Ltd. All Right Reserved 47

Bus Topology

● All nodes connect to a common media and only one node

can transmit at a time.
● All nodes ‘hear’ all communications and thus while one
node is transmitting all the others are listening.
● Only the station to which the data is addressed will take
notice of the message.

Node 1 Node 2 Node 3 Node 4

Packet

© 2017 Crabtree Controls Ltd. All Right Reserved 48

24
Bus Topology

● Variations include:
 daisy chain bus
 main line/trunk line
 tree type bus

© 2017 Crabtree Controls Ltd. All Right Reserved 49

Bus Topology

Advantages
 Minimal cable requirements
 Simplest wiring arrangement
 Easy to add or remove nodes
 Simple and flexible
 Very suitable for one-to-many broadcast transmissions
Disadvantages
 Fault isolation can be difficult since fault can be anywhere
on the line
 No automatic acknowledgement
 Cable can be a bottleneck when traffic gets heavy

© 2017 Crabtree Controls Ltd. All Right Reserved 50

25
Star Network

 Each node has its own network segment that links it back
to the hub, which controls all communication.
Hub

Node 1 Node 6

Node 2 Node 5

Node 3 Node 4

© 2017 Crabtree Controls Ltd. All Right Reserved 51

Star Topology

Advantages
● Troubleshooting and fault isolation is easy
● Each node has separate interface unit
● Easy to add or remove nodes and to modify cable layout
● Central hub controls all communications and allows easier
monitoring of traffic
Disadvantages
● Failure of hub results in network failure
● Requires a lot of cabling

© 2017 Crabtree Controls Ltd. All Right Reserved 52

26
Ring (or Loop) Topology
Node 6

Node 1
Node 5

Node 2 Node 4

Node 3

© 2017 Crabtree Controls Ltd. All Right Reserved 53

Ring (or Loop) Topology

 All the nodes are connected to a single cable that forms a

closed loop or ring
 Data flows only in one direction, with each node passing
the data onto the next node on the line.
 Each node must regenerate the data before passing it on.
 The destination node must be capable of removing the data
from the network.

© 2017 Crabtree Controls Ltd. All Right Reserved 54

27
Ring (or Loop) Topology

Advantages
 Minimal cable requirements
 No central wiring centre required
 Automatic acknowledgement of message
Disadvantages
 If any node goes down, complete network goes down
 Fault isolation is difficult because communication is
unidirectional
 Adding or removing nodes disrupts the network

© 2017 Crabtree Controls Ltd. All Right Reserved 55

Ring (or Loop) Topology

 In practice the ring network is usually a collapsed ring that looks

like a physical star

© 2017 Crabtree Controls Ltd. All Right Reserved 56

28
Networking Approaches

● Three main physical connections

 Point to point
 Multipoint
 Ring
● Protocol Requirements
 Master Slave (or Poll response)
 Token Passing (Peer to Peer)
 CSMA/CD (Peer to Peer)

© 2017 Crabtree Controls Ltd. All Right Reserved 57

Categories of Networks

● Master/slave
 older approach, still in use
 master node in control of other nodes
 nodes require individual addresses
● Peer to peer
 more common today, especially with larger networks
 all nodes are equal
 control of the network more complicated

© 2017 Crabtree Controls Ltd. All Right Reserved 58

29
Carrier Sense Multiple Access with Collision Detection (CSMA/CD)

● Peer to peer access method

 Used with bus networks
 Party line system: “listen before talk”
 If two nodes try to ‘talk’ at once a collision occurs, both
nodes back off and try again later (Truncated binary
exponential back-off algorithm)

© 2017 Crabtree Controls Ltd. All Right Reserved 59

CSMA/CD

● This method is called “probabilistic” because there is no

guarantee when the node will get access
 An example is Ethernet
 A variation called “collision arbitration” used by DeviceNet
 Not Ideal for industrial use if heavily loaded

© 2017 Crabtree Controls Ltd. All Right Reserved 60

30
Token Passing

● Another peer to peer access method

 A token (special code) is passed from one node to the
next
 The node currently holding the token has control of the
network for a limited period of time
 May be used with ring or bus networks

© 2017 Crabtree Controls Ltd. All Right Reserved 61

Token Passing

● This method is considered to be “deterministic” because it

can be predicted how often a node will have access to the
network
 When used with industrial bus networks this is often
called “rotating master” because the node with the token
initiates query/response type messages

© 2017 Crabtree Controls Ltd. All Right Reserved 62

31
Summary of LAN Standards

● IEEE 802.1 ...details how standards relate to one another

and the ISO/OSI model
 IEEE 802.2 ...Divides the ISO/OSI model into two
sublayers called the LLC and MAC layer
 IEEE 802.3 .... Defines CSMA/CD
 IEEE 802.4 ... Defines Token Bus
 IEEE 802.5 .... Defines Token Ring
 These standards have been adopted by ISO and
renumbered with another “8” as a prefix
 E.g. 8802.1, etc

37
Mesh topology

 Mesh networks improve data reliability by providing multiple

redundant paths.
 However, they are not suitable for every application.
 Problems include:
 time taken for paths to form;
 time taken for devices to associate
 additional system delay since messages must be
forwarded through the network.
 Because mesh networks involve multiple paths, the network
protocol must be capable of building and maintaining
routing tables to prevent messages taking ‘looped’ routes.

© 2017 Crabtree Controls Ltd. All Right Reserved 75

The OSI Model

© 2017 Crabtree Controls Ltd. All Right Reserved 76

38
Introduction
● When all other devices on a network are sourced from
one manufacture and work with specific hardware
connections and protocols, the network is termed a
Closed System.
● A typical Closed System would be Honeywell’s TDC
3000 DCS.
● When devices from several manufacturers are used on
the same application, the system is termed an Open
System.
● In such a network the system specifications and
guidelines should conform to a common standard that is
open to all.

© 2017 Crabtree Controls Ltd. All Right Reserved 77

Introduction

● This allows equipment from any manufacturer to be

used interchangeably on the standard network.
● The benefits of Open Systems include:
 wider availability of equipment,
 lower prices, and
 easier integration with other components.

© 2017 Crabtree Controls Ltd. All Right Reserved 78

39
Introduction

● Between 1978 and 1984t the ISO released a set of

specifications for connecting devices on a network called a
“Open Systems Interconnection” (OSI) model, or simply as
the OSI/ISO model (ISO 7498).
● Whilst the OSI model specifies the functions and
capabilities of each layer, the model does not prescribe
how this functionality should be implemented.
● The OSI model breaks down data communications into
seven hierarchical layers
● Each layer has a defined purpose and each interfaces
directly with the layer above it and below it.

© 2017 Crabtree Controls Ltd. All Right Reserved 79

The OSI Model

Source device Destination device

Layer 7 Application Application

Layer 6 Presentation Presentation
Layer 5 Session Session
Layer 4 Transport Transport
Layer 3 Network Network
Layer 2 Data Link Data Link
Layer 1 Physical Physical

© 2017 Crabtree Controls Ltd. All Right Reserved 80

40
The OSI Model

● At the transmitting site, as the information passes down

through the seven layers, each layer (with the exception
of the lowest) adds headers (and possibly trailers)
● It should also be appreciated that these headers and
trailers, used to provide control information,
considerably add to the overhead of each frame and
reduce the total available bandwidth of the network.

© 2017 Crabtree Controls Ltd. All Right Reserved 81

The OSI Model

User application program

AH User application program Application

PH AH User application program Presentation
SH PH AH User application program Session
TH SH PH AH User application program Transport
NH TH SH PH AH User application program NT Network
DLH NH TH SH PH AH User application program NT DLT Data Link

Pre DLH NH TH SH PH AH User application program NT DLT Post Physical

© 2017 Crabtree Controls Ltd. All Right Reserved 82

41
Virtual or peer-layer communications

● Since each layer in the OSI model is responsible for

sending data to a layer above or below itself, the same
layers, in the same sequence, must exist on each
system.
● In this manner, each layer also appears to converse with
its peer layer at the other end of the communication
channel in a virtual or logical communication
● Thus, although the data is really moving through the
layers, it seems to pass between peer layers.

© 2017 Crabtree Controls Ltd. All Right Reserved 83

Virtual or peer-layer communications

Source device Destination device

Application Application
Presentation Presentation
Session Session
Virtual
Transport Transport
connections
Network Network
Data Link Data Link
Physical Physical

© 2017 Crabtree Controls Ltd. All Right Reserved 84

42
An Analogy

Paris Chicago
● Manager dictates letter ● Manager reads letter
● Secretary translates and types ● Secretary puts letter on desk
letter ● Clerk checks details and
● Clerk records details passes on
● Shipping manager copies and ● Shipping manager check to
arranges transport make sure complete message
● Shipping clerk establishes received
route ● Shipping clerk checks which
● Mailroom weighs and labels route was taken
letter ● Mailroom weighs letters,
● Letter dropped into mailbox ensures it is correct
● Letter drops into mail slot

Shipped Via Boston

Seven Layers

● Application Layer
● Presentation Layer
● Session Layer
● Transport Layer
● Network Layer
● Data Link Layer
● Physical Layer

© 2017 Crabtree Controls Ltd. All Right Reserved 86

43
The Application Layer
● Always used
● Allows user application programs to gain access to the
network.
● This would include sending e-mail, accessing a network
database, and transferring files across the network.
● Does not include the actual application itself but is just
a support layer, used by the application, to perform
network functions.
● In industrial systems the application layer comprises the
commands: e.g.
 HART commands,
 Modbus function codes,
 D H+ command codes, etc.

© 2017 Crabtree Controls Ltd. All Right Reserved 87

The Presentation Layer

● Least well defined of the seven-layer model,

● Negotiates and manages the way data is presented and
encoded when transferring data between network devices
having different formats: e.g. ASCII and an extended 16-
bit code.
● In such cases this layer provides a common denominator
between the two formats.
● The presentation layer also specifies:
 what kind of code conversion to implement
– e.g. ASCII to EBCDIC
 data compression formats
– Huffman codes
– Run Length Encoding
 data encryption
– for security purposes

© 2017 Crabtree Controls Ltd. All Right Reserved 88

44
The Session Layer

● The least used of the seven layers

● Provides the network address of each device and is
responsible for setting up a communication connection
or 'session' and ensuring that the connection is
maintained until the transmission is complete.
● Also inserts check points in the data to make sure all
data is sent.
● If there is an interruption on the network, only the data
since the last checkpoint has to be retransmitted.
● The session layer is also responsible for:
 rules for half/full duplex operation
 rules for recovering from an interruption

© 2017 Crabtree Controls Ltd. All Right Reserved 89

The Transport Layer

● Specifies:
 how to exchange data between different systems
● Ensures end to end reliability
 compares the packets received with what was supposed to be
received and orders them correctly

© 2017 Crabtree Controls Ltd. All Right Reserved 90

45
The Network Layer
● Specifies:
 information required to send message to receiving station
 information for determining the optimum path to the destination
● If there is only one route through a network this layer is
minimal or not needed

© 2017 Crabtree Controls Ltd. All Right Reserved 91

Data Link Layer

● Methods used to access network for Xmission and

reception
● How frames are created
● Handling of information and acknowledgements

© 2017 Crabtree Controls Ltd. All Right Reserved 92

46
Physical Layer

● Physical Connections between the Computer and the

Network
● Concerned with:
 Network Topology
 Electrical aspects
 Signal Modulation Techniques
 Mechanical Aspects of connection

© 2017 Crabtree Controls Ltd. All Right Reserved 93

Simplified OSI Model

● 7 Layers are often inappropriate

● Industrial Protocols based around:
 Physical Layer
 Data Link Layer
 Application Layer
● Allen Bradley DH+/Modbus Plus/HART...all 3-layer

© 2017 Crabtree Controls Ltd. All Right Reserved 94

47
Simplified OSI Model

Source device Destination device

Application Application
Presentation Presentation
Session Session
Transport Transport
Network Network
Data Link Data Link
Physical Physical

© 2017 Crabtree Controls Ltd. All Right Reserved 95

8th layer

● As noted earlier, the Application Layer does not include

the actual application itself but is just a support layer,
used by the application, to perform network functions.
● This is not good enough for many of today’s
sophisticated industrial networking systems.
● The result is that reference is often made to a ‘User’
layer (Layer 8) sitting above the Application Layer,
which may include the application.
● It should be noted that this is not part of the OSI model.

© 2017 Crabtree Controls Ltd. All Right Reserved 96

48
8th layer

Layer 8 User
Layer 7 Application
Layer 6 Presentation
Layer 5 Session
Layer 4 Transport
Layer 3 Network
Layer 2 Data Link
Layer 1 Physical

© 2017 Crabtree Controls Ltd. All Right Reserved 97

Inter-network communications

● In most networks it is not enough just to connect nodes

together with a cable.
● Circuit devices may be required to provide isolation,
amplification or other interfacing functions.
● The most important communication elements available
are:
 Repeater
 Bridge
 Router
 Gateway

© 2017 Crabtree Controls Ltd. All Right Reserved 98

49
Repeater

● A repeater is an amplifier that merely retransmits an

incoming electrical signal and is most commonly used
to extend the length of a network or to connect to a
large a number of nodes.
● The repeater is also used to adapt different physical
media to each other, e.g. a coaxial cable to a twisted
pair cable.
● A repeater operates only at Layer 1, the physical layer,
of the OSI mode

© 2017 Crabtree Controls Ltd. All Right Reserved 99

Repeater

Source device Destination device

Application Application
Presentation Presentation
Session Session
Transport Transport
Network Network
Data Link Data Link
Physical Physical Physical Physical

© 2017 Crabtree Controls Ltd. All Right Reserved 100

50
Splitter

● One frequently used variation of the repeater is the

splitter
● This is an amplifying device with several connectors,
which receives the signal in one port and broadcasts it
to all others

© 2017 Crabtree Controls Ltd. All Right Reserved 101

Splitter

Source device Destination device

Application Application
Presentation Presentation
Session Session
Transport Transport
Network Network
Data Link Data Link
Physical Physical Physical Physical

© 2017 Crabtree Controls Ltd. All Right Reserved 102

51
Bridge
● A bridge allows connection between two different
sections of a network or to join two networks.
● A bridge operates at both Layers 1 and 2 of the OSI
model and acts as a node as far as a both sides are
concerned.
● A bridge is more intelligent than a repeater and
incorporates software to ensure that noise and
truncated packets are not passed through it.
● Many bridges also maintain address lists to ensure that
only packets addressed to the other side are
retransmitted.
● Splitting a network with such a bridge can produce
large reductions in traffic density.

© 2017 Crabtree Controls Ltd. All Right Reserved 103

Bridge

Source device Destination device

Application Application
Presentation Presentation
Session Session
Transport Transport
Network Network
Data Link Data Link Data Link Data Link
Physical Physical Physical Physical

© 2017 Crabtree Controls Ltd. All Right Reserved 104

52
Router

● A router operates at Layers 1 2 and 3

● Is used to transfer data between networks —switching
the communication frames between different net
segments and thus defining the path.

© 2017 Crabtree Controls Ltd. All Right Reserved 105

Router

Source device Destination device

Application Application
Presentation Presentation
Session Session
Transport Transport
Network Network Network Network
Data Link Data Link Data Link Data Link
Physical Physical Physical Physical

© 2017 Crabtree Controls Ltd. All Right Reserved 106

53
Gateway

● A gateway is used to connect networks that are

completely dissimilar and must therefore be capable of
operating at all seven layers of the OSI model
● Because of their complexity and low performance in
gateways are rarely used.
● Note: Often devices that claim to be gateways are, in
reality, only bridges and, in fact, the terms ‘router’,
‘bridge’, and ‘switch’ are often confusingly
interchanged.

© 2017 Crabtree Controls Ltd. All Right Reserved 107

Gateway

Source device Destination device

Application Application Application Application

Presentation Presentation Presentation Presentation
Session Session Session Session
Transport Transport Transport Transport
Network Network Network Network
Data Link Data Link Data Link Data Link
Physical Physical Physical Physical

© 2017 Crabtree Controls Ltd. All Right Reserved 108

54
Design of SCADA system

Section 5.
Remote Terminal Units
SCADA Systems - Transitioning
from Beginner to Advanced

Section 5.
Remote Terminal Units

© 2017 Crabtree Controls Ltd. All Right Reserved 1

Introduction

● RTUs are key components used in both SCADA and

DCS applications.
● In essence an RTU is a microprocessor-based
standalone data acquisition and control unit that
monitors and controls equipment at some remote
location from the central station.

© 2017 Crabtree Controls Ltd. All Right Reserved 2

1
Supervisory Control and Data Acquisition (SCADA)
Operator stations

Radio Modem

Radio
Local Area Network links

PLC

Modem Radio Modem RTU 1

Landline
link
M

Modem
RTU 3 Radio Modem RTU 2

M M

© 2017 Crabtree Controls Ltd. All Right Reserved 3

Typical RTU
Antenna

Radio
Transmitter/
Receiver

Modem
RTU
Central Bus

Non- Analog Analog Digital Digital

220 V Power Volatile
a.c.
CPU Volatile Input Output Input Output
supply Memory
Memory Module Module Module Module

Optional Optional
CPU

Serial comms ports

RS232/422/485

Operating Station/ PLC

Programming Terminal

© 2017 Crabtree Controls Ltd. All Right Reserved 4

2
Typical RTU

● Configuration and control programs may be downloaded

dynamically from the central station
● Local configuration is also possible using an RTU
programming unit.
● RTUs may also communicate on a peer-to-peer basis
● RTU can also act as a relay station to another RTU that
may not be accessible from the central station.

© 2017 Crabtree Controls Ltd. All Right Reserved 5

Typical RTU

● A typical RTU would the following individual hardware

components:
 RTU rack and enclosure
 Power supply
 Control processor and associated memory
 Communication ports
 Analog inputs
 Analog outputs
 Digital inputs
 Counter inputs
 Digital outputs
 Communication interface(s)

© 2017 Crabtree Controls Ltd. All Right Reserved 6

3
RTU environmental enclosures

● The printed circuit boards making up the individual

hardware components are plugged into a backplane in
the RTU cabinet.
● The cabinet is usually accommodated inside an
enclosure that provides environmental protection from
extremes of temperature, humidity, weather, etc.
● Typical considerations include:
 Circulating air fans and filters should be installed at the base
of the enclosure to avoid heat build-up.
 Hazardous areas. RTUs must be installed in explosion proof
enclosures.

© 2017 Crabtree Controls Ltd. All Right Reserved 7

RTU environmental enclosures

● Humidity can vary from 10 to 95% RH.

● For high humidity levels care should be taken to prevent
condensation on the circuit boards.
● ‘Lacquering’ of the printed circuit boards may be necessary
● When the air humidity is low (5%) static electricity can be
generated on the circuit boards due to stray capacitance.
● CMOS-based electronics is particularly susceptible and
careful attention should be paid to screening
● All maintenance personnel should wear a ground strap on
the wrist.
● Special screening and grounding precautions should be
taken if excessive EMI and RFI is anticipated.

© 2017 Crabtree Controls Ltd. All Right Reserved 8

4
Power supply module
● Power supply, battery and charger normally contained in
the RTU housing.
● The battery cabinet normally rated to IP 52 for internal
mounting and IP 56 for external mounting.
● Operating range from 110/240 V a.c. 10% 50/60 Hz or
12/24/48 V d.c. 10%.
● Typical battery requirements are for 20-hour standby
operation and a recharging time of 12 hours for a fully
discharged battery at 25°C.
● Following parameters transmitted back to the central
site/master:
 Analog battery reading
 Alarm for battery voltage outside normal range

© 2017 Crabtree Controls Ltd. All Right Reserved 9

Control processor and memory (CPU)

● The CPU is microprocessor-based (16 or 32 bit).

● A mathematical processor is a useful addition for any
complex mathematical calculation.
● This is sometimes referred to as a coprocessor.
● There are three standard types of memory:
 RAM – Random Access Memory
 ROM – Read Only Memory
 EPROM – Erasable Programmable Read Only Memory
 EEPROM – Electrically Erasable Programmable Read Only
Memory

© 2017 Crabtree Controls Ltd. All Right Reserved 10

5
RAM (Random Access Memory)

● Better described as Read/Write memory it allow both

reading and writing to take place at any time.
● Also described as ‘Volatile Memory’ but is normally
battery backed to make it ‘non-volatile’
● This is not a permanent storage area and is commonly
used to store the user program.
● The user program and input/output data held in RAM
only remains while unit is powered.

© 2017 Crabtree Controls Ltd. All Right Reserved 11

ROM (Read Only Memory)

● ROM is a permanent memory storage facility.

● It does not require an external power supply (e.g.
batteries) to store data – therefore described as ‘Non-
volatile Memory’.
● Although used to store the Operating system memory, it
can also store user programs.
● There are two different types of ROM:
 EPROM
 EEPROM

© 2017 Crabtree Controls Ltd. All Right Reserved 12

6
ROM (Read Only Memory)

● EPROM (Erasable Programmable Read Only Memory)

 Requires specialist EPROM writer
 Once a program is stored in EPROM it can only be erased by
exposing the chip to ultra-violet light.
 Once loaded with data, no further writing is possible
● EEPROM (Electrically Erasable Programmable Read
Only Memory)
 Basically the same as EPROM, except the EEPROM has a
software switch which switches between ‘protected’ and
‘unprotected’ mode.
 Works in a similar way to a computer diskette, such that the device
can only be written to while in ‘unprotected mode’.

© 2017 Crabtree Controls Ltd. All Right Reserved 13

Communication ports

● Typically two or three ports RS-232/RS-422/RS-485 for:

 Interface to diagnostics terminal
 Interface to operator station
 Communications link to central site (e.g. by modem)
● Diagnostic LEDs aid troubleshooting and diagnosis of
problems such as CPU failure/failure of I/O module etc.
● A real-time clock is used for accurate time stamping of
events.
● The RTU program regularly resets a ‘watchdog timer’.
● If this is not done within a certain time-out period the
watchdog timer flags an error condition (and can reset
the CPU).

© 2017 Crabtree Controls Ltd. All Right Reserved 14

7
Digital processing

© 2017 Crabtree Controls Ltd. All Right Reserved 15

Digital inputs

● Digital or discrete inputs are used to indicate status and

alarm signals.
● Status signals from a valve, for example, would indicate
whether the valve is open or closed.
● The input can be ‘Voltage Source’ or ‘Voltage Sink’.

© 2017 Crabtree Controls Ltd. All Right Reserved 16

8
Voltage source

Ground 24 V d.c.

The contacts are

S1 1
S2 2 connected to Ground
S3 3 externally and ‘pull down’
S4 4
S5 5 the input terminal voltage
6
S6
S7 7
when closed.
S8 8
S9 9
S10 10
S11 11
S12 12
S13 13
S14 14
S15 15
S16 16

© 2017 Crabtree Controls Ltd. All Right Reserved 17

Voltage sink

24 V d.c. Ground

S1 1
S2 2
S3 3 The contacts are powered
S4
S5
4
5
externally and ‘pull up’ the
S6 6 input terminal voltage when
S7 7
S8 8 closed.
S9 9
S10 10
S11 11
S12 12
S13 13
S14 14
S15 15
S16 16
Com

© 2017 Crabtree Controls Ltd. All Right Reserved 18

9
Digital or discrete input board
● Most digital input boards usually provide groups of 4, 8, 16 or 32
channels’ per card capable of operating from a wide selection of
voltages, e.g. 24, 48 and 120 V d.c. and 115 and 240 V a.c.

Status LED
Fuse R1

Input 1 D1
+
24 V d.c. R2
͟
Opto-isolator

Digital d.c. input module

© 2017 Crabtree Controls Ltd. All Right Reserved 19

Digital input boards

● Typical discrete input circuit suitable for use with a 220 V

a.c. voltage.

Fuse R1
Status LED
Zener

Input 1
220 V a.c. R2 R3 D1

Opto-isolator

Digital a.c. input module

© 2017 Crabtree Controls Ltd. All Right Reserved 20

10
d.c. reed-relay digital output module

 A typical digital output module include provides 8 digital

outputs each capable of switching either 240 V a.c. or 24
V d.c. (0.5 to 2.0 A) outputs.
 Each channel would incorporate optical isolation and an
associated current status LED indicator.

Status LED

Output 1

Opto-isolator

Digital reed-relay output module

© 2017 Crabtree Controls Ltd. All Right Reserved 21

Digital output module

● For d.c. switching use is made of either reed relays or

TTL voltage outputs.
● Whilst reed relays provided excellent isolation they tend
to be bulky.
● TTL outputs occupy far less space but are suitable only
for low level d.c. voltages (+5 V).

© 2017 Crabtree Controls Ltd. All Right Reserved 22

11
a.c. switching

● For a.c. switching, use is commonly made of a TRIAC.

● What is a TRIAC?
● Firstly we need to look at an SCR.

© 2017 Crabtree Controls Ltd. All Right Reserved 23

SCR

● SCR is an abbreviation for a Silicon-Controlled Rectifier.

● Often called thyristor.
● It has three terminals:
 an anode (A)
 a cathode (K)
 and a gate (G).

© 2017 Crabtree Controls Ltd. All Right Reserved 24

12
… SCR/Thyristor

● Conducts electricity in one direction only

● Needs +ve pulse on gate to conduct
● However, can conduct without a gate pulse:
 if temperature too high
 if voltage changes fast
● May need an R-C network ('snubber')

A A A

G OR OR G

G
K K K

© 2017 Crabtree Controls Ltd. All Right Reserved 25

Operation of SCR

● When IG is zero the resistance between anode and cathode

is very high and SCR acts as an open switch.
● If a positive pulse of current, called gate trigger current IGT
is applied to the gate, the resistance between the anode
and the cathode becomes minimal, and the SCR
resembles a closed switch.

© 2017 Crabtree Controls Ltd. All Right Reserved 26

13
Triac

● The triac is similar to the SCR.

● Can be regarded as two SCRs connected in parallel – but
with inverted polarity and with a common gate terminal.
● The triac behaves like an SCR but conducts current in both
directions.
● The two main terminals are called Main Terminal 1 (MT1)
and Main Terminal 2 (MT2).
● Sometimes just anode 1 and anode 2.
MT1

G
MT2
© 2017 Crabtree Controls Ltd. All Right Reserved 27

Triac

● When the MT2 is positively biased with respect to MT1, a

positive trigger pulse is required at the gate terminal
● When MT2 is negatively biased with respect to MT1, a
negative trigger pulse is needed.

MT1

G
MT2
© 2017 Crabtree Controls Ltd. All Right Reserved 28

14
Triac

 Because TRIACs are prone to damage due to surge

currents, a varistor is often connected across the output to
reduce the damaging effect of electrical transients.
 A TRIAC output switching device does not completely
switch on and off but has low and high resistance values.
 Hence, although the TRIAC is switched off it still has a
leakage current and could thus communicate an ‘ON’
condition when in fact it is ‘OFF’.

© 2017 Crabtree Controls Ltd. All Right Reserved 29

d.c. system protection

● For d.c. systems a flywheel diode should be connected

across the relay in order to minimize the back EMF, with
consequent voltage spikes, when the devices are
switched off.

Digital output
module

+
Backplane
24 V d.c.
−

© 2017 Crabtree Controls Ltd. All Right Reserved 30

15
a.c. system protection

● For a.c. systems a capacitor/resistor combination is

recommended.

Digital output
module

Backplane
~ a.c. voltage

© 2017 Crabtree Controls Ltd. All Right Reserved 31

Current ratings

● Do not exceed the manufacturer's continuous current

ratings.
● This rating often refers only to individual channels.
● Although each digital output could be rated at 2 A, the
module as a whole cannot supply 16 A (8 x 2 A)
● There is normally a maximum current rating for the module
– typically 60% of the number of outputs multiplied by the
maximum current per output.
● Note the difference between sinking and sourcing an I/O
module.
 If a module sinks a specified current, it means that it draws this
current from an external source.
 If a module sources a specific current it drives this current as an
output.
© 2017 Crabtree Controls Ltd. All Right Reserved 32

16
Analog processing

© 2017 Crabtree Controls Ltd. All Right Reserved 33

Analog functions

● Assume a single level transmitter providing a level output

ranging from 0 to 100%

20 mA (100%)

18 mA HI-HI-LIM (Upper alarm limit)

16 mA HI-LIM (Upper warning limit)

8 mA LO-LIM (Lower warning limit)

6 mA LO-LO-LIM (Lower alarm limit)

4 mA (0%)
© 2017 Crabtree Controls Ltd. All Right Reserved 34

17
Analog processing

● Information into and out of most control systems is

usually analog.
● However, modern processing systems only deal with
digital information and therefore we must convert the
input analog signal into a digital format.
● And when the CPU has processed and worked on the
converted digital information, it must convert the digital
signal back to analog again.

© 2017 Crabtree Controls Ltd. All Right Reserved 35

Analog input modules

Input signal amplifier

● When it is required to digitize low level voltages they must
be amplified to match the input range of the A/D converter.
Multiplexer
● A multiplexer is an analog switch that switches one analog
input (e.g. 4, 8 or 16 inputs) at a time through to the A/D
converter.
Sample and Hold
● Most A/D converters require a fixed time during which the
input signal remains constant in order to perform an A/D
conversion.

© 2017 Crabtree Controls Ltd. All Right Reserved 36

18
Single-ended input

● Each input has a single input for each signal – the source's Hi
side.
● All signals are measured relative to the board's analog ground
point, GND, which is 0 V.
Input connector
External signals Cable
ES0
~ CH0
ES1 Input amplifier
~ ES2
CH1
with gain G
~ CH2

Multiplexer
ES3 +
~ CH3

Input
G A/D

0
ES0 ES4 ES0 + Vcm0 _
~ ES5
CH4

~ ES6
CH5 0 V

~ CH6 G*(ES0 + Vcm)

ES7 ES0 + Vcm0
~ RLEAD
CH7

GRND
Reference Ground Vcm GRND or system
reference Ground point

© 2017 Crabtree Controls Ltd. All Right Reserved 37

Single-ended input
 Lo is the source' reference point and Hi is the signal value.
 All the Lo sides of the sources are grouped together to form a
remote signal reference point that is then connected to the analog
ground GND pin.
Input connector
External signals Cable
ES0
~ CH0
ES1 Input amplifier
~ ES2
CH1
with gain G
~ CH2
Multiplexer

ES3 +
~ CH3
Input

G A/D
0

ES0 ES4 ES0 + Vcm0 _

~ ES5
CH4

~ ES6
CH5 0 V

~ CH6 G*(ES0 + Vcm)

ES7 ES0 + Vcm0
~ RLEAD
CH7

GRND
Reference Ground Vcm GRND or system
reference Ground point

© 2017 Crabtree Controls Ltd. All Right Reserved 38

19
Single-ended input
 Because of lead resistance, the remote signal reference point
is not necessarily at the same potential as GND and can be
offset by a voltage called the common mode voltage VCM.
 The voltage at the board's inputs is therefore ES0 + VCM.
Input connector
External signals Cable
ES0
~ CH0
ES1 Input amplifier
~ ES2
CH1
with gain G
~ CH2

Multiplexer
ES3 +
~ CH3

Input
G A/D

0
ES0 ES4 ES0 + Vcm0 _
~ ES5
CH4

~ ES6
CH5 0 V

~ CH6 G*(ES0 + Vcm)

ES7 ES0 + Vcm0
~ RLEAD
CH7

GRND
Reference Ground Vcm GRND or system
reference Ground point

© 2017 Crabtree Controls Ltd. All Right Reserved 39

Single-ended input

● Because the amplifier Lo (negative) terminal is

connected to GND, the amplifier acts on the difference
between ES0 + VCM and GND.
● This introduces the common mode voltage offset as an
error into the reading.
● A single-ended input board thus suffers from the inability
to reject the common mode voltage and is very sensitive
to noise.
● It is not recommended for long leads (longer than 0.5 m)
or for high gains (greater than x 5).

© 2017 Crabtree Controls Ltd. All Right Reserved 40

20
Single-ended input

● The main advantages of this method are:

 it caters for connection of the maximum number of inputs;
 it’s simple to connect (only one common or ground lead
necessary); and
 it allows for simpler A/D front-end circuitry.

© 2017 Crabtree Controls Ltd. All Right Reserved 41

Differential inputs

 Each channel's individual common mode voltage is fed to the

amplifier's negative terminal.
 Thus, the individual VCM voltages are subtracted on each
reading.
Input connector
External signals Cable
ES0
 CH0 HI
Multiplexer

ES1
 CH1 HI Input amplifier
Input

ES0 ES2 with gain G

 CH2 HI
ES
 CH3 HI
ES0 + Vcm0
+
ES0 + Vcm0 G A/D
CH0 LO _
G*ES0
Multiplexer

CH1 LO
Input

Vcm0
1

Vcm0 CH2 LO Vcm0

CH3 LO
RBIAS RBIAS RBIAS RBIAS RLEAD
GRND
Reference Ground Vcm GRND or system
reference Ground point

© 2017 Crabtree Controls Ltd. All Right Reserved 42

21
Differential inputs

 Each channel's individual common mode voltage is fed to the

amplifier's negative terminal.
 Thus, the individual VCM voltages are subtracted on each
reading.
Input connector
External signals Cable
ES0
 CH0 HI

Multiplexer
ES1
 CH1 HI Input amplifier

Input
ES0 ES2 with gain G

0
 CH2 HI
ES
 CH3 HI
ES0 + Vcm0
+
ES0 + Vcm0 G A/D
CH0 LO _
G*ES0

Multiplexer
CH1 LO

Input
Vcm0

1
Vcm0 CH2 LO Vcm0

CH3 LO
RBIAS RBIAS RBIAS RBIAS RLEAD
GRND
Reference Ground Vcm GRND or system
reference Ground point

© 2017 Crabtree Controls Ltd. All Right Reserved 43

Differential inputs

 The differential input board provides the maximum noise

immunity.
 This method should also be used where the signal sources
have different ground points and cannot be connected
together.
 Bias resistors should be installed to refer each input
channel to ground.
 Note, that two input multiplexers are needed.
 Thus, for the same number of input terminals as a single-
ended input board, only half the number of input channels
is available.

© 2017 Crabtree Controls Ltd. All Right Reserved 44

22
Typical analog input specifications

● Typical specifications of an analog input module:

 8 or 16 analog inputs
 8- or 12-bit resolution
 Range of 4-20 mA (other possibilities are 0 - 20 mA/10 V/0 -
10 V)
 Input resistance typically 240 k to 1 M
 Conversion rates typically 10 s to 30 ms
 Single-ended or differential mode inputs
● In order to minimize cost and data transfer rates over a
radio link, a common configuration is eight single-ended 8-
bit points, reading 0-10 V with a conversion rate of 30 ms
per analog point.

© 2017 Crabtree Controls Ltd. All Right Reserved 45

Combined analog/digital input/output modules

● In many cases it is possible to use a mixed analog/digital

input/output module.
● This would typically have:
 analog inputs (8-bit resolution)
 digital inputs
 1 digital output
 analog output (8-bit resolution)

© 2017 Crabtree Controls Ltd. All Right Reserved 46

23
A/D conversion

● The heart of the analog input module, the A/D converter

measures the input analog voltage and outputs a digital
code
● There are several types of A/D converters used in analog
input modules:
 Successive Approximation A/Ds (much higher sample
rates).
 Integrating A/Ds (for low frequency applications). These
include:
 Single Slope Integration
 Dual Slope Integration
 Voltage Comparator – Counter Loop
 Multiple Comparator – Flash Converter

© 2017 Crabtree Controls Ltd. All Right Reserved 47

Successive approximation A/D converter

MSB 1 5 5V

Assume an 8-bit DAC that is

0 2.5
scaled 0 to 10 volts
With the MSB set to 1 the
0 1.25
output would be 5 V

0 0.625

5.00 V
0 0.3125

0 0.15625

0 0.078125

LSB 0 0.0390625

© 2017 Crabtree Controls Ltd. All Right Reserved 48

24
Successive approximation A/D converter

MSB 1 5 5V

With the MSB and LSB set to 1 the

0 2.5
output would be 5 + 0.0390625 V

0 1.25

0 0.625

5.0390625 V
0 0.3125

0 0.15625

0 0.078125

LSB 1 0.0390625 0.0390625 V

© 2017 Crabtree Controls Ltd. All Right Reserved 49

Successive approximation A/D converter

MSB 1 5 5V

With all the bits set to 1 the

1 2.5 2.5 V output would be:

1 1.25 1.25 V

1 0.625 0.625 V

9.9609375 V
1 0.3125 0.3125 V

1 0.15625 0.15625 V

1 0.078125 0.078125 V

LSB 1 0.0390625 0.0390625 V

© 2017 Crabtree Controls Ltd. All Right Reserved 50

25
Successive approximation A/D converter

Analog input
Comparator

DAC
Analog reference
Control Logic

MSB LSB
Clock
Shift register
Output register

Start conversion
MSB LSB
Digital Output

© 2017 Crabtree Controls Ltd. All Right Reserved 51

Successive approximation A/D converter

Analog input 6 V

 Assume ‘Analog Input’ of 6 V 5V

DAC
Analog reference
1
0 0 0 0 0 0 0 0 Control Logic

MSB LSB
Clock
Shift register
Output register
1
0 0 0 0 0 0 0 0
Start conversion
MSB LSB
Digital Output
 'Start conversion' pulse …
 …clears the output register and the shift register
 This turns ON (logic 1) the Shift Register’s MSB …
 …so that the D/A converter
 ...gives half of a full-scale deflection (5 V)
© 2017 Crabtree Controls Ltd. All Right Reserved 52

26
Successive approximation A/D converter

Analog input 6 V
Comparator

DAC
Analog reference
1
0 0 0 0 0 0 0 0 Control Logic

MSB LSB
Clock
Shift register
Output register
0 0 0 0 0 0 0 0
Start conversion
MSB LSB
Digital Output

 This output is compared with the analogue input.

 If the latter is less than 5 V then, via the control logic unit, the
comparator turns the MSB in the output register OFF (logic 0).
 If it is greater, then the comparator leaves the bit ON.

© 2017 Crabtree Controls Ltd. All Right Reserved 53

Successive approximation A/D converter

Analog input 6 V
Comparator

5 V +2.5 V

DAC
Analog reference
1
0 1
0 0 0 0 0 0 0 Control Logic

MSB LSB
Clock
Shift register
Output register
10 10 0 0 0 0 0 0
Start conversion
MSB LSB
Digital Output

 The next clock pulse turns ON the next significant bit in the
output register via the shift register
 Its contribution of 2.5 V adds to the previous bit – provided that it
was left ON.
 A comparison is thus made to determine whether the analog
signal is greater© 2017
than or less then the new total of 7.5 V.
Crabtree Controls Ltd. All Right Reserved 54

27
Successive approximation A/D converter

Analog input 6 V
Comparator

5 V +2.5 V

DAC
Analog reference
1
0 1
0 0 0 0 0 0 0 Control Logic

MSB LSB
Clock
Shift register
Output register
10 10 0 0 0 0 0 0
Start conversion
MSB LSB
Digital Output

 Since the value is greater than the Analog Input voltage the
comparator turns the MSB in the output register OFF (logic 0).
 The contribution now reverts back to 5V

© 2017 Crabtree Controls Ltd. All Right Reserved 55

Successive approximation A/D converters

● Process is repeated ‘8’ times for an 8-bit converter, until the LSB
has been compared.
● The clock then stops, to be restarted only by the next conversion
pulse.
● During the conversion interval, typically S in slow converters the
input analogue signal must not change.

© 2017 Crabtree Controls Ltd. All Right Reserved 56

28
10.0

8.0 7.5V

6.09375V 6.015625V
Output (Volts)

6 V Analog Input 6.25V

5.9375V
6.0 5.625V
5.9375V 5.9375V 5.9765625 V

5.0 V 5.0 V 5.0 V 10011000 10011001

4.0 10011000 10011010

10011000 10011100
10010000 10011000
2.0
10000000 10010000
10000000 10100000

0.0 10000000 11000000

OP 1 OP 2 OP 3 OP 4 OP 5 OP 6 OP 7 OP 8
Clock 1 Clock 2 Clock 3 Clock 4 Clock 5 Clock 6 Clock 7 Clock 8

Start

© 2017 Crabtree Controls Ltd. All Right Reserved 57

10.0

8.0 7.5V

6.09375V 6.015625V
Output (Volts)

6 V Analog Input 6.25V

5.9375V
6.0 5.625V
5.9375V 5.9375V 5.9765625 V

5.0 V 5.0 V 5.0 V 10011000 10011001

4.0 10011000 10011010

10011000 10011100
10010000 10011000
2.0
10000000 10010000
10000000 10100000

0.0 10000000 11000000

OP 1 OP 2 OP 3 OP 4 OP 5 OP 6 OP 7 OP 8
Clock 1 Clock 2 Clock 3 Clock 4 Clock 5 Clock 6 Clock 7 Clock 8

Start

© 2017 Crabtree Controls Ltd. All Right Reserved 58

29
Successive approximation A/D converters

Features
● Accuracy, linearity and conversion speed is primarily dictated by the
properties of its D/A converter, its reference and the comparator.
● Widely used for interfacing analog signals to digital computers
because they are capable of both high resolution (up to 16 bits) and
high speed (conversion interval of less than 1 s).
● The conversion time is fixed and independent of the input voltage.
● Because the internal logic is cleared at the start of a conversion, each
conversion is unique and independent of the result of previous
conversions.

accuracy and stability of the D/A converter is dependent
on the absolute accuracy of the resistors and their ability
to track each other with temperature, especially when the
range of values required for good resolution is very large.
● In a practical application, a 12-bit D/A converter would
need a range of 212 resistor values
● So … if the MSB had a 104  resistor, the LSB would
need a 212 x 104 = 40.96 x 106  resistor.
● The conversion rate of these converters is relatively slow,
mainly because of the high input impedance and the
speed limitations of the voltage switches.

© 2017 Crabtree Controls Ltd. All Right Reserved 65

Writing the RTU specification

● Consider the following issues:
 Off-the-shelf modules
 Minimal power consumption
 Rugged and robust physical construction
 High noise immunity
 Clear indication of diagnostics
 Visible status LEDs
 Local and remote fault diagnosis
 Status of each I/O module and channel (program
running/failed/ and communications OK/failed)
 Modules all connected to one common bus
 Ease of module replacement
 Removable screw block terminals for disconnection and
reconnection of wiring

© 2017 Crabtree Controls Ltd. All Right Reserved 66

33
Writing the specification − Environmental
considerations
● The PLC is normally installed in a remote location with
fairly harsh environmental conditions:
 Ambient temperature range of -30°C to +65°C
(dependent on location)
 Storage temperature range of -20°C to +70°C
 Relative humidity of 0 to 95% non condensing
 Surge withstand capability typically 2.5 kV, 1 MHz for
2 s with 150  source impedance
 Static discharge test where 1.5 cm sparks are
discharged at a distance of 30 cm from the unit
 Other requirements include dust, vibration, rain, salt
and fog protection.

© 2017 Crabtree Controls Ltd. All Right Reserved 67

Writing the specification − Software (and firmware)

● Remote access of all error logs and status registers
● Hardware filtering provided on all analog input channels
● Application program resides in non volatile RAM
● Configuration and diagnostic tools for:
 System setup
 Hardware and software setup
 Application code development/management/operation
 Error logs
 Remote and local operation

© 2017 Crabtree Controls Ltd. All Right Reserved 68

34
Writing the specification − Software (and firmware)
● Each module should have an internal software
continuously testing the systems I/O and hardware.
● Diagnostic LEDs should also be provided to identify any
faults or to diagnose failure of components.
● It is important that all these conditions are communicated
back to the central station for indication to the operator.

© 2017 Crabtree Controls Ltd. All Right Reserved 69

Digital sampling

 Assume a process variable (PV) with a periodicity of 5 s

 If sampled at 2 Hz i.e. twice per second, the sampling rate
is 10 times the frequency of the analog input…
 …and the sampled version is a reasonable representation
of the original.
5s Analog input

Digital sampling at 2 Hz 0.5 s

Reconstructed signal
© 2017 Crabtree Controls Ltd. All Right Reserved 70

35
Digital sampling

 Assume the same PV having a periodicity of 5 s

 If now sampled at 1 Hz i.e. once per second, the sampling
rate is 5 times the frequency of the analog input…
 …and the sampled version is still a reasonable
representation of the original.

Analog
5s input

1s
Digital sampling at 1 Hz

Reconstructed signal
© 2017 Crabtree Controls Ltd. All Right Reserved 71

Aliasing

 If the PV is sampled at the same rate (i.e. 0.2 Hz) as the

analog input signal, the reconstructed signal bears no
relationship to the original.
 In this case, would indicate a d.c. value.
 This is called aliasing
Analog
5s input

Digital sampling at 0.2 Hz 5s

Reconstructed signal
© 2017 Crabtree Controls Ltd. All Right Reserved 72

36
Aliasing

 When the analog signal is under-sampled, the input

produces a lower ‘alias’ frequency that bears no
relationship to the original.

Analog
5s input

Digital sampling at 0.3 Hz 3.7 s

Reconstructed signal
© 2017 Crabtree Controls Ltd. All Right Reserved 73

37
Design of SCADA system

Section 6.
SCADA systems
SCADA Systems - Transitioning
from Beginner to Advanced

Section 6.
SCADA systems

© 2017 Crabtree Controls Ltd. All Right Reserved 1

SCADA - Introduction

● The acronym SCADA stands for Supervisory Control And

Data Acquisition.
● This term refers to a type of software that is used to gather
data from plant devices, and provide the ability for
operators and supervisors to control and monitor large
parts of a plant or process, from a single computer screen.
● In consequence, it may be broadly defined as industrial
automation software that provides a ‘window into the
process’.
● Examples include US Data Factorylink, Intellution’s FIX,
Citect, and Wonderware’s InTouch

© 2017 Crabtree Controls Ltd. All Right Reserved 2

1
Supervisory Control and Data Acquisition (SCADA)

● A typical system comprises a number of remote terminal

units (RTUs) that collect field data and connect back to a
master station via a communication system.
● The master station displays the acquired data and allows
the operator to perform remote control tasks.

© 2017 Crabtree Controls Ltd. All Right Reserved 3

Supervisory Control and Data Acquisition (SCADA)

Operator stations

Radio Modem

Radio
Local Area Network links

PLC

Modem Radio Modem RTU 1

Landline
link
M

Modem
RTU 3 Radio Modem RTU 2

M M

© 2017 Crabtree Controls Ltd. All Right Reserved 4

2
SCADA – Features (1)

● User-friendly interface.
● Automatic control.
● Off-line processing.
● Integrated environments.
● Extensive historical data manipulation.
● Extensive processing power.
● Extremely high data throughput.
● Extremely quick response.

© 2017 Crabtree Controls Ltd. All Right Reserved 5

SCADA – Features (2)

● On-line complex electrical network analysis.

● Real-time supply/demand-side economic calculations.
● Automatic voltage and power factor correction.
● Distributed processing power.

© 2017 Crabtree Controls Ltd. All Right Reserved 6

3
SCADA – Features (2)

© 2017 Crabtree Controls Ltd. All Right Reserved 7

SCADA – Features (2)

© 2017 Crabtree Controls Ltd. All Right Reserved 8

4
SCADA – Architecture Overview (1)
 The I/O driver is the SCADA software’s interface to the
RTU.
 It reads (and writes) data in the form of poll records.
 These poll records are specified by addresses in the
RTU registers and can be a single data point or a range
of points.
 This data is then transferred
to/from addresses in the Driver
DRIVER IMAGE
Image Table (DIT)… TABLE (DIT)

 …an area of SCADA’s memory –

an image of the RTU registers. I/O DRIVER

RTU
© 2017 Crabtree Controls Ltd. All Right Reserved 9

SCADA – Architecture Overview (2)

 The I/O driver updates values in the DIT and fetches data
from the DIT.
 Before the values are displayed, they must be allocated in
the Process Database (PDB) – a representation of the
process.
PROCESS
DATABASE (PDB)

DRIVER IMAGE
TABLE (DIT)

I/O DRIVER

PLC
© 2017 Crabtree Controls Ltd. All Right Reserved 10

5
SCADA – Architecture Overview (3)
 The PDB is made of units of instructions assigned to
perform process function, such as writing values to the
process hardware.
 Values are transferred to/from the PDB from/to the DIT.

PROCESS
DATABASE (PDB)

DRIVER IMAGE
TABLE (DIT)

I/O DRIVER

PLC
© 2017 Crabtree Controls Ltd. All Right Reserved 11

SCADA – Architecture Overview (4)

 Finally, the data in the PDB can be graphically displayed to
users by means of graphical links.

SCREEN

PROCESS
DATABASE (PDB)

DRIVER IMAGE
TABLE (DIT)

I/O DRIVER

PLC
© 2017 Crabtree Controls Ltd. All Right Reserved 12

6
SCADA – Architecture Overview (5)

 They can be also be used

by other applications: RELATIONSHIP EDA
DATABASE

DDE package (Dynamic SCREEN DDE

Data Exchange, such as
Excel) PROCESS
DATABASE (PDB)

EDA software (Electronic Design

Automation, such as C++) DRIVER IMAGE
TABLE (DIT)

Relationship Database (such I/O DRIVER

as Access).

PLC
© 2017 Crabtree Controls Ltd. All Right Reserved 13

SCADA – Architecture Overview (6)

Scan, Alarm and Control (SAC) fetch data from the DIT
and transfer it to the Process Database (PDB).
Driver Image Table
Process database
DIT PDB
Scan, alarm
AI CA
and control
AI DR AO
DI DO
Poll record
Data
12 31 18 44 22 19
I/O driver View
software (Links)

RTU

I/O sensors
© 2017 Crabtree Controls Ltd. All Right Reserved 14

7
SCADA – Architecture Overview (6)

The rate at which SAC reads from the DIT is called scan time.

Driver Image Table

Process database
DIT PDB
Scan, alarm
AI CA
and control
AI DR AO
DI DO
Poll record
Data
12 31 18 44 22 19
I/O driver View
software (Links)

RTU

I/O sensors
© 2017 Crabtree Controls Ltd. All Right Reserved 15

Process Database (PDB)

● The process database is a representation of the process
made up of tags (also called blocks), where a tag is a unit
of instructions assigned to perform a process function.
● Tag functions include:
 comparing process values against alarm limits;
 performing calculations based on specific process values; and
 writing values to the process hardware.
● A series of tags can be connected to form chains that can
perform monitoring or control loops
Process Database

FLOW_IN FLOWCALC TOTALFLOW

Analog Input Calculation Analog Output

MOTORSTAT MOTORCTRL

Digital Input Digital Output

© 2017 Crabtree Controls Ltd. All Right Reserved 16

8
SCADA – Architecture (10)
Operator Display
● Once the values are in the PDB, they can be
graphically displayed.
● View is the application to interact with the graphical
displays and provide the man-machine interface.
● Links are used in View to display database values,
and the rate that they are updated is the screen
refresh rate.
● Links can display information about alarms, database
information information about a tag.

© 2017 Crabtree Controls Ltd. All Right Reserved 17

© 2017 Crabtree Controls Ltd. All Right Reserved 18

9
© 2017 Crabtree Controls Ltd. All Right Reserved 19

Software Systems

● Many suppliers of generic software for SCADA

systems
● Some of the more popular ones are:
 Intellution - Fix
 Wonderware – Intouch- HMI
 USDATA – Factorylink
 National Instruments –Labview, Lookout
 Iconics – Genesis
 Rockwell Automation/AB - RSView

© 2017 Crabtree Controls Ltd. All Right Reserved 20

10
SCADA database management

● A typical PLC/SCADA combination will have at least two

independent databases – the PLC database and the
SCADA database.
● In reality there will be number of independent and
manually coordinated databases that might include:
 Details of each I/O point
 Details of each field device
 Details of each controller
 Details of each process system
 Field device trending
 Alarm management
 Batch/recipe
 Historian
 Fieldbus device management

© 2017 Crabtree Controls Ltd. All Right Reserved 21

SCADA database management

● Traditionally, these databases were flat.

● The information is stored in one long text file, called a tab
delimited file – with each entry separated by a special
character, such as a vertical bar (|).
● Such flat database files makes it difficult to search for
specific information or to create a report that includes only
certain fields from each record e.g. Instrument Type.

© 2017 Crabtree Controls Ltd. All Right Reserved 22

11
SCADA database management

● Typical partial instrumentation list – containing multiple

pieces of information (fields) about each individual
instrument grouped together in what is termed a record…
● …sometimes referred to as a tuple
● Such a list may run into many thousands of items

Tag Instrument Manufacturer Type number Serial Size Measuring Measuring Set Ex rating SIL
No. type number range unit span
101 Pressure Rosemount 3051S 3A 0 124582 - 0 - 80 bar 20 - 60 Ex ia IIC T4 3
transmitter (Emerson)
232 Temperature Endress+Hauser iTEMP TMT162 - 0 - 500 ºC 80 - 120 Ex ia IIC T4 3
transmitter
456 Magnetic Krohne OPTIFLUX A5679B2 100 mm 0.3 - 12 m/s 4-8 Ex ia IIC T4 3
flowmeter 4000
457 Coriolis mass Krohne OPTIMASS X4523M 100 mm 420 tonnes/hr 0 - 200 Ex ia IIC T6 3
flowmeter 2000

© 2017 Crabtree Controls Ltd. All Right Reserved 23

SCADA database management

● Purchasing Department, meanwhile, might have another

database listing details of date of purchase, purchase
price, etc…
● …again running to tens of thousands of items.
Manufacturer Instrument Type number Serial Date of Purchase Authorised Asset No.
type number purchase price by:
Krohne Magnetic OPTIFLUX 4000 A5679B2 2/72016 $3,450.00 D. McDougal A192680/B62
flowmeter
Krohne Coriolis mass OPTIMASS 2000 X4523M 2/7/2016 $23,680.00 D. McDougal A192680/B63
flowmeter

© 2017 Crabtree Controls Ltd. All Right Reserved 24

12
SCADA database management

● Another database may list the instrumentation associated

with a process tank...
● …e.g. Field Process Area - Bldg 21. Process Tank 21
FC
I/P 002

FT
456

M TT
CV 265
844 Process
Tank 21

TT PT LC
232 001 I/P
101

CV
845
© 2017 Crabtree Controls Ltd. All Right Reserved 25

SCADA database management

● This database lists the field instrumentation associated

with Process Tank 21.
Tag Instrument type Span Function
No.
001 Level control Regulates the level within prescribed limits
002 Flow control Regulates the input flow within prescribed limits
101 Pressure transmitter 200 - 600 Measures hydrostatic pressure in order to determine
level
232 Temperature transmitter 80 - 120 Measures the temperature of the medium at the top of
the tank
265 Temperature transmitter 80 - 120 Measures the temperature of the medium at the
bottom of the tank
456 Flow transmitter Measures the flow rate of the medium into the tank
844 Control valve Used to control the flow rate of the medium into the
tank
845 Control valve Used to control the flow rate of the medium out of the
tank

© 2017 Crabtree Controls Ltd. All Right Reserved 26

13
SCADA database management

● Each of these databases must be synchronised for the

whole system to function correctly.
● Consequently, the user must separately configure each the
database in the system.
● Every time a change is made in one database, the others
usually need to be updated to reflect that change.
● This will require the plant engineer to make these changes
in each of these databases, not just one – and get it right.
● Time-series data typically contain a value and a time.
● Even simple processes can potentially have hundreds, if
not thousands, of data points to follow – such as tank
temperatures, scale weights, and pressure readings.

© 2017 Crabtree Controls Ltd. All Right Reserved 27

SCADA database management

● The solution lies in the use of relational databases.

● A relational database groups data into tables – with each
individual data point related to the data around it.
● Structuring information in this way makes it easier to
organize and retrieve data rapidly – especially when large
amounts of data are involved.
● Managing data in relational database is carried out by a
programming language called SQL (Structured Query
Language).
● SQL has a only a few basic operations that allow it to
manipulate and select data and perform a myriad of useful
functions with data – making it an extremely powerful and
flexible database language.

© 2017 Crabtree Controls Ltd. All Right Reserved 28

14
SCADA database management

● Unfortunately the process industry has been very slow in

accepting this tool.
● Consequently, one of the single biggest drawbacks in
using most SCADA systems lies in the problem of
database management.

© 2017 Crabtree Controls Ltd. All Right Reserved 29

15
Design of SCADA system

Section 7.
Alarm management
SCADA Systems - Transitioning
from Beginner to Advanced

Section 7.
Alarm management

© 2017 Crabtree Controls Ltd. All Right Reserved 1

Why is alarm management important?

● Accident investigations have identified that inadequate
alarm system performance contributed to a significant
number of industrial accidents…
 Three Mile Island - 1979
 Piper Alpha - 1988
 Milford Haven Refinery - 1994
 Buncefield Oil Storage - 2005

© 2017 Crabtree Controls Ltd. All Right Reserved 2

1
Three Mile Island - 1979
● A cascading series of events, that included a stuck-open
safety relief valve, led to the computer reporting some
700 problems occurring within the first few minutes.
● This is set off a number of audible and visual alarms –
with the problems forwarded to a line printer in the
control room.
● The line printer queue rapidly contained 700 error
reports followed by several thousand error report
updates and corrections.
● The printer queue was thus almost instantly hours
behind, so the operators knew they had a problem but
had no idea what the problem was.

© 2017 Crabtree Controls Ltd. All Right Reserved 3

Piper Alpha Oil Rig - 1988

● An accumulation of errors and questionable decisions

caused a catastrophic fire on the offshore platform
causing 167 deaths and billions of dollars worth of
damage
● Inadequate shift handovers
● Issues with false alarms

© 2017 Crabtree Controls Ltd. All Right Reserved 4

2
Texaco Milford Haven Refinery - 1994
● A severe electrical storm caused plant disturbances.
● An explosion that occurred five hours later was a
combination of failures in management, equipment and
control systems during the plant upset.
● Twenty-six people were injured and damage of £48 million
was caused.
● Too many alarms that were poorly prioritised
● Control room displays did not help the operators to
understand what was happening
● During the last 11 minutes before the explosion, the two
operators had to recognise, acknowledge and act on 275
alarms

© 2017 Crabtree Controls Ltd. All Right Reserved 5

Buncefield Oil Storage - 2005

● In December 2005, a number of explosions occurred.
● A large fire engulfed a high proportion of the site.
● Over 40 people were injured
● Three Automatic Tank Gauging alarms:
 ‘user level’,
 ‘high level’ and
 ‘high-high level’
● could not operate.
● An independent high-level switch also failed to register the
rising level of petrol
● Alarms were not tested regularly.

© 2017 Crabtree Controls Ltd. All Right Reserved 6

3
Common Issues with Alarm Handling
● Alarm systems implemented without proper guidance
 EEMUA 191 in the UK
 ISA 18.2
 API 1167
 Namur NA 102
● Many alarm systems either alarm everything or rely on
default alarms
● There is often little visibility or reporting on how many
alarms your operators are having to deal with
● Too many alarms are not critical and should not be classed
as alarms
● Nuisance Alarms – appear regularly and require no action
● Chattering alarms – cause distraction

© 2017 Crabtree Controls Ltd. All Right Reserved 7

Common Issues with Alarm Handling

● Alarm flooding – too many alarms make it difficult to
distinguish which need immediate action
● Too many levels of alarms make it hard to prioritise
● There is not always one person responsible for Alarm
Management

© 2017 Crabtree Controls Ltd. All Right Reserved 8

4
How observant are you?

https://www.youtube.com/watch?v=IGQmdoK_ZfY

© 2017 Crabtree Controls Ltd. All Right Reserved 9

Functions of the operator

● An alarm system helps/assists the operators in monitoring
and controlling the plant, equipment and processes within
safe and normal operating conditions.
● The plant condition is said to be normal when all the
process/equipment parameters (pressure, temperature,
flow, level, etc.) are within normal operating ranges.
● During normal plant running conditions, the main function
of the plant operator is to monitor the processes and
equipment conditions and optimize the process/equipment
parameters.

© 2017 Crabtree Controls Ltd. All Right Reserved 10

5
Abnormal upsets

● When there are major disturbances in the processes or

equipment the plant condition may become abnormal or
upset and the automatic control system may not be able to
control such disturbances without an operator's
intervention.
● Alarms are required to get the attention of the operator to
intervene and take corrective action and bring the plant
back to normal conditions.

© 2017 Crabtree Controls Ltd. All Right Reserved 11

Abnormal upsets
● Alarm requirements differ under different plant conditions,
● Therefore important that the alarms are context sensitive
or plant condition sensitive.
● Some signals may be required as alarms during normal
plant running but …
● … may not be relevant during plant start-ups
● Important to clearly identify the functions of an operator for
maintaining plant safety and integrity during all operational
conditions.
● Even in highly automated plants with automatic protection
and controls in place, there is always scope for operator
intervention.
● When an abnormal condition arises, the alarm system
gives an alarm in the form of an audible warning, flashing
or blinking alarm indication and an alarm message.

© 2017 Crabtree Controls Ltd. All Right Reserved 12

6
Present only relevant and useful alarms
● An effective alarm system presents only alarms that help
an operator in monitoring and controlling the
plant/equipment
● The operator's time and attention should not be diverted by
alarms that do not require response or intervention …
● …otherwise danger of ‘Cry wolf’ syndrome where operator
lapses into a frame of mind where the alarms are ignored.
● Each and every alarm should be useful and relevant.
● This means that changes in the condition of the
plant/equipment that requires intervention of maintenance
personnel but is not relevant to an operator should not
be configured and presented as an alarm.

© 2017 Crabtree Controls Ltd. All Right Reserved 13

Defined response

● Every alarm should have a defined response from an

operator.
● The response should be in the form of a preventive
and/or corrective action or an acknowledgement.
● At times the response to an alarm can be conditional.
● Some alarms like ‘plant start-up sequence completed’ or
‘equipment stopped/tripped’ inform the operator to
change his response – how he is monitoring or paying
attention to the plant/equipment.

© 2017 Crabtree Controls Ltd. All Right Reserved 14

7
Adequate time to respond
● Since the operator is expected to respond to every alarm, it
is essential to allow adequate time for him to respond.
● To allow a timeous response, the alarm should allow
enough time to take corrective action.
● At the same time, the rate of the alarms should not exceed
the capability of the operator to respond to them.
● The operator's functions include many other activities and
responsibilities apart from responding and handling alarms.

© 2017 Crabtree Controls Ltd. All Right Reserved 15

Adequate time to respond

● An average workload (W) imposed on an operator by the
alarm system is determined as:

W=R. T
where:
R is average rate of alarms presented
T is average time taken to respond to the alarm

© 2017 Crabtree Controls Ltd. All Right Reserved 16

8
Adequate time to respond
Example 1. Manageable alarms
● Assume a SCADA based alarm management system
presents alarms to the operator at an average rate of 1
alarm per 120 seconds.
● To respond to each alarm takes the plant operator an
average of 40 seconds.
● The average workload (W) imposed on the operator by
DCS alarm management system is:

W = (1/120)* (40) = 40/120 = 0.333 = 33.3 %

● This means on an average the plant operator has to

devote a 1/3rd of his time attending and responding to
the alarms presented by the alarm management system

© 2017 Crabtree Controls Ltd. All Right Reserved 17

Adequate time to respond

Example 2. Over-loaded alarms

● In another plant, an alarm annunciator panel-based
alarm system presents alarms to the operator at an
average rate of 1 alarm per 40 seconds.
● The plant operator takes on average 30 seconds to
respond to each alarm.
● The average workload (W) on the operator is:

W = (1/40)*(30) = 30/40 = 0.75 = 75%

● In this plant 75% of the operator's time is consumed by

the alarm system and he is thus overloaded.

© 2017 Crabtree Controls Ltd. All Right Reserved 18

9
Prioritising an alarm system
● Various types of alarm systems are:
 Configured within a process control system,
 A standalone alarm system, and
 A combination of a standalone alarm system and an alarm system
within a process control system.
● If a standalone alarm system is used for configuring and
implementing all the alarms, then the high priority alarms
include the safety-related alarms.
● However, if a combination of a standalone alarm system
and alarm system configured within the process control
system is used, there is a possibility of overlapping priority
bands of alarms between the two systems.

© 2017 Crabtree Controls Ltd. All Right Reserved 19

Design documentation
● Some of the questions that need to answered, for each
and every alarm, are:
 What is the purpose of the alarm?
 What response is required from the operator?
 If the operator does not respond to the alarm, what are the likely
consequences?
 How much time is available for the operator to respond?
 What will the effectiveness be of the operator response?

© 2017 Crabtree Controls Ltd. All Right Reserved 20

10
Alarm displays
● Alarms are either displayed on
annunciator panels consisting of a X Y Z Alarm
separate light window for each window

alarm or on a Visual Display Unit Colour changes

X Y Z
Screen in the form of alarm lists. in schematics

Bin x level = 10 Alarm

Vessel Z = Overflow summary
Pump1 = Trip

Audible
warning

Alarm history
storage

Alarm
Secondary display
occurrence
key-lamp ON

Alarm
printouts
© 2017 Crabtree Controls Ltd. All Right Reserved 21
.

Alarm lists
● In DCS or SCADA based alarm systems, alarm list
displays are the most common way of displaying the
alarms.
● An alarm list provides display of different alarms within a
single window.
● Another way of displaying alarms is through the use of
schematics.

© 2017 Crabtree Controls Ltd. All Right Reserved 22

11
Annunciator displays
● Alarm annunciator displays consist of arrays of windows.
● Annunciator displays provide immediate access to
information and excellent spatial pattern recognition.
● The annunciator displays are easily visible and easy to use.
● However, they do not provide detailed and additional
associated information about the alarm and are not suitable
for potentially large number of alarms.
● Still useful for standalone safety related critical alarms.

© 2017 Crabtree Controls Ltd. All Right Reserved 23

Audible alarm warnings

● Audible warnings with an industrial hooter, electronic

buzzer or beeps
● Different level/pitch of sounds should are used to identify
the priority of alarms.
● The audible warnings should be set at levels higher than
ambient noise …
● …but should not painful and distracting to the operators.
● Audible warnings should be easily recognizable by
varying the pulse length and frequency of pulses or
group of pulses

© 2017 Crabtree Controls Ltd. All Right Reserved 24

12
Audible alarm warnings

● Generally recommended that higher priority alarms are

louder, lower pitched and having higher pulse frequency
than the lower priority alarms

High
priority Low tone
alarm

Medium
priority
alarm Medium tone

Low
priority
alarm High tone

© 2017 Crabtree Controls Ltd. All Right Reserved 25

Alarm generation
● Alarms can be configured and presented using various
detection methods:
 Absolute alarms
 Deviation alarms
 Rate of change alarms
 Discrepancy alarms
 Calculated alarms
 Diagnostic alarm
 First-up alarms
 Statistical alarms

© 2017 Crabtree Controls Ltd. All Right Reserved 26

13
Alarm generation − Absolute alarms

● An absolute alarm is generated by comparison of an

analog signal with a predefined alarm setting.
● These alarms are used to warn the operator that the
parameter is approaching the absolute limit set for a trip or
operating a safety device.
● Absolute alarms are simple to design but tend to cause
difficulties during abnormal plant/equipment conditions and
require a review of alarm settings to take care of changing
plant/equipment conditions.

© 2017 Crabtree Controls Ltd. All Right Reserved 27

Alarm generation − Absolute alarms

Example
● Absolute alarms are designed and configured with
predefined alarm settings for a fan end-bearing
temperatures:
 Drive-end bearing temperature (T1) Hi 80 ºC HiHi 90 ºC
 Non-drive-end bearing temp.: (T2) Hi 80 ºC HiHi 90 ºC
● If either bearing temperature exceeds the preset
temperature limit of 80 ºC an alarm is generated
indicating that operator intervention is required.
● The bearing temperature high alarms (T1 High, T2 High)
alerts the operator to intervene and take corrective
action(s) before the bearing temperature increases
further and exceed the absolute trip setting of 90 ºC .

© 2017 Crabtree Controls Ltd. All Right Reserved 28

14
Alarm generation − Absolute alarms

Increase in absolute
alarm setting
100
Temperature Hi Hi alarm (Trip)
Bearing temperature (ºC)

90
Temperature Hi alarm
85

Time

© 2017 Crabtree Controls Ltd. All Right Reserved 29

Deviation alarms

● Deviation alarms are generated by detecting the difference

between two analog signals that exceeds a predefined
magnitude.
● Deviation alarms are generally used to compare a
controlled variable against the set point value to alert the
operator that the controller is unable to control effectively
and an operator invention is required.

© 2017 Crabtree Controls Ltd. All Right Reserved 30

15
Rate of change alarms

● The rate of change alarms are generated when the rate of

change of a measured analog signal exceeds a predefined
setting.
● Rate of change alarms provide an early indication of an
abnormal condition that is going to arise.
Example
● Consider an autoclave vessel used for hot curing of
products using high pressure steam.
● The curing cycle has three phases.

© 2017 Crabtree Controls Ltd. All Right Reserved 31

Rate of change alarms

● Phase 1: Initially the temperature increases from ambient (30ºC) to 180ºC
in 3 hours at a maximum rate of temperature increase of 50 ºC per hour.
● Phase-2: The temperature is maintained at 180ºC for 6 hours.
● Phase-3: The steam is released from the autoclave vessel gradually so that
the temperature comes down to ambient in approximately three hours.
● If the temperature increases at a slower or faster rate, the product quality
will be affected.

Phase 1 Phase 2 Phase 3

210

180
Temperature (ºC)

150 B Desired
120 temperature
A increase rate
90
60
30 C

1 2 3 4 5 6 7 8 9 10 11 12
Curing time (hrs)
© 2017 Crabtree Controls Ltd. All Right Reserved 32
.

16
Discrepancy alarms
● Discrepancy alarms are generated by comparing the
actual state of the plant with the expected state.
● Often used for control valves or actuators and require an
expected characteristic of the actuator movement in
response to a give command
● A discrepancy alarm would thus identify faults such as a
stuck or sticking actuator.
● In practice, actuator performance tends to degrade −
resulting in spurious discrepancy alarms
● Spurious discrepancy alarms can become a nuisance
during abnormal plant conditions
● To overcome such problems, discrepancy alarms must be
robustly designed and tolerance bands should be easily
adjustable.

© 2017 Crabtree Controls Ltd. All Right Reserved 33

Calculated alarms
● Calculated alarms are generated in applications where
several signals are combined to perform such calculations
as energy consumption, efficiency calculations, etc.

© 2017 Crabtree Controls Ltd. All Right Reserved 34

17
Diagnostic alarms
● These alarms are generated to indicate faults within the
control systems and field instruments.
● They are more useful for operations and maintenance
personnel and should be kept separate from the process
alarms.

© 2017 Crabtree Controls Ltd. All Right Reserved 35

First-up alarms
● Rather than a ‘type’ of alarm a ‘First-up Alarm’ is actually a
facility for identifying the sequence of alarm occurrence.
● First-up alarms help to identify the reason for the
plant/equipment trips. In large plants it becomes difficult to
identify the cause of equipment/plant trips.
● Logic with fast scanning time/cycle is used to detect the
first alarm after the plant/equipment trip and the exact
cause.
● In such cases the first alarm detected is displayed
blinking/flashing and the following alarms are displayed
steady on the group alarm display.

© 2017 Crabtree Controls Ltd. All Right Reserved 36

18
First-up alarms
● Example:
● A hydraulic pump may trip due to hydraulic pump
discharge pressure low (or flow low) or due to power
failure to the motor.
● When the pump trips due to a power failure, the motor
stops and the pump's discharge pressure will drop quickly
and both the alarms –‘motor stopped’ and ‘pump discharge
pressure low (flow low)’ – will be generated in a fraction of
seconds.

© 2017 Crabtree Controls Ltd. All Right Reserved 37

Statistical alarms
● Statistical alarms are generated using statistical
techniques to filter out significant changes from the
process noise.
● Basic tools include:
 Sample average
 Sample median
 Sample range
 RMS deviation
 Sample standard deviation
 Histograms
 Running records

© 2017 Crabtree Controls Ltd. All Right Reserved 38

19
Statistical alarms

100 bar

Standard Upper alarm limit

Deviation Lower alarm limit

© 2017 Crabtree Controls Ltd. All Right Reserved 39

How do we scan an HMI screen?

● Generally, users scan a screen as they would scan a page
in a book …
● …which in the west means from the top left corner to the
right and reading down the screen.
● However, with no lines to guide us, we usually only do 2 or
3 incomplete scans of the screen:

© 2017 Crabtree Controls Ltd. All Right Reserved 40

20
How do we scan an HMI screen?
● Important items should thus be on the ‘scan’ line...
● … with alarms across the top of the page…
● … key data in centre right …
● …and maybe buttons and controls on the lower right.
● Supporting graphics and the company logo are better
placed on the lower left of the screen.

© 2017 Crabtree Controls Ltd. All Right Reserved 41

Colours
● On-screen colours are created from the 3 primary colours:
 Red
 Green
 Blue
● And the three secondary colours:
 Cyan
 Magenta
 Yellow

© 2017 Crabtree Controls Ltd. All Right Reserved 42

21
Colours
● Complementary contrast is created by positioning a
secondary colour with the primary colour from the opposite
side of the wheel.

© 2017 Crabtree Controls Ltd. All Right Reserved 43

Colours
● Whilst useful in creating an impact, using these colours
together can make focussing difficult.

© 2017 Crabtree Controls Ltd. All Right Reserved 44

22
Colours
● Pairs of secondary colours…
 Cyan
 Yellow
 Magenta
● …produce higher contrasts than pairs of primary colours
 Red
 Green
 Blue

© 2017 Crabtree Controls Ltd. All Right Reserved 45

Colours
● The preferred colour convention, following the standard for
safety signs (BS 5378) defines:
 Red = stop, prohibition, danger
 Yellow = caution, risk of danger
 Green = safe condition
 Blue = mandatory action.

© 2017 Crabtree Controls Ltd. All Right Reserved 46

23
Colours
● Large blocks of primary colours, e.g. red, should be
avoided because they will cause complimentary colour
image retention on the retina.

© 2017 Crabtree Controls Ltd. All Right Reserved 47

Colours
● Designers also need to be aware that 1 in 12 men have
some degree of colour blindness.
● This normally means that there is some confusion in the
perception of reds and greens (also yellows, oranges, and
browns) …
● …consequently, screen designs should not solely rely on
colour to indicate plant condition.

© 2017 Crabtree Controls Ltd. All Right Reserved 48

24
ISA-18.2

● Alarm Philosophy: Documents the objectives of the alarm

system and the work processes to meet those objectives.
● Identification: Work processes determining which alarms
are necessary.
● Rationalization: The process of ensuring an alarm meets
the requirements set forth in the alarm philosophy,
including the tasks of prioritization, classification, settings
determination, and documentation.
● Detailed Design: The process of designing the aspects of
the alarm so that it meets the requirements determined in
rationalization and in the philosophy.
 This includes some HMI depiction decisions and can include the
use of special or advanced techniques.

© 2017 Crabtree Controls Ltd. All Right Reserved 49

ISA-18.2

● Implementation: The alarm design is brought into

operational status. This may involve commissioning,
testing, and training activities.
● Operation: The alarm is functional. This stage includes
refresher training, if required.
● Maintenance: The alarm is non-functional due to either
test or repair activities. (Do not equate this life cycle stage
with the maintenance department or function.)

© 2017 Crabtree Controls Ltd. All Right Reserved 50

25
ISA-18.2

● Monitoring and Assessment: The alarm system’s

performance is continuously monitored and reported
against the goals in the alarm philosophy.
● Management of Change: Changes to the alarm system
follow a defined process.
● Audit: Periodic reviews are conducted to maintain the
integrity of the alarm system and alarm management work
processes.

© 2017 Crabtree Controls Ltd. All Right Reserved 51

26
Design of SCADA system

Section 8.
Data transmission media
SCADA Systems - Transitioning
from Beginner to Advanced

Section 8.
Data transmission media

© 2017 Crabtree Controls Ltd. All Right Reserved 1

Copper Based Cables

Cable classifications:
● Two-wire open lines
 a.c. power and return
 High power low frequency signals
 d.c. power and return
 low power low frequency signals
● Coaxial
 RF and digital signals
● Twisted pair
 Digital signals

© 2017 Crabtree Controls Ltd. All Right Reserved 2

1
Two-wire open lines

R L R L R L

G C G C G C

Primary distributed constants:

 resistance
 leakage conductance
 inductance
 capacitance

© 2017 Crabtree Controls Ltd. All Right Reserved 3

Two-wire open lines

 Lumped together these distributed constants give

rise to an equivalent circuit:
R L
I
G C

Typical values for 22 gauge copper pair are:

R = 100 /km
L = 1 mH/km
G = 10-5 S/km
C = 0.05 F/km

© 2017 Crabtree Controls Ltd. All Right Reserved 4

2
Two-wire open lines

 For materials commonly used for cable insulation,

G is so small that it can be neglected
R L
I
C

© 2017 Crabtree Controls Ltd. All Right Reserved 5

Two-wire open lines

 At low frequencies (below 100 Hz) L is so small

compared with R that it too can be neglected:
R
I
C

 Essentially: a low pass filter

 Transmission largely dictated by the capacitance (pF/m)

© 2017 Crabtree Controls Ltd. All Right Reserved 6

3
Two-wire open lines

At higher frequencies and longer cable runs, primary

characteristics are:
 Characteristic impedance (Zo)
 Attenuation per unit length ()

Characteristic impedance (Zo)

 If L and C are independent of frequency, which is
essentially true in the ‘high’ frequency region, Zo is
constant
 Typical values range from 100 to 250 

© 2017 Crabtree Controls Ltd. All Right Reserved 7

Attenuation

Pulse is thus attenuated as it travels down the line

What happens when it reaches the end of the line?
In this case, with the line open circuited, the pulse will be
reflected back – in phase – producing interference

© 2017 Crabtree Controls Ltd. All Right Reserved 8

4
Reflections

What happens if the line were short-circuited?

In this case, the pulse will be reflected back in anti-phase –
again producing interference

© 2017 Crabtree Controls Ltd. All Right Reserved 9

Matching

ZT
Zo

To prevent reflections, the line should be terminated with an

impedance ZT that equals the characteristic impedance Zo

Now, the terminator simulates an infinitely long line

This is called matching

© 2017 Crabtree Controls Ltd. All Right Reserved 10

5
Typical coaxial cable

● Traditional approach for speeds typically up to 10 Mbps

for data.
● More difficult to install and more expensive than twisted
pair.

Inner solid Dielectric Braided screen Outer

conductor insulator insulation

Polyethylene Polyvinyl chloride

© 2017 Crabtree Controls Ltd. All Right Reserved 11

Coaxial cables

Two main types used in data comms are:

RG 8 (Thicknet) 10.27 mm OD: 50  impedance
 Typical values are:
 6.3 dB/100 m at 100 MHz
 23.3 dB/100 m at 1000 MHz
 Capacitance 98 pF/m
RG 58 (Thinnet) 6.1 mm OD: 50  impedance
 Typical values are:
 8.5 dB/100 m at 100 MHz
 28.5 dB/100 m at 1000 MHz
 Capacitance 38 pF/m

© 2017 Crabtree Controls Ltd. All Right Reserved 12

6
Twisted cable

● Most economical form of data transmission.

● UTP (Unshielded Twisted Pair)
● STP (Shielded Twisted Pair)

© 2017 Crabtree Controls Ltd. All Right Reserved 13

EIA Standards for UTP

Category 5
● High grade, handling frequencies up to 100MHz.
● The current standard normally has four (4) Unshielded
Twisted-Pairs (UTP) copper wires with at least 26
twists/m
● For use in high speed communications of up to 100
Mbps over distances of up to 100 m.
● Used in:
 10BASE-T & 100BASE-T4 & 100BASE-TX Fast Ethernet
Networks.
 FDDI and ATM at 155 Mbps
● The industry standard since 1994, superseded by
Category 5E in 1998.

© 2017 Crabtree Controls Ltd. All Right Reserved 14

7
EIA Standards for UTP

Category 5e
● Supports Gigabit Ethernet
● Usually tested to a bandwidth of 350 MHz
● Used in:
 10Base-T, 100Base-T4 and 100Base-TX Fast Ethernet
Networks.
 1000Base-T (Gigabit Ethernet) networks.
● The new standard Category 5e was created in 1998 for
1 Gigabit networks.

© 2017 Crabtree Controls Ltd. All Right Reserved 15

EIA Standards for UTP

Category 6
● Supports Gigabit Ethernet
● Field performance verification over the frequency range
of 1 to 250 MHz.
● Offers double the bandwidth of category 5e cabling and
vastly improved signal-to-noise margins.
● The improved performance of Category 6 cabling,
reduces the cost, complexity and power consumption of
the new generation 1000Base-T chipsets.
● Specification published in August 2002

© 2017 Crabtree Controls Ltd. All Right Reserved 16

8
EIA Standards for UTP

Category 7
● Proposed TIA Category 7 / ISO Class F requirements
are being developed for fully shielded (i.e., overall shield
and individually shielded pairs) twisted-pair cabling.
Category 7 / class F
● Will most likely be supported by an entirely new
interface design (i.e. plug and socket).
● Some vendors are marketing forms of Category 7 wire.
The Cat 7 standard is barely in its infancy, but is
expected to end up as either 600 MHz or 700 MHz UTP
when and if it reaches completion.
● Systems are in development

© 2017 Crabtree Controls Ltd. All Right Reserved 17

Optical fibres and Characteristics

● When light travels from a medium of one density to

another with of a different density, the light path
undergoes refraction – it will be bent
● Transmission in fibre-optic cable is based on differences
in refractive index
● Cable is made up of an ultra-pure glass core
surrounded by a cladding having a lower density

© 2017 Crabtree Controls Ltd. All Right Reserved 18

9
Fibre-optic principles

● When light travels from a less dense medium to another

with a higher density, the light path undergoes refraction
and is bent towards the normal…
● … and when travelling from a denser medium to one of
less density, the path is bent away from the normal.
● In this case the light is absorbed in the cladding.

Air

Glass

© 2017 Crabtree Controls Ltd. All Right Reserved 19

Fibre-optic principles

● As the angle of incidence is reduced, there will come a

point where the light path no longer travels through the
cladding but is parallel to the axis.
● And if the incidence angle is reduced even further, total
internal reflection will occur

Air

  Glass

© 2017 Crabtree Controls Ltd. All Right Reserved 20

10
Fibre-optic principles

Sheath
Cladding
Core

62.5 m 125 m 250 m

© 2017 Crabtree Controls Ltd. All Right Reserved 21

Introduction to Fibre-optic Principles

● Between 1968 and 1970 the attenuation of glass fibre optic

cable dropped from over 1000 dB/km to less than 20 dB/km.
● Sizes vary from 8.5 m to 140 m but standard sizes are:
 8.5 m
 50 m
 62.5m
● Human hair is typically 100 m
● The glass is ultra pure, ultra transparent, silicon dioxide or
fused quartz.
● If seawater were as clear as this type of fibre optic cable…
● …. then you would be able to see to the bottom of the
deepest trench in the Pacific Ocean.

© 2017 Crabtree Controls Ltd. All Right Reserved 22

11
Fibre-optic Principles

Cladding
Light absorbed in
cladding

Core

Cladding

© 2017 Crabtree Controls Ltd. All Right Reserved 23

Fibre-optic propagation modes

Input pulse Multi-mode Stepped Index Output pulse

 As a result of the different path lengths, the pulse has

spread
 This is called modal dispersion and is measured in
pulse spread per kilometre (ns/km)
 Stepped index has a modal dispersion of between 15 to
30 ns/km
 This obviously limits the bandwidth

© 2017 Crabtree Controls Ltd. All Right Reserved 24

12
Fibre-optic propagation modes
Input pulse Multi-mode Stepped Index Output pulse

Input pulse Multi-mode Graded Index Output pulse

 In Graded Index cable, the modal dispersion is less than

1 ns/km

© 2017 Crabtree Controls Ltd. All Right Reserved 25

Fibre-optic propagation modes

Input pulse Multi-mode Stepped Index Output pulse

Input pulse Multi-mode Graded Index Output pulse

Input pulse Single-mode Graded Index Output pulse

© 2017 Crabtree Controls Ltd. All Right Reserved 26

13
Fibre-optic propagation modes
4.0

3.5
Single mode fibre
3.0 nm db/km
Attenuation (dB/km)

A 850 1.81
2.5 A B 1300 0.35
C 1310 0.34
2.0 D 1380 0.55
E 1550 0.19
1.5
C D
1.0 B
E
0.5

800 1000 1200 1400 1600

Wavelength (nm)

© 2017 Crabtree Controls Ltd. All Right Reserved 27

Fibre-optic advantages

● Bandwidth in excess of 1.5 GHz/km (62.5/125 m)

● Information carrying capacity up to 2.5 T-bits/s on single
mode
● Low signal attenuation
 Multimode
3 - 8 dB/km @ 850 nm
1 - 3 dB/km @ 1300 nm
 Monomode
0.4 – 0.6 dB/km @ 1300 nm
0.25 – 0.35 dB/km @ 1550 nm
● Inherent signal security
● Low error rate

© 2017 Crabtree Controls Ltd. All Right Reserved 28

14
Fibre-optic advantages
● High Noise Immunity
● Light weight
● Smaller size
● Galvanic Isolation
● Safe in hazardous areas
● No cross-talk
● Licensing not required

© 2017 Crabtree Controls Ltd. All Right Reserved 29

Fibre-optic limitations

● Cost of source and receiving equipment is high

● Difficult to tee-off fibre optic cable
● Joining and terminating difficult
● Testing equipment is different
● Used for binary digital signals (as opposed to analog)
● Single mode cable is cheaper than multimode cable but
…
● ….TX / RX equipment is 3 to 10 times that of
multimode equipment

© 2017 Crabtree Controls Ltd. All Right Reserved 30

15
Patch panel using direct termination

© 2017 Crabtree Controls Ltd. All Right Reserved 31

Cable Bending Radius

● Ensure cable radius is not less than min. installation
radius
● Avoid sharp bends
● Use curved construction ducts and trays
● Flat surfaces for laying of cables
● Ensure no heavy objects laid on top of cables
● Ensure no kinks or twists
● Min. bending radius for long term final cable

© 2017 Crabtree Controls Ltd. All Right Reserved 32

16
Cable tension
● Fiber snaps rather than stretches
● Never exceed max. cable tension
 (Rule of thumb: approx. weight of 1 km of cable)
● Avoid short sharp jerking
● Cable Drum smoothly rotated
● Minimise stress after installation
● J/Box’s for lots of bends

© 2017 Crabtree Controls Ltd. All Right Reserved 33

Optical time domain reflectometry (OTDR)

● A short pulse is injected into the fibre

● The strength of the reflection shows attenuation
● The time delay in the return of the reflection shows distance
to the fault
● Reflections can be caused by:
 connectors,
 cracks,
 splices,
 impurities,
 breaks
 continual reflection from backscatter (Rayleigh
scattering)

© 2017 Crabtree Controls Ltd. All Right Reserved 34

17
Trace from an OTDR

Reflection from a connector

Reflection from a splice

OTDR connector
Loss due to splice
(no reflection)

Loss due to bend

0 (no reflection)
-5 Reflection from Reflection from
hairline crack unterminated end of fibre
-10
Attenuation (dB)

-15
Noise floor of
-20 the instrument
-25
-30
-35
0 4 8 12 16 20 24
Distance (km)
© 2017 Crabtree Controls Ltd. All Right Reserved 35

Basics of Radio
Communications

© 2017 Crabtree Controls Ltd. All Right Reserved 36

18
Brief history

● 1896 - Guglielmo Marconi first radio transmission

● 1895 – Oliver Lodge first radio transmission
● 1894 – Nicolai Tesla first radio transmission
● 1894 – Jagadish Chandra Bose first radio transmission
● 1888 - Heinrich Hertz set up electromagnetic waves using
an oscillator and spark detector
● 1865 - James Clerk Maxwell unified the theories of
electricity and magnetism
● 1840 - Samuel Morse first telegraphic system (based on
Edison)
● 1831- Michael Faraday conceived the notion of a magnetic
field.

© 2017 Crabtree Controls Ltd. All Right Reserved 37

Brief history

● 1820 - Hans Christian Oersted discovered that an electric

current in a wire could deflect a magnetic needle.
● 1787 - Charles Augustin Coulomb conceived the notion of
an electric charge
● 1704 - Isaac Newton publishes Opticks, in which he
proposes a particle theory of light.
● ‘Corpuscular theory of light’
● This had trouble explaining refraction, so he adds a ‘fudge
factor’, claiming that an ‘Aethereal Medium’ is responsible
for this effect, and going further to suggest it might be
responsible for other physical effects such as heat.
● 1680 – Huygens suggested light as a wave

© 2017 Crabtree Controls Ltd. All Right Reserved 38

19
Radio communications

● Radio is often chosen in preference to using landlines for

a number of reasons:
 Costs of cable can far exceed that of radio telemetry
systems
 Radio systems can be installed faster than landline
systems
 Radio equipment is very portable and can be easily moved
 Radio can be used to transmit the data in any format
required by the user
 Reasonably high data rates can be achieved compared to
some landline application,
 Radio can be used as a back up for landlines

© 2017 Crabtree Controls Ltd. All Right Reserved 39

Radio communications

● Before jumping into the ‘wireless’ pond a number of

issues have to be considered – not least is the question
of standards.
● A wireless link should entail only the physical layer used
to carry the data.
● It should not be concerned with physical changes to the
field instruments, the control panel, or the underlying
software.

© 2017 Crabtree Controls Ltd. All Right Reserved 40

20
Radio communications

● Some of the issues that have to be considered if you are

using a radio link include:
 Elements of a radio link
 Radio spectrum and frequency allocation
 Summary of radio characteristics for VHF/UHF radio
telemetry systems
 Radio modems
 Prevention of intermodulation problems
 Implementing a radio link
 Miscellaneous considerations

© 2017 Crabtree Controls Ltd. All Right Reserved 41

Elements of a radio link

A radio link consists of the following components:

● antennas
● transmitters
● receivers
● antenna support structures
● cabling
● interface equipment.

© 2017 Crabtree Controls Ltd. All Right Reserved 42

21
Basic elements of a radio link
Antennae
Frequency F1
Transmitter Receiver
Voice Voice
Interface Interface
Data Data
Receiver Transmitter
Frequency F2

© 2017 Crabtree Controls Ltd. All Right Reserved 43

Antenna

● The device used to radiate or detect the electromagnetic

waves.
● There are many different designs of antennas available.
● Each one radiates the signal (electromagnetic waves) in
a different manner.
● The type of antenna used depends on the application
and on the area of coverage required.

© 2017 Crabtree Controls Ltd. All Right Reserved 44

22
Transmitter
● The device that converts the voice or data signal into a
modified (modulated) higher frequency signal and feeds
it to the antenna where it is radiated into the free space
as an electromagnetic wave at radio frequencies.

© 2017 Crabtree Controls Ltd. All Right Reserved 45

Receiver

● The device that converts the radio frequency signals (fed

to it from the antenna detecting the electromagnetic
waves from free space) back into voice or data signals.

© 2017 Crabtree Controls Ltd. All Right Reserved 46

23
Antenna Support Structure

● An antenna support structure is used to mount antennas,

in order to provide a height advantage, which generally
provides increased transmission distance and coverage.
● It may vary in construction from a three metre wooden
pole to 1000 m steel structure.
● A structure which has guy wires to support it is generally
referred to as a Mast.
● A structure which is free standing is generally referred to
as a Tower

© 2017 Crabtree Controls Ltd. All Right Reserved 47

Mast vs. tower

Mast
Tower

© 2017 Crabtree Controls Ltd. All Right Reserved 48

24
Electromagnetic spectrum
● Radio signals are a form of electromagnetic radiation – commonly
abbreviated to EM.
● Any body with a temperature above absolute zero emits electromagnetic
energy as a result of molecular thermal agitation.
● Visible light extends from approximately 0.4 to 0.7 m…
● … and infrared from 0.7 to several hundred or more micrometres.

100GHz 1GHz 300MHz 30MHz 2MHz

Gamma X-rays Ultra- Infra-red Radar UHF VHF HF

Visible

Rays violet Microwave TV TV Radio

10pm 0.1nm 1nm 10nm 100nm 0.1m 1m 10m 100m 1mm 1cm 10cm 1m 10m 100m

© 2017 Crabtree Controls Ltd. All Right Reserved 49

Electromagnetic spectrum
● Generally, radio communications signals are expressed in terms of
frequencies …

100GHz 1GHz 300MHz 30MHz 2MHz

Gamma X-rays Ultra- Infra-red Radar UHF VHF HF

Visible

Rays violet Microwave TV TV Radio

10pm 0.1nm 1nm 10nm 100nm 0.1m 1m 10m 100m 1mm 1cm 10cm 1m 10m 100m

RADIO COMMUNICATIONS AND TV (MHz)

1000 800 520 335 225 100 60 30 2

UHF (mid) UHF (low) VHF (high) VHF (mid) VHF (low) HF

960 800 520 335 225 101 100 60 59 31 30 2

© 2017 Crabtree Controls Ltd. All Right Reserved 50

25
Electromagnetic spectrum
● …whilst technical microwaves and above are expressed in wavelength

100GHz 1GHz 300MHz 30MHz 2MHz

Gamma X-rays Ultra- Infra-red Radar UHF VHF HF

Visible
Rays violet Microwave TV TV Radio

10pm 0.1nm 1nm 10nm 100nm 0.1m 1m 10m 100m 1mm 1cm 10cm 1m 10m 100m

TECHNICAL MICROWAVES (GHz)

100 60 40 25 16 10 6 4 2.5
O V Q(Ka) K J(Ku) X C
140 60 40 26.5 18 12 8 4

© 2017 Crabtree Controls Ltd. All Right Reserved 51

Electromagnetic waves

● Electromagnetic waves have two inseparable components:

 the electric (E plane) field and
 the magnetic (H plane) field
● The planes of these fields are at right angles to one another
and to the direction of motion of the wave.

Magnetic field
component

Electric field
component

Direction of
travel

© 2017 Crabtree Controls Ltd. All Right Reserved 52

26
Propagation beyond the horizon
● It might appear that the radiated power of a ground-based
transmitter beamed above the horizon will travel into space;
horizontally beamed signals will travel to the horizon and be
absorbed; and signals below horizontal will be absorbed or
scattered into space.
● Rule of thumb – distance to radio horizon (km) vs transmitter
height (m) d  4.12  h

Lost

Scattered

Absorbed
Absorbed

© 2017 Crabtree Controls Ltd. All Right Reserved 53

Propagation methods
● However, signals do propagate beyond the horizon.
● The major mechanisms are:
 Refraction - bending of signals towards ground
 Scattering - from eddies in the air, from rain , from reflecting surfaces
and objects
 Diffraction - from terrain, buildings and vegetation.

Scatter

Refraction

Diffraction

© 2017 Crabtree Controls Ltd. All Right Reserved 54

27
Atmospheric refraction
● As altitude increases, both pressure and temperature
decrease.
● As a result, the refractive index falls with height and radio
waves are bent downwards…

n4
n3
Increasing Decreasing Decreasing
altitude n2 refractive density
index
n1

© 2017 Crabtree Controls Ltd. All Right Reserved 55

Atmospheric refraction

● …and are able to propagate beyond the geometric horizon.

Scatter

Refraction

Diffraction

© 2017 Crabtree Controls Ltd. All Right Reserved 56

28
The radio spectrum and frequency allocation

● Strict regulations govern the use of various parts of the

radio frequency spectrum.
● Specific sections of the radio frequency spectrum have
been allocated for public use.
● All frequencies are allocated to users by a government
regulatory body.
● Sections of the radio spectrum are allocated for public
use around the world.
● Each section is referred to as a band.

© 2017 Crabtree Controls Ltd. All Right Reserved 57

The radio spectrum and frequency allocation

Ultra High Frequency Mid Band UHF 960 MHz

(UHF) 800 MHz
Low Band UHF 520 MHz
335 MHz
Very High Frequency High Band VHF 225 MHz
(VHF) 101 MHz
Mid Band VHF 100 MHz
60 MHz
Low Band VHF 59 MHz
31 MHz
High Frequency (HF) 30 MHz
2 MHz

© 2017 Crabtree Controls Ltd. All Right Reserved 58

29
The radio spectrum and frequency allocation
● Certain sections of these bands will have been
allocated specifically for telemetry systems.
● In some countries, a deregulated Telecommunications
environment has allowed sections of the spectrum to be
sold off to large private organizations to be managed,
and then onsold to smaller individual users.
● Application must be made to the government body, or
independent groups that hold larger chunks of the
spectrum for onselling, to obtain a frequency and no
transmission is allowed on any frequency unless a
license is obtained.

© 2017 Crabtree Controls Ltd. All Right Reserved 59

The radio spectrum and frequency allocation

Low Band VHF Mid Band VHF High Band VHF

Propagation mode  Mostly LOS  LOS  LOS

 Some surface  Minimal
wave surface wave
Data rate 600 Baud 100 Baud 2400 Baud
Diffraction Excellent Very Good Good
properties
Natural noise High Medium Low
environment
Affected by man Severe Bad Some
made noise
Penetration of Excellent Very Good Good
solids
Fading by ducting Long Term Medium term Short Term
Absorption by wet Negligible Low Some
vegetation

© 2017 Crabtree Controls Ltd. All Right Reserved 60

30
The radio spectrum and frequency allocation

Low Band VHF Mid Band VHF High Band VHF

Equipment Minimal Reasonable Excellent

availability
Relative equipment High Medium Low
cost
Uses In forested areas Very hilly and Long distance
Mostly mobile forested areas LOS/ hilly
Very hilly Mostly mobile areas/LOS links
Over water Mobile
Borefields
Over water

© 2017 Crabtree Controls Ltd. All Right Reserved 61

The radio spectrum and frequency allocation

UHF1 UHF2
Propagation Mode LOS LOS
Data Rates 9600 Baud 19200 baud
Diffraction Properties Some Minimal
Natural Noise Environment Low Negligible
Affected by Man Made Noise Low Very Low
Penetration of Solids Low Negligible
Reflection and Absorption by Good (Enhancing Excellent (Excellent
Solids Multipathing) Multipathing)
Absorption by Wet Vegetation High Very High
Interference by Ducting Some Some
Equipment Availability Excellent Reasonable
Relative Equipment Costs Low Medium

Uses  Telemetry  Telemetry

 Mobile  Mobile
 Links

© 2017 Crabtree Controls Ltd. All Right Reserved 62

31
Implementing a Radio Link

© 2017 Crabtree Controls Ltd. All Right Reserved 63

Implementing a radio link

● There is an important methodology that must be
followed when designing and implementing a radio link.
● It is relatively straight forward and will provide
successful radio communications if followed closely.
● The design methodology in a sequential order is as
follows:
 carry out a radio path profile
 calculate RF losses for the radio path
 calculate affects of transmitter power
 decide on required fade margin
 choose cable and antenna

© 2017 Crabtree Controls Ltd. All Right Reserved 64

32
Path Profile
● A radio path profile is basically a cross sectional
drawing of the earth for the radio propagation path
showing all terrain variations, obstructions, terrain type
(water, land, trees, buildings, etc) and the masts on
which the antenna are mounted.
● For distances less than one km profiles are not normally
required since the RTU can quite often be clearly seen
from the master site.
● Note: all other calculations and choices described in the
design methodology must be carried out.

© 2017 Crabtree Controls Ltd. All Right Reserved 65

Path Profile
● Using a contour map of the location...
● …having (ideally) 2 m or 5 m intervals …
● …locate the RTU and master site locations.
● Draw a ruled line between the two locations with a
pencil.
● Assume the master site is at distance 0 km, follow the
line along noting the distance at which each contour line
occurs and its height.

© 2017 Crabtree Controls Ltd. All Right Reserved 66

33
Path Profile

220
Altitude (metres above sea level)

200

180 Line of sight radio path

160

140

Calculated terrain
120

0 2 4 6 8 10 12 14 16 18
Distance (km)

© 2017 Crabtree Controls Ltd. All Right Reserved 67

Path Profile
● Unfortunately, this is not a true indication of the path
● This is because the surface of the earth is not flat but
curved.
● Consequently, use is made of a formula that provides a
height correction factor that can be applied to each
point obtained from the map to mark a true earth profile
plot.
d 12
d 25
h


1
.
7
K



where:
h = height correction factor added to the contour height (m)
d1 = distance from a contour point to one end of the path (km)
d2 = distance from same contour point to the other end of the path (km)
K = the ‘equivalent earth radius factor’

© 2017 Crabtree Controls Ltd. All Right Reserved 68

34
Path Profile
● The ‘equivalent earth radius factor K’ account for the radio
wave is bent towards the earth because of atmospheric
refraction.
● This amount varies with changing atmospheric conditions.
● For frequencies below 1 GHz it is sufficient to assume that
for greater than 90% of the time K will be equal to 4/3.
● To allow for periods where a changing K will increase
signal attenuation, a good fade margin should be allowed
for.

© 2017 Crabtree Controls Ltd. All Right Reserved 69

Path Profile
● The K factor allows the radio path to always be drawn in
a straight line and adjusts the earth's contour height to
account for the bending radio wave.
● Once the height has been calculated and added to the
contour height, the path profile can be plotted.
● From the plot it can now be seen if there are any direct
obstructions in the path

© 2017 Crabtree Controls Ltd. All Right Reserved 70

35
Corrected path profile

220
Altitude (metres above sea level)

200
Corrected terrain
180 Line of sight radio path

160

140

Calculated terrain
120

0 2 4 6 8 10 12 14 16 18
Distance (km)

© 2017 Crabtree Controls Ltd. All Right Reserved 71

Fresnel zone
● As a general rule, the path should have good clearance
over all obstructions.
● There is an area around the radio path that appears as
a cone that should be kept as clearance for the radio
path.
● This is referred to as the Fresnel Zone

Line of sight radio path

Fresnel zone

© 2017 Crabtree Controls Ltd. All Right Reserved 72

36
Fresnel zone
● Fresnel zone clearance is of more relevance to
microwave path prediction than to radio path prediction.
● The formula for the Fresnel zone clearance required is:

d 1f
d D
F


2
*


where
 F = Fresnel zone clearance (i.e. radius of cone (m))
 d1 = distance from contour point to one end of path (km)
 d2 = distance from contour point to other end of path (km)
 D = total length of path (km)
 f = frequency in MHz

© 2017 Crabtree Controls Ltd. All Right Reserved 73

Fresnel zone
● If from the plot it appears that the radio path is going
dangerously close to an obstruction, then it is worth
doing a Fresnel zone calculation to check for sufficient
clearance.
● Normally the mast heights are chosen to provide a
clearance of 0.6 x the Fresnel zone radius.
● This figure of 0.6 is chosen because it firstly gives
sufficient radio path clearance and secondly assists in
preventing cancellation from reflections.
● At less than 0.6 F, attenuation of the line of sight signal
occurs.
● At 0.6 F there is no attenuation of the line of sight signal
and therefore there is no gain achieved by the extra
cost of providing higher masts.

© 2017 Crabtree Controls Ltd. All Right Reserved 74

37
Diffraction losses
● Another important point to consider is that frequencies
below 1 GHz have good diffraction properties.
● The lower the frequency the more diffraction that
occurs.
● Therefore, for very long paths it is possible to operate
the link with a certain amount of obstruction.
● It is important to calculate the amount of attenuation
introduced by the diffraction and determine the affect it
has on the availability (i.e. fade margin) of the radio link.
● Assume a hill obstructing the radio path.
● Therefore a calculation is required to be carried out to
determine the attenuation due to diffraction at this hill.
● This would be then added to the total path loss to
determine if the link will still operate satisfactorily.

© 2017 Crabtree Controls Ltd. All Right Reserved 75

Diffraction losses

220
Altitude (metres above sea level)

200 RTU (1 W
Master (5 W Diffraction loss = 23 dB
transmitter)
180 transmitter)
450 MHz

160

140

120

0 2 4 6 8 10 12 14 16 18
Distance (km)

© 2017 Crabtree Controls Ltd. All Right Reserved 76

38
RF path loss calculations

● The next step is to calculate the total attenuation of RF

signal from the transmitter antenna to the receiver
antenna.
● This includes:
 free space attenuation.
 diffraction losses.
 rain attenuation.
 reflection losses.
● Free space attenuation and diffraction losses are
calculated using industry standard formulas.
● Rain attenuation is negligible below 1 GHz.

© 2017 Crabtree Controls Ltd. All Right Reserved 77

Reflection losses
● Reflection losses are difficult to determine.
● First of all the strength of the reflected signal depends on
the surface it is reflected off (e.g. water, rock, sand).
● Secondly, the reflected signal may arrive in phase, out of
phase or at a phase angle in between.
● So reflected waves can be anything from totally
catastrophic to enhancing the signal.
● Good engineering practice should always assume the
worst case, which would be catastrophic failure.

© 2017 Crabtree Controls Ltd. All Right Reserved 78

39
Transmitter power/receiver sensitivity
● The next step is to determine the gain provided by the
transmitters.
● Generally, regulations require that RTUs are allowed to
transmit a maximum of 1 W into the antenna
● Master stations can transmit 5 W (sometimes higher).
● Consequently, the path direction from the RTU to the
Master should be considered.
● The transmit power should be converted to a dBm figure.
For an RTU this would be as follows:
 1000 
Power  10 log   dBm
 1 
Power = + 30 dBm

© 2017 Crabtree Controls Ltd. All Right Reserved 79

Transmitter power/receiver sensitivity

● The next step is to determine the minimum RF level at the
receiver input that will open the front end of the receiver
(i.e. turn it on).
● This is referred to as the Receiver Threshold Sensitivity
Level or sometimes as the Squelch level.
● This figure can obtained from the manufacturer's
specification sheets and for a radio operating at 450 MHz
this would be approximately -123 dBm.
● At this level the signal is only just above noise level and is
not very intelligible.
● Therefore, as a general rule a figure slightly better than this
is used as a receiver sensitivity level.

© 2017 Crabtree Controls Ltd. All Right Reserved 80

40
Transmitter power/receiver sensitivity
● A de facto standard is used where the RF signal is at its
lowest but still intelligible.
● This level is referred to as the 12 dB SINAD level.
● Again, this figure is obtained from manufacturer's data
sheets.
● For a typical 450 MHz radio this level is approximately -117
dBm.

© 2017 Crabtree Controls Ltd. All Right Reserved 81

Transmitter power/receiver sensitivity

● Using these figures a simple calculation can be performed
to determine the links performance
● Typical figures might be:

 Transmit Power at RTU = + 30dBm

 RF Path Attenuation = 133.2dB
 Receiver Sensitivity for 12dB SINAD =117dB
 Available Power at Receiver = Transmitter Power – Attenuation
 = + 30 - 133.2 = -103.2dBm

● Since the receiver can accept an RF signal down to -117

dBm then the RF signal will be accepted by the receiver.
● In this case we have 13.8 dBm of spare RF power.

© 2017 Crabtree Controls Ltd. All Right Reserved 82

41
Other factors
● There are in fact a number of other factors that need to be
taken into account that include:
 Signal to Noise Ratio (SNR) – a measure of the signal power level
compared to the noise power level at a chosen point in a circuit.
 SINAD level – Signal to Noise and Distortion
 Fade margin – a safety margin to cater for the unpredictability of
the link.
 A typical fade margin allowance is approximately 30 dB.
● Interference due to:
 Another radio user operating close by on the same frequency as
the system suffering from interference.
 Noisy transmitters that emit spurious frequencies outside their
allocated bandwidth.
 Intermodulation due to two or more frequencies interacting in a
non-linear device such as a transmitter, receiver or their environs,
or on a rusty bolted joint acting as an RF diode to produce one or
more additional frequencies that can potentially cause interference
to other users.

© 2017 Crabtree Controls Ltd. All Right Reserved 83

42
Design of SCADA system

Section 9.
Basic digital transmission systems
SCADA Systems - Transitioning
from Beginner to Advanced

Section 9.
Basic digital transmission systems

© 2017 Crabtree Controls Ltd. All Right Reserved 1

Balanced vs. unbalanced

© 2017 Crabtree Controls Ltd. All Right Reserved 2

1
Data communications with unbalanced lines

Signal 1
Tx Rx

Signal 2
Rx Tx

Signal 3
Tx Rx
Signal 4
Tx Rx
Signal Common

© 2017 Crabtree Controls Ltd. All Right Reserved 3

Data communications with unbalanced lines

Signal 1
Tx Rx

Signal 2
Rx Tx

Signal 3
Tx Rx
Signal 4
Tx Rx
Signal Common

© 2017 Crabtree Controls Ltd. All Right Reserved 4

2
Data communications with a balanced lines

A (-)
Tx A (+) Signal 1 Rx

A (-)
Rx A (+) Signal 2 Tx

A (-)
Tx A (+) Signal 3 Rx

A (-)
Tx A (+) Signal 4 Rx

Signal Common

© 2017 Crabtree Controls Ltd. All Right Reserved 5

RS 232

© 2017 Crabtree Controls Ltd. All Right Reserved 6

3
Typical Serial Data Communications Link

Transmitted Data Analog Signal Received Data

RS 232 RS 232
DTE DCE DCE DTE
Terminal Modem Modem Terminal

© 2017 Crabtree Controls Ltd. All Right Reserved 7

DTE vs DCE

● DTE
 Data Terminal Equipment
 Transmits on Pin 2 for 25-pin connector
● DCE
 Data Communications Equipment
 Transmits on Pin 3 for 25-pin connector

© 2017 Crabtree Controls Ltd. All Right Reserved 8

4
DB 25-pin connector

Chassis Ground 1
1
Transmit Data (TxD) 2
2
Received Data (RxD) 3
3
Request To Send (RTS) 4
4
Clear To Send (CTS) 5
5
Data Set Ready (DSR) 6
6
Signal Ground (Common) 7
7
Data Carrier Detect (DCD) 8
8
Data Terminal Ready (DTR) 20
20
Ring Indicator (RI) 22
22
Data Signal Rate Selector (DSRS) 23
23 (Rarely supported)
Terminal Modem
DTE DCE
© 2017 Crabtree Controls Ltd. All Right Reserved 9

DB 9-pin connector

Data Carrier Detect (DCD) 1

1
Received Data (RxD) 2
2
Transmit Data (TxD) 3
3
Data Terminal Ready (DTR) 4
4
Signal Ground (Common) 5
5
Data Set Ready (DSR) 6
6
Request To Send (RTS) 7
7
Clear To Send (CTS) 8
8
Ring Indicator (RI) 9
9
Terminal Modem
DTE DCE
Chassis Ground implemented through connector shell and cable screen

© 2017 Crabtree Controls Ltd. All Right Reserved 10

5
Voltage Levels for EIA-232

+25 V
‘0’

Logic ‘0’

+3 V
Transition
region –3 V

Logic ‘1’
Idle state ‘1’ ‘1’

–25 V Data lines

© 2017 Crabtree Controls Ltd. All Right Reserved 11

Voltage Levels for EIA-232

+25 V
Enabled ‘ON’

Logic ‘1’

+3 V
Transition
region –3 V

Logic ‘0’
Disabled ‘OFF’ Disabled ‘OFF’

–25 V Control lines

© 2017 Crabtree Controls Ltd. All Right Reserved 12

6
Handshaking

RTS - Request To Send

CTS - Clear To Send
DSR - Data Set Ready (DCE Ready)
DTR - Data Terminal Ready (DTE Ready)

© 2017 Crabtree Controls Ltd. All Right Reserved 13

Handshaking

Step 1. DTE ‘asserts’ (makes true) DTR pin.

This tells the DCE to start

Chassis Ground 1
1
Transmit Data (TxD) 2
2
Received Data (RxD) 3
3
Request To Send (RTS) 4
4
Clear To Send (CTS) 5
5
Data Set Ready (CTS) 6
6
Signal Ground (Common) 7
7
Data Carrier Detect (DCD) 8
8
Data Terminal Ready (DTR) 20
20
Ring Indicator (RI) 22
22
Data Signal Rate Selector (DSRS) 23
23 (Rarely supported)
Terminal Modem
DTE © 2017 Crabtree Controls Ltd. All Right Reserved DCE 14

7
Handshaking

Step 2. DCE ‘asserts’ (makes true) DSR pin.

This tells the DTE that the modem is plugged in and turned on.
Chassis Ground 1
1
Transmit Data (TxD) 2
2
Received Data (RxD) 3
3
Request To Send (RTS) 4
4
Clear To Send (CTS) 5
5
Data Set Ready (DSR) 6
6
Signal Ground (Common) 7
7
Data Carrier Detect (DCD) 8
8
Data Terminal Ready (DTR) 20
20
Ring Indicator (RI) 22
22
Data Signal Rate Selector (DSRS) 23
23 (Rarely supported)
Terminal Modem
DTE © 2017 Crabtree Controls Ltd. All Right Reserved DCE 15

Handshaking

Step 3. DCE also ‘asserts’ the DCD pin.

Chassis Ground 1
1
Transmit Data (TxD) 2
2
Received Data (RxD) 3
3
Request To Send (RTS) 4
4
Clear To Send (CTS) 5
5
Data Set Ready (DSR) 6
6
Signal Ground (Common) 7
7
Data Carrier Detect (DCD) 8
8
Data Terminal Ready (DTR) 20
20
Ring Indicator (RI) 22
22
Data Signal Rate Selector (DSRS) 23
23 (Rarely supported)
Terminal Modem
DTE © 2017 Crabtree Controls Ltd. All Right Reserved DCE 16

8
Handshaking

Step 4. DTE ‘asserts’ RTS.

This lets the DCE know that there is data to be send
Chassis Ground 1
1
Transmit Data (TxD) 2
2
Received Data (RxD) 3
3
Request To Send (RTS) 4
4
Clear To Send (CTS) 5
5
Data Set Ready (DSR) 6
6
Signal Ground (Common) 7
7
Data Carrier Detect (DCD) 8
8
Data Terminal Ready (DTR) 20
20
Ring Indicator (RI) 22
22
Data Signal Rate Selector (DSRS) 23
23 (Rarely supported)
Terminal Modem
DTE © 2017 Crabtree Controls Ltd. All Right Reserved DCE 17

Handshaking

Step 5. If DCE is clear to accept data…

…it ‘asserts’ CTS to complete the RTS/CTS handshake
Chassis Ground 1
1
Transmit Data (TxD) 2
2
Received Data (RxD) 3
3
Request To Send (RTS) 4
4
Clear To Send (CTS) 5
5
Data Set Ready (DSR) 6
6
Signal Ground (Common) 7
7
Data Carrier Detect (DCD) 8
8
Data Terminal Ready (DTR) 20
20
Ring Indicator (RI) 22
22
Data Signal Rate Selector (DSRS) 23
23 (Rarely supported)
Terminal Modem
DTE © 2017 Crabtree Controls Ltd. All Right Reserved DCE 18

9
Limitations of RS 232

● Point-to-Point
● Distance Limitation (50 ft)
● 19.2 kbaud
● -3 to -25V and +3 to +25 V

© 2017 Crabtree Controls Ltd. All Right Reserved 19

EIA 232 Revisions

Revision D
• 25-pin D connector formally recognised
• 50 ft distance constraint modified to 2500 pF

Revision E
• 26-pin ALT A connector recognised
Revision F
• Slew rates specified

© 2017 Crabtree Controls Ltd. All Right Reserved 20

10
Baud rate vs. cable length

Baud Rate Cable Length (m)

110 850
300 800
600 700
1200 500
2400 200
4800 100
9600 70
19200 50
115 K 20

© 2017 Crabtree Controls Ltd. All Right Reserved 21

Shield 1 1 Shield
Tx 2 2 Tx
Rx 3 3 Rx
RTS 4 4 RTS
CTS 5 5 CTS
DSR 6 6 DSR
Com 7 7 Com
CD 8 8 CD
DTR 20 20 DTR
RI 22 22 RI
DTE DTE

© 2017 Crabtree Controls Ltd. All Right Reserved 22

11
Null Modem without handshaking

5 Signal Ground (Common) 5

9 9

4 4

8 8
3 3
7 7

2 2

6 6

1 1

Terminal Terminal DTE

DTE

RS 485

12
The drop line vs. daisy chain

Trunk line

Drop line Drop line

Drop line
Drop line

The drop line vs. daisy chain

13
Traditional junction block

+ +
Trunk S S Trunk
- -

Daisy chain junction block

+ +
Trunk S S Trunk
- -

14
EIA 485 standard
● RS 485 uses balanced data line transmission.
● The transmitter generates a typical voltage of 5 V between
the A and B outputs.
● When idle (logic 1) there is +5 V on B and 0 V on A.
● For correct operation a return signal path between the
grounding of individual devices is required .
● This is realised by a grounding wire.

EIA 485 voltages

 It is important to note that although the transmitter and

the receiver are connected with a ground wire, it is not
used to determine logic levels at the AB wires.
 A commonly occurring problem is that the inputs only
have a limited range
 If the ‘common mode voltage’ level is exceeded with,
for example, a d.c. offset voltage, the differential input
will no longer be processed.
 The common mode voltage should, therefore, not
exceed +12 or -7 V.

15
Three States
● The RS 485 standard can be configured in either a half- or
full-duplex mode.
● In the half-duplex mode, all the devices are connected to a
single twisted pair cable.
● Obviously, only one transmitter can be active at any time.

Two-wire multi-drop

A (-)
Tx Rx
Tx Rx
B (+)
Rx Tx
Rx Tx

Tx Tx
Tx Tx

Rx Rx
Rx Rx

16
Idle state

0V
1
Tx 1
+5 V
0V
1
Tx 2
+5 V
0V
1
Tx 3
+5 V

0V
1
Tx 4
+5 V

Active state

1 0V
Tx 1
+5 V

1 0V
Tx 2
+5 V

1 0V
Tx 3
+5 V

0 +5 V
Tx 4

17
Three States
● Consequently, in order to allow several devices to share a
single line, and at the same time prevent more than one
device from actually transmitting at a time, all the
transmitters have an Enable input that sets the transmitter
outputs to a high impedance state.
● Such drivers are said to have tri-state outputs:
 Logic 1
 Logic 0
 High Impedance - Hi-Z

Idle state

Tx 1 Hi-Z Up to 1200 m

Enable

Tx 2 Hi-Z

Enable

Tx 3 Hi-Z

Enable

Tx 4 Hi-Z

Enable

18
Problem 3
● However, when all the transmitters are disabled and are in
a high impedance state, the line will be in an undefined
state and be susceptible to noise pick up.
● In order to overcome this problem use is made of ‘Fail Safe
Biasing’
● Frequently referred to as a ‘live terminator’ or ‘power
terminator’.

Live termination
+5 V

0V
Tx 1 Up to 1200 m
+5 V
Enable
0V
Tx 2
+5 V
Enable

Tx 3 0V

+5 V
Enable

0V
Tx 4

+5 V
Enable

19
Problem 3
● Without such biasing the receiver outputs are
undetermined when the drivers are in their Hi-Z state and
the line would then settle within the receivers’ threshold
limits (200 mV)
● The fail-safe bias ensures that the bus differential voltage
is in a defined state (2.5 V) when all the transmitters are
idle.

Four-wire multi-drop

Master Slave

Tx Rx
Tx Rx

Rx Tx
Rx Tx

Slave Slave

Tx Tx
Tx Tx

Rx Rx
Rx Rx

20
RS - 485 with Repeaters

Central Processor Bi-directional Repeater Remotest Station

Tx Rx Tx Rx

Rx Tx Rx Tx

Local Station Remote Station

Terminate or not to terminate?

● Advantages
 Elimination of reflections
● Disadvantages
 Increased load on the drivers
 Increased installation complexity
 Changed biasing requirements
 System modification more difficult

21
Terminate or not to terminate?

● Decision to use termination is based on cable length and

data rate.
● Rule of thumb:
 Termination is not required if propagation delay of data line is
much less than one bit width
● This assumes that reflections will dampen out in several trips
up and down the data line
● Because receiving UART samples data in middle of the bit …
● … important that signal level is stable at that point
● Propagation delay is calculated by multiplying cable length
by propagation velocity
● Propagation velocity is typically 0.66 to 0.75 of the speed of
light (C)… given by cable manufacturer

Terminate or not to terminate?

Typical data bit with

ringing due to reflections

Ringing has ceased by time of sampling

22
Terminate or not to terminate?

Data bit with extended

ringing

Ringing has virtually ceased by time of sampling

Terminate or not to terminate?

Ringing is still present at time of sampling

23
Exercise 7

● Assume the following:

 600 m length of cable
 a propagation velocity of 0.66
 the reflections will damp out in three ‘round trips’
 A baud rate of 9600
● Is matching required?

Total round trip distance

3 10 8  velocity factor

Exercise 7 - Answer
● What is the time of one round trip?

1200
 6 μs
3 10 8  0.66

 What is the time for three ‘round trips’?

 18 s
 So…how long will it take the signal to stabilise?
 18 s

24
Exercise 7 - Answer

18 s

 What is the bit width at 9600 baud?

Exercise 7 - Answer

18 s
104 s

 Is matching required?

25
Exercise 8

● What would be the minimum width that could be

tolerated?

18 s
36 s

Exercise 8- Answer

● What baud rate corresponds to a 36 s bit width

10 6
bit width 
baud rate

 Approximately 28 kbaud

26
The EIA-422 Balanced Line Driver Connections

RS 422 RS 422
Transmitter Balanced line with Receiver
differential voltages
Line Driver A (-) (-5 to + 5 V) Line Receiver

B (+)
Up to 1200 m 10

Terminating
Resistor

1 2 9

Up to 10 receivers

RS-485 vs RS-422

● Don’t get confused between them

● Same Chips
● RS-485 is 2-wire system
● RS-422 is 4-wire system point to point – usually
without Tri-state Hi-Z

27
Installation Troubleshooting

● Wires are reversed

● Loose or bad connections
● Excessive electrical noise
● Common mode voltage problems
● Reflection of signal
● Shield not grounded
● Starring or Teeing of devices
● Induced Noise on A-/B+ lines
● Reflections
● Unbalancing the line

Data Signalling vs. Cable Length

10 k

Data signalling rate

using 24 AWG cable

1k
Cable length (m)

1200

100

Many RS 422/485
systems run up to
5000 m at 1200 bps

10
1K 10 K 100 K 1M 10 M
Data signalling rate (bits/s))

28
RS-232/422 Converter

RS 232 RS 422
RS 232 to 422 Converter

A (-)
Tx Tx Rx Tx B (+) Rx Rx
Processor A (-) Processor
Rx Rx Tx Rx B (+) Tx Tx

Com Com

RS-232/485 Converter

RS 232 RS 485
RS 232 to 485 Converter

A (-)
Tx Tx Rx Tx B (+) Rx Rx
Processor Processor
Rx Rx Tx Rx Tx Tx

Com Com

29
Error detection

Error detection

● Three main techniques for error detection:

 Character Redundancy (Parity)
 Block Redundancy
 Longitudinal Redundancy Check (LRC)
 Arithmetic Checksum
 Cyclic Redundancy Check (CRC)

46
Parity

● Even or Odd Parity

● UART counts number of ones in each character
● If Even parity chosen, puts a one in the parity but if
necessary to make number of ones even
● Only detects 60% of errors

Cyclic redundancy
● Developed to check data transfers from disk drives
● Used with large messages
● Also sends a check character
● The information bits, taken in conjunction, correspond to
the coefficients of a message polynomial having terms
from Xn-1
(n = total number of bits in a block or sequence) down to X16 + X12 +
X5 + 1.
● The check bits correspond to the coefficients of the terms
from X15 to X0 in the remainder polynomial found at the
completion of this division

47
Cyclic redundancy
● The basic idea of the CRC algorithm is to simply treat the
message (the Dividend) …as a huge binary number
 Divide it by another fixed binary number (the Divisor)
 This gives rise to an answer comprising the Quotient…
 …and the Remainder
 Throw the quotient away …
 … and make the Remainder the CRC error check.
Message (Dividend)
= Quotient + Remainder
Fixed key (Divisor)

Cyclic redundancy
 Upon receipt of the message, the receiver performs the
same division and compares the remainder with the
transmitted remainder.
 If they differ, the message must have been corrupted.
 If, they are equal, the odds are very good that the
message went through uncorrupted.

48
Cyclic redundancy

 A key factor in the performance of any CRC algorithm is

the choice of the predefined divisor.
 The divisor is called either the ‘generator polynomial’ (or
simply the ‘polynomial’) or the ‘key’.
 There are two well-known 16-bit polynomials:
» CRC-16 (as used in Modbus) and
» CRC-CCITT (used in disk storage).
 Of the two, CRC-CCITT is considered to be slightly
superior.
 Ethernet makes use of a 32-bit key.

The polynomial
CRC-16
● X16 +X15 + X2 +1
 Where X denotes those positions that are a binary 1
 i.e. 1100 0000 0000 0010 1 (18005 hex)
● A polynomial of degree 16 has 17 coefficients and thus
requires a 17-bit number to store it.
● However, since we know that the highest coefficient (in
front of x16) is 1, we don't have to store it.
● The key is thus normally expressed as:
 0x8005

49
The polynomial
CRC-CCITT
● X16 +X12 + X5 +1
 i.e. 1000 1000 0001 0000 1 (11021 hex)
● which, again, is expressed as:
 0x1021

CRC-32
● X32+X26+X23+X22+X16+X12+X11+X10+X8+X7+X5+X4+X2+X+1
 i.e. = 1 0 0 0 0 0 1 0 0 1 1 0 0 0 0 0 1 0 0 0 1 1 1 0 1 1 0 1 1
0 1 1 1 (104C11DB7 hex)
● which, again, is expressed as:
 0x04C11DB7

Cyclic redundancy
● Detects virtually 100% of errors:
 all single bit errors
 any odd number of errors
 all single and double errors in the message format
 any two burst errors of two bits in the message format
 any single burst of 16 bits or less
 all but 1 in 32768 bursts of exactly 17 bits
 all but 1 in 65536 bursts of greater than 17 bits
● The use of CRC greatly improves the error rate.
● Typical improvements of the order of 105
● For a circuit with a basic error rate of 1 in 105, this gives an
undetected error rate of 1 in 1010

50
Cyclic Redundancy
● The checking process can be implemented relatively
easily in
 software
 hardware (chips available to do this)

51
Design of SCADA system

Section 10.
Fieldbus systems
SCADA Systems - Transitioning
from Beginner to Advanced

Section 10.
Fieldbus systems

Modbus

1
Modbus Protocol

● Developed by Modicon for use with process control

systems.
● Estimated by Control Engineering magazine that over 40 %
of industrial interfacing is done using this protocol.
● Even the new fieldbus state of the art standards appearing
today have a Modbus gateway.

Open Protocol

● While Modbus is not an actual system it is a protocol used

on many industrial systems
● Although it is an old standard (written in fortran in the
1970s) it has become a highly successful open protocol
(defacto standard)
● Originally intended to link Modicon PLCs with intelligent
terminals
● Half-duplex, master/slave operation
● Connects 1 master with up to 255 Slaves
● Typically used with a multidrop bus

2
A De-facto Standard

● Widespread acceptance.
● PLC jargon used in describing the standard....but used in
instruments/gas chromatographs....etc
● Two Versions:
 Modbus RTU (Sometimes Modbus-B)
 Modbus ASCII
● Have almost identical format except that RTU being binary
is more compact.

OSI Model

● No physical layer specified so can be used with a variety

of voltage standards such as;
 RS-232/RS-422 (Point-to-point)
 RS-485 (Multidrop Bus)
 Bell 202 Modem (Switched and Leased Lines)

● Asynchronous, Byte-oriented Frames

3
Modbus Protocol Structure

Error check field

Function field
Address field

DATA field
1 Byte 1 Byte Variable 2 Bytes

Memory Structure
110 V d.c. Coil 24 V d.c. Input
(Digital/Discrete Input) (Discrete Input)

Slave Node

Master
Node 16-bit input register 16-bit output register

ADC DAC

4
The Application Layer

● Two types of messages:

 Query/response - specific slave addressed
 Broadcast - Address 00, no response required
● Function codes specify:
 What the slave is to do
 What section of the memory map to find or deposit the data
 E.G. Coil Status, Input Status, Input Register, Holding Register

Addresses and function codes

Data type Absolute Relative Function Description

address address code
Coils 00001 to 09999 0 to 9998 01 Read Coil status

Coils 00001 to 09999 0 to 9998 05 Force single Coil

Coils 00001 to 09999 0 to 9998 15 Force multiple Coils

Discrete inputs 10001 to 19999 0 to 9998 02 Read input status

Input Registers 30001 to 39999 0 to 9998 04 Read input registers

Holding registers 40001 to 49999 0 to 9998 03 Read holding register

Holding registers 40001 to 49999 0 to 9998 06 Preset single register

Holding registers 40001 to 49999 0 to 9998 16 Preset multiple registers

5
Addresses and function codes

Data type Absolute Relative Function Description

address address code
Coils 00001 to 09999 0 to 9998 01 Read Coil status

Coils 00001 to 09999 0 to 9998 05 Force single Coil

Coils 00001 to 09999 0 to 9998 15 Force multiple Coils

Discrete inputs 10001 to 19999 0 to 9998 02 Read input status

Input Registers 30001 to 39999 0 to 9998 04 Read input registers

Holding registers 40001 to 49999 0 to 9998 03 Read holding register

Holding registers 40001 to 49999 0 to 9998 06 Preset single register

Holding registers 40001 to 49999 0 to 9998 16 Preset multiple registers

Addresses and function codes

Data type Absolute Relative Function Description
address address code
Holding registers 40001 to 49999 0 to 9998 03 Read holding register

 Assume we want to READ HOLDING REGISTER at address

40001 (absolute address)
 We use FUNCTION CODE 03 and RELATIVE ADDRESS 0
 And to READ HOLDING REGISTER at address 40005
(absolute address)
 We use FUNCTION CODE 03 and RELATIVE ADDRESS 04

6
Read coil status

Request message

Address field

Number
of points
offset
Initial
Function
Code

CRC
Hi Lo Hi Lo
01 01 00 0A 00 02 9D C9

Response frame

Byte count

Coil data
Function
Address

Code

CRC
field

01 01 01 03 9D C9

Read Coil Status

0D 0C 0B 0A 09 08 … …

HEX
0 0 00

0 1 01

1 0 02

1 1 03

7
Read coil stutus

Request message

Address field

Number
of points
offset
Initial
Function
Code

CRC
Hi Lo Hi Lo
01 01 00 0A 00 04 9D C9

Response frame

Byte count

Coil data
Function
Address

Code

CRC
field

01 01 01 05 11 89

Read Coil Status

0D 0C 0B 0A HEX
0 0 0 0 00
0 0 0 1 01
0 0 1 0 02
0 0 1 1 03
0 1 0 0 04
0 1 0 1 05
0 1 1 0 06
0 1 1 1 07
1 0 0 0 08
1 0 0 1 09
1 0 1 0 0A
1 0 1 1 0B

8
Write Request

● Can you trust the response that comes back when you
are writing a critical parameter down ?
● Methods to check:
 Do a subsequent read request of that parameter.
 Check some other associated parameter..e.g. start a
pump..check flow rate...

Loopback Test

● Function Code 08
● Tests the operation of the communications system without
affecting the memory tables of the slave device
● So… usually a simple return of the query message

9
Read coil status

Request message

diagnostic
Address field

Data
Function

Data

cod
Code

CRC
Hi Lo Hi Lo
11 08 00 00 A5 37 --

Response frame

diagnostic
Address field

Data
Function

Data

cod
Code

Modbus Exception Responses

● Exception responses are returned if error conditions

occurred during communications
● The most significant bit of the function code is set in the
returning message
● The error code is returned in the data field

10
Modbus Exception Responses

Code Name Description

01 Illegal function Requested function is not supported
02 Illegal data address Requested data address is not
supported
03 Illegal data value Specified data value is not supported
04 Failure in associated device Slave PLC has failed to respond to
message
05 Acknowledge Slave PLC is processing the command
06 Busy, rejected message Slave PLC is busy

Read coil stutus

Request message
Address field

Initial offset

Number of
Function

points
Code

CRC

01 01 02 01 03 9D C9

Response frame
Exception
Function
Address

Code

CRC
code
field

01 81 02 9D C9

11
ProfiBus

Introduction
● Why have we have ended up with so many industrial
communications systems?
● The origins go back at least a 20 years to the days of the
ISA SP 50 (the same committee that standardised on the
4 – 20 mA current loop).
● By 1994, two organisations, the Interoperable Standards
Project (I SP) and WorldFIP, were vying for dominance as
the field bus standard.
● In the second half of 1994 there was an agreement to
merge the two specifications in the interests of
standardisation.
● The result was the Fieldbus Foundation.

12
Introduction
● Unfortunately this did not result in agreement among the
original contenders and, as a result, we now have
Profibus (formerly ISP), WorldFIP, and Foundation
Fieldbus as the main contenders.
● The problem is partly that of vested interests, partly
conflicting requirements for different applications, and
partly due to end-user lack of interest in the details.
● This is compounded by the reluctance of the various bus
proponents in differentiating their offerings and at the
same time, trying to keep them proprietary.

Introduction
● Profibus (Process Field Bus) is the outcome of a joint project
started in 1987 by Siemens and supported by Bosch and Klöckner-
Müller.
● Profibus comprises a suite of protocols:

Motion Control
PROFIBUS DP PROFIBUS PA with PROFIBUS PROFIsafe
(Manufacturing) (Process) (Drives) (Universal)
Application Application Application Application
Profiles, Profiles, Profiles, Profiles,
for example for example for example for example
Ident. Systems PA Devices PROFIdrive PROFIsafe

DP-Stack DP-Stack DP-Stack DP-Stack

(DP-V0..V2) (DP-V1) (DP-V2) (DP-V0..V2)

RS485
RS485 MBP-IS RS485
MBP-IS

13
Relationship between the three protocols

Factory
Ethernet TCP/IP Ethernet TCP/IP
level Area
Controller
Bus cycle time PC/VME

< 1000 ms
CNC

Cell PROFInet -FMS

PROFIBUS
level VME/PC
Bus cycle time PLC Segment
< 100 ms coupler/link

Field PROFIBUS-DP PROFIBUS-PA

level
Bus cycle time
< 10 ms

Profibus DP

● DP (Decentralized Peripherals): designed for fast data

exchange at field level.
● This is where central programmable controllers, such as
PLCs, PCs or process control systems, communicate
with distributed field devices, such as I/O, drives, valves,
transducers or analysis devices, over a fast serial
connection.
● Data exchange with the distributed devices is primarily
cyclic.

14
Profibus DP

 DP allows a maximum of 125 devices to be connected to

one bus and in its simplest form, a mono-master system,
comprises a single master (known as DP Master Class 1)
connected to up to 124 slaves.

DP-Master
Class 1

PROFIBUS-DP

Profibus DP
 The DP Master Class 1 is typically a PLC or process
controller.
 Data transmission between the master controller and
the slaves is executed automatically by the master in a
defined, cyclical order.
 The central controller (master) reads input information
from the slaves cyclically and writes output information
to the slaves cyclically.
 DP only requires approx. 1 ms at 12 Mbit/s for the
transmission of 512 bits of input and 512 bits of output
data distributed over 32 stations.

15
Profibus PA

 Profibus PA (Process Automation) uses MBP-IS technology

for electrical signalling – catering for both intrinsic safety
and bus powered stations using two-wire technology.
 The term MBP-IS describes the transmission the
technology according to its attributes:
» Manchester encoded (M)
» Bus Powered (BP)
» Intrinsic Safety (IS)
This was previously described as the IEC 61158-2
standard.

Profibus PA

 MBP makes use of Manchester encoded synchronous

transmission running on a shielded twisted pair cable at a
data rate of 31.25 kbits/s.
 The MBP transmission medium allows up to 32 stations per
line segment up to a maximum distance of 1900 m.
 The total distance can extend to 10 km and the maximum
number of stations can be extended up to a total of 126,
through the use of up to four line repeaters.

16
Profibus PA

 Tree or line structures are possible, as well as any

combination of the two.
 MBP transmission medium allows devices to be connected
and disconnected during operation, even in hazardous
areas.
xi + x
+.......- I........
Flow ........ ..P
rate totaliz Over
er rang
e

PROFIBUS-DP
 10 mA
 10 mA

 10 mA

Segment
coupler
MBP-IS 31.25 Kbit/s  10 mA
24 V

Shielded twisted-pair cable  10 mA 1 F

Foundation Fieldbus

17
Introduction

● Targeted at instrumentation and actuators and their

controllers.
● Essentially a LAN for field devices.
● Based on IEC 61158-2 Physical layer.
● Excellent feature is well developed user layer.

Comparison of the Physical Layer of Profibus PA and Foundation Fieldbus

Feature Profibus PA
Transmission type IEC 61158-2
Transmission medium Shielded twisted-
pair cable
Maximum distance of single 1900 m
element
Maximum number of nodes on a 32
single element
Total length (with the extension) 10 km
Total number of nodes (with the 126
extension)
Bus-powered field devices? Yes
Intrinsic safety? Yes
Connect/disconnect live network? Yes
Topology Bus, tree

18
Comparison of the Physical Layer of Profibus PA and Foundation Fieldbus

Feature Profibus PA Foundation Fieldbus

Transmission type IEC 61158-2 IEC 61158-2
Transmission medium Shielded twisted- Shielded twisted-pair cable
pair cable
Maximum distance of single 1900 m 1900 m
element
Maximum number of nodes on a 32 32
single element
Total length (with the extension) 10 km 10 km
Total number of nodes (with the 126 126
extension)
Bus-powered field devices? Yes Yes
Intrinsic safety? Yes Yes
Connect/disconnect live network? Yes Yes
Topology Bus, tree Bus, tree

Factory
Ethernet TCP/IP Ethernet TCP/IP
level Area
Controller

H2 level CELL LEVEL

VME/PC
PC/VME
PLC

H1 level FIELD LEVEL

+.......- I........
Flow ........  ..P
rate totaliz Over
er range

19
Source/Destination Model

Controller 1 Controller 2 HMI

I/O Drive 1 Drive 2

Source/Destination Model

Controller 1 Controller 2 HMI

5 6
4 2 7
1

I/O Drive 1 Drive 2

20
Producer/Consumer Model

Controller 1 Controller 2 HMI

2 3

I/O Drive 1 Drive 2

Link Active Scheduler (LAS)

● In order to accomplish peer-to-peer communication,

access to the fieldbus is managed through a deterministic
centralised bus scheduler called the Link Active Scheduler
(LAS).
CELL LEVEL
Interface card
PC/VME
Device 1 (Linkmaster)
Primary LAS

FIELD LEVEL

+.......- I........
Flow ........  ..P
rate totaliz Over
er range

Device 2 Device 3 Device 4 Device 5 Device 6 (Linkmaster) Device 7

Back-up LAS

21
Link Active Scheduler (LAS)

● The LAS is assigned to what is termed a Link Master,

which is either the host (e.g. the workstation interface)…
● …or to any field to device having sufficient processing
capabilities
CELL LEVEL
Interface card
PC/VME
Device 1 (Linkmaster)
Primary LAS

FIELD LEVEL

+.......- I........
Flow ........  ..P
rate totaliz Over
er range

Device 2 Device 3 Device 4 Device 5 Device 6 (Linkmaster) Device 7

Back-up LAS

● In order to provide redundancy, a system may incorporate

multiple Link Masters.
● In the event of failure of the primary Link Master, the
second Link Master takes over the LAS and provides
continued bus operation.
CELL LEVEL
Interface card
PC/VME
Device 1 (Linkmaster)
Primary LAS

FIELD LEVEL

+.......- I........
Flow ........  ..P
rate totaliz Over
er range

Device 2 Device 3 Device 4 Device 5 Device 6 (Linkmaster) Device 7

Back-up LAS

22
Cyclic vs. acyclic

● The LAS cater for both cyclic and acyclic data

transmission.
● Process data is usually critical information required by
either the host or other devices
● This requires cyclic, scheduled to data transfers between
devices on the fieldbus.
● Non-cyclic data such as parameterisation, periodic bus
audit of connected devices, or initiation of newly connected
devices, is should have absolutely no effect on the
collection and distribution of process information.
● Scheduling is accomplished by the LAS which contains a
list of activities that are scheduled to occur on a cyclic
basis.

Cyclic vs. acyclic

● At the scheduled time, the LAS sends a Compel Data (CD)

message to a specific data buffer in a fieldbus device…
● …in this example, Device A – the Publisher.
● Here, Device A publishes its data to all subscribers on the
bus.
Schedule
Device A
Device B CD to Device A
Device C
Fieldbus
LAS

Data (A) Data (A) Data (A)

23
Cyclic vs. acyclic

● At the next scheduled time, the LAS sends a Compel Data

(CD) message to Device B …
● …who now becomes the Publisher …
● …and A publishes its data to all subscribers on the bus.

Schedule
Device A
CD to Device B
Device B
Device C
Fieldbus
LAS

Data (A) Data (A) Data (A)

Cyclic vs. acyclic

 Sending 'unscheduled' (acyclic) messages is accomplished

using a free-running Pass Token (PT) that allows each
device to publish any information it might have, whilst it
holds the token.

Live List PT to Device X

Device X
Device Y
Device Z
Fieldbus
LAS
Data X

Device X Device Y Device Z

24
Function blocks

Analog output AO Discrete output DO

Analog input AI Manual loader ML

Bias B Proportional/derivative PD

Control selector CS Proportional/integral/

PID
derivative

Discrete input DI Ratio RA

Function blocks

 A further nineteen additional function blocks are available for use

in advanced control strategies:
» Pulse Input
» Lead/Lag
» Complex AO
» Arithmetic
» Complex DO
» Integrator
» Step Output PID
» Timer
» Device Control
» Analog Alarm
» Setpoint Ramp
» Discrete Alarm
» Splitter
» Analog Human Interface
» Input selector
» Discrete Human Interface
» Signal Characteriser
» Dead Time
» Calculate

25
Function blocks

AI AI AI
AI DI ML
AI
Input PID PD PID
AO DI
AO DO AO AO AO
Manual Control
Output Feedback Control Track, Feedforward
Capability in Control

AI AI AI
AI AI AI AI
PID
PID PID
RA PID
BG BG
SS PID PID

AO AO AO AO AO

Override Control Ratio Control Cascade Control Split Range Control

Function blocks

Fieldbus

Device 1 Device 2 PI 110

AO 110
AI 110

26
Application profiles

12 bar Physical limit of the measuring sensor

PV_SCALE
Measuring range limit (Scaling of the
8 bar measuring range)
HI-HI-LIM (Upper alarm limit)
Measuring range

HI-LIM (Upper warning limit)

(bar)

OUT
(Measured value)

LO-LIM (Lower warning limit)

LO-LO-LIM (Lower alarm limit)
0 bar
Measuring range limit

-12 bar Physical limit of the measuring sensor

Profibus PA vs. FF

Profibus PA
● instruments unable to communicate with each other so
that no control is available in the field;
● pre-configuration of instruments required using DIP
switches;
● time stamping not available; and
● Profibus PA needs to be connected to Profibus DP.
Thus, if control system fails PA instruments stop
communicating.

27
Profibus PA vs. FF

Foundation Fieldbus
● automatic address assignment (true Plug ‘n Play);
● deterministic highway communication;
● control in the field, giving improved redundancy;
● standard library of function blocks;
● master clock (Link Active Scheduler);
● trends any input or output parameter - holds last 16
values and statuses;
● meaningful device status;
● tag search function; and
● Device Description (EDDL)

Fieldbus typical installation

28
DNP and IEC 60870

Preview of DNP3

● What is DNP3?
● Open standards and interoperability
● Early SCADA Standards
● DNP3 and IEC 60870
● Implementors of DNP3
● Features and Benefits of DNP3

29
What is DNP3?

● Distributed Network Protocol Version 3.0

● Defines communications between:
 Master Stations
 Remote Telemetry Units (RTUs)
 Intelligent Electronic Devices (IEDs)
● More than just communications
● Originally developed in electrical utility industry

How was it Created?

● Created in early 1990’s by Harris Controls Division

● Based on IEC 870-5
● Released as an Open Protocol in Nov 1993
● Ownership by DNP User Group

30
Designed for SCADA

● Features ● Data Structure

 Time stamping  Analogs
 Optimised use of  Binary
bandwidth  Counters
 Reporting by exception
 Variety of operating
modes

Is it widely supported?

● Industry ● Geographic
 Began in Electric  North America
Utility Industry in 1993  Asia
 Oil & Gas  Australia
 Water & Wastewater  South Africa
 Middle East

31
Open Standards

● Available to all
● Offer benefits if:
 Widely supported
 Are sufficiently detailed
 Are accurately implemented
 So that systems interoperate

● Benefits
 Greater choice of equipment
 Competition
 Extended life-cycle
 Can add functionality in future
 Can upgrade system incrementally

Early SCADA Standards

● ANSI/IEEE C37.1 - 1987

 Sections on telecommunications
 Did not define message for Master - RTU

● IEEE RP for SCADA Communication P999 - 1992

 Included message framing
 Did not define application level message formats

32
IEC 60870

● Originally IEC 870 Telecontrol Equipment and Systems,

later IEC 60870
● Published in parts from 1988
● Incorporates a reduced form of OSI 7-Layer model called
Enhanced Performance Architecture (EPA)

IEC 60870

IEC 60870-5 Transmission protocols

Standard Description Year

Reference
60870-5-1 Transmission Frame Formats 1990
60870-5-2 Link Transmission Procedures 1992
60870-5-3 General Structure of Application Data 1992
60870-5-4 Definition and Coding of Application Information Elements 1993
60870-5-5 Basic Application Functions 1995
60870-5-101 Companion Standard for Basic Telecontrol Tasks 1995
60870-5-102 Companion Standard for Transmission of Integrated Totals 1996
60870-5-103 Companion Standard for Protection Communication 1997
60870-5-104 Network Access using Standard Transport Profiles 1999

33
DNP3 and IEC 60870

● The two open SCADA Protocols to emerge from era of

proprietary protocols
 DNP3 released Nov 1993
 IEC 60870-5-101 or T101
● Both based on IEC 870
● Both open
● Different

IEC 870
Overall framework

IEC 60870-5-101 DNP3

IEC Implementation Harris Controls Implementation

Implementors of DNP3
● ABB Network Control
● ABB Power T&D Co.
● Advanced Control Systems
● Siemens Energy & Automation
● Harris Controls
● Leeds & Northrup
● Bailey Network
● CI Technologies
● Triangle Microworks
● Hunter Watertech
● Novatech Limited
● www.dnp.org.com

34
DNP features

● System topology
 Master - slave
 Multiple master
 Direct or one-on-one
 Multi-drop
 Hierarchical
● Operating Modes
 Polled static operation
 Polled Report-by-Exception
 Unsolicited Report-by-Exception with background integrity poll
 Unsolicited Report-by-Exception ONLY or quiescent

DNP3 features

 Provides for ‘Changed Data’ only responses

 Broadcast Messages
 Secure configuration/file transfers
 Addressing for over 65,000 devices on a single link
 Provides time synchronisation and time-stamped events
 Data link and application layer confirmation

35
DNP3 features

 Supports time stamped messages for Sequence Of Event

(SOE) recording
 Breaks messages into multiple frames to provide optimum
error control and rapid communication sequences
 Allows peer-peer topology as well as master-slave
 Allows multiple master topology
 Provides user definable objects
 Provides for reporting by exception/event without polling
by master

Benefits of DNP3

 Open Standard
 Supported by an active DNP user group
 A protocol that is supported by a large and increasing
number of equipment manufacturers
 Layered architecture conforming to IEC enhanced
performance architecture model

36
Benefits of DNP3

 Optimised for reliable and efficient SCADA communications

 Supported by comprehensive implementation testing
standards
 Has defined protocol subsets for particular applications
 The ability to select from multiple vendors for future system expansion and
modification

Why use DNP3?

 It is an open protocol
 It is optimised for SCADA communications
 It provides interoperability between different vendor’s
equipment
 It is supported by a substantial number of SCADA
equipment manufacturers
 It will provide immediate and long-term benefits to users

37
IEC 61850

Preview of IEC 61850 protocol

● IEC 61850 protocol provides a standardized framework for

substation integration.
● Designed as a high-bandwidth communication channel
running on Ethernet.
● Makes use use of a comprehensive set of device and
object-models using a descriptive ‘naming’ convention.
● Uses a standardised substation System Configuration
Language (SCL) device configuration…
● …and its role in the power system, maybe precisely
defined using XML files.

38
What is XML?

● XML (Extensible Markup Language) is a markup language,

designed to carry data that is both human-readable and
machine-readable.
● A simple example is shown below:
<memo>
<to>Mick</to>
<from>Karen</from>
<heading>Deadline Reminder</heading>
<body>Deadline for copy is end of June!</body>
</note>
● This message is quite self-descriptive.
● It has information regarding the ‘sender’ and the ‘receiver’
together with a ‘heading’ and a message ‘body’.

Benefits of the IEC 61850

● Networkable throughout the power generation system

● Open protocol
● High-availability
● Multi-vendor interoperability
● Guaranteed delivery times with time stamping
● High-speed IED to IED communication
● Diagnostic information for each I/O point
● Caters for user-definable objects – including file transfer
● Standards based
● Auto-configurable/configuration support
● Support for Voltage and Current sampled data

39
Benefits of the IEC 61850

● IEC 61850 makes full use of the ISO/OSI communication

stack – comprising:
 the Ethernet (Layers 1 and 2), Data Model (Data and services)

 TCP/IP (Layers 3 and 4) and

Client-Server GOOSE Sampled values
 manufacturing messaging
specification, MMS, (Layers 5
to 7). Mapping

ISO/OSI Stack Layer

6 MMS
Time critical services
5
4 TCP
3 IP
2 Ethernet Link Layer with priority tagging
1 Ethernet Physical Layer (100 Mbps)

GOOSE

● GOOSE (Generic Object-Oriented System Event)

● Service used for speedy transmission of time-critical trip
commands and interlocking information that includes
status changes, blockings, releases, or trips between IEDs
(Intelligent Electronic Devices).
● Here the needs are for standardised, high priority, high-
speed, high reliability, and safe transmission.
● Intended to replace direct relay-to-relay wiring, GOOSE
combines very high speed transmission (< 4ms) with very
high reliability.

40
GOOSE

● Traditional protocols make use of Sender Receiver

acknowledgements (ACK) in which
the Sender starts a timer immediately Data

after transmitting the data and waits Timer

Ack
for an ACK response.
● If a timeout occurs the Sender Data
retransmits the data.
Timer
● Unfortunately, in protection
applications this is far too slow and Retry data

far too late.

GOOSE

● GOOSE assumes that the first Sender Receiver

message will not get through – and the
Data
message is thus always retransmitted.
● Since GOOSE messages are
processed in the Data Link layer, no
additional processing through the
TCP/IP layers is required.
● Consequently, this type of Ethernet
communication is very fast, providing
access time of less than 4ms, since the
data is retrieved directly from the IED
communications hardware interface.

41
Sampled Value (SV)

● The Sampled Value (SV) service transmits a synchronised

stream of current and voltage values.
● Here the demand is for large amounts of standardised,
high priority, cyclic data throughput.
● The SVs are transmitted at a very high rate –
corresponding to the sampling rate of the currents and
voltages.
● Thus, for example, sampling at 80 messages per cycle, in
a 50 Hz system, translates to 4 000 messages/s.
● Consequently, a missed sample is rapidly replaced by the
next sampled value.

Object modelling

● Objects are configured and mapped to a named variable

object that results in a unique and unambiguous reference
for each element of data in the model.
A
● Any physical device
connected to the network,
i.e. an IED, incorporates one A PhV
Amps Volts
A PhV
Amps Volts
Pos
Position
Pos
Position B
or more Logical Devices MX
Measurements
DC
Descriptions
ST
Status
CO
Controls

(LDs) – described by non- Logical Nodes (LNs)

MMXU1 XCBR2
standardised names. Measurement Unit #1 Circuit Breaker #2

Logical Device (LD)

e.g. Relay 1
Physical Device (e.g. IED)
(Network Address)

Network

42
Object modelling

● In turn, nested within each LD, are one or more Logical

Nodes (LN) – a standardised name grouping of data and
associated services related to a specific system function.
● For example, all LNs used for automatic controls have
names beginning with the letter ‘A’.
● And all LNs used for metering and measurement have
names beginning with the letter ‘M’.

Object modelling

● Each LN has an LN-Instance-ID suffix attached to the LN

name.
● Thus, for example, the standard name of an LN
‘measurement Unit for 3-phase power’ is MMXU.
● And a ‘circuit breaker’ would be XCBR.
● If there were more than two measurement inputs or circuit
breakers, the LN names would be amended to MMXU1
and MMXU2 or XCBR1 and XCBR2, respectively.

43
Comparison of DNP3 with IEC61850

● DNP 3 has a huge support base – particularly in the USA

where it is in use in over 75% of North American utilities.
● And thus DNP 3 still reigns – even if it’s in decline as IEC
61850 starts to dominate in Europe and India.
● Whilst DNP 3 focuses on inexpensive endpoints and low-
bandwidth communication channels, IEC 61850 is
designed for high-bandwidth communication channels
running on Ethernet with a richer, wider range of features.

Comparison of DNP3 with IEC61850

● However, IEC 61850 has more advanced features that

include:
 high-speed peer-to-peer communication;
 advanced structured data and naming; and
 advanced self-description.
● In addition IEC 61850 also supports GOOSE – often
touted as the major outcome of the IEC 61850 standard –
catering, as it does, for huge reductions in inter-device
wiring.

44
Design of SCADA system

Section 11.
Cyber Security
SCADA Systems - Transitioning
from Beginner to Advanced

Section 11.
Cyber Security

Key questions to be asked

● Why is securing an Industrial Control Network (ICN)

different than securing an IT Network?
● What are the basic differences between them?
● What are the consequences of failure?
 What might it cost?
 How should the organization respond?

1
Major differences

● The heart of an IT network system is often:

 climate controlled;
 secured data centre;
 equipment is usually standardized; and
 less than 10 years old.
● In contrast, the heart of an ICN system is:
 on the plant floor;
 often in a hazardous environment; and
 the average life of the equipment is more than 10 years.

Major differences

● Primary goal of IT security is rooted in the concern about

privacy – ‘Protect the Data’.
● Primary goal of ICN security is based on the concern for
safety –‘Protect the Process’.

Priority IT SCADA/ICN
1 Confidentiality Availability
2 Integrity Integrity
3 Availability Confidentiality

2
Security issues in ICS

● Most ICN system security issues fall into 3 major

categories:
1. Soft Targets
2. Multiple Pathways
3. ‘Flat’ Networks

Soft Targets

● ‘Soft targets are devices that are extremely vulnerable to

disruption through their network interface.
● The PCs in many plants run for weeks or months without
any security updates, and some even operate without any
anti-virus tools.
● In addition, many of the controllers in these networks were
designed in an era when cyber security was not a concern
● Consequently, many of these devices can be disrupted by
malformed network traffic or even by high volumes of
correctly-formed traffic.

3
Multiple Pathways

● Many control networks have multiple pathways through

which cyber security threats can enter the plant.
● These pathways often bypass existing security measures
in the plant – and some don’t even appear on a network
diagram.
● Examples include:
 Laptop computers that are carried in and out of facilities; or
 USB keys that move from one PC to another.
● These can easily bring malware into the plant and rapidly
spread it from one system to another.

‘Flat’ Networks

● Many ICN systems are still implemented as large, ‘flat’

networks with no isolation between unrelated subsystems.
● This means that if a problem occurs in one part of the
plant, it can spread very quickly to other unrelated
subsystems and even to remote plant sites.

4
Threat sources

● Typical Threat sources listed by CPNI (Centre for Protection

of National Infrastructure) include:
 Contractors
 Corporate intelligence
 Criminals / Organised Crime
 Disgruntled Staff
 Foreign Intelligence Services
 Hackers
 Internal Attackers / bystanders
 Protestors and Activists
 Staff undertaking unauthorised actions
 Terrorists

Threat sources – contractors

● Externally employed staff on company premises.

● They may not be trained in the appropriate measures that
should be undertaken (e.g. removal of faulty IT equipment
from site that contains sensitive information).
● They may not have appropriate vetting…
● …and could represent a threat by undertaking malevolent
activities e.g:
 Inserting USB key-loggers, or
 gathering site security details

5
Threat sources – corporate intelligence

● Competitors could target this site in order to steal

intellectual property.
● This threat can be present when companies bid for
contracts – only to have their designs copied and used in
competitive bids.

Threat sources – criminals and organised crime

● Where financial gain is an issue, computer equipment could

be stolen.
● If not backed-up, this would represent a threat to business
continuity.
● Criminals may also subvert staff to undertake malicious
activity.

6
Threat sources – disgruntled staff

● Personell holding a grudge against the company could

include:
 People who may have been passed over for promotion,
 People who have been notified of redundancy
 People who have have moral objections to what the organisation is
undertaking
 People with financial difficulties that put them at risk of being bribed
and giving information to outsiders.

Threat sources – Foreign Intelligence Services (FIS)

● State organisations are able to deploy considerable

resources to gain information such as:
 interception of data,
 influence other threat actors to steal data, or
 hack into environments for industrial espionage purposes.
● However, FIS is not only interested in state secrets…
● …in countries having a close link between state and
industry, the FIS will actively seek industrial information and
intellectual property for financial gain of the state-linked
industries.

7
Threat sources – hackers

● Hackers have the potential to compromise the

confidentiality, integrity and availability of systems.
● Externally this action may result in website defacement, or
theft of customer details.
● However, hackers may also use search tools such as
SHODAN to discover internet-connected equipment and
perform malevolent actions.

Threat sources – internal attackers/bystanders

● Temporary on-site visitors might observe classified

information when present in the facility…
● …or merely observe unauthorised access logging-in details.

8
Threat sources – protestors and activists

● People having an ideological grudge against the company

operations have traditionally blockaded facilities or
intimidated staff in order to impede company operations or
gain media publicity.
● However the recent emergence of ‘Hacktivism’ has led to
wilful unauthorised penetration into company systems by
politically motivated parties.

Threat sources – unauthorised actions by staff

● Unauthorised actions by staff attempting to circumvent what

is seen as onerous or inflexible security, can introduce
threats.
● A typical example might be the use of personal USB sticks
that contain malware, in the absence of an alternative and
available route to transfer information.

9
Threat sources – terrorists

● People with malicious intent who seek to take down a

system, such as an SIS, whose primary aim is to protect
lives, systems, or the environment.

Hardened perimeter

● Sometimes referred to as a demilitarized zone (DMZ) this

adds an additional layer of security to an organization's local
area network (LAN).

Office Network

Firewall Firewall

Industrial Control Network Industrial Control Network

10
Use of firewalls

● A firewall is a network security system that monitors and

controls incoming and outgoing network traffic based on
predetermined security rules.
● Typically establishes a barrier between a trusted, secure
internal network and another outside network (e.g. the
Internet) that is assumed not to be secure or trusted.

SCADA
Viruses
SCADA
e-mails
SCADA
@

Defence in depth

● Defence in Depth goes beyond a security perimeter by

having layers of defence throughout the control network.

Office Network

Firewall Firewall

Industrial Control Network Industrial Control Network

11
Remote access

● But what about remote access for maintenance?

Remote
maintenance Office Network

Internet Firewall Firewall

Industrial Control Network Industrial Control Network

Remote access

● A virtual private network (VPN) creates a secure, encrypted

connection, which can be thought of as a tunnel, between
your computer and a server operated by the VPN service.
Remote
maintenance Office Network

Firewall Firewall
Internet VPN

Firewall

Industrial Control Network Industrial Control Network

12
Typical SCADA layout

● How vulnerable is this system?

Engineering
workstations

HMI
Modem RTU

Modem PLC

Modems/
Data SCADA Master routers
historian Terminal Unit Modem RTU

Wide Area Network

Identify all connections to SCADA

● Conduct a thorough risk analysis to assess the risk and

necessity of each connection to the SCADA network.
● How well are these connections protected?
● Identify the following connections:
 Internal local area and wide area networks, including business
networks
 The Internet
 Wireless network devices, including satellite uplinks
 Modem or dial-up connections
 Connections to business partners, vendors or regulatory agencies.

13
Remove or disable unnecessary services

● Examples of services to disable from SCADA networks

include:
 automated meter reading/remote billing systems:
 email services;
 Internet access; and
 even possibly remote maintenance.

Remove or disable unnecessary services

● Examples of services to disable from SCADA networks

include:
 automated meter reading/remote billing systems:
 email services;
 Internet access; and
 even possibly remote maintenance.

14
Do not rely on proprietary protocols

● Do not rely on proprietary protocols or factory default

configuration settings to protect your system.
● Demand that vendors disclose any backdoors or vendor
interfaces to your SCADA systems, and expect them to
provide systems that are capable of being secured.

Implement security features provided by vendors

● Very few SCADA systems have any security features.

● Although some newer systems are shipped with basic
security features, these are usually disabled to ensure ease
of installation.
● Additionally, factory default security settings are often set to
provide maximum usability, but minimal security.
● Set all security features to provide the maximum level of
security.
● Allow settings below maximum security only after a
thorough risk assessment of the consequences.

15
Beware of back doors

● Where backdoors or vendor connections exist, strong

authentication must be implemented.
● Modems, wireless, and wired networks used for
communications and maintenance represent a significant
vulnerability.
● To minimize the risk of such attacks, disable inbound
access and replace it with some type of call-back system.

Establish 24-hour-a-day instant monitoring

● Establish an intrusion detection strategy that includes

alerting network administrators of malicious network activity
originating from internal or external sources.
● Intrusion detection system monitoring is essential 24 hours
a day – this capability can be easily set up through a pager.
● Additionally, incident response procedures must be in place
to allow an effective response to any attack.

16
Perform technical audits

● There are many commercial and open-source security tools

that allow system administrators to conduct audits of their
systems/networks to identify active services, patch level,
and common vulnerabilities.
● These tools will eliminate the ‘paths of least resistance’ that
an attacker could exploit.
● After taking corrective actions, retest systems to ensure that
vulnerabilities were actually eliminated.

Conduct physical security surveys

● Unmanned or unguarded remote sites are particularly

vulnerable.
● Identify and assess any source of information including:
 remote telephone computer network
 fibre optic cables that could be tapped;
 radio and microwave links that are exploitable;
 computer terminals
 that could be accessed; and
 wireless local area network access points.

17
Make someone responsible

● Establish a cyber security organizational structure that

defines roles and responsibilities and clearly identifies how
cyber security issues are escalated and who is notified in an
emergency.
● In addition, key personnel need to be given sufficient
authority to carry out their assigned responsibilities.

Establish system backups and disaster recovery

plans.
● Establish a disaster recovery plan that allows for rapid
recovery from any emergency (including a cyber attack).
● Routinely exercise disaster recovery plans to ensure that
they work and that personnel are familiar with them.
● Make appropriate changes to disaster recovery plans based
on lessons learned from exercises.

18
Make use of USB port blockers

● All USB ports should be blocked using a commercial port

blocker (with key) to prevent unauthorised use of any port
throughout the system.

19
Design of SCADA system

Section 12.
Functional Design Specification (FDS)
SCADA Systems - Transitioning
from Beginner to Advanced

Section 12.
Functional Design Specification
(FDS)

Functional Design Specification (FDS)

● A Functional Design Specification is also know as:

 functional specification,
 functional specifications document (FSD),
 functional requirements specification, or
 Program specification.
● When applied to systems engineering and software
development FDS is the documentation that describes the
requested behavior of an engineering system.
● The documentation typically describes what is needed by
the system user as well as requested properties of inputs
and outputs (e.g. of the software system).

1
Functional Design Specification (FDS)

● A functional specification is the more technical response to

a matching requirements document, e.g. the Product
Requirement Document (PRD).
● Thus it picks up the results of the requirements analysis
stage.
● On more complex systems multiple levels of functional
specifications will typically nest to each other, e.g. on the
system level, on the module level and on the level of
technical details.

Overview

● In systems engineering an FDS clearly and accurately

describes the essential technical requirements for items,
materials, or services including the procedures by which it
can be determined that the requirements have been met.
● They provide a precise idea of the problem to be solved …
● …and provide guidance to testers for verification
(qualification) of each technical requirement.
● An FDS does not define:
 the inner workings of the proposed system; or
 how the system function will be implemented.

2
Overview

● Instead, an FDS focuses on what various outside agents

(people using the program, computer peripherals, or other
computers, for example) might ‘observe’ when interacting
with the system.
● A typical functional specification might state as follows:
When the user clicks the OK button, the dialog is closed and the
focus is returned to the main window in the state it was in before
this dialog was displayed.
● This describes the interaction between the user and the
software system.
● When the user provides input to the system by clicking the
OK button, the program responds by closing the dialog
window containing the OK button.

Purpose

● The FDS has many purposes.

● One of the most important is to achieve team consensus
on what the program is to achieve before making the more
time-consuming effort of writing source code and test
cases.
● Typically, such consensus is reached after one or more
reviews by the stakeholders on the project at hand after
having negotiated a cost-effective way to achieve the
requirements the software needs to fulfil.
 To let the developers know what to build.
 To let the testers know what tests to run.
 To let stakeholders know what they are getting.

3
Process

● Following a description of what has to be implemented...

● …the Systems Architecture document describes how the
functions will be realized using a chosen software
environment.
● When the team agrees that functional specification
consensus is reached, the functional spec is typically
declared ‘complete’ or ‘signed off’.
● After this, typically the software development and testing
team write source code and test cases using the functional
specification as the reference.
● While testing is performed, the actual behavior of the
program is compared against the expected behavior as
defined in the FDS.

Methods

● One popular method of writing an FDS involves drawing or

rendering graphically designed UI screenshots.
● Once the screen examples are approved by all
stakeholders, graphical elements can be numbered and
written instructions can be added for each number on the
screen example.
● For example, a login screen can have the username field
labeled '1' and password field labeled '2,' and then each
number can be declared in writing, for use by software
engineers and later for beta testing purposes to ensure that
functionality is as intended.
● The benefit of this method is that countless additional
details can be attached to the screen examples.

4
Examples of functional specifications

● Advanced Microcontroller Bus Architecture

● Extensible Firmware Interface
● Multiboot Specification
● Real-time specification for Java
● Single UNIX Specification

Types of software development specifications

● Bit specification (disambiguation)

● Design specification
● Diagnostic design specification
● Product design specification
● Software Requirements Specification

5
System Development Life Cycle (SDLC)

Management
Control
SDLC Phases Control
Objectives
Domains

Project Definition
Planning &
User Requirements Organization
Definitions

System Requirements

Control Objectives
Acquisition &
Definitions
implementation
Analysis and Design

Delivery &
System Build/
Support
Prototype/Pilot

Implementation and
Training
Monitoring
Sustainment

6
Design of SCADA system

Section 13.
SCADA Troubleshooting, Maintenance
and Best Practice.
SCADA Systems - Transitioning
from Beginner to Advanced

Section 13.
SCADA Troubleshooting,
Maintenance and Best Practice

Troubleshooting

1
SCADA Troubleshooting – Communications

● The core of all SCADA systems is communications.

● Network communications and telemetry communications
are links that transfer data from distributed control and
monitoring modes both in-plant and out-plant.
● A well-designed SCADA application will:
 monitor all system communications,
 represent the status of all vital communications links graphically
and
 provide alarm notification to the operator if any of the links fail.

SCADA Troubleshooting – Spares

● An effective SCADA system should include the proper

complement of spare components that the operator can
swap out easily for troubleshooting purposes.
● These spare parts should include:
 Ethernet routers;
 PLC processors;
 radio modems; and
 other components that are preconfigured for use in the system.

2
SCADA Troubleshooting – Hardware failures

● Once debugged and commissioned, most issues are

typically hardware failures related to:
 power supply failures;
 I/O (input/output) card failures;
 transient surges; and
 other glitches.
● Check the basics first, starting at the output and working
backwards towards the origin of a given signal, input or
output.

SCADA Troubleshooting – VFDs

● Variable Frequency Drives (VFDs) are often a point of

failure because of harsh operating conditions.
● Therefore important to ensure VFDs are properly protected
from overheating and dirty, dusty environments.

3
Maintenance

SCADA Maintenance

● Timely software updates for the PC, PLCs, SCADA

application software, communications routers, peripherals,
etc.
● Power supply systems, including Uninterruptable Power
Supplies (UPSs), batteries, etc., should be checked
routinely to ensure they are operating within specification.
● Replace batteries as recommended by the manufacturer •
● Routinely check field connections for moisture infiltration
and corrosion.
● This is especially critical in remote locations or places
subject to salt air or corrosive gases.

4
SCADA Best Practice

1. Active monitoring

● All operating systems (e.g. Microsoft Windows or Linux)

database, and network components – routers, firewalls,
VPN gateways, and switches – should be actively
monitored (24/7) by a monitoring platform:
 Nagios,
 Icinga, or
 Solar Winds.
● The monitoring platform should alert SCADA IT support
staff about anomalies (e.g., page them) AND record trend
data for historic analysis.

5
2. Forwarding system log data

● All systems should be configured to forward system log

data (e.g., Windows Event Log, Syslog, etc.) to a
centralized log host.
● This should also include logs from networks components
(routers, switches, firewalls, VPN gateways, etc.).
● NOTE: NERC CIP-007 requires that cybersecurity log
information be retained for a minimum of 90 days.

NERC CIP: North American Electric Reliability Corporation critical infrastructure protection

3. Intrusion detection

● The entirety of the SCADA network should be monitored by

an Intrusion Detection System.
● Whether it's an open-source solution such as Snort or one
of the many available commercial IDS platforms on the
market… …
● having IDS in a SCADA environment is essential to be the
eyes and ears of the IT support staff round the clock.
SPECIAL NOTE
● In contrast to IDS, SCADA environments are typically NOT
a good place to deploy active Intrusion Protection Systems
(IPS), since they may react adversely in an unexpected
control situation (such as a sewage plant in danger of
flooding) and negatively interfere with plant operations.

6
Adroit step-by-step practicals

Install the Adroit SCADA simulator on your CD, under Software / Adroit / Adroit ver 5.

It is important to note that this is a trial version of the software, but it does not expire.
ADROIT (and, by the way, CITECT do the same), provide you will a fully functional version
of the program, and everything will operate, excepting that you will not be able to
communicate with tags out in the field, without a purchased lisence. In order to do this, you
purchase a lisence for the amount of tags that you will be utilising. When finished, you can
either uninstall the software, or leave it on your machine, as desired.

 Install the software, using all of the defaults. Please install ver 5 (rather than ver 7, as
this does have very specific requirements).

 Run (but only once!!!) the agent server.

 Open up the user interface.

SCADA basic image

Hint: To get a new page, click on File, New … and then select PICTURE from the following
screen:

 To edit the background colour of a page, just double-click on it, and the following
screen will appear:

1
 Firstly, always set the ANIMATION DELAY TIMER to 0. Then, near the top, next
to BACKGROUND COLOUR, press the EDIT button.

 Please remember to save all of your images (File, Save As ,,,,) in C://ADROIT /
DATA, so that you can find them again, easily. In most cases, check on the right
hand side of the screen, to get boxes, circles, etc. If you do not see these, then you are
probably in the OPERATOR VIEW mode. To get back to the DRAWING /
EDITING mode, just press on the following icon, at the top:

 Make use of the symbols on the right, which look as follows:

2
 Create the following images:

 Hint: The most difficult one, will be the right-hand image. You ned to make use of the
“polyline”, and click and release each point. At the very last point, double-click. To
colour it in, double-click on the image, and make sure the following are selected
(especially the CLOSED and SOLID BACKGROUND at the bottom:

Multiple images, and alignment

 Create a tank farm. Here, you will be encouraged to use the following icons, on the
left-hand side of the screen:

3
The image must look as follows:

Hint: Create a new page. Press FILE / SAVE AS, and save as SCADA2. Delete the first
page, if necessary, by clicking on the X, to close the page. raw a single tank. (I have used
shaded colours, rather than solid.) Group the tank, once complete, and copy and paste it, to
create the other two tanks. Ungroup each tank, to change the tank number at the bottom.
Using the tools on the left, space and align, where necessary.

Discrete / Digital signals

 Create a new page, and save it as SCADA3. (To find the buttons, check out on the
right-hand side, under . It should look as follows:

4
 We now need to create 2 x digital tags. At the top, middle, click on:

 (If everything is greyed out, then your Agent Server is not running.)

The following image will appear:

 Under TYPE, select DIGITAL. Under NAME, type in MOTOR1, and click ADD.
Under NAME, backspace on the last letter (which is 1), change it to a 2, and press
ADD. You should now have 2 x digital tags created. It will look as follows:

5
 Close this small page. Double-click on the square. The following image will appear:

 Click on BEHAVIOURS, and double-click on BACKGROUND COLOURS. The

following image will appear:

 Leave the default colours of GREEN = ON, and RED = OFF. Click on the button:
next to TAG. The following screen will appear:

6
 Click on the small + sign, next to DIGITAL, and select MOTOR1. Press OK and
FINISH (or, OK, OK, OK, etc.)

 Double-click on the circle, but in this instance, select BEHAVIOUR and

VISIBILITY. Just as you did with the square, link this to a tag, BUT it will be
MOTOR2. When this tag is ON, it will be VISIBLE. When this tag is OFF, it will be
INVISIBLE.

 Close the behaviour page

 Double-click on the single button, under the square. Under BUTTON TEXT, type in
the word TOGGLE, and then press the BEHAVIOUR button. Double-click on
OPERATOR ACTION, and at the very top, link it (TAG) to MOTOR1. The page
should look as follows:

 Near the bottom, under ACTION, click on the drop-down box next to CONTROL
ACTION, and select DIGITAL TOGGLE, right at the bottom.

 Press FINISH. We are now ready to test!

 At the top, click on the icon that looks as follows . This takes you from the
drawing mode to the observation mode. If it asks you to save anything, press YES.
The screen will look as follows:

7
 Click on the button marked as TOGGLE. The screen should change as follows:

 Now, press the button again, and double-click on the left hand button, under
the circle. Type in MOTOR START under BUTTON TEXT, and press
BEHAVIOURS. Double-click on OPERATOR ACTION, link it under TAG to
MOTOR2, and under CONTROL ACTION at the bottom, select DIGITAL ON.
Press FINISH.

 Double-click on the right hand button, under the circle. Type in MOTOR STOP
under BUTTON TEXT, and press BEHAVIOURS. Double-click on OPERATOR
ACTION, link it under TAG to MOTOR2, and under CONTROL ACTION at the
bottom, select DIGITAL OFF. Press FINISH.

 If necessary, resize the buttons, if the letters get cut off.

8
 Now, press the button again (saving as nescesary), and click on the MOTOR
START and MOTOR STOP buttons. The circle should become visible, and
disappear, as the tag changes status.

Distributed Control Systems (DCS)

Question 18.1 – Using pre-defined images

Classification: Recommended exercise

 Press the button again, and delete the white square. Press FILE / OPEN and
look under C:/ ADROIT / WIZARDS. Click on -WIZARDS MENU, and open it.
Click on MORE WIZARDS / MOTOR 2, and click on one of the top left motors

(such as . Press EDIT / COPY and then CLOSE (at bottom left).

 If WIZARDS won’t open on ADROIT

 Open the file called CLASSIC ADROIT SETUP

 Click on the tab, at the top, marked as “UI PREFERENCES”

 Next to the word “ADROIT PATH”, see an icon block, which has a dotted box on the
inside. Click on this, and a new line with a directory will appear below it.

 Right at the end of the (new) line is a downward arrow. Click on this, and drill in,
until you are in the new WIZARDS location (C:\Program Files (x86)\Adroit
Technologies\Adroit\Wizards) and press OK or OPEN or SAVE or whatever.

 Close, up, and you are up and running!!!!!!!

 Press EDIT / PASTE and click on your SCADA3 screen. It will ask you to link the
motor, with the following screen.

9
 Clicking on the down arrow, select MOTOR1, and press OK.

 Go into the operator view, and click on the TOGGLE button. You have now
successfully used pre-configured diagrams.

Analog controls

 Create a brand new page, and save it as SCADA4

 Draw a simple square on it.

 We now need to create 2 x analog tags. At the top, middle, click on . (If
everything is greyed out, then your Agent Server is not running.)

The following image will appear:

10
 Under TYPE, select ANALOG. Under NAME, type in TANK1, and click ADD. It
will look as follows:

 Close that page, and save the changes.

 Press FILE / OPEN and look under c:/ADROIT / WIZARDS for the -WIZARD
MENU (as opened earlier). Press MORE WIZARDS, until you find (and, they are
alphabetical) SLIDERS. At the bottom, select the slider that looks as follows:

 Link it to the alalog tag, TANK1 (you will have to expand the + sign, next to analog.
Think how you did this with the digital tag!!)

 Double click on the square, and click on BEHAVIOURS

 Double-click on PERCENTAGE FILL. Link it to the TANK1 tag, make the fill
colour red, and press finish.

 Go into the operator view, and click once on the up and down arrows of the slider,
and simulate a bigger and smaller level in the tank. It should look as follows:

11
Using digital displays

 Move from the Operator to the drawing mode, using the icon.

 Click on the icon (right hand side of screden), and click anywhere on your
screen, where you would like to display the tank level. Your screen may look
something like this …

12
 Double-click on the word TEXT, select BEHAVIOUR, double-click on DISPLAY
VALUE, and under TAG, link it to the analog Tank1. Click on FINISH.

 Press the icon (to get back to the operator viewing mode, and change the slider.
See how this is reflected, on the display. It should look something like this:

Changing a set point (or, an output)

 Wouldn’t it be nice to change the set point, without having to use the slider? Well, it
can be done, quite easily.

 Go back to the drawing mode (using the icon), click on the icon, and
click somewhere below the slider.

 Double-click on the new word TEXT, type in “Change SET POINT, here”, and click
on BEHAVIOURS.

 Double-click on OPERATOR ACTION, link it to the analog TANK1 tag, and then
select the radio button marked as DATA ENTRY. Click FINISH. And go back into
the operator view. It should look as follows:

13
 Move your pointer towards the text box that says “Change SET POINT here”. As
soon as the pointer moves over the wording, it will change to a hand. Type in any
value (between the limits provided on the screen), and the set point / value will
change. Think how you could use this to change set points, output values, etc.

BEM Form A4 Submission - Statement of Practical Experience - Sample
100% (8)
BEM Form A4 Submission - Statement of Practical Experience - Sample
2 pages
Smart Voice Translator T11: Instruction Manual
No ratings yet
Smart Voice Translator T11: Instruction Manual
16 pages
Industrial Control System
100% (2)
Industrial Control System
31 pages
Programmable Controllers Theory and Implementation
0% (1)
Programmable Controllers Theory and Implementation
3 pages
Industrial Communication Networks
No ratings yet
Industrial Communication Networks
20 pages
CID & SIA Event Codes
No ratings yet
CID & SIA Event Codes
39 pages
SCADA Fundamentals MS PDF
100% (1)
SCADA Fundamentals MS PDF
115 pages
Lecture 3
No ratings yet
Lecture 3
26 pages
SCADA Material
80% (5)
SCADA Material
127 pages
Scada - Rtu Interface
100% (2)
Scada - Rtu Interface
59 pages
SCADA System
100% (6)
SCADA System
63 pages
Scada
No ratings yet
Scada
420 pages
PLC Selection
No ratings yet
PLC Selection
10 pages
Smart Meters and Advanced Metering Infrastructure
No ratings yet
Smart Meters and Advanced Metering Infrastructure
41 pages
SCADA
100% (1)
SCADA
45 pages
Scada Lab: Supervisory Control and Data Acquisition
No ratings yet
Scada Lab: Supervisory Control and Data Acquisition
102 pages
PLC SCADA Training Report
No ratings yet
PLC SCADA Training Report
37 pages
SCADA - Beginner - S Guide
0% (1)
SCADA - Beginner - S Guide
58 pages
2021 Technical Guide DCS Vs SCADA 2021-09 - Final - EN
No ratings yet
2021 Technical Guide DCS Vs SCADA 2021-09 - Final - EN
14 pages
Introduction To SCDA Systems
No ratings yet
Introduction To SCDA Systems
21 pages
ClearSCADA Design Guidelines v2.0
0% (1)
ClearSCADA Design Guidelines v2.0
27 pages
Automation Solution Guide 2008 by Schneider Electric 1655790068
No ratings yet
Automation Solution Guide 2008 by Schneider Electric 1655790068
300 pages
Ai 230 PLC
100% (1)
Ai 230 PLC
106 pages
Six Months Industrial Automation Syllabus
No ratings yet
Six Months Industrial Automation Syllabus
9 pages
Human-Machine-Interface
No ratings yet
Human-Machine-Interface
64 pages
SCADA
100% (1)
SCADA
17 pages
DCS
No ratings yet
DCS
14 pages
PLC and Scada Training Course Content
100% (1)
PLC and Scada Training Course Content
4 pages
M340 NOC Manual PDF
No ratings yet
M340 NOC Manual PDF
436 pages
Industrial Automation Communication Protocols
No ratings yet
Industrial Automation Communication Protocols
7 pages
Modbus TCP Overview
No ratings yet
Modbus TCP Overview
23 pages
SCADA Specificationc
No ratings yet
SCADA Specificationc
51 pages
Manvir Singh Gill 123613 M Tech (I&C
No ratings yet
Manvir Singh Gill 123613 M Tech (I&C
20 pages
PLC 30 PDF
No ratings yet
PLC 30 PDF
272 pages
3.distributed Control Systems
No ratings yet
3.distributed Control Systems
63 pages
Distributed Control System Dcs
100% (5)
Distributed Control System Dcs
75 pages
SCADA
100% (1)
SCADA
11 pages
Dcs Architecture and TDC 3000: Presented By: Ziauddin/M. Sohail/Haroon Yousaf
100% (1)
Dcs Architecture and TDC 3000: Presented By: Ziauddin/M. Sohail/Haroon Yousaf
34 pages
PLC Basic
100% (1)
PLC Basic
118 pages
A Presentation On Scada System: (Supervisory Control and Data Acquisition)
No ratings yet
A Presentation On Scada System: (Supervisory Control and Data Acquisition)
19 pages
SCADA System Architecture & RTU
100% (2)
SCADA System Architecture & RTU
49 pages
SS Automation
100% (2)
SS Automation
29 pages
Principles & Practical Design of
No ratings yet
Principles & Practical Design of
34 pages
OPC Automation
No ratings yet
OPC Automation
18 pages
Modbus Protocol
100% (1)
Modbus Protocol
9 pages
Simatic Wincc Professional: The SCADA System Inside TIA Portal
No ratings yet
Simatic Wincc Professional: The SCADA System Inside TIA Portal
48 pages
Sge 353 M100 2 PDF
100% (1)
Sge 353 M100 2 PDF
8 pages
Industrial Automation
No ratings yet
Industrial Automation
72 pages
Seminar ON Scada & PLC
No ratings yet
Seminar ON Scada & PLC
38 pages
IK PI - 2015 Industrial Communication SIMATIC NET PDF
No ratings yet
IK PI - 2015 Industrial Communication SIMATIC NET PDF
1,950 pages
Automation Philosophy
No ratings yet
Automation Philosophy
38 pages
Scada System Software Requirements
No ratings yet
Scada System Software Requirements
21 pages
Introduction To PLC Controllers For Beginners (Nebojsa Matic)
No ratings yet
Introduction To PLC Controllers For Beginners (Nebojsa Matic)
69 pages
Industrial Training
No ratings yet
Industrial Training
26 pages
GW-7553 Example For SIMATIC STEP 7: (Modbus TCP Slave)
No ratings yet
GW-7553 Example For SIMATIC STEP 7: (Modbus TCP Slave)
44 pages
PLC Programming & Implementation: An Introduction to PLC Programming Methods and Applications
From Everand
PLC Programming & Implementation: An Introduction to PLC Programming Methods and Applications
Ojula Technology Innovations
No ratings yet
Iii B.Tech Ii Sem Eie (R18) : Unit - V
No ratings yet
Iii B.Tech Ii Sem Eie (R18) : Unit - V
62 pages
Background To SCADA: 1.1 Introduction and Brief History of SCADA
No ratings yet
Background To SCADA: 1.1 Introduction and Brief History of SCADA
9 pages
Background To SCADA: 1.1 Introduction and Brief History of SCADA
No ratings yet
Background To SCADA: 1.1 Introduction and Brief History of SCADA
10 pages
Background To SCADA: 1.1 Introduction and Brief History of SCADA
No ratings yet
Background To SCADA: 1.1 Introduction and Brief History of SCADA
10 pages
Distributed Control Systems Toc
No ratings yet
Distributed Control Systems Toc
7 pages
E01-007 - SCADA System Fundamentals - US PDF
No ratings yet
E01-007 - SCADA System Fundamentals - US PDF
24 pages
Unit 5
No ratings yet
Unit 5
91 pages
Navigating The Cooling, Heating and Reheat Process On The Psychrometric Chart
100% (1)
Navigating The Cooling, Heating and Reheat Process On The Psychrometric Chart
11 pages
Complete Smartgrid Handbook Version 5
No ratings yet
Complete Smartgrid Handbook Version 5
144 pages
Receipt 610630
No ratings yet
Receipt 610630
1 page
Automatic Balancing Valves ASV: Data Sheet
No ratings yet
Automatic Balancing Valves ASV: Data Sheet
28 pages
HUKM Maintenance and Operation Cost
No ratings yet
HUKM Maintenance and Operation Cost
5 pages
Take The Easy Way To A Perfectly Balanced System With Danfoss PFM Measuring Instruments
No ratings yet
Take The Easy Way To A Perfectly Balanced System With Danfoss PFM Measuring Instruments
31 pages
Sub-Contractor List (Hotel)
100% (1)
Sub-Contractor List (Hotel)
6 pages
Workshop Jan 2018
No ratings yet
Workshop Jan 2018
145 pages
VARIABLE PRIMARY SYSTEM - Bypass - PIBCV
No ratings yet
VARIABLE PRIMARY SYSTEM - Bypass - PIBCV
14 pages
2020-09-04 Route To Ir
No ratings yet
2020-09-04 Route To Ir
20 pages
Career in Engineering - Ir. Kamal
100% (1)
Career in Engineering - Ir. Kamal
122 pages
2021-01-11 Sample BEM Letter - Active ECP Involvement
No ratings yet
2021-01-11 Sample BEM Letter - Active ECP Involvement
1 page
PCE Booklet (15 9 2017)
67% (3)
PCE Booklet (15 9 2017)
35 pages
Differences of Conventional PI Vs Enhanced PI
50% (2)
Differences of Conventional PI Vs Enhanced PI
3 pages
Modulation and Multiplexing Schemes in Satellite Communications
No ratings yet
Modulation and Multiplexing Schemes in Satellite Communications
7 pages
1 s2.0 S2405844021003522 Main
No ratings yet
1 s2.0 S2405844021003522 Main
11 pages
Data Sheet Antenas Andrew
No ratings yet
Data Sheet Antenas Andrew
13 pages
DM1000-2000 InstallGuide Installationsanleitung
No ratings yet
DM1000-2000 InstallGuide Installationsanleitung
346 pages
Installation and Users Guide - MP10 Probe System
No ratings yet
Installation and Users Guide - MP10 Probe System
48 pages
P2001BT - Manuals
No ratings yet
P2001BT - Manuals
5 pages
ECOM 4101 Antenna Lab Experiment 01
100% (1)
ECOM 4101 Antenna Lab Experiment 01
17 pages
Xpol 698 ̚894Mhz 65E 17dbi Adjustable Electrical Downtilt Antenna, Manual or by Optional Rcu (Remote Control Unit)
No ratings yet
Xpol 698 ̚894Mhz 65E 17dbi Adjustable Electrical Downtilt Antenna, Manual or by Optional Rcu (Remote Control Unit)
1 page
Site Solutions Guide Ebook Co 113629 en
No ratings yet
Site Solutions Guide Ebook Co 113629 en
56 pages
The Invention of Radio
No ratings yet
The Invention of Radio
14 pages
Audience's Perception of Campus Radio Station Local News Programs As A Tool For Public Enlightenment: A Study of Redeemer's 103.5FM
No ratings yet
Audience's Perception of Campus Radio Station Local News Programs As A Tool For Public Enlightenment: A Study of Redeemer's 103.5FM
13 pages
Samsung Wep200 User Man
No ratings yet
Samsung Wep200 User Man
26 pages
User Manual CardioVex Holter
No ratings yet
User Manual CardioVex Holter
51 pages
Cseitquestions - Blogspot.In Cseitquestions - Blogs Pot - in Cseitquestions - Blogspot.In
No ratings yet
Cseitquestions - Blogspot.In Cseitquestions - Blogs Pot - in Cseitquestions - Blogspot.In
23 pages
Main PPT Speed Control System With Rfid Equipped Vehicle
No ratings yet
Main PPT Speed Control System With Rfid Equipped Vehicle
27 pages
Most Often: Radio Diagrams
100% (2)
Most Often: Radio Diagrams
191 pages
A Guide To Understanding MIMO
No ratings yet
A Guide To Understanding MIMO
8 pages
DBXLH 9090a VTM
No ratings yet
DBXLH 9090a VTM
3 pages
Wireless RF Link: Transmitter Module
No ratings yet
Wireless RF Link: Transmitter Module
8 pages
Antenna Ans Wave Propagation Playlist
No ratings yet
Antenna Ans Wave Propagation Playlist
129 pages
Dynamic MIDI Pedal: Owner's Manual
No ratings yet
Dynamic MIDI Pedal: Owner's Manual
14 pages
C1 Level Reading Tests
No ratings yet
C1 Level Reading Tests
21 pages
Concepts of Orthogonal Frequency Division Multiplexing (OFDM) and 802
No ratings yet
Concepts of Orthogonal Frequency Division Multiplexing (OFDM) and 802
4 pages
3GPP Frequency Paramenter Calculation
No ratings yet
3GPP Frequency Paramenter Calculation
18 pages
MK2 English Manual
No ratings yet
MK2 English Manual
55 pages
Biconical Monopole
No ratings yet
Biconical Monopole
2 pages
Tutorial Letter 101 Both For ECMPRA2 PDF
100% (1)
Tutorial Letter 101 Both For ECMPRA2 PDF
23 pages
Dx800 s5 Specification Sheet English
No ratings yet
Dx800 s5 Specification Sheet English
3 pages