MERU TECHNICAL TRAINING INSTITUTE Books

ELECTRICAL AND ELECTRONICS ENGINEERING DEPARTMENT
DIPLOMA IN ELECTRICAL & ELECTRONICS ENGINEERING
(POWER OPTION)
INDUSTRIAL PROGRAMMABLE LOGIC CONTROLLER
COURSE OUTLINE
1, Introduction to Industrial PLC
· Need for Industrial PLC
· Types of Industrial PLC
2. PLC system
· Hardware Configuration
· Ladder Logic Programming
· External Peripherals
· PLC Maintenance
1. Programmable Logic Controllers: Programming Methods and
Applications by John R. Hackworth and Frederick D. Hackworth,
Jr.
2. Programmable Logic Controllers by W. Bolton 4th Edition
3. Programmable Controllers: Theory and Implementation by
L.A. Bryan and E.A. Bryan. 2nd Ed.
8 hrs
4. Industrial Automation by Srinivas Medida Vol. 6
5. Practical SCADA for Industry by David Bailey, Edwin Wright
15 hrs
6. Industrial Networks for Communication and Control by S.
Djiev,

3. Supervisory Control and Data Acquisition (SCADA) 15 hrs

· Definition
· Human Machine Interface (HMI)
· Data Acquisition
· Sequence Control
· Data Storage and Activity
· Security (Access Control)

4. Industrial Communication Network 15 hrs

· Networks - LAN & WAN
· Industrial Network Topologies
· Industrial Network Protocol
· Network Construction
· Physical Network Address
· Network Device

5. Calibration Software 13 hrs

1. Types of Calibration Software
2. Operation of Calibration Software
3. Device Connection to Software
1
 TOPIC 1: INTRODUCTION TO INDUSTRIAL PLC
Process Control
- Process control consists of monitoring the state of a critical
parameter, detecting when it varies from desired state, and taking
action to restore it. It involves the process variable, set points and
manipulated variable.
- Most basic process control systems consist of a control loop. This has
four main components which are:
· A measurement of the state or condition of a process
· A controller calculating an action based on this measured value
against a pre-set or desired value (set point)
· An output signal resulting from the controller calculation which is
used to manipulate the process action through some form of
actuator
· The process itself reacting to this signal, and changing its state or
condition
- Two of the most important signals used in process control are called
· Process Variable or PV
· Manipulated Variable or MV
- In industrial process control, the Process Variable (PV) is measured
by an instrument in the field and acts as an input to an automatic
controller which takes action based on the value of it.
- The PV is the parameter that is to be controlled. To be controlled, the
PV must be capable of being measured and that measurement
converted into a signal that can be acted on by the controller.
- Devices that measure PV are transducers or sensors. In many cases,
the PV sensor consists of a direct measurement device called an
element and a separate signal processor called a transmitter.
- The set-point is the desired value of the PV, normally preset into the
control system by an operator, or derived as an output of another
control calculation.
- The error signal is the difference between the PV and the set-point,
and is the basis for control action.
- The controller is the device that processes the error signal,
determines the required control action and provides a control output
Manipulated Variable (MV) to the process. The device that converts
the control output into control action is the actuator.
Control Modes
- In control, there are control systems which can be discrete or analog,
manual or automated, periodic or continuous.
- There are five basic forms of control available in Process Control:
1. On-Off control: The oldest strategy for control is to use a switch
giving simple on-off control. This is a discontinuous form of control
action, and is also referred to as two-position control. A perfect on-
off controller is 'on' when the measurement is below the set-point
(SP) and the manipulated variable (MV) is at its maximum value.
Above the SP, the controller is 'off' and the MV is at a minimum.
2. Modulating control: If the output of a controller can move
through a range of values, this is modulating control. Modulation
Control takes place within a defined operating range only. That is,
it must have upper and lower limits. Modulating control is a
smoother form of control than step control. It can be used in both
open loop and closed loop control systems.
3. Open loop control: Open loop control is thus called because the
control action (Controller Output Signal) is not a function of the PV
(Process Variable) or load changes. The open loop control does
not self-correct, when these PV’s drift.
4. Feed forward control: Feed forward control is a form of control
based on anticipating the correct manipulated variables required
to deliver the required output variable. It is seen as a form of open
loop control as the PV is not used directly in the control action.
5. Closed loop or feedback control: If the PV, the objective of
control, is used to determine the control action it is called closed
loop control system.
2
Industrial Control System (ICS) - User Configuration Open System (UCOS) is a control system that
- Industrial Automation is a discipline that includes knowledge and employs object-oriented technique at every level of its system
expertise from various branches of engineering including electrical, architecture, and includes a number of subsystems which segment
electronics, chemical, mechanical, communications and more recently the functionality of UCOS. The subsystems include: an Engineering
computer and software engineering. Workstation Subsystem, an Operator Workstation Subsystem, and a
- ICS is a term that encompasses several types of control systems Field Control Unit (FCU) Controller Subsystem. The subsystems
used in industrial production. communicate via a Control Network.
- These include: Supervisory Control and Data Acquisition (SCADA)
systems, Distributed Control Systems (DCS) and other smaller control
systems configuration such as Programmable Logic controllers (PLC).
- The application for industrial process control systems are diverse
ranging from simple traffic control to complex electrical grid, from
environmental control system to oil refinery process control.
- The intelligence of these automated systems lies in their
measurement and control units.
- SCADA is a combination of telemetry and data acquisition. It
encompasses the collecting of the information, transferring it back to
the central site, carrying out any necessary analysis and control and
then displaying that information on a number of operator screens or
displays. The SCADA is a centralized system and is composed of
various subsystems like Remote Telemetry Units, Human Machine
Interface, Programmable Logic Controller (PLC) and Communications
networks.
- DCS is a process-oriented system and it treats the control of the
process as its main task, and it presents data to operators as part of
its job.
- PLC is an industrial computer control system that continuously
monitors the state of input devices and makes decision based upon a
custom program, to control the state of devices connected as output.
They are based on the Boolean logic operations whereas some
models use timers and some have continuous control. These devices
are computer based and are used to control various process and
equipments within a facility. PLCs control the components in the DCS
and SCADA systems but they are primary/main components in
smaller control configurations.
- Embedded Control: In this control system, small components are
attached to the industrial computer system with the help of a network
and control is exercised.

3
 TOPIC 2: PROGRAMMABLE LOGIC CONTROLLER (PLC)
Introduction
- PLC is a unit of hardware used to control and automate industrial
processes. It is a micro-computer based controller that uses stored
instructions in programmable memory to implement logic, sequencing,
timing, counting and arithmetic functions through digital or analog
input/output modules, for controlling machines and processes.
- The term logic is used because programming is primarily concerned
with implementing logic and switching operation.
- The PLC is designed as replacement for the hard-wired relay and
timer logic to be found in traditional control panels, where PLC
provides ease and flexibility of control based on programming and
executing logic instructions.
- A PLC has three main aspects: the inputs and outputs and the control
program. In figure below, PLC has eight inputs and four outputs.
- The input is anything that can
sense the status of the
environment and then convert that
information in to a signal. Often the
signal can simply be a voltage that
is either on or off. For example,
input devices can be proximity
switches, photoelectric sensors,
temperature sensors, push
buttons, or pressure sensors.
- The outputs are connected to the devices that need to be controlled
like motors, indicator lights, fans, warning sirens or heating elements.
- Control processes need devices to monitor events or measure
needed values. These devices are generically called inputs to the
PLC.
- The program uses a set of logical instructions that drives the outputs
based on the inputs.
The Need for PLCs
- Hardwired panels were very time consuming to wire, debug and
change. The PLCs eliminates much of the hard wiring that was
associated with conventional relay control circuits.
- PLCs have the great advantage that the same basic controller can be
used with a wide range of control systems.
- PLCs require shorter installation and commissioning times than do
hard-wired systems. To modify a control system and the rules that are
to be used, all that is necessary is for an operator to key in a different
set of instructions. There is no need to rewire.
- The result is a flexible, cost effective, system which can be used with
control systems which vary quite widely in their nature and complexity.
- PLCs are similar to computers but whereas computers are optimized
for calculation and display tasks, PLCs are optimized for control tasks
and the industrial environment.
- Thus PLCs have specific features suited for industrial control :-
1. Rugged and designed to withstand vibrations, temperature,
humidity and noise
2. Modular plug-in construction, allowing easy replacement or
addition of units (e.g. input/output);
3. Standard input/output connections and signal levels
4. Have interfacing for inputs and outputs already inside the
controller.
5. Easily understood programming language which is primarily
concerned with logic and switching operations
6. Ease of programming and reprogramming in-plant;
7. Capable of communicating with other PLCs, computers and
intelligent devices;
8. Competitive in both cost and space occupied with relay and solid-
state logic systems.
· These features make programmable controllers highly desirable in a
wide variety of industrial-plant and process-control situations.
PLC Advantages
· Flexibility: One single PLC can easily run many machines.
· Correcting Errors: With PLC control, any change in circuit design
or sequence is as simple as retyping the logic. Correcting errors in
PLC is extremely short and cost effective.
· Space Efficient: Today's PLC memory is getting bigger and
bigger this means that we can generate more and more contacts,
coils, timers, sequencers, counters and so on. It is possible to
have thousands of contact timers and counters in a single PLC.
· Low Cost: Prices of PLC vary from few hundreds to few
thousands.
4
 · Testing: A PLC program can be tested and evaluated in a lab. PLC Hardware
The program can be tested, validated and corrected saving very The structure of a PLC can be divided several parts/components. The
valuable time. main parts are input/output modules, central processing unit, memory and
· Visual observation: When running a PLC program a visual programming terminal.
operation can be seen on the screen. Hence troubleshooting a a) Processor unit or central processing unit (CPU) is the unit
circuit is really quick, easy and simple. containing the microprocessor and this interprets the input signals
and carries out the control actions, according to the program
Typical PLC Applications stored in its memory, communicating the decisions as action
· PLCs are used to operate greenhouse irrigations systems. It can be signals to the outputs.
used to control how often and the amount of water distributed to b) Memory unit is where the program is stored that is to be used for
certain areas. It can control a large amount of valves to certain areas the control action to be exercised by the microprocessor and data
and is flexible as the greenhouse’s needs change. stored from the input for processing and for the output for
outputting.
· PLCs are used for sorting packages on a conveyor by operating a
diverter. A sensor can detect a package type and a series of diverters
can sort them at the end of the belt. But the PLC is flexible, it can be
reprogrammed if and when the sorting task changes or if enhanced
operation is needed.
· PLCs are implemented in a variety of control operations from large to
small. Carwashes are a popular use for PLCs because it involves
intricate use of sensors and motors, but also has the need for
relatively complex logic.
· Lumber mills use PLCs to control the main saw and loading of wood
while various sensors ensure safe operation so that people and
equipment are not harmed
· PLCs can withstand the harsh condition desert conditions while
controlling an oil recovery process. Temperatures can get higher than
120 degrees Fahrenheit in the desert, yet a PLC can read sensors
and control the motors necessary for oil extraction.

PLC Architecture
There are two types:
1. Open architecture design allows the system to be connected
easily to devices and programs made by other manufacturers.
2. Closed architecture or proprietary system is one whose design
makes it more difficult to connect devices and programs made by
other manufacturers.
NOTE: When working with PLC systems that are proprietary in nature you
must be sure that any generic hardware or software you use is
compatible with your particular PLC.
c) Input and output modules – are where the processor receives
information from external devices and communicates information
to external devices. The I/O unit provides the interface between
the system and the outside world, allowing for connections to be
made through I/O channels to input devices such as sensors and
output devices such as motors and solenoids. It is also through
the I/O unit that programs are entered from a program panel.
Every I/O point has a unique address which can be used
5
 d) Input and output (I/O) devices - is collection of physical 1. Arithmetic and Logic Unit (ALU) Which is responsible for data
elements of the control system that either provide or use I/O data. manipulation and carrying out arithmetic operations of addition and
e) Programming device / terminal are used to enter the required subtraction and logic operations of AND, OR, NOT and EXCLUSIVE –
program into the memory of the processor. The program is OR(X-OR) it receives control signals from the control unit telling it to
developed in the device and then transferred to the memory unit carry out these operations
of the PLC. 2. Control Unit – This controls the movement of instruction in and out of
f) Power supply unit is needed to convert the mains A.C voltage to the processor and also controls the operation of ALU. It consists of a
low d.c. voltages necessary for the processor and the circuits in decoder, controls logic circuit and a clock to ensure everything
the input end output interface modules. happens at the correct time. It is also responsible for performing the
g) Rack Assembly: Most medium to large PLC systems are instruction execution cycle.
assembled such that the individual components - CPU, I/O, power
supply - are modules that are held together within a rack. In
smaller PLC systems - all of these components may be contained
in a single housing or "brick" - these smaller systems are
sometimes referred to as "bricks" or "shoebox" PLCs.
h) Communication interface is used to receive and transmit data
on communication network from or to other remote PLC. It is
concurred with such actions as device verification, data
acquisition, synchronization between user applications and
connection management.

PLC CPU architecture

- The CPU controls and supervises all operations within the PLC,
carrying out programmed instructions stored in the memory.
- An internal communications highway, or bus system, carries
information to end from the CPU, memory and I/O units, under control
of the CPU.
- The CPU controls and processes all the operation within the PLC. It is
supplied with a clock with a frequency of between 1 and 8 MHz. This
frequency determines the operating speed of the PLC and provides
the timing and synchronization for all elements in the systems.
- The information within the PLC is carried by means of digital signals. 3. Registers – located within the microprocessor and used to store
- The internal paths along digital signal flow are called buses. A bus is information involved in program execution. It is a small amount of
just a number of conductors along which electrical signals can flow. internal memory that is used for the quick storage and retrieval of data
- The internal structure of the CPU depends on the microprocessor and instructions. All processors include some common registers used
concerned for specific functions, namely the program counter, instruction
- The simplified model consist of five parts ALU, CU, Registers, Buses, register, accumulator, memory address register and stack pointer.
and memory.

6
4. Bus - Buses are the paths used for communication within the PLC.
The information is transmitted in binary form i.e. as a group of bits
with a bit being a binary digit of 0 or 1.
· System bus is used for communication between the I/O ports and
I/O unit. It is a cable which carries data communication between
the major components of the computer including the
microprocessor.
· Control bus carries the signals relating to the control and co-
ordination of the various activities across the computer which can
be sent from the control unit within the CPU. It informs memory
devices whether they are to receive data from an input or output
data and to carry out timing signals used to synchronize actions.
· Data bus carries the data used in the process carried out by the
CPU. It is used for the exchange of data between the processor,
memory and peripherals, and is bidirectional. A micro processor
termed as being 8-bit has an internal data bus which can handle
8-bit number.
· Address bus is used to carry the addresses of memory location.
It contains the connection between the microprocessor and
memory that carry the signals relating to the addresses which the
CPU is processing at that time, such as the locations that the CPU
is reading from or writing to. Every memory location is given a
unique address.
5. Memory: - There are several memory elements in a PLC system.
· Executive memory or operating system memory which is read
only memory (ROM) to give permanent storage for operating
system and fixed data used by the CPU. It is the one that actually
does the scanning in the PLC.
· System memory – in order for the operating system to function, a
section of the memory is allotted for system administration. As the
executive program performs its duties, it often requires a place to
store intermediate results and information. A section of RAM
(Random Access Memory) is installed for this purpose.
· Data memory – This is a RAM where information is stored on the
status of input and output devices and the values of timers and
counters and other internal devices. Data RAM is sometimes
referred to as data table or register table.
· User program memory – The final area of memory in a PLC is
allocated to the storage of the user program. It is this memory
area that the executive program instructs the micro-processor to
examine or ‘scan’ to find the user instructions.
· I/O status memory or I/O image table. A portion of RAM is
allocated for the storage of current I/O status. Every single I/O
module has been assigned to a particular location within the I/O
image table. The location within the input and output image
table/map are identified by addresses, each location has its own
unique address.
Memory organization
- This refers to how certain areas of memory in a PLC are utilized.
Physical addressing is the ability to read data from a specific module
terminal or write information to a specific module terminal.
- During the execution of user program, the micro processor scans the
user program and interprets the user command, when information is
read from a contact or input, it is stored in memory. This portion of
memory is the input image table/map which is designated to store
this input information. Each input typically has at a minimum, a single
bit designated to store its information
- Data resulting from logical analysis by the CPU i.e. various output
device status generated during the execution of user program is
stored in memory labeled as the output image table/map
- From this point, the information is transferred to a designated output
module and then to a particular field device.
Basic PLC Operation
· A PLC works by continuously running a
program that checks the inputs and then
updates the outputs. The process of the PLC
running throughout its program is called
scanning. Scanning speed depends on the
program size and execution time.
· The total time for a PLC to check the inputs,
run the program and update the outputs is
called the cycle time. Typical cycle times are
10 ms to 100 ms. Every cycle the inputs are
check and saved to memory.
7
· Then the program is run using the status of the saved inputs. After the 4. Housekeeping – these steps includes communication with
program is done the outputs are updated and the cycle starts again. programming, internal diagnostic activities etc.

Scanning processes
· The PLC’s CPU monitors the status of all inputs. It takes these values
and energizes or de-energizes the outputs according to the ladder
diagram / user program. This is referred to as Scanning. The CPU of
the PLC executes the user program over and over again when it is in
the run mode.
· A scan does not consist of a PLC executing ladder diagram rung by
rung, but instead the PLC performs an I/O and program scan. The I/O
scans transfers data to and from the output and input modules
respectively.
· The information is transferred in the form of bits and stored in image
tables (image maps) are block of memory designated to store the
input and output bit state)
· The input and output is the portion of the PLC that interfaces with the
outside world. The actual bridge between the physical world and
internal world of the PLC is the optical isolation circuitry.
· There are four basic steps in the operation of all PLCs; input scan,
program scan, output scan, and house keeping. These steps
continually take place in a repeating loop.
1. Input scan: During the input scan, the current status of every
input module is stored in the input image (memory) table, bringing
it up-to-date. Thus all the status of the input devices (which in turn
is connected to the input module) is updated in the input memory
table.
2. Program scan: Following the input scan, the CPU enters its user
program execution, or program scan. The execution involves PLC input and output (I/O) devices
starting at the program's first instruction, then moving on to the - Input/output (I/O) is information representing the data that is received
second instruction and carrying out its execution sequence. This from senses elements / devices and the commands that are sent to
continues to the last program instruction. Throughout the user- actuating and indicating devices. The I/O system is collection of
program execution, the CPU continually keeps its output image physical elements of the control system that either provide or use I/O
(memory) table up-to-date. data.
3. Output scan: During program scan, the output modules - The term sensor is used for an input device that provides a usable
themselves are not kept continually up to date. Instead, the entire output in response to a specified physical input. For example, a
output image table is transferred to the output modules during the thermocouple is a sensor which converts a temperature difference
output scan which comes after the program execution. Thus the into an electrical output.
output devices are activated accordingly during the output scan.
8
- The term transducer is generally used for a device that converts a
signal from one form to a different physical form. Thus sensors are
often transducers, but also other devices can be transducers, e.g. a
motor which converts an electrical input into rotation.
- The number of I/O devices used within a control system is called its
point count. Thus the total number of digital and analog point is used
to give an indication of the size of a control system.
- PLC has input and output lines through which is connected to a
system it directs. Any electrical signal processing always requires a
voltage supply (an active part) and a load (passive part) or vice versa.
- I/O modules connect "real world" field devices to the controller. They
convert the electrical signals used in the field devices into electronic
signals that can be used by the control system, and translate real
world values to IO table values.
- I/O modules communicate with PLC CPU in one of three ways:
1. Backplane - The I/O modules can be located in the same rack or
station. Communications then takes place within the rack or
across the backplane.
2. Backplane extension - backplane extension modules allow I/O
modules to be located in racks or stations which are separated
from the controller.
3. Device network - modules can communicate with a controller
over a network. Industrial networks are used to interconnect field
level devices with controllers. Common IO networks are FieldBus,
Profibus, and DeviceNet.
- There are major types of I/O
· Analog – continuous devices that sense and respond to a range
of values
· Digital – binary devices which must be in one of only two states
on or off.
1. Analog input and output devices
- Analog input devices senses continuous parameters common analog
inputs are pressure, temperature, speed transducers etc.
- An analog input card converts a voltage by current leg or signal that
can be anywhere from 0 to 20mA) into digitally equivalent number that
can be understood by the CPU.
- To input an analog voltage (into a PLC or any other computer) the
continuous voltage value must be sampled and then converted to a
numerical value by an A/D converter. The process of sampling the
data is not instantaneous, so each sample has a start and stop time.
The time required to acquire the sample is called the sampling time.
A/D converters can only acquire a limited number of samples per
second. The time between samples is called the sampling period T,
and the inverse of the sampling period is the sampling frequency (also
called sampling rate). The sampling time is often much smaller than
the sampling period
- Analog output devices respond to a range of output values from the
controller common analog output signals include motor speed, valve
position, air pressure etc. An analog output card will convert a digital
number sent by the CPU to its real world voltage or current. Analog
device data requires significantly more manipulation and processing
then digital device data.
2. Digital input and output devices
- Inputs come from sensors that translate physical phenomena into
digital signal. Thus digital input devices may be either on or off, they
may not hold any other value.
- Common digital field input devices include push buttons, unit switches
and photo eyes.
- Digital output devices are devices which give either on or off.
Common types are relays, motor starter, solenoid valves etc.
Examples of inputs and outputs
- Inputs for a PLC come in a few basic varieties the simplest are AC
and DC inputs. Examples of input devices are:
· Proximity switches – use inductance, capacitance or light to
detect an object logically
· Switches – mechanical mechanisms will open or close electrical
contacts for a logical signal
· Potentiometer – measures angular position continuously using
resistance.
· LVDT (Linear variable differential transformer) – measures
linear displacement continuously using magnetic coupling.
- Outputs to actuators allow a PLC to cause something to happen in a
process. Outputs from PLC are often relays, but they can also be solid
state electronics such as transistors for DC output or TRIACs for AC
9
 outputs. Continuous output requires special output cards with digital to
analog converters.
- Examples are
· Solenoid valves – logical output that can switch a hydraulic or
pneumatic flow
· Lights – logical output that can often be powered directly from
PLC output boards
· Motor starters – motors often draw a large amount of current
when started, so they require motor starters which are basically
large relays.
· Servo motors – a continuous output from the PLC can command
a variable speed or position.
Active and passive inputs/outputs
- Active I/O are those inputs or outputs which have the power source
and are referred to as having a current source or voltage source
(sourcing)
- Passive I/O are those inputs or outputs which do not have power
source and acts as the load or current sink (sinking)
- In order that an electrical circuit can function properly, current must
flow in a circuit even when an instrument is usually known as a load,
the current is not consumed by its rather it only flows from the current
or voltage source through the load and back to the current source.
Sourcing and sinking
- Sourcing and sinking are used to describe the way in which d.c
devices are connected to a PLC and uses d.c currents and voltages.
1. Sourcing – When active, current flows from supply, through the use a
single supply voltage. With sourcing, using the conventional current
flow direction as from positive to negative, an input device receives
current from the input module i.e. the input module is the source of the
current (Fig a)
- If the current flows from the output module to an output load then the
output module is referred as to sourcing (fig b)
Output
Module
2. Sinking- when active the output allows current to flow to a common
ground. This is best selected when different voltages are supplies.
- With sinking, using the conventional current flow direction from
positive to negative, our input device supplies current to the input
module i.e. the input module is the sink for the current (fig a)
- If the current flows to the output module from an output load then the
output module is referred to as sinking (fig b)
Output
Module
10
 Typical Connections of PLC Types of PLC system
· The PLC sizes are given in terms of program memory size and the
maximum number of I/O points the system can support.
· However to evaluate properly any PLC, consideration is taken for
- . many additional features such as its processor, cycle time, language
facilities, functions expansion capability etc.

PLC size Max I/O point User memory size

defined (No. of instructors)
Small 40/40 1k
Medium 128/128 4k
Large >128/>128 >4k

1. Small PLC – small and mini PLCs are designed as robust, compact
units which can be mounted on or beside the equipment to be
controlled. They are mainly used to replace hard wired logic relays,
timers, counters etc that control individual items of plant or
machinery, but can also be used to co-ordinate several machines
working in conjunction with each other. Programming is by way of
logic instruction list (mnemonic) or relay ladder diagrams.
2. Medium-sized PLC: - In this range, modular construction
predominates with plug-in modules on rack mounting system or
Back plane system. This allows the simple upgrading or expansion
of the system by fitting additional 1/0 cards into the racks
3. Large PLC - where control is very large numbers of input and
output points is necessary or complex control functions are required,
a large PLC is selected. It is designed for use in large plants or
machines requiring continuous control. They are also employed as
supervisory controllers to monitor and control several other PLCs or
intelligent machines e.g. CNC tools.

PLC styles of construction

· The main styles are unitary, modular and rack mounting.
1. Unitary PLC - is the smallest and least expensive. It contains every
feature of a basic system in one box and is attached to the machine
being controlled. They are not expandable so the application is limited
to on-board I/O.
2. Modular – These are a range of modules that slot together to build up
a system. Basic modules are the power supply, the main module
11
 containing the CPU, the input module and the output module. Modular - PLC programming process is to plan activities such as design and write
PLCs are used in applications where a higher I/O count is needed or a program to perform the required tasks. The parts that should be
when using specialty modules such as quadrature encoders. They
there in a PLC program are shown.
may be designed to be fixed direct to a back panel. Usually they are
arranged on a rack or rail and mounted inside a large cabinet for
protection and security. The main advantage is that the number of
input and output terminals can be expanded to cope with changes to
the hardware system.
3. Rack mounting – are usually more expensive, expandable and
powerful than modular PLC. The rack provides a power and
communication backplane that greatly increases the communication
rate between the processor and the modules as well as allowing some
specialty modules to communicate with each other without the
processor. The number of available 1/0 points is also much higher in
the rack systems.

- While ladder logic is the most commonly used PLC programming

language, it is not the only one.
- IEC 61131-3 (Formerly IEC 1131-3) is the international standard for
PLC languages. The following is a list of programming languages
specified by this standard.
PLC Programming i) Ladder diagram (LD)
- Programming devices can be hand-held devices, a desktop console ii) Instruction list (IL)
or a computer. Only when the program has been designed on the iii) Function block diagram (FBD)
programming device is ready, it is transferred to the memory unit of iv) Structured text (ST)
the PLC v) Sequential function chart (SFC)
· Hand-held programming devices – will normally contain enough 1. Ladder diagram language (LD): It uses a standardized set of
memory to allow the unit to retain programs while being carried ladder programming symbols to implement control functions.
from one place to another. Initially programmed with simple contacts that simulated the
· Desktop consoles – are likely to have a visual display unit with a opening and closing of relays, ladder logic, programming has
full keyboard and screen displays. extended to include such functions as counters, timers, shift
· Personal computers – are widely configured as program registers and mathematical operations.
development work station. A major advantage of using a computer
is that the program can be stored on the hand disk or CD and
copies easily made.

12
2. Instruction list – a low level (assemble like) language that is
based on similar instructions list languages found in a wide range
of today’s PLCs.
3. Structured text – A high level text language that encourages
structured programming. It has a language structure (syntax) that
strongly resembles PASCAL and supports a wide range of
standard functions and operations. For example
IF (Limit_switch1 AND Workpiece_Present) THEN
Gate1 :- Open;
Gate2 :- Close;
ELSE
Gate1 :- Close;
Gate2 :- Open;
End_IF;
4. Function block diagram (FBD) –is a graphical language that
allows the user to program elements (e.g., PLC function blocks) in
such a way that they appear to be wired together like electrical
circuits. It is very useful for expressing the interconnection of
control system algorithms and logic.
5. Sequential function chart: A method of programming complex
control systems at a more highly structure level. It is an over view
of the control system, in which the basic building blocks are entire
program files.
Ladder diagram Language
- A ladder diagram is a symbolic representation of an electrical circuit.
Thus the symbols utilized closely resemble schematic symbols for
electrical devices.
- This language is a symbolic instruction set that is used to create PLC
programs. The ladder instruction symbols can be formatted to obtain
the desired control logic, which is then entered into memory. Since
this type of instruction set consists of contact symbols, it is also
referred to as contact symbology
- To introduce ladder logic programming, simple switch circuits are
converted to relay logic and then to PLC ladder logic.
- The industry trend is toward using the IEC 61131-3 standard, though
a voluntary standard; individual manufactures here some freedom in
the implementation.
- Other PLC manufacturers are Allen-Bradley, Control Logix, Modicon,
Siemens 57 etc.
Ladder logic symbols
1. The basic ladder logic input symbols are
1. Normally open (NO) contact: pass power (ON) if
coil driving the contact is ON (closed)
2. Normally closed (NC) contact: pass power (ON)
if coil driving the contact is off (open)
3. Positive transition sensing contact: if condition
before the instruction change from OFF to ON,
this instruction passes power for only one scan
(until rung is scanned again)
4. Negative transition sensing contact: if condition
before this instruction change from ON to OFF,
this instruction passes power for only one scan
(until rung is scarred again)
2. The basic ladder logic coil (output) symbols
1. Output or coil: if any left-to-right path of
instruction passes power, the output is energized.
If there is no continuous left-to-right path of
instruction passes power, the output is de-
energized.
13
2. Negated coil: if any left-to-right path of inputs
passes power, the output is de-energized. If there
is no continuous left to right path of instructions
passing power the output is energized
3. Set coil: if any rung bath passes power output is
energized and remains
energized, even when no rung path pass power
4. Reset coil: if any rung path passes power output
is de-energized and remains de-energized, even
when no rung path passes power.
- Since the PLC was developed to replace relay logic control system, it
was only natural that initial language closely resembles the diagrams
used to document the relay logic.
- By using this approach, the engineers and technicians using the early
PLC did not need retraining to understand the program.
- The use combinational logic where the output is purely dependent
of the combination of inputs at any instant in time. They use AND, OR,
NOT, X-OR to create ladder logic. In all the ladder logic, symbols are
used for all inputs, outputs and internal memory.
- Vertical lines on the left and right are called the power rails. The
contacts are arranged horizontally between the power rails, hence the
term rung.
- The main functions of a ladder diagram program are to control outputs
and perform functional operations based on input conditions. Ladder
diagrams use rungs to accomplish this control.
- In general, a rung consists of a set of input conditions (represented by
contact instructions) and an output instruction at the end of the rung
(represented by a coil symbol). The contact instructions for a rung
may be referred to as input conditions, rung conditions, or the control
logic
Ladder diagram rules
- A ladder diagram is read from left to right and from top to bottom.
- The vertical power lines or rails may be labeled L1, L2 or X1, X2 when
the voltage potential is derived from a transformer.
- Devices are shown in order of importance whenever possible. Stop
button should be given a higher order of importance.
- All contracts associated with a device change state when the device is
energized.
- Devices that perform a stop function are normally placed in series on
a rung.
- Devices that perform a start function are normally placed in parallel or
in a branch configuration.
- Contact associated with relays timers, motor starters always have the
same number or letter designation as the device that controls them.
Example 1
Two switches labeled A and B are wired in SERIES controlling a lamp.
Implement this function as PLC ladder logic where the two switches are
separate inputs.
14
Solution ii) NAND gate

X=A.B

iii) NOR gate

- The PLC ladder logic notation is shortened from the relay wiring
diagram to show only the third line, the relay contacts and coil of the
output relay.

Example 2
Two switches labeled A and B are wired in PARALLEL controlling a
lamps implement this function as PLC ladder logic where the two
switches are separate inputs. iv) XOR gate

Solution

X=A+B

Example 3
Draw a ladder diagram for the NOT, NAND, NOR and XOR gate
i) NOT gate

15
Questions Instruction List
1. Devise a ladder diagram for a system where there has to be no output · This is a low-level language similar to the machine or assembly
when any one of four sensors gives an output, otherwise there is to be language used with microprocessors. This type of language is useful
an output. for small applications, as well as applications that require speed
2. A signal lamp is required to be switched on if a pump is running and optimization of the program or a specific routine in the program
the pressure is satisfactory, or if the lamp test switch is closed. Draw a · This programming method, which can be considered to be the
ladder diagram. entering of a ladder program using text, gives programs which consist
3. Consider a valve which is to be operated to lift a load when a pump is of a series of instructions, each instruction being on a new line. An
running and either the lift switch is operated or a switch operated instruction consists of an operator followed by one of more operands,
indicating that the load has not already been lifted and is at the bottom i.e. the subjects of the operator. In terms of ladder diagrams an
of its lift channel. Devise a ladder diagram. operator may be regarded as a ladder element.
4. An Alarm system is used in conjunction with an automated bottling · Each instruction may either use or change the value stored in a
system in a milk bottling plant. A conveyer belt carries empty bottles memory register.
that are to be filled with milk. The alarm goes off in any of the · There are a lot of instructions used to develop the PLC program. Each
conditions occurs. instruction has a respective function. For this, mnemonic codes are
- Milk tank is empty and bottles are in conveyor belt. used, each code corresponding to an operator/ladder element. The
- There are no bottles in the conveyer and there is milk in the tank. codes used differ to some extent from manufacturer to manufacturer,
- There is milk in the tank and bottles on the conveyor belt but though a standard IEC 1131-3 has been proposed and is being widely
electric power is off. adopted.
- There is no milk in the tank, no bottles on the conveyor belt and
electric power is off. Instruction code mnemonics
i) Write down a Boolean expression for the alarm system.
ii) Implement this system using a PLC ladder diagram.
5. Draw the ladder rungs to represent:
a. Two switches are normally open and both have to be closed
for a motor to operate.
b. Either of two, normally open, switches have to be closed for a
coil to be energized and operate an actuator.
c. A motor is switched on by pressing a spring-return push button
start switch, and the motor remains on until another spring-
return push button stop switch is pressed.
d. A lamp is to be switched on if there is an input from sensor A
or sensor B
e. A light is to come on if there is no input to a sensor.
f. A solenoid valve is to be activated if sensor A gives an input.

16
1. LD - LOAD Instruction: These instructions are use to start a line of
the program. It is used in the first contacts in the normally open
condition (NO). The Execution Conditions of the instruction on the
right will be ON when internal relay (IR) 00000 is ON.

5. OR - OR Instruction: These instructions are used in the second

contact in a normally open (NO) and in line (parallel) with previous
contacts. The Execution Conditions of the instruction on the right will
be ON when either IR 00000 or IR 00001 are ON.

2. LD NOT - LOAD NOT Instruction: These instructions are use to start a

line of the program. It is used in the first contacts in the normally
closed condition (NC). The Execution Conditions of the instruction on
the right will be ON when IR 00000 is OFF.

6. OR NOT - OR NOT Instruction: These instructions are used in the

second contact in a normally closed (NC) and in line (parallel) with
previous contacts. The Execution Conditions of the instruction on the
right will be ON when either IR 00000 is ON or IR 00001 is OFF or IR
00000 ON, IR 00001 OFF simultaneously.
3. AND - AND Instruction: These instructions are used in the second
contact in a normally open (NO) and a series with previous contacts.
The Execution Conditions of the instruction on the right will be ON
when IR 00000 and IR 00001 are ON.

7. OUT - OUTPUT Instruction: These instructions are used for the coil
output. IR 10000 will ON when IR 00000 is ON.

4. AND NOT - AND NOT Instruction: These instructions are used in the
second contact in a normally closed (NC) and in series with previous
contacts. The Execution Conditions of the instruction on the right will
be ON when IR 00000 ON and IR 00001 are OFF.
17
8. END: END instruction has no physical contact device. It is the last
instruction required for completion of a program. If no END instruction,
the program cannot be implemented. For PLC type OMRON -
SYSMAC CQM1H, the instruction FUN 01 is the END instruction.

11. OR LD and AND LD: When both logic block instruction is to be used
in Ladder Diagram, a program must be written from the bottom up to
merge logic blocks. For example, ladder diagram below: Logic block
9. OR LD - BLOCK LOGIC OR Instruction: The OR LD instruction has no of instruction for the last two blocks (blocks b1 and b2 blocks) are
physical contact device. Only a programming tool for solving complex written first and then followed by the first logic block instruction (block
OR function as a series of contacts LD (or LD NOT), in parallel with a a).
series of other contacts.

10. AND LD - BLOCK LOGIC AND Instruction: The AND LD no physical

contact device. Only a programming tool for solving complex
functions such as AND connects a number of OR, OR NOT, OR LD in
the series.

18
Examples
1. A signal lamp is required to be switched on if a pump is running and
the pressure is satisfactory, or if the lamp test switch is closed.
2. For a valve which is to be operated to lift a load when a pump is
running and either the lift switch is operated or a switch operated
indicating that the load has not already been lifted and is at the bottom
of its lift channel, Figure shows the ladder program and the related
instruction list.
3. For a system where there has to be no output when any one of four
sensors gives an output, otherwise there is to be an output, Figure
shows the ladder program and the instruction list.
Sequential control
- This is where the output is dependent not only on the actual inputs but
on the sequence of the previous inputs and outputs (memorizing
events).
- Sequential problems have long been solved using conventional logic
gates as building blocks, but using certain techniques to express and
identify the sequence logic equations that control the system outputs.
- Advanced PLC instructions such as shift registers, sequencers,
master control relays, timers etc are provided to simplify the design
and implementation of sequence systems.
Internal Relay
- In PLCs there are elements that are used to hold data, i.e. bits, and
behave like relays, being able to be switched on or off and switch
other devices on or off. Hence the term internal relay.
- Such internal relays do not exist as real-world switching devices but
are merely bits in the storage memory that behave in the same way
as relays.
- For programming, they can be treated in the same way as an external
relay output and input. Thus inputs to external switches can be used
to give an output from an internal relay.
- This then results in the internal relay contacts being used, in
conjunction with other external input switches to give an output, e.g.
activate a motor.
- For the first rung: when input 1 or input 3 is closed and input 2 closed,
then internal relay IR 1 is activated. This results in the contacts IR 1
closing. If input 4 is then activated, there is an output from output 1.
- Such a task might be involved in the automatic lifting of a barrier when
someone approaches from either side. Input 1 and input 3 are inputs
19
 from photoelectric sensors that detect the presence of a person,
approaching or leaving from either side of the barrier, input 1 being
activated from one side of it and input 3 from the other. Input 2 is an
enabling switch to enable the system to be closed down.
- Thus when input 1 or input 3, and input 2, are activated, there is an
output from the internal relay 1. This will close the internal relay
contacts. If input 4, perhaps a limit switch, detects that the barrier is
closed then it is activated and closes. The result is then an output
from Out 1, a motor which lifts the barrier.
- If the limit switch detects that the barrier is already open, the person
having passed through it, then it opens and so output 1 is no longer
energized and a counterweight might then close the barrier.
- The internal relay has enabled two parts of the program to be linked,
one part being the detection of the presence of a person and the
second part the detection of whether the barrier is already up or down
SET and RESET
- Another function which is often available is the ability to set and reset
an internal relay. The SET instruction causes the relay to self-hold, i.e.
latch. It then remains in that condition until the RESET instruction is
received. The term flip-flop is often used.
- The SET coil is switched on when power is supplied to it and remains
set until it is RESET. The RESET coil is reset to the off state when
power is supplied to it and remains off until it is SET.
- SET and RESET instruction will change the status of bit operations
only when the implementation is ON. In the OFF condition, the
instructions will not change the bit operation status.
- When the input instruction LD 00000 is ON, SET instruction command
to ON and always ON regardless of whether the input instruction LD
00 000 is ON or OFF.
- When the inputs instruction LD 00001 is ON, RESET instruction is ON
and SET instruction will be off.
Example
An example of the basic elements of a simple program for use with a fire
alarm system is shown. Fire sensors provide inputs to a SET-RESET
function block so that if one of the sensors is activated the alarm is set
and remains set until it is cleared by being reset. When set it sets of the
alarm.
Timers
- In many control tasks there is a need to control time. Timers are
devices that count increments of time. PLCs thus have timers as built-
in devices. Timers count fractions of seconds or seconds using the
internal CPU clock.
- The way the timers work varies from one type of PLC to another. A
common approach is to consider timers to behave like relays with
coils which when energized result in the closure or opening of
contacts after some preset time. The timer is thus treated as an output
for a rung with control being exercised over pairs of contacts
elsewhere.
- The timer compares its current time with the preset time. The output
of the timer is a logic 0 as long as the current time is less than the
preset time. When the current time is greater than the preset time the
timer output is a logic 1.
- TIMER (TIM) is the instructions that require numbers TIM (N) and the
set value (SV). The range of numbers TIM is from 000 to 511, while
the range of set values for the TIM is 0000 to 9999
- The numbers TIM can not be used twice. When a number has been
used as definer, such as number 000 for instructions on TIM, the
number can not be used again.
- When a number is defined as the number of
TIM, it can be used as often as required as
an operator operand in other instructions
from the command TIMER.
20
Example 1
- Timer is enabled / activated when the execution condition is ON and
will be reset to set value (SV) when the execution condition is OFF.
- The set value (SV) of TIMER is the BCD between #0000 to #9999.
For example if TIMER be set 0 – 5 seconds, then the set value is #
0050
- Operation condition: When the input (LD 00000) is ON, the timer
contact will be activated after 5 seconds. Next the output (OUT
10000) will be ON.
Example 2
- Operating condition: When the input (LD 00000) ON, the timer (TIM
000) will be activated after 5 seconds and the output (OUT 10000) will
be ON. While the output (OUT 10001) will be ON as soon as the
supply is supplied and will be OFF after 5 seconds. Timer will
continue to be active as long as the input 00000 state is ON.
Example 3
· When the input (LD 00000) ON, the timer (TIM 000) will be
activated after 5 seconds. Next the output (OUT 10000) will be
ON. After 3 seconds the output (OUT 10000) ON, the timer (TIM
001) will be activated the next output (OUT 10000) will be OFF
and the timer (TIM 001) will be OFF. When the timer TM001 OFF,
contact TIM 001 (NC) will be ON and the output (OUT 10000) is
ON state. Output (OUT 10000) will continue ON and OFF until the
input (LD 00000) in the OFF state.
21
Question Example 1
Two motors (M1 and M2) are to be controlled as follows: Counter set to count 10. When the input (LD 00,000) is the pulse of ten, a
- When the run switch is operated both motor must run counter will be activated and thus the output (OUT 10000) will be ON.
- After 4 min motor 1 must stop When reset (LD 00,001) ON, a counter will be in original condition
- Motor 2 continues running for another 2 min and stops
- At this point a lamp is switched on
- After a further 90 sec, the lamp goes off and the cycle restarts
- If a stop switch is operated at any time, the system will continue to the
end of the cycle and then stop. Produce the PLC program

Counters
- Counters used in PLCs serve the same function as mechanical
counters. Counters compare an accumulated value to a preset value
to control circuit functions.
- Counter is used to count and store the number of occurrence of an
input signal. Control applications that commonly use counters include
the following:
• Count to a preset value and cause an event to occur
• Cause an event to occur until the count reaches a preset value
- Counters increment/decrement one count each time the input Example 2
transitions from off (logic 0) to on (logic 1).
- Counter (CNT) is the instructions that require numbers TIM/CNT (N)
and the set values (SV). Counter set to count 5. When the
- The range of numbers CNT is from 000 to 511, while the range of set input (LD 00,000) is the pulse of five,
values for the CNT is 0000 to 9999 a counter will be activated and thus
- When a number is defined as the number of CNT, it can be used as the output (OUT 10000) will be ON.
often as required as operator operand in other instructions from the When the output (OUT 10000) ON,
command COUNTER. TIM 001 will be activated after 3
- The counters are reset when a RESET instruction is executed seconds and then the output (OUT 10
001) will be ON. Both the output
(OUT 10000) and (OUT 10 001) will
always be ON until reset (LD 00001)
in the ON state. Reset will return the
counter to its original condition.

22
Questions
1. Components pass along a chute and interrupt a light switch which
goes low (off) each time it is interrupted. Every time 6 components
have been counted, an eject operation is used to remove the batch
and the then it all starts again.
Produce a ladder logic diagram to do this operation. The counter is
designated C460
2. Design a ladder program for an industrial control system that:
· Count ten objects passing along a conveyor belt;
· Closes a deflecting gate when the number has been
deflected into a carton
· Allows a time of 5 seconds between the tenth object counted
and closing of the deflector.
3. A controlled car park has 4 spaces in the packing lot. Cars are
detected and allowed to enter into the parking space if available. If NO
space a “Full” indicator lamp should be lit, otherwise individual
indicator lamps should light to show the available parking space.
Design a PLC ladder diagram of the car parking system; include
comments on every rung.
4. With the aid of a ladder program and a process control figure, explain
how a converter can be used in a machine to direct 6 products to a
packaging box and 12 products to another box simultaneously.
PLC External peripherals
- A peripheral is a device that is connected to a host PLC, but not part
of it. It expands the host’s capabilities but does not form part of the
core PLC architecture.
- Peripheral devices to the PLC and its I/O base(s) can be anything
from a host computer and controls console to a motor drive unit or
field unit switch.
- Printers end industrial terminals used for programming are also
peripheral devices.
- These external operating devices, with their sometimes harsh and/or
fast signal characteristics, must be able to interface with the PLC’s
sensitive microprocessor.
- There are three different types of peripherals:
· Input, used to interact with, or send data to the computer/ PLC
(mouse, keyboard etc)
· Output, which provides output to the user from the PLC/computer
(Monitors, printers, displays etc)
· Storage, which stores data processed by the computer (Hand
drives, flash drives etc)
1. Printers
- In computing, a printer is a peripheral which produces a
representation of an electronic document on physical media such as
paper. Many printers are local peripherals connected directly to a
nearby personal computer. Individual printers are often designed to
support both local and network connected users at the same time.
Most Multifunction printers (MFPs) include printing, scanning, and
copying among their many features.
- Printers can be classified by the printer technology they employ, with
many techniques being available as commercial products.
- The choice of print technology has a great effect on the cost of the
printer and cost of operation, speed, quality and permanence of
documents and noise.
- A second aspect of printer technology that is often forgotten is
resistance to alteration: liquid ink, such as from an inkjet head or
fabric ribbon, becomes absorbed by the paper fibers, so documents
printed with liquid ink are more difficult to alter than documents printed
with toner or solid inks, which do not penetrate below the paper
surface.
23
2. Network interface controller (NIC)
- NIC also known as network interface card, network adaptor is a
computer hardware component that connects a PLC to a computer
network.
- It is an expansion card that allows PLC/computers to communicate
over a computer network
- The network controller implements the electronic circuitry required to
communicate using a specific physical layer end data link layer
standard such as Ethernet, WI-FI or token ring.
- This provides a base for a full network protocol stack, allowing
communication among small groups of PLC/computers on the same
LAN and large – scale network communication through routable
protocols such as IP.
- The NIC may use one or more of two techniques to indicate the
availability of packets to transfer.
· Polling is where the CPU examines the status of the
peripheral under program control
· Interrupt – driven I/O is where the peripheral alerts the CPU
that it is ready to transfer data.
and may use one or more of two techniques to transfer packet data:
· Programmed input/output is where the CPU moves the data to or from
the designated peripheral to memory.
· Direct memory access is where an intelligent peripheral assumes
control of the system bus to access memory directly. This removes
load from the CPU but requires more logic on the card. In addition, a
packet buffer on the NIC may not be required and latency can be
reduced.
3. Programmer interface
- The programmer interface in the industrial design field of human –
machine interaction, is the space where interaction between human
and machine occurs.
- The goal of this interaction is effective operation and control of the
machine on the user’s end, and feedback from the machine which
aids the operator in making operational decisions.
- Examples of this broad concept of user interfaces include the
interactive aspects of computer operating systems, hand tools, heavy
machinery operator controls, and process controls.
- The user/programmer interface includes hardware (physical) and
software (logical) components
- It provides a means of
· Input, allowing the user to manipulate a system
· Output, allowing the system to indicate the effects of the
user’s manipulation.
Generally, the goal of human-machine interaction engineering is to
produce a user interface which makes it easy, efficient, and enjoyable to
operate a machine in the way which produces the desired result. This
generally means that the operator needs to provide minimal input to
achieve the desired output, and also that the machine minimizes
undesired outputs to the human.
With the increased use of personal computers and the relative decline in
societal awareness of heavy machinery, the term user interface is
generally assumed to mean the graphical user interface, while industrial
control panel and machinery control design discussions more commonly
refer to human-machine interfaces.
PLC Systems and safety
- An important standard is IEC (International Electro-technical
Commission) 61508: functional safety of electrical/electronic
programmable electronic safety-related systems.
- In order to provide functional safety of a machine or plant, the safety-
related protective or control systems must function correctly and when
a failure occurs it must operate so that the plant or machine is brought
into a safe shut-down state.
Fail-safe design
- Safety must be a priority in the design of a PLC system. Thus
emergency stop buttons and safety guard switches must be hard
wired and not depend on the PLC software for implementation so that
in the situation where there is a failure of the stop switch or PLC, the
system is automatically safe. The system must be fail-safe.
- Fail-safe design is a method of designing control system such that if
a critical component in the system fails, the system immediately
becomes disabled.
24
- Hence, fail-safe design is the procedure or programming to ensure
safety of the operator and processes.
- Fail-safe design rules of thumb for selecting No or NC devices are as
follows:
· NO – when wiring switches or sensors that start actions, use
normally open switches so there is a problem with the switch
the process will not start.
· NC – When wiring switches that stop process use normally
closed switches so if they fail the process will stop.
- The following program, START will override STOP and RUN will
switch on as long as START is pressed.
Unsafe start/stop program
- With a PLC system, a stop signal can be provided by a switch as
above
- This arrangement however is unsafe as an emergency stop because
if there is fault and the switch cannot be operated, then no stop the
system.
- What is required is a system that will still stop if a failure occurs in the
stop switch.
- The program has the STOP switch as the open contacts. However,
because the hardwired stop switch has normally closed contacts then
the program has the signal to close the program contacts.
- Pressing the stop switch
opens the program
contacts and stops the
system.
Phases of creating a PLC system
- This involves fives phases; design, selection and supply,
programming, installation, commissioning.
1. Phase 1 – Design – This is the designing of the system installation
which include communication systems. In this stage, it shows all
design basis documents, now the system will be constructed and
commissioning of the same.
2. Phase 2 – Selection and Supply – After the planning phase of the
design, the equipment can be ordered. The first decision is the type of
controller rack, mini, micro or software based. The decision will
depend on:-
· Number of logical inputs and outputs
· Memory size
· Number of special I/O modules
· Method/techniques of communication – serial and networked
communication allow the PLC to be programmed and talk to other
PLC
· Availability of programming software and other tools that
determine the programming and debugging
· Scan time – the shorter the scan time the higher the cost.
The process of selecting a PLC follows the following steps
· Understand the process to be controlled
· Select the vendor/seller of PLC modules
· Plan the ladder logic for the control
· Count the program instructions and enter the values into the sheet.
3. Phase 3 – Programming: This stage involves programming the PLC,
depending on the language used. It will also depend on the type of
programmer available.
i) PLC software for personal computers – Similar to the
specialized programming units, but software runs on a multi-
use, user supplied computer. This approach is typically
preferred.
ii) Hand held units (or integrated) – allow programming PLC
using a calculator type interface. Often done using
mnemonics.
iii) Specialized programming units – effectively a portable
computer that allows graphical editing of the ladder logic,
and fast uploads/downloads/monitoring of the PLC
25
4. Phase 4 – installation
This stage involves installing and placing all components of PLC
system hardware and software in compliance with the design
document. It entails the following phase/steps:
i) Panel/cabinet installation – The panel/cabinet installed should
allow enough space for air circulation. Do not install PLC above
equipment that generate large amount of heat. Do not install the
PLC in a panel or cabinet with high voltage equipment. Provide a
clear path for operation and maintenance.
ii) Installation of CPU unit and I/O unit – The small PLC must be
installed in the horizontal position for the big PLC before installing;
the units have to be compiled one by one. To build a rack PLC,
provide back plane (Back plane is a simple device having two
functions. The first is to provide physical support for units to be
mounted to it. The second is to provide the connectors and
electrical pathways necessary for connecting the units mounted to
it.
iii) Installing the expansion unit or expansion I/O unit – expansion
I/O unit are usually attached when amount of I/O devices to be
controlled increase its amount over than capabilities of the existing
I/O unit or attached when needed to a special need like
temperature sensor. Insert the expansion I/O units connecting
cable into the CPU units or expansion I/O unit expansion
connector.
iv) Installing I/O devices – I/O devices are attached at the place has
been determined in the work plan and wiring diagram. For
switches are usually attached at the panel while the sensor,
solenoid and motor is usually placed at the machine to be
controlled.
v) Wiring and connection – Hanging ducts is used if power cables
carrying more than 10A 400v or 20A 220V must be run alongside
the I/O wiring (that is in parallel with it); at least 300mm must be
left between the power cables and the I/O wiring. Ensure proper
grounding of all electrical installation. All electrical rack and
machine element should be grounded to a central ground bus.
5. Phase 5 - Commissioning
Commissioning of a PLC system involves
· Checking that all the cable connection between the PLC and the
plant being controlled are complete, safe and to the required
specifications and meeting standards.
· Checking that the incoming power supply matches the voltage
setting for which the PLC is set.
· Checking that emergency stop buttons work.
· Checking that all protective devices are set to their appropriate trip
settings.
· Checking that all I/O devices are connected to the correct I/O
points and giving the correct signals.
· Loading and testing the software.
Fault finding
- With any PLC controlled plant, the major faults are likely to be with
sensors, actuators and wiring rather than within the PLC itself.
- Of the fault within the PLC, most likely to be in the I/O channels or
power supply rather than in the CPU
- For example, consider a single output device failing to turn on though
the output LED is on. If testing of the PLC output voltage indicates
that its normal then the fault might be a wiring fault or a device fault. If
checking of the voltage at the device indicates the voltage there is
normal then the fault is the device.
- Many PLCs provide built-in fault analysis procedure which carries out
self-testing and display fault codes, with possibly a brief message,
which can be translated by looking up the code in a list to give the
source of the fault and possible methods of recovery.
Fault detection technique
The following are some of the common fault detection techniques used.
i) Timing checks – The term watching is used for a timing check that is
carried out by the PLC to check that some function has been carried
out within the normal time. If the function is not carried out within the
normal time, then a fault is assumed to have occurred and the watch
dog timer trips, setting off an alarm and perhaps closing down the
PLC. As part of the internal diagnostic of PLC, watchdog timers are
used to detect for faults.
26
 Time check can also be built into the ladder logic program. This is
where additional ladder rungs might included so that when a
function starts, a timer is started. If the function does not complete
when the timer finishes a fault is signaled.
ii) Last output set – This technique involves the use of status lamps
to indicate the last output that has been set during a process
which has come to a halt. Such lamps are built into the program
so that as each output occurs a lamp comes on. The lamps on
thus indicate which output are occurring. The program has to be
designed to turn off previous status lamps and turn on a new
status lamp as each new output is turned on.
iii) Replication – replication check involves duplication i.e.
replication, the PLC system. This could mean that the system
repeats every operation twice and if it gets the same result it is
assumed there is no fault. This procedure can detect transient
fault.
Alternatively, is to have duplicate PLC systems and compare the
results given by the two systems. In the absence of the fault the
two results should be the same, a fault showing up as a
difference.
iv) Expected values checks – Software errors can be detected by
checking whether an expected value is obtained when a specific
input occurs. If the expected value is not obtained then a fault is
assumed to be occurring.
Installation and Maintenance
- The design of programmable controllers includes a number of rugged
features that allow PLCs to be installed in almost any industrial
environment.
- System layout is the conscientious approach to placing and
interconnecting components not only to satisfy the application, but
also to ensure that the controller will operate trouble free in its
environment.
- In addition to programmable controller equipment, the system layout
also encompasses the other components that form the total system.
These components include isolation transformers, auxiliary power
supplies, safety control relays, and incoming line noise suppressors.
- Although programmable controllers are tough machines, a little
foresight during their installation will ensure proper system operation.
- In a carefully constructed layout, these components are easy to
access and maintain. Nevertheless, careful installation planning can
increase system productivity and decrease maintenance problems.
- The best location for a programmable controller is near the machine
or process that it will control, as long as temperature, humidity, and
electrical noise are not problems.
- Placing the controller near the equipment and using remote I/O where
possible will minimize wire runs and simplify start-up and maintenance
- Programmable controllers are designed to be easy to maintain, to
ensure trouble-free operation. Still, several maintenance aspects
should be considered once the system is in place and operational.
Certain maintenance measures, if performed periodically, will
minimize the chance of system malfunction.
- Preventive maintenance of programmable controller systems
includes only a few basic procedures, which will greatly reduce the
failure rate of system components.
- Preventive maintenance for the PLC system should be scheduled with
the regular machine or equipment maintenance, so that the
equipment and controller are down for a minimum amount of time.
- However, the schedule for PLC preventive maintenance depends on
the controller’s environment—the harsher the environment, the more
frequent the maintenance.
27
- The following are guidelines for preventive measures:
· Periodically clean or replace any filters that have been installed in
enclosures at a frequency dependent on the amount of dust in the
area.
· Do not allow dirt and dust to accumulate on the PLC’s
components; the central processing unit and I/O system are not
designed to be dust proof. If dust builds up on heat sinks and
electronic circuitry, it can obstruct heat dissipation, causing circuit
malfunction.
· Periodically check the connections to the I/O modules to ensure
that all plugs, sockets, terminal strips, and modules have good
connections. Also, check that the module is securely installed.
· Ensure that heavy, noise-generating equipment is not located too
close to the PLC.
· Make sure that unnecessary items are kept away from the
equipment inside the enclosure.
· If the PLC system enclosure is in an environment that exhibits
vibration, install a vibration detector that can interface with the
PLC as a preventive measure. This way, the programmable
controller can monitor high levels of vibration, which can lead to
the loosening of connections
Topic Questions
1. Define a programmable Logic Controller (PLC’s).
2. State the four steps in the operation of programmable logic controller
(PLC).
3. Draw a labeled block diagram of the internal architecture of a
Programmable Logic Controller (PLC) and state the function of each
block.
4. Define ladder logic control system.
5. With the aid of a block diagram, explain how a PLC process input
from the sensors.
6. Describe the following Programmable Logic Controller (PLC) system
styles.
i. Unitary
ii. Modular
iii. Rack Mounting
7. With the aid of a diagram, explain how PLC’s can be used to control
water level in a tank.
8. Explain why user interface is necessary in PLC’s.
9. Explain how fault-finding is carried out in PLC systems.
10. Explain the operation of the following input devices, stating the form of
the signal being sensed and the output: (a) reed switch, (b)
incremental shaft encoder, (c) photoelectric transmissive switch, (d)
diaphragm pressure switch
11. Explain how the on-off operation and direction of a d.c. motor can be
controlled by switches
12. Explain the continuous updating and the mass input/output copying
methods of processing inputs/outputs.
13. Devise a timing watchdog program to be used to switch off a machine
if faults occur in any of the systems controlling its actions.
14. Devise ladder programs which can be used to:
· Maintain an output on, even when the input ceases and when
there is a power failure.
· Switch on an output for a time of one cycle following a brief input.
· Switch on the power to a set of rungs.
15. Devise ladder programs for systems that will carry out the following
tasks:
· Switch on an output 5 s after receiving an input and keep it on for
the duration of that input.
· Switch on an output for the duration of the input and then keep it
on for a further 5 s.
· Switch on an output for 5 s after the start of an input signal
16. Devise ladder programs for systems that will carry out the following
tasks:
· Give an output after a photocell sensor has given 10 pulse input
signals as a result of detecting 10 objects passing in front of it.
· Give an output when the number of people in a store reaches 100,
there continually being people entering and leaving the store.
28
Topic 3
SUPERVISORY CONTROL AND DATA ACQUISITION (SCADA)
Introduction
- In modern manufacturing and industrial processes, mining industries,
public and private utilities, leisure and security industries telemetry is
often needed to connect equipment and systems separated by large
distances.
- Control system architecture can range from simple local control to
highly redundant distributed control. The SCADA system applies to
facilities that are large enough that a central control system is
necessary.
- SCADA refers to the combination of telemetry and data acquisition. It
encompasses the collecting of the information, transferring it back to
the central site, carrying out any necessary analysis and control and
then displaying that information on a number of operator screens or
displays. The required control actions are then conveyed back to the
process.
- SCADA is a widely distributed computerized system primarily used to
remotely control and monitor the conditions of field based assets from
a centralized location.
- The PLC is still one of the most widely used control systems in
industry. As need to monitor and control more devices in the plant
grew, the PLCs were distributed and the systems became more
intelligent and smaller in size. PLCs and DCS (distributed control
systems) are used
Components of a SCADA system
- SCADA encompasses the transfer of data between a SCADA central
host computer and number of remote sites (RTU) and the central host
and the operator termina ls.
- The figure below shows a generic SCADA system that employs data
multiplexing (MUX) between the central host and the RTU.
- SCADA system consist of:
1. Remote terminal unit (RTU): They are primarily used to convert
electronic signals received from field devices into (or from) the
language (known as the communication protocol) used to transmit the
data over a communication channel.
- It connects to sensors in the process, converting data to the
supervisory system.
- PLC used as field devices because they are more economical,
versatile, flexible and configurable than special-purpose RTU’s
- RTU gathers data from field devices (pump, valves alarms etc) in
memory, until the MTU (master terminal unit) initiates a second
command.
2. Communication network / system – used to transfer data between
field data interface devices and control units and the computers in the
SCADA host computer (MTU)
- This is intended to provide the means by which data can be
transferred between the central host computer server and field based
RTU.
- Communication network refers to the equipments needed to transfer
data to and from different sites.
- The medium used can either be cable, telephone or radio
- The way the SCADA system network (topology) is set up can vary
with each system but there must be uninterrupted, bidirectional
communication between the MTU and the RTU for a SCADA or data
acquisition system (DAS) to function properly.
- This can be accomplished in various way i.e private wire lines,
underground cables, telephone radio, modern, microwave dishes,
satellite and other atmospheric means and many times, system
employ more than one means of communicating to the remote site.
- Communication systems used for SCADA are often split into two
distinct part: WAN and LAN.
- The interface between the two parts is commonly achieved through
some form of multiplexing.
- Multiplexing allows different data streams to share single data link. It
combines communication paths to and from many RTUs into a single
bit stream, usually using Time Division Multiplexing (TDM).
29
- It may itself be a SCADA processing device that manages the local
network and not only combines data, but also reduces the amount of
data that be interchanged within the central host.
3. Central computer or master terminal unit (MTU)
- It is defined as the master or heart of a SCADA system and is located
at the operator’s central control facility.
- Most often it is a single computer or a network of computer servers
that provide a man-machine operator interface to the SCADA system.
- The computers process the information received from or sent to the
RTU sites and present it to human operator in a form that the
operators can work with.
- Operators terminals are connected to the central host computer by a
computer network so that the viewing screens end associated data
can be displayed for the operator.
- Some examples of the types of display screens offered by most
systems include:
· System overview pages displaying the entire system often
summarizing SCADA sites that might be faulty
· Site mimic screens for each individual RTU location showing
up to the minut e site information
· Alarm summary pages displayed current alarms and other
types of alarms in which have been acknowledged or not
· Trend screens enabling the operator to display the behaviour
of a particular variable over time.
4. Human machine interface (HMI)
- It is the apparatus which present process data to a human operator,
and through which the human operator controls the process.
- This displays this informati on in an easily understood graphical form,
a rehives the data recei ved, transmit alarms and permit operator
control as required.
- The HMI is essentially a PC system running powerful graphic and
alarm software programs.
- It is usually linked to the SC ADA system’s database and software
programs, to provide trending, diagnostic data and information
management.
5. SCADA software
- SCADA software can be divided into two types: open and proprietary.
- Proprietary software often is configured for a specific hardware
platform and may not interface with the software or hardware
produced by competing vendors.
- Commercial off-the shelf (COTS)/open software are more flexible,
and will interface with different types of hardware and software.
- The focus of proprietary software is on process and control
functionality while COTS software emphasizes on compatibility with a
variety of equipment and instrumentation.
- Software products typically used within a SCADA system are as
follows:-
· Central host computer operating system:- software used
to control the central host computer hardware.
· Operator terminal operating system – Software used to
control the central host computer hardware at the operators
terminal. It contributes to the networking of the central host
and operator’s terminal.
· Applications – They are of two types; central host computer
application and operator terminal applications. These
handles transmitted and reception of data to and from the
RTU and central computer. It also provides the GU/ which
offers mimic screens, alarm pages trend.
· Communication protocol drives: - required to control the
translation and interpretation of the data between ends of the
communication links in the systems.
How does SCADA Work
- SCADA is a computer system for gathering and analyzing real time
data
- The ability to monitor the entire control system in real time is
facilitated by data acquisition including meter reading and checking
status of sensors that are communicated at standard intervals
depending on the system.
- The collected field data is transmitted through a communication
network to the master terminal unit which the data is processed.
- The MTU monitors and control data from various field devices
(sensor) that are either in close proximity or off site.
30
- Thus in summary, the SCADA system perform the following four
functions:
· Data acquisition
· Networked data communication
· Data presentation
· Control
Data acquisition
- This is the process of sampling signals that measure real world
physical conditions and converting the resulting samples into digital
numerical values that can be manipulated by a computer.
- Data acquisition within SCADA system is accomplished first by the
RTU scanning the field data interface devices connected to the RTU.
- The time to perform this task is called the scanning internal. The MTU
scans RTU to access data in the process referred to as Polling the
RTU.
- Some systems allow the RTU to transmit field values and alarms to
the central host without be ing poxxxxx by the central host
- The components of data acquisition systems include:
· Sensors that converts physical parameters to electrical signals
· Signal conditioning circuitry to convert sensor signals into a
form that can be converted to digital values e.g implication,
alternation multiplexing.
· Analog to digital converters, which converts conditioned signals
to digital values.
· Data acquisition hardware acts as the interface between the
computer and the outside world. It primarily functions as a device
that digitizes incoming signal so that the computer can interpret
them.
Types of data acquisition systems (DAS)
These depend on type of communication protocol used.
i) Wireless data acquisition system: consist of one or more
wireless transmission se nding data back to a wireless receiver
connected to a remote computer.
ii) Serial communication data acquisition system: are good
choices when the measurement needs to be made at a location
which is distance from computer.
iii) USB DAS: The Universal Serial Bus (USB) is a new
standard for connecting P.C to peripheral devices such as
monitor, DAS.
Processing Data from the field
- Data can be of three main types:
i) Analog data (real numbers) which will be trended (placed in
graphs)
ii) Digital data (ON/OFF) which may have alarms attached to one
state or the other
iii) Pulse data (e.g. counting revolution of a meter) is analog data
normally accumulated or counted such data are treated within the
SCADA operator terminal software displays as analog data and
may be trended.
- Data from the field are processes to detect alarm conditions, and if
alarm is predent, it will be displayed on dedicated alarm list on the
application software running on the central host computer.
- Where variables in the field have been changing over time, the
SCADA system usually offers a trending system where the behaviour
of a particular variable can be plotted on a GUI screen (graphical user
interface screen).
Tasks in SCADA system
i) Input/output task – This program is the interface between the
control and monitoring system and plant floor.
ii) Alarm task – this manages all alarms by detecting digital alarm
point and comparing the values of analog alarm points to alarm
thresh hold.
NB: SCADA can be seen as a system with many data elements
called points. Each point is a monitor or sensor and there points
can be either soft or hard. Hard data points can be on actual
monitor; soft point can be application or software calculation.
Data elements from hand and soft points are usually always
recorded and logged to create a time stamp or history.
iii) Trend task: it collects data to be monitored over time.
iv) Report task – Reports are produced from plant data. These
reports are periodic, event triggered or activated by the operator.
v) Display task – manages all data to be monitored by the operator
and all control actions requested.
31
Application of SCADA system
- In essence, SCADA applica tion has two elements:-
i) The process/system/machinery needed to be monitored or
controlled: - This can take the form of a power plant, water
system, network, traffic light system.
ii) A network of intelligent devices that interfaces with the first system
through sensors and con trol output. This network, which is the
SCADA system, gives the capability to measure and control
specific elements of the first system.
- SCADA systems control are used in the following industries
i) Manufacturing: SCADA system manages parts inventories,
regulate industrial automation and robots, and monitor process
and quality control.
ii) Traffic signals: SCADA regulates traffic lights, controls traffic flow
and detects out of order signals.
iii) Electric power generation, transmission and distribution:
Electric utilities use SCADA system to detect current flow and line
voltage, monitor the operation of circuit breakers, and to take
sections of the power grid outline or offline.
iv) Building, facilities and environment: Facility managers use
SCADA to control HVAC, refrigeration units lighting and entry
systems.
v) Water and Sewage: state and municipal water utilities use
SCADA to monitor and regulate water flow, reservoir levels and
pipe pressure.
vi) Mass transit: transit authorities use SCADA to regulate electricity
to subways, trains and trolley buses, to automate traffic signals for
rail system; to track and locate trains and buses; and to control rail
road – crossing gates.
Benefits of SCADA
i) Improved operation of the plant or process resulting in savings due to
optimization of the system.
ii) Reduces the operating and maintenance cost hence maximize the
profits.
iii) Maximize productivity, ensure continuous production and increased
productivity of the personnel.
iv) Improved safety of the system due to better information and improved
control.
v) Protection of the plant equipment.
vi) Safeguarding the environment from a failure of the system.
vii) Enhances reliability and robustness of critical industrial processes.
viii) Improved energy savings due to optimization of the plant.
ix) Improved and quicker receipt of data so that clients can be invoiced
more quickly and accurately.
x) Government regulations for safety and metering of gas (for royalties &
tax etc).
Creating a functional SCADA system
(i) Phase 1: The DESIGN of the system architecture includes the
communication system. Also involved in this initial phase will be any
site instrumentation that is not currently in existence, but will be
required to monitor desired parameters. Design stage translate the
design basis document into a system design and document the
design clearly and completely so that it can be constructed properly,
commissioned completely, and operated and maintained reliably and
efficiently.
(ii) Phase 2: The SUPPLY of RTU, communication, and HMI equipment,
which consists of a PC system and the required powerful graphic and
alarm software programs.
(iii) Phase 3: The PROGRAMMING of the communication equipment and
the powerful HMI graphic and alarm software programs.
(iv) Phase 4: The INSTALLATION of the communication equipment and
the PC system. The stage involves installing and placing into
operation the SCADA system hardware and software in compliance
with the design documents.
(v) Phase 5: The COMMISSIONING of the system, where
communication and HMI programming problems are solved, and the
system is proven to the client, and operator training and system
documentation is provided. Commissioning is the formal process of
verifying and documenting that the installed SCADA system complies
with and performs in accordance with the design intent, as defined in
the design documentation
32
Design approaches/strategies for SCADA system
Local control system
- It describes a system architecture in which sensors, controllers and
controlled equipments are within close proximity and the scope of
each controller is limited to a specific system or sub-system.
- Local controllers are typically capable of accepting inputs from a
supervisory controller to initiate or terminate locally.
- Controlled automatic sequence, or to adjust control set points, but the
control action itself is determined in the local controller.
- Control action for each system or subsystem takes place in a local
controller but the central operator station has complete visibility of the
status of all systems and the input and output data in each controller,
as well as the ability to intervene in the control logic of the local
controller if necessary.
- In a DSC, data acquisition and control functions are performed by a
number of distributed micro-processor-based units, situated near to
the devices being controlled or the instrument from which data is
being gathered.
- Input and output wiring runs are short and less vulnerable to physical
description or electro-magnetic interference.
- The data highway is normally capable of high speed

a) Local b) Centralized

Centralized control system

- Describes a system in which all sensors, actuators and other
equipment within the facility are connected to a single controller or a
group of controllers located in a common control room.
- This type was common for power plants and other facilities using
single-loop controllers.

Distributed control system

- It offers the best features of both local control and centralized control.
- In a DCS, controllers are provided locally to systems or group of
equipment but networked to one or more operator stations in a central
location through a digital communication circuit.

33
User Configurable Open System (UCOS) · I/O Subsystem supporting I/O from all industry standard suppliers.
UCOS is a control system that employs object-oriented techniques at The same logic can be solved to manipulate different I/O
every level of its system architecture. It includes a number of subsystems from different manufacturers without having to change
subsystems which segment the functionality of UCOS. This includes any of the programming or operational parameters of the configured
an Engineering Workstation Subsystem, an Operator Workstation system.
Subsystem, and a Field Control Unit (FCU) Controller Subsystem. The · SCADA Data Server (SDS) for interfacing data from intelligent
subsystems communicate via a Control Network. devices, such as PLCs, Fieldbus technologies, RTUs, PLC I/O, and
· Engineering Workstation (EWS) used for project development. other third-party devices
The EWS is the development tool where control schemes are · Process Historical Archiver (PHA) for storing and retrieving
configured then downloaded to the OWS, FCU, and SDS. The historical data collected by the FCU, SDS or any other intelligent
entire project is configured using a single integrated tool based on device in the system
graphical Windows standards. Graphical techniques are also used · microFCU: is a small, low-powered PLC that executes sequential
to define the logical relationships among the devices in a process and regulatory logic and directly scans onboard I/O. It can replace
area. Project configuration begins by defining the system RTUs at a significant reduction in cost and power consumption –
architecture: workstations, field control units (FCUs), I/O, plus it can provide local intelligent control of devices, which RTUs
networking, etc. Graphical techniques are also used to define the can't do.
logical relationships among the control elements for multiple
devices.
· Operator Workstation (OWS) for operator interface. This is used
to monitor and control the process. It uses the project screens
created during project development and animates them based on
real-time data received from field control units and field data
servers. Authorized operators can monitor detailed activities for
many types of devices and send commands using standard
faceplate command windows and group displays.
· Field Control Unit (FCU) for control logic execution and direct
scanning of I/O. The FCU provides I/O services by monitoring and
controlling I/O across standard networks and data highways. The
FCU can provide simultaneous support for multiple vendors’ I/O and
I/O networks. The variety of platform and form-factor options
supported by the FCU allows incorporation of distributed, distinct
I/O subsystems into common control strategies.
· Control Network. System supports redundant and non-redundant
fiber optic and Ethernet local networks using the TCP/IP networking
protocol for standardized, advanced application connectivity. The
LAN/WAN can be extended to other sites inside or outside the plant
using such remote communications technologies as satellite, radio,
microwave, and dial-up running such standard protocols as TCP/IP,
Modbus, OPC, DDE
34
SCADA SECURITY / ACCESS CONTROL
- Access control is the selective restriction to access to a plant/place or
other resources. Hence the security access control is the act of
ensuring that an authenticated user accesses only what they are
authorized to and no more.
- SCADA systems are used to control and monitor physical processes,
however the security of these system is important because
compromise or destruction of these system may impact multiple areas
of society or industries.
- It is important to be able to detect possible attacks and respond in an
appropriate manner in order to minimize the impacts.
· Protect: Deploying specific protection measures to prevent and
discourage electronic attack against the process control systems.
· Detect: Establishing mechanisms for rapidly identifying actual or
suspected electronic attacks.
· Respond: Undertaking appropriate action in response to
confirmed security incidents against the process control systems.
Defence in Depth
- Where a single protection measure has been deployed to protect a
system, there is a risk that if a weakness in that measure is identified
and exploited there is effectively no protection provided.
- No single security measure itself is foolproof as vulnerabilities and
weaknesses could be identified at any point in time. In order to
reduce these risks, implementing multiple protection measures in
series avoids single points of failure.
- In order to safeguard the process control system from electronic
attacks (e.g. hackers, worms and viruses), it may be insufficient to rely
on a single firewall, designed to protect the corporate IT network.
- A much more effective security model is to build on the benefits of the
corporate firewall with an additional dedicated process control firewall
and deploy other protection measures such as anti-virus software and
intrusion detection
Remote access
- Maintain an inventory of all remote access connections and types
(e.g. virtual private network or modems).
- Ensure that a valid business justification exists for all remote access
connections and keep remote connections to a minimum.
- Implement appropriate authentication mechanisms (e.g. strong
authentication) for remote access connections.
- Implement appropriate procedures and assurance mechanisms for
enabling and disabling remote access connections.
- Ensure that remote access computers are appropriately secured (e.g.
anti-virus, anti- spam and personal firewalls).
Anti-virus:
- Protect process control systems with anti-virus software on
workstations and servers.
- Where anti-virus software cannot be deployed other protection
measures should be implemented (e.g. gateway anti-virus scanning or
manual media checking)
E-mail and Internet access
- Disable all email and internet access from process control systems.
System hardening
- Undertake hardening of process control systems to prevent network
based attacks.
- Remove or disable unused services and ports in the operating
systems and applications to prevent unauthorised use.
- Understand what ports are open and what services and protocols
used by devices (especially embedded devices such as PLCs and
RTUs). This could be established by a port scan in a test
environment. All unnecessary ports and services should be disabled
(e.g. embedded web servers).
- Ensure all inbuilt system security features are enabled.
- Where possible restrict the use of removable media (e.g. CDs, floppy
disks, USB memory sticks etc.) and if possible removable media
should not be used. Where it is necessary to use removable media
then procedures should be in place to ensure that these are checked
for malware prior to use.
Backups and recovery
- Ensure effective backup and recovery procedures are in place, and
are appropriate for the identified electronic and physical threats.
These should be reviewed and regularly tested.
35
- Test the integrity of backups regularly through a full restore process.
Store backups at on and off site locations.
- Media should be transported securely and stored in appropriately
secure locations.
Physical security
- Deploy physical security protection measures to protect process
control systems and associated networking equipment from physical
attack and local unauthorised access.
- A combination of protection measures is likely to be required which
could include, drive locks, tamper proof casing, secure server rooms,
access control systems and CCTV.
Document security framework
- Document a full inventory of the process control systems and
components.
- Document the framework that provides the security for the process
control systems and regularly review and update to reflect current
threats.
- This document should include details of the risk assessments,
assumptions made, known vulnerabilities and security protection
measures deployed.
- Ensure all process control system documentation is secured and
access limited to authorised personnel

Security patching
- Implement processes for deployment of security patches to process
control systems.
- These processes should be supported by deployment and audit tools.
- The processes should make allowance for vendor certification of
patches, testing of patches prior to deployment and a staged
deployment process to minimize the risk of disruption from the
change.
- Where security patching is not possible or practical, alternative
appropriate protection measures should be considered.

Personnel background checks

- Ensure all staff with operational or administration access to process
control systems are appropriately screened.

Passwords and accounts

- Implement and enforce a password policy for all process control
systems that cover strength of passwords and expiration times.
- It is recommended that passwords are changed frequently, but where
this is not possible or practical, alternative appropriate protection
should be considered.
- Regularly review all access rights and decommission old accounts.
- Where possible change vendor passwords from default settings.
- Passwords may not be deemed necessary for some functions (e.g.
view only mode).
- Consider stronger authentication methods for critical functions.

36
Topic 4: INDUSTRIAL COMMUNICATION NETWORK guarantee time synchronization, and real-time deterministic response
in some applications.
Introduction - Industrial networks also ensure that the system sends information
- Industrial communication refers to the wide range of hardware and reliably without errors and securely between nodes on the network.
software products and protocols used to communicate between
standard computer platforms and devices used in industrial Network levels
automation. - The industrial automation systems can be very complex, and it is
- Although a communication circuit can involve only two pieces of usually structured into several hierarchical levels. Each of the
equipment with a circuit between them, the term network typically hierarchical level has an appropriate communication level, which
refers to connecting many devices together to permit sharing of data places different requirements on the communication network.
between devices over a single or redundant circuit. - Industrial networks may be classified in several different categories
- The industrial automation systems are often implemented as an open based on functionality: field-level networks (sensor, actuator or device
distributed architecture with communication over digital buses), control-level networks (control buses) and information-level
communication networks. networks
- It is now common for users connected to a local area network to
communicate with computers or automation devices on other local
area networks via gateways linked by a wide area network.
- As the industrial automation systems becomes large and the number
of automation devices increases, it has become very important for
industrial automation to provide standards which make it possible to
interconnect many different automation devices in a standard way.
- Considerable international standardization efforts have been made in
the area of local area networks. The Open Systems Interconnection
(OSI) standards permit any pair of automation devices to
communicate reliably regardless of the manufacturer.
- By definition, an industrial network requires geographical distribution
of the physical measurement I/O and sensors or functional distribution
of applications. Most industrial networks transfer bits of information
serially.
- Serial data transfer has the advantage of requiring only a limited
number of wires to exchange data between devices. With fewer wires,
we can send information over greater distances. Because industrial
networks work with several devices on the same line, it is easier to
add a new device to existing systems.
- To make all this work, our network must define a set of rules – a
communication protocol -- to determine how information flows on
the network of devices, controllers, PCs, and so on.
- With improved communication protocols, it is now possible to reduce
the time needed for the transfer, ensure better data protection, and

37

Field level
- The lowest level of the automation hierarchy is the field level, which
includes the field devices such as actuators and sensors.
- The elementary field devices are sometimes classified as the element
sublevel. The task of the devices in the field level is to transfer data
between the manufactured product and the technical process.
- The data may be both binary and analogue. Measured values may be
available for a short period of time or over a long period of time. For
the field level communication, parallel, multi-wire cables, and serial
interfaces such as the 20mA current loop has been widely used from
the past.
- The serial communication standards such as RS232C, RS422, and
RS485 are most commonly used protocols together with the parallel
communication standard IEEE488.
- Those point-to-point communication methods have evolved to the bus
communication network to cope with the cabling cost and to achieve a
high quality communication.
- Field-level industrial networks are a large category, distinguished by
characteristics such as message size and response time.
- In general, these networks connect smart devices that work
cooperatively in a distributed, time-critical network. They offer higher-
level diagnostic and configuration capabilities generally at the cost of
more intelligence, processing power, and price.
- At their most sophisticated, fieldbus networks work with truly
distributed control among intelligent devices like FOUNDATION
Fieldbus.
- Common networks included in the devicebus and fieldbus classes
include CANOpen, DeviceNet, FOUNDATION Fieldbus, Interbus-S,
LonWorks, Profibus-DP, and SDS.
- Nowadays, the fieldbus is often used for information transfer in the
field level. Due to timing requirements, which have to be strictly
observed in an automation process, the applications in the field level
controllers require cyclic transport functions, which transmit source
information at regular intervals.
- The data representation must be as short as possible in order to
reduce message transfer time on the bus.
Control Level
- At the control level, the information flow mainly consists of the loading
of programs, parameters and data.
- In processes with short machine idle times and readjustments, this is
done during the production process. In small controllers it may be
necessary to load subroutines during one manufacturing cycle.
- This determines the timing requirements. It can be divided into two:
cell and area sublevels.
i) Cell sublevel:
- For the cell level operations, machine synchronizations and event
handlings may require short response times on the bus. These real-
time requirements are not compatible with time excessive transfers of
application programs, thus making adaptable message segmentation
necessary.
- In order to achieve the communication requirements in this level, local
area networks have been used as the communication network. After
the introduction of the CIM concept and the DCCS concept, many
companies developed their proprietary networks for the cell level of an
automation system.
38
- The Ethernet together with TCP/IP (transmission control
protocol/internet protocol) was accepted as a de facto standard for
this level, though it cannot provide a true real-time communication.
- Many efforts have been made for the standardization of the
communication network for the cell level.
- The IEEE standard networks based on the OSI layered architecture
were developed and the Mini-MAP network was developed to realize
a standard communication between various devices from different
vendors. Some fieldbuses can also be used for this level.
ii) Area sublevel:
- The area level consists of cells combined into groups. Cells are
designed with an application-oriented functionality.
- By the area level controllers or process operators, the controlling and
intervening functions are made such as the setting of production
targets, machine startup and shutdown, and emergency activities.
- Control-level networks are typically used for peer-to-peer networks
between controllers such as programmable logic controllers (PLCs),
distributed control systems (DCS), and computer systems used for
human-machine interface (HMI), historical archiving, and supervisory
control.
- Control buses are used to coordinate and synchronize control
between production units and manufacturing cells.
- Typically, ControlNet, PROFIBUS-FMS and (formerly) MAP are used
as the industrial networks for controller buses.
- In addition, we can frequently use Ethernet with TCP/IP as a controller
bus to connect upper-level control devices and computers.
Information level
- The information level is the top level of a plant or an industrial
automation system.
- The plant level controller gathers the management information from
the area levels, and manages the whole automation system.
- At the information level there exist large scale networks, e.g. Ethernet
WANs for factory planning and management information exchange.
- Ethernet networks are used as a gateway to connect other industrial
networks.
- With respect to management Information System Communication in
automated system, there are three types of networks used:
o Local Area Network (LAN)
o Wide Area Network (WAN)
o Metropolitan area network (MAN)
1) Local Area Network (LAN)
- These types of networks connect network devices over a relatively
short distance.
- Quite often, a networked office building, home or school contains a
single LAN although it is normal to come across a building that
contains a few small LANs.
- On a few occasions, a LAN may also span over a group of nearby
buildings. Such networks are usually owned by one organization.
- It interconnects computers and filed devices/peripherals over a
common medium so users might share access to host computers,
database, files, applications and peripherals.
- The following characteristics differentiate one LAN from another
o Topology – The geometric arrangement of devices on the
network e.g. star, ring etc.
o Protocols – The rules and encoding specifications for sending
data. The protocol also determines whether the network uses
peer to peer or client/server architecture.
o Medium/media – Devices can be connected by twisted pain
wire, coaxial cable, or fibre optic cables. Some networks do
without connecting media instead communicate through radio
waves.
2) Wide Area Network (WAN)
- WAN is a data communication network that covers a relatively broad
geographical area and often uses transmission facilities provided by
common carriers e.g telephone companies.
- WAN technologies generally function at the lower layers of the OSI
reference model (Open system Interconnection) the physical layer,
data link layer and network layer.
- It’s used to connect LANs and other types of networks together so
that users and computers in one location can communicate with users
and computers in other location.
39
- LANs are connected to a WAN through a device referred to as a
router. In IP networking, both the LAN and WAN addresses are
maintained by the router.
- Most WANs exist under distributed or collective ownership and
management and unlike the LANs, are not necessarily owned by one
organization.
3) Controller Area Network (CAN)
- The CAN protocol is a priority based bus network using a career
sense multiple Access with collision Avoidance (CSMA/CA) medium
access scheme.
- In this protocol, any station can access the bus when ever it becomes
idle.
- This is a communication protocol specification that defines parts of the
OSI physical and data link layer. It meets real-time requirements
encountered in any industries. The network protocol can detect and
correct transmission errors caused by electromagnetic interference
- It is suitable for industrial applications because:
o Low cost
o Suitability for harsh electrical environment
o Good real-time capabilities
o Ease of configuration
- CAN is particularly well suited to networking smart I/O devices
sensors and actuators either in a single machine or plant.
4) Metropolitan Area Network (MAN)
- This is a network that spans over a physical area like a city that is
smaller than a WAN but larger than a LAN.
- Quite often, such computer networks are owned and operated by
single entities such as government bodies or large corporations
Networks Models/Layers
- Network model defines a set of network layer and how they interact.
There are several different network models depending on what
organization/industry want.
- The most important are:
i) The TCP / IP model
ii) OSI network model
1. The TCP/IP model
- TCP/IP is the de facto global standard for the Internet (network) and
host–to–host (transport) layer implementation of internet work
applications because of the popularity of the Internet.
- The TCP/IP (Transmission Control Protocol / Internet) is a layer
protocol where it defines 4 layers’
i) Internet layer
- It is used to allow hosts to insert packets into any network and have
them to deliver independently to the destination.
- It specifies an official packet format and protocol known on internet
protocol. Packet routing is very essential task in order to avoid
congestion.
ii) Transport layer
- In the TCP/IP model, the layer above the internet layer is transport
layer. It’s developed to permit entities on the source and destination
host to carry on conversation. It specifies 2-end-to end protocol TCP
end UDP (Transmission Control Protocol and user datagram
protocol).
o TCP is a reliable connection – oriented protocol that permits a
byte stream originating on one machine to be transported
without error on any machine in the internet.
o UDP is an unreliable, connectionless protocol for applications
that do not want TCPs sequencing on flow control and wish to
offer their own.
iii) Application layer
- It’s present on the top of the transport layer. It includes all the higher
level protocols which are virtual terminal, file transfer and electronic
mail.
- The virtual terminal protocol permits a user on one machine to log into
a distant machine and work there.
- The file transfer protocol permits a user on one machine to log into a
distant machine and work there.
- The file transfer protocol (FTF) offers a way to more data efficiently
from one machine to another.
- Electronic mail (simple mail transfer protocol SMTPL) sends emails to
other computers that support the TCP/IP protocol.
40
iv) Network layer
- It’s main function is to connect host and devices using some protocol
so that data or IP packet can transmit over it.
2. OSI network model
- Developed by international standards organization (ISO) to
standardize protocols used in version layers.
- The model is known as the OSI (open systems interconnectivity)
reference model because it is related with connecting open system
i.e systems that are open for communication with other system.
- It describes seven layers as they relate to one host computer
communicating to another host computer.
i) Physical layer
- This is the lowest layer which describes the way actual data in the
form of symbols that are sent over a medium such as copper wire or
fibre optic cabling. Item like signal level symbol representation and
connector pinout are defined at this layer. The main functions are
a) Hardware specification – the details of the physical cables,
network interface cards, wireless radios etc are part of this layer.
b) Encoding and signaling – How are the bits encoded in the medium
is also decided by this layer.
c) Data transmission and reception: the transfer of each bit of data
and assures the transmission of each bit with a high probability.
d) Topology and network design: the type of network topologies to be
used and which part of the network in the routes going to be
placed, where the switches will be used etc.
ii) Data link layer
- This layer provides reliable transmission of a packet by using the
services of the physical layer which transmits bits over the medium in
an unreliable fashion.
- It maintains a reliable connection between adjacent nodes or stations
over a physical channel
- To distinguish one from another, a method of node addressing must
be defined.
- To ensure only one node has access at any one time, a method of
medium access control (MAC) must be implemented.
- Information sent over the data link layer is called frames. This layer is
concerned with:
a) Framing – breaking input data into frames and caring about the
frame boundaries and the size of each frame (a few hundred
bytes)
b) Acknowledgement: sent by receiving end to inform the source that
the frame was received without any error.
c) Sequence numbering – to acknowledge which frame was
received.
d) Error detection: the frames may be damaged lost or duplicated
leading to errors. The error control is on link to link basis.
e) Retransmission – The packet is retransmitted if the source fails to
receive acknowledgment.
f) Flow control – necessary for a fast transmitter to keep pace with a
slow receiver.
iii) Network layer
- it is concerned with logical addressing process of nodes and routing
schemes. The basic functions of the layer are routing and congestion
control.
- Routing deals with determining how packets will be routed
(transferred) from source to destination.
- Congestion control involves the control of packets minimizing
dropping of packets, transmitting fine and delays.
41
- It is required when communication must span multiple networks – example commonly used protocols or HTTP( for web browsing), FTP
interconnecting. (or file transfer)
- HTTP – Hyper text transfer protocol – permits applications such as
iv) Transport layer browser to upload and download web pages.
- This layer is concerned with the variable transmission of messages
sent between two host computers.
- It is responsible for the end to end communication control. This is
different from the data link layer which only concerned with the
transmission of frames.
- A message usually requires many – frames to be sent before the
complete message can be received.
- This requires fragmenting the message into many pieces to be re-
assembled at the other end. Missing fragments must be re-sent. The
transport layer addresses this issue.
- Other functions are:-
o Multiplexing and de-multiplexing
o Error control mechanism on end to end basis
o Flow control – regulate flow of information
o Connection establishment / release.

v) Session layer
- The layer is concerned with the establishment and termination of
communication sessions between processors in host computers.
- It also ensures that the data transfer starts from where it breaks,
keeping it transparent to the end user.

vi) Presentation layer

- The presentation layer translates the format of data between sender
and receiver.
- It is responsible for the data interpretation, which allows for inter-
operability among different equipments.
vii) Application layer
- This layer provides the services that are required by specific
applications. It contains application protocols with which the user
gains access to the network.
- The choice of which specific protocols end their associated functions
are to be used at the application level is up to the individual user. For
Operation of OSI layer
- From the figure, if a node wants to sent a data packet from the
application, it must first call for the sending service of its application
layer which in turn will call the sending function in the next layer, and
so on till the data is sent at the physical medium to other node.
- This node will reverse the sequence till the received data reaches the
application. Layer of its node then to the application which will use
this data.

42
- Any communication system that is based on the OSI seven layer has
high flexibility and compatibility with product from different vendors.
- However OSI system is often too complex for network architecture
hence has a considerable overhead in both the communication and
the processing.
- Strictly speaking, a network requires only layers 1, 2, and 7 of the
protocol model to operate.
- In fact, many device bus networks use only these three layers. The
other layers are added only as more services are required (e.g., error-
free delivery, routing, session control, data conversion, etc.).
- Most of today’s local area networks contain all or most of the OSI
layers to allow connection to other networks and devices.
3. Field bus model
- Due to complexity of the OSI model, modification has been done on
the industrial networks, where only three layers are left.
- The resulting fieldbus is referred to as a 3 – layer architecture. These
layers are:-
o Application layer
o Data link layer
o Physical layer
- Several characteristics and functions in the data link layer are key to
the distributed real time control capabilities of fieldbus.
a) The data link layer is based on a token passing protocol.
b) The link active scheduler (LAS) is a centralized device that acts as
the arbitrator of the bus.
c) The LAS executes a schedule that makes possible deterministic
communication.
d) The LAS distributes time to the network to permit all devices to
share the same sense of time.
- The user application layer defines blocks that represent the functions
and data available in a device.
- Rather than interface to a device through a set of commands as
commonly used with communication protocols, fieldbus user interacts
with device through a set of blocks that define device capabilities in a
standardized way.
- The data link layer has important aspect which is medium access
control.
Medium Access Control (MAC)
- In a field bus or industrial network, several stations share the same
communications media in order to save wiring costs. However, since
the medium is shared, not all devices can communicate
simultaneously.
- Therefore there must be rules to govern who gains access to the
medium and those rules are called medium access control (MAC).
Thus MAC addresses identify network devices in LANS.
- This process of media access requires that each node be able to shut
down its transmitter without interfering with the network’s operation.
- This can be done in one of the following ways:
o with a modem that can turn off its carrier
o with a transmitter that can be set to a high independence state
o with a passive current-loop transmitter, wired in series with the
other transmitters, that shorts when inactive
- Although many access methods exist, the most commonly used ones
are polling, collision detection, and token passing.
43
Polling
- The access method most often used in master/slave protocols is
polling.
- In polling, the master interrogates, or polls, each station (slave) in
sequence to see if it has data to transmit. The master sends a
message to a specific slave and waits a fixed amount of time for the
slave to respond.
- The slave should respond by sending either data or a short message
saying that it has no data to send. If the slave does not respond within
the allotted time, the master assumes that the slave is dead and
continues polling the other slaves.
- Interslave communication in a master/slave configuration is inefficient,
since polling requires that data first be sent to the master and then to
the receiving slave.
- Since master/slave configurations use this technique, polling is often
referred to as the master/slave access method.
Carrier Sense, Multiple Access (CSMA)
- The basic media access method that uses first-come-first served
principle.
- It is probabilistic media access control (MAC) protocol in which a node
verifies the absence other traffic before transmitting on a shared
transmission medium, such as an electrical bus or a band of the
electromagnetic spectrum.
- It is based on the principle sense before transmitting or ‘listen before
talk’.
- CSMA/CD performance by terminating transmission as soon as a
collision detected, thus shortening the time required before a retry can
be attempted.
- This method handles collision as they occur, but if the bus is
constantly busy, collision can occur so often that performance drops
drastically. Thus this method works well as long as the network does
not have an excessive amount of traffic.
- CSMA/CA collision avoidance – is used to improve the performance
by attempting to be less ‘greedy’ on the channel.
- If the channel is sensed busy before transmission then the
transmission is differed for a random interval.
- If the channels sensed ‘idle’ then the station is permitted to transmit.
Once the channel is clear a station sends a signal telling all other
stations not to transmit, and then sends its packet.
b) Token passing protocol
- With this approach, each participant to the network is guaranteed
some time to transmit a message on a permission basis.
- This permission occurs when a participant receives the one token that
exist in the network (token is a small frame)
- The token is passed from one participant to another in a circular
fashion in what is called logical ring.
- Once a participant receives the token, the participant must initiate a
transmission or pair the token to the next participant in an orderly
fashion.
- The token is usually passed from one participant to another with the
highest address regardless of the next participant’s physical location.
- The participant with the highest address will pair the token to a
participant with the lowest address.
- It’s not necessary to have one master to hand out the token.
- Participant could be peer to one another and simply agree that they
will not possess the token for more time than previously agreed.
- Token passing networks are deterministic, which means that its
possible to calculate the maximum time that will pair before any end
station will be capable of transmitting.
- Token ring networks are ideal for application, in which delays must be
predictable and robust network operation is important.
- Factory automation environment are examples of such applications.
44
Physical layer Standard Conductor Connection Transmission Maximum Typical
Physical layer is concerned with transmitting raw bits over a designation type speed distance application
communication channel. RS – 232 Copper Point to 265 kbps 15m Laptop
M/C with point comp to
Types of medium a pin PLC
connector
Medium can be classified into two categories
RS – 485 Copper Multi-drop 10 mbps 1000m PLC to field
a) Guided media – means that signals is guided by the presence of UTP or devices
physical media i.e signals are under control and remains in the STD
physical wire e.g copper wire CAT 5 Copper Multi-drop 100 mbps Depends PLC to PLC
b) Unguided media – means that there is no physical path for the UTP or on
signal to propagate. This is done through electromagnetic waves. STD protocol
RG 6 Copper Multi-drop 5 mbps 1000m PLC to PLC
Communication links coax video
In a network nodes are connected through links. Single Point to 1 Gbps 50km No typical
The communication through links can be classified as mode point applications
i) Simplex – communication can take place only in one direction fibre
e.g radio, T.V Multi- Point to 1 Gbps 1000m PLC to
mode point control
ii) Half duplex – communication can take place in one direction
fibre Room and
at a time. Suppose node A and B are connected, then half PLC to PLC
duplex communication means that at a time data can flow from
A to B or from B to A but not simultaneously. In guided transmission media, two kind of materials used:
iii) Full duplex – communication can take place simultaneously in I) Copper – twisted pair
both direction mobile phone. Coaxial fibre
II) Optical fibre
Links can be further classified as
i) Point the point – in this communication only two nodes are Twisted pair
connected to each other side and non else. - Twisted pair cabling is a type of wiring in which two conductors of a
ii) Multipoint – It is a kind of shaving communication in which single circuit are twisted together for the purposes of canceling out
signals can be received by all nodes. This is also called electromagnetic interference (EMI) from external sources.
broadcast. - The wires are twisted together in a helical form and the purpose of
twisting is to reduce crosstalk interference between neighbouring
Media standard pairs.
Industry standard for communications media define both the physical and - Twisted pair is much cheaper than coaxial cable but it is susceptible
electrical (or optical) characteristics of both the conductors and the to noise and electromagnetic inference and attenuation is large.
connectors used to mate them to communication ports. - When electrical current flow through a wire, it creates a small, circular
magnetic field around the wire.
Some common network conductor, physical standards and then - When two wires in an electrical circuit are placed close together, their
characteristics are listed below:- magnetic fields are the exact, opposite of each other.

45
- Thus the two magnetic fields cancel each other out. They also cancel vi) Category 5e (CAT 5e) – category 5 enhanced used in network
out any outside magnetic fields. Twisting the wires can enhance this running at speeds up to 1000 mbps (1Gbps) in category 6 (CAT 6) –
cancellation effect. consist of four pairs of 24 American wire gauge (AWG) copper wire.
- Twisted pair can be further classified into two categories: It provides lower crosstalk, a higher signal to noise ratio, and are
o Unshielded twisted pair (UTP) suitable for 10 GBASE – T (10- Gigabit Ethernet)
o Shielded Twisted Pair (STP) vii) Category 6 (CAT 6) patch cable is normally terminated in 8P8C
module connectors (RJ 45).
Category Speed Use

1 1 Mbps Voice Only (Telephone Wire)

i) Unshielded twisted pair (UTP)
- UTP cable is a medium that is composed of pairs of wires and used in 2 4 Mbps LocalTalk & Telephone (Rarely used)
variety of networks. 3 16 Mbps 10BaseT Ethernet
- Each of the eight individual copper wires in UTP cable is covered by
an insulating material. In addition the wires in each pair are twisted 4 20 Mbps Token Ring (Rarely used)
around each other.
- UTP cable must follow precise specification governing how many 100 Mbps (2 pair) 100BaseT Ethernet
twists or braids permitted per meter of cable 5
- It is often installed using a registered Jack 45 (RJ 45) connector. The 1000 Mbps (4 pair) Gigabit Ethernet
RJ-45 is an eight wire connector used commonly to connect
computers into a LAN especially Ethernets. 5e 1,000 Mbps Gigabit Ethernet
- When used as a networks, UTP cable has four pairs of either 22 – or 6 10,000 Mbps Gigabit Ethernet
24 American wire gauge (AWG) copper wire.
- UTP used as a networking medium has an impedance of 1000 ohms
whereas for telephone is 6000. Connectors use either T568A or T568B pin assignment, although
- Commonly used type of UTP cabling are as follows:- performance is comparable provided both ends of a cable are the same.
i) Category (CAT 1) used for telephone communication. It is not RJ45 or 8P8C connector is clipped from left to right with the plastic
suitable for transmitting data. latching tab facing away from the viewer. (8P8C – eight positions, eight
ii) Category 2 (CAT 2) capable of transmitting data at speed up to 4 conductors)
megabits per sec (mbps) PIN T568A T568B T568 A T568B
iii) Category 3 (CAT 3) used in 10 BASE – T network. It can transmit PAIR PAIR COLOUR COLOUR
data at speeds up to 10mbps, with a possible bandwidth of 16mhz. 1 3 2 White green White orange
iv) Category 4 (CAT 4) used in token ring, 10 BASE – T networks. It 2 3 2 Green Orange
can transmit data at speeds up to 16mbps and performance of up to 3 2 3 White orange White green
20mhz 4 1 1 Blue Blue
v) Category 5 (CAT 5). This type of cable is used in structured 5 1 1 White blue White blue
cabling for computer network such as Ethernet. The cable standard 6 2 3 Orange Green
provides performance of up to 100mhz and suitable for 10 BASE-T, 7 4 4 White brown White green
100 BASE – TX(fast Ethernet) and 1000 BASE-T (Gigabit Ethernet) 8 4 4 Brown Brown
46
The following summarizes the features of UTP cable
- Speed and throughput – 10 – 1000 mbps
- Average cost per node – least expensive
- Media and connector size – small
- Maximum cable length – 100m (shout)
ii) Shielded twisted pair cable (STP)
- This cable combines the technique of shielding cancellation and wire
twisting.
- Each pain of wire is wrapped in a metal foil. The foil pairs of wires are
then wrapped in an overall metallic braid or foil usually 150R cable.
- As specified for use in Ethernet network installation, STP reduces
electrical noise both within the cable (pair to pair coupling or cross
talk) and from outside the cable (EMI or RFI).
- STP usually is installed wire STP data connector which is created
especially for the STP cable
- However, STP cabling can also use the same RJ connector that UTP
cable uses.
- Although STP prevents interference better than UTP, it is more
expensive and difficult to install.
- In addition, the metallic shielding must be grounded at both ends. If
it’s improperly grounded, the shield acts like an antennae and picks
up unwanted signals.
- Because of its cost and difficulty with termination, STP is rarely used
in Ethernet network.
- The feature of STP cable are:-
o Speed and throughput – 10 to 100 mbps
o Average cost per node – moderately expensive
o Media and connect to site – medium to large
o Maximum cable length – 100m (short)
2. Coaxial cable (coax)
- It consists of a hollow other cylindrical conductor that surround a
single inner wire made of two conducting elements.
- One of these elements, located in the centre of the cable is a copper
conductor surrounding the copper is a layer of flexible insulation.
- Over this insulating material is a woven copper braid or metallic foil
that acts both as the second wire in the circuit and as shield for the
inner conductor.
- This second layer or shield can help reduce the amount of outside
interference.
BNC connector
- The cable supports 10 to 100 mbps and relatively cheap. It can be
cabled over longer distances than the twisted-pair cable.
- It lowers with variety of sizes; the largest diameter (1cm) is specified
for use as Ethernet backbone cable because it has greater
transmission length and noise rejection characteristics. Mostly
referred as thicknet coaxial cable with outside diameter of 0.3cm is
thin net.
- The most common connectors used with thinnet are British Naval
Connector (BNC) or (Bayonet Neill Concelman)
- The basic BNC is a made type mounted at each end of a cable.
- This connector has T centre Pin connected to the centre cable
conductor and a metal tube connected to the outside cable shield.
- A rotating ring outside the tube locks the cable to any female
connectors.
Optical fibre
- It’s a glass or plastic fibre designed to guide light along its length. The
optic fiber therefore acts as a conduit (or wave-guide) for pulses of
light generated by a light source.
- The light source is typically either an injection laser diode (ILD) or
LED operating at wavelengths of 0.85, 1.2 or 1.5 µm (micrometers).
The optic fiber is coated with a protective colored sheath to provide
stability and allow easy identification.
- Fibre optics is widely used in fibre optic communication, which permits
transmission over longer distance and at higher data rates.
- Light is kept in the core of the optical fibre by total interval reflection.
This causes the fibre to act as a wave guide.
- A transverse mode of a beam of electromagnetic radiation in a
particular intensity pattern of radiation measure in a plane
47
 perpendicular (i.e transverse) to the propagation direction of the Single mode fibre
beam. - It supports one confined transverse mode by which light can
- Transverse modes occur because of boundary condition imposed on propagate along the fibre.
the wave by the wave guide. - They are used for most communication links longer than 200 metres
- Fiber optic cables offer the following advantages over other types of single modem fibre is used in many applications when data is sent at
transmission media: multi-frequent (WDM – wave division multiplexing)
o Light signals are impervious to interference from EMI or electrical - So only one cable is needed.
crosstalk
o Light signals do not interfere with other signals
o Optical fibers have a much wider, flatter bandwidth than coaxial
cables and equalization of the signals is not required
o The fiber has a much lower attenuation, so signals can be
transmitted much further than with coaxial or twisted pair cable Multimode fibre
before amplification is necessary - Multimode fibre supports many propagation path end generally have a
o Optical fiber cables do not conduct electricity and so eliminate larger diameter core.
problems of ground loops, lightning damage and electrical shock - It is used for short distance communication links or for application
o Fiber optic cables are generally much thinner and lighter than when high power must be transmitted.
copper cables - As each mode travels at its own propagation velocity, multimode fibre
o Fiber optic cables have greater data security than copper cables suffers from modal dispersion which limits the maximum length a
signal can be transmitted through it.
- Fibres which support only a single mode are called single mode fibre - There are two types:
while fibres which support many propagation paths or transverse i) Step Index multimode
modes are called multimode fibre. ii) Graded Index multimode

i) Step Index Multimode fibre

- A refractive index profile characterized by a uniform refractive index
within the core or a sharp decrease in refractive Index at the core –
clad interface.

48
- In a step index multimode fibre, rags of light are guided along the fibre
core by total internal reflection.
- Rays that meet the core-cladding boundary at a high angle, greater
than the critical angle for these boundaries are completely reflected.
ii) Graded Index multimode fibre
- An optical fibre whose core has a refractive index that decreases with
increasing radial distance from the fibre axis which causes light rays
to follow sinusoidal path down the fibre.
- The resulting curved paths reduce multipath dispersion because high
angle rays pass more through the lower index periphery of the core,
rather than the high – index centre.
- The idea index profile is very close to a parabolic relationship between
the index and the distance from the axis.
Wireless media
- Wireless media carry electromagnetic signal at radio and microwave
frequencies that represent the binary digits of data communications.
- Wireless networks are useful for the following situation:
o Spaces where cabling would be impossible or inconvenient
o Temporary installations.
- Transmission and reception are achieved using an antenna
transmitter sends out the EM signal into the medium. Receiver picks
up the signal from the surrounding medium.
- Directional Transmission – Transmitter sends out a focused EM
beam. Transmitter end receiver antennae must be carefully aligned.
It is more suitable for higher frequency signal.
- Omni directional transmission – Transmitted signals spread out in all
directions. It may be received by many antennae
- There are several ways of transmission
a) Radio – This is effective for short ranges and is in expensive and
easy to install. Depending on frequency radio offers different
bandwidth. Wireless local area networks use a high-frequency
radio technology similar to digital cellular and a low-frequency
radio technology. Wireless LANs use spread spectrum technology
to enable communication between multiple devices in a limited
area. IEEE 802.11 defines a common flavor of open-standards
wireless radio-wave technology known as Wifi.
Some of limitations are: can create interference with
communication devices, susceptible to eavesdropping.
b) Terrestrial microwave – two antennae are used for
communication. A focused beam emerges from an antennae and
is received by the other antenna, provided that antenna’s should
be facing each other with no obstacle in between due to curvature
of earth terrestrial microwave can be used fro long distance
communication with high bandwidth.
Terrestrial microwave communication uses Earth-based
transmitters and receivers resembling satellite dishes. Terrestrial
microwaves are in the low-gigahertz range, which limits all
communications to line-of-sight. Relay stations are spaced
approximately 48 km (30 mi) apart.
c) Satellites – satellite acts as a switch in sky. On earth VSAT (very
small aperture terminal) are used to transmit and receive data
from satellite. Satellites communicate via microwave radio waves,
which are not deflected by the Earth's atmosphere. The satellites
are stationed in space, typically in geosynchronous orbit
35,400 km (22,000 mi) above the equator. These Earth-orbiting
systems are capable of receiving and relaying voice, data, and TV
signals.
d) Cellular radio technology: defined cellular service areas around
a radio transreceiver and computerized control. It uses several
radio communications technologies. The systems divide the
region covered into multiple geographic areas. Each area has a
low-power transmitter or radio relay antenna device to relay calls
from one area to the next area.
e) Infrared communication: can transmit signals for small
distances, typically no more than 10 meters. In most cases, line-
of-sight propagation is used, which limits the physical positioning
of communicating devices.
Types of wireless network
- The IEEE and telecommunication industry standard for wireless data
communications cover both the data link and physical layers.
- For common data communication standards that apply to wireless
media are:-
1. Standard IEEE 802.11- Commonly referred to as Wi-Fi, is a wireless
LAN (WLAN) technology that uses a contention or non deterministic
49
 system with a carrier sense multiple access / collision avoidance
(CSMA/CA) media access process Standard Max Speed Typical Range
2. Standard IEEE 802:15 – Wireless Personnel Area Network (WPAN) 802.11a 54 Mbps 50 m
standard, commonly known as “Bluetooth’ uses a device pairing
process to communicate over distances from 1 to 10 metres. 802.11b 11 Mbps 100m
3. Standard IEEE 802.16 – Commonly known as WiMAX (Worldwide
Interoperability for Microwave Access) uses a joint to multipoint 802.11g 54 Mbps 100m
topology to provide wireless broadband access. 802.11n 100 Mbps 100m +
4. Global System for Mobile Communication (GSM) – includes
physical layer specification that enable the implementation of the layer
2 general packet radio service (GPRS) protocol to provide data Advantages of wireless networks:
transfer over mobile cellular telephoning network. · Mobility - access can be available throughout industry or
organization. More and more businesses are also offering free
The physical layer specification are applied to areas that include – WiFi access ("Hot spots").
- Data to radio encoding · Fast setup - If your computer has a wireless adapter, locating a
- Frequency and power transmission wireless network can be as simple or will connect automatically to
- Signal reception and decoding networks within range.
- Antenna design and construction · Cost - Setting up a wireless network can be much more cost
effective than buying and installing cables.
Wireless LAN · Expandability - Adding new nodes to a wireless network is as
- A Common wireless data implementation is enabling devices to easy as turning the node on (as long as you do not exceed the
wirelessly connect via a LAN. maximum number of devices).
- In general, a wireless LAN requires the following network devices:- Disadvantages of wireless networks:
a) Wireless access point (WAP) – concentrates the wireless · Security – susceptible to security breach. Protect sensitive data
signals from users and connects usually through a copper cable, with backups, isolated private networks, strong encryption and
to the existing copper based network infrastructure such as passwords, and monitor network access traffic to and from
Ethernet. wireless network.
b) Wireless NIC adapter – provides wireless communication · Interference - Because wireless networks use radio signals and
capability to each network host. similar techniques for transmission, they are susceptible to
- There are a number of WLAN Ethernet-based standards used: interference from lights and electronic devices.
o IEEE 802:11a - Operates in the 5 GHZ frequency band at · Inconsistent connections - Because of the interference caused
speed of up to 54 mbps. It covers smaller areas and less by electrical devices and/or items blocking the path of
penetrating building structures. transmission, wireless connections are not nearly as stable as
o IEEE 802:11b - operates in the 2.4 GHZ frequency band at those through a dedicated cable.
speed of up to 11mbps. It has longer range and able to · Speed - The transmission speed of wireless networks is
penetrate building structures. improving; however, faster options (such as gigabit Ethernet) are
o IEEE 802.11n – operates in 2.4 GHz frequency band ac data available via cables.
rates 100 to 210 mbps with distance range of 70m.

50
LOCAL AREA NETWORKS (LAN)
- LAN interconnects computer and devices over a common medium so
users share access to host computers, databases, files, applications
and peripheral.
- The following characteristics differentiate one LAN from another.
o Topology
o Protocol
o Media
- The four primary devices used in LAN are:
o Hubs
o Bridges
o Switches
o Routers
- There devices operates on the following layers:
o OSI layer 1 (physical) – Hubs, repeaters. Hubs are considered
to be multi-port repeaters
o OSI layer 2 (data link) bridges switches
o OSI layer 3 (network) – routers.
- LAN transmits in three modes
i) Unicast – a single packet is sent from the source to a destination on a
network. The source node addresses the packet by using the network
address of the destination node.
ii) Multi-cast – A single packet is copied and forwarded to a specific
subset of nodes on the network. The source node addresses the
packet by using a multicast address. The packet is then sent to the
network, which makes copies of the packet and sends a copy to each
segment with a node that is part of the multicast address.
iii) Broadcast. This is the term used to describe communication where a
piece of information is sent from one joint to all other points. In this
case there is just one sender, but the information is sent to all
connected receivers. Broadcast transmission is supported on most
LANS and may be used to send the same message to all computers
on the LAN.
LAN Topologies
- A network topology is the basic design of a computer network.
- Networking is a collection of computers or other hardware devices
that are connected together either physically or logically, using special
hardware and software, to allow them to exchange information and
cooperate.
- Topology which is a pattern of interconnection among nodes
influences a networks cost and performance.
- There are several topologies used:
o Point to point topology
o Bus topology
o Star topology
o Ring topology
o Mesh topology
1. Star topology
It is a physical topology in which a multiple nodes are connected to a
central component known as Hub. Signals are transmitted and
received through the hub. The hub may actually be a file server,
central computer that contains a centralized file and control system
with all its nodes attached directly to the server.
Advantages
- Network runs even if one host fails
- More suitable for larger network
- It is easier to add or remove nodes, and to modify the cable layout
- Network administration and error detection is easier because is
isolated to central node.
Disadvantages
- Installation costs are high because each node needs to be connected
to the central switch
- If the hub fails the entire network fails
- Broadcasting and multicasting is not easy.
51
2. Bus topology In a ring topology, the network signal is passed through each network
Bus consists of a single cable called a backbone that connects all card of each device and passed on to the net device
workstation on the network using a single line.
All transmissions must pass through each of the connected devices to
complete the desired request.
Each workstation has its own individual signal that identifies it and
allows for the requested data to be returned to the correct originator

Advantages Advantages
- Has minimum cable requirement
- Broadcasting and multicasting is much simpler
- It is simple and flexible - Each node can regenerate the signal
- Broadcasting and multicasting is simple since you just need to send
- It is easy to extend a bus topology by adding or removing nodes from
out one message.
a bus
- Least expensive since less amount of cabling is required and no - The message can be automatically acknowledged.
network switches are required.
Disadvantages
- Failure of one node brings the whole network down
Disadvantages
- Diagnosis/troubleshooting (fault isolation is difficult)
- Limited in size and speed
- Adding or removing nodes disrupts the network
- There can be a security problem, since every node may see every
message – even those that are not destined for it , sniffing is easier
- Diagnosis / troubleshooting (fault-isolation), can be difficult, since the Mesh topology
This is a topology where each node must not only capture and
fault can be anywhere along the bus.
disseminate its own data but also serve as a relay for other nodes i.e it
- There is no automatic acknowledgment of messages, since messages
must collaborate the propagate the data in the network.
get absorbed at the end of the bus and do not return to the sender.
A mesh network whose nodes are all connected to each other is a fully
- The bus cable can be a bottleneck when network traffic gets heavy.
This is because nodes can spend much of their time trying to access connected network.
the network.
Advantages
- Point to point line configuration makes identification and isolation of
iv) Ring topology - All the nodes in a ring network are connected in a
faults easy.
closed circle of cable messages that are transmitted travel around the
- Network can be easily expanded
ring until they reach the computer that they are addressed to the signal
being refreshed by each node. - If one node fails, other continue to work
52
- It is more secure
Disadvantages
- Quite expensive due to cabling and installation cost is high.
LAN Network devices
- These devices interconnect individual computers and ensure that they
communicate efficiently.
- Network interfaces, hubs, bridges, switches, routers and firewalls
work together in a number of ways to create these different kinds of
network roadways.
The functions of network devices are:
- To regulate the speed at which the network information travels
- To manage the flow of traffic, opening, closing or directing it to
specific streets as the need arises.
- To help protect sensitive information within the network.
Network Interface card (NIC)
- This is a chipset on PCB that provide physical access from the node
to the LAN medium.
- Its responsible for fragmenting the data transmission and formatting
the data packets with the necessary header and trailer.
- It function at the lower two layers of OSI model, that is both an OSI
layer 1 (physical layer) and layer 2 (data link layer) device, as it
provides physical access to a networking medium and provides a low-
level addressing system through the use of MAC addresses. It allows
users to connect to each other either by using cables or wirelessly
- It contains a microprocessor that can relieve the attached device of
some routine.
.
ii) Bridges
- A bridge is a device that connects two or more local area network or
two or more segments of the same network.
- Bridge connects two networks (e.g 10 BASET Ethernet and Local
Tank Connection) so that they can share information with each other.
- In addition to connecting networks, they filter information so that
network traffic intended for one portion of the network does not
congest the rest of network.
- Bridges may consist either standalone hardware devices or of
software running on a client or server.
- Like switches, bridges learn the MAC addresses of all connected
clients, servers and peripherals and associate each address with a
bridge port (network connection).
- When a bridge (or switch) receives an incoming frame, it opens and
reads its destination MAC address.
- If the port that will receive the frame is different from the port
connected to the sender, the bridge drops the frame.
- If the bridge cannot determine which port is associated with a
destination address, it passes the frame along to all ports.
Hubs
- This is a small box that gathers the signal from each individual device
optionally amplifies each signal and then sends the signal out to all
other connected devices.
- Amplification helps to ensure that devices on the network receive
variable information. Hubs are also called concentrators or repeaters.
53
- They come in various sizes, 12 port or 24 port etc. All the client, Routers
servers and peripherals connected to a hub (or to a set of - Like bridges, routers are devices whose primary purpose is to connect
interconnected hubs) share the bandwidth (data delivery capacity) of two or more networks and to filter network signals so that only desired
that network. information travels between them.
- They form a single collision domain – on area of an Ethernet network - Routers regulate network traffic more precisely and are aware of
in which data sent to or from a device may potentially collide with the many possible paths across the network and can choose the best one
data from other devices. for each data packet to travel.
- They operate primarily by examining incoming data for its network
iv) Switches routing and transport information.
- Like a hub, an Ethernet switch is a device that gathers the signals - This information includes the source and destination network routing
from devices that are connected to it, and then regenerates a new addresses.
copy of each signal. - Routers can be programmed to prevent information from being sent to
- Switches are more powerful than hubs and can substantially increase or received from certain networks or computers based on all or part of
the network performance their network routing addresses.
- Most common switches operate by learning the MAC addresses of all
connected clients, servers and peripheral and associating each
address with one of its ports.
- When a switch receives an incoming signal it creates a temporary
circuit between the sender and receiver.
- The temporary circuit provides two important benefits.
o The circuit allows the sender and receiver momentarily to
exchange information without intrusion from other devices on
the network.
o The circuit ensures the information travels directly between the
communicating computers.
- The switch installed should be compatible with physical network and
data link protocols.

54
vi) Multiplexers
- Multiplexers (mux) acts as both concentrators and contention devices
that enable multiple relatively low speed terminal devices to share a
single high capacity circuit (physical path) between two points in a
network.
vii) Modems
- These are devices that allow digital data signals to be transmitted
across an analogue link.
- Modem stand for Modulator Demodulator, and it changes signal to an
analogue frequency and send this tone across the analogue link.
- At the other end, another modem receives the signal and converts it
back to digital.
viii) Wireless Access Point (WAP)
- WAP is a device that allows wireless communication devices to
connect to a wireless network using WI-FI, blue tooth or related
standard.
- The WAP usually connects to a wired network, and can relay data
between the wireless devices and wired devices or the network.
ix) Amplifiers and repeaters
- Electromagnetic energy attenuates over a distance whether the
energy passes through a conductor or air. In addition to attenuating,
the signal accumulates noise as it transverse the network, the
amplifier boosts the noise along with the signal. The resulting signal
to noise ratio (SNR) can produce unacceptable results.
- These boosting units receive a weakened incoming signal and
transmit a stronger outgoing signal, which propagates across the
network, weakening until it reaches other boosting unit, and so on.
- Analog networks make use of devices known as amplifiers. Digital
networks employ repeaters
- Amplifiers are spaced every 6km or so in a typical analog voice. The
exact spacing is sensitive to: transmission medium and carrier
frequency which affects bandwidth, transmission speed and
attenuation level.
- The repeater essentially generates the binary value (10 rO) of the
weak incoming signal based on its relative voltage level and
regenerates a strong signal of the same value without noise. This
process enhances the signal quality.
- Repeaters are spaced at approximately the same intervals as
amplifiers.
- Because repeaters work with the actual physical signal, and do not
attempt to interpret the data being transmitted, they operate on the
physical layer, the first layer of
the OSI model.
x) Fire wall
- A firewall is part of a computer system or network that is designed to
block unauthorized access while permitting actual communication.
- It is also a device or set of devices configured to permit, deny,
encrypt, decrypt or proxy all computer traffic between difficult security.
Domain based upon a set of rules and other criteria.
- It can be implemented in both hardware or software or a combination
of both.
- Firewalls can be an effective means of protecting a local system or
network of systems from network based security threats while at the
same time affording access to the outside world via wide area
networks and the internet.
- Firewall provides an additional layer of defense, insulating the internal
systems from external networks.
- Firewall has the following capabilities.
o A firewall defines a single choke point that keeps unauthorized
user out of the protected network, prohibits potentially
vulnerable services from entering or leaving the network and
provides protection from various kinds of IP Spooting and
routing attacks.
o A firewall provider a location for monitoring security related
events. Audit and alarm can be implemented on the firewall
system.
55
 o A firewall is a convenient platform for several internet functions
that are not security related.
- However firewalls have their limitations including:-
o It cannot protect against attacks that by passes the firewall
o It may not protect fully against internal threats such as a
disgruntled employee.
o An improperly secured wireless LAN may be accessed from
outside the organization.
- A firewall may act as a packet filter. It can operate as a positive filter,
allowing passing only packets that meet specific criteria or as a
negative fitter, rejecting any packet that meets certain criteria.
Types of firewalls
1. Packet filtering firewalls
- It applies a set of rules to each incoming and outgoing IP packet and
then forwards or discards the packet. It is typically configured to filter
packets going in both direction (from and to the internal network)
- It generally falls into two subcategories; stateful and stateless.
- Stateful firewalls maintain context about active section, and use that
state information to speed packet processing. If a packet does not
watch on existing connection, it will be evaluated according to the
ruleset for new connections.
- Stateless firewalls require less memory and can be faster for simple
filters that require less time to filter them to look up a session.
- The major advantage of packet filtering firewalls is its simplicity. Also,
packet filters typically are transparent to user end are very fast..
- However packet filtering firewall has the following weaknesses:-
o Most do not support advanced user authentication schemes
o It is vulnerable to attacks and exploits that take advantage of
problems within the TCP/IP specification and protocol stack
such as network layer address spoofing.
o It is susceptible to security breaches caused by improper
configuration.
o It does not examine upper layer data, hence it cannot prevent
attacks that employ application
2) Application – level firewall
- Also called application proxy, acts as a relay of application – level
traffic.
- The user contacts the gateway using TCP/IP application and the
gateway asks the user for the name of the remote hot to be accessed.
- It works on the application level of the TCP/IP stack and may intercept
all packets traveling to or from an application.
- They block other packets (usually dropping them without
acknowledgement to the sender)
- It functions by determining whether a process should accept any
given connection. It accomplishes their function by hooking into
socket cause to filter the connection between the application layer and
the lower layer of the OSI model.
- It work much as like a packet filter but application filters apply filtering
rules (allow/block) on a per process basis instead of filtering
connections on a per port basis.
- The major advantages of these fire walls are:
o It is more secure than packet filters
o It is easy to log and audit all incoming traffic at the application
level.
- However the disadvantage is:
o The additional processing overhead on each connection.
3) Proxies
- A proxy server may act as firewall by responding to put packets
(connection requests) in the manner of an application, while blocking
other packets.
- It is a gateway from one network to another for a specific network
application in the sense that it functions as a proxy on behalf of the
network user.
- Proxies make tampering with an internal system from the external
network more difficult and misuse of one internal system would not
necessarily cause a security breach exploitable from outside the
firewall.
56
57
Protocols and standards
- Protocol is a kind of agreement about the exchange of information in a Type of transmission lines unbalanced Differential Differential
distributed system. It is a set of rules that two or more devices must Max number of drivers 1 1 32
follow if they are to communicate with each other. Max number of receivers 1 10 32
- Protocol includes everything from the meaning of data to the voltage Max cable length (m) 15m 1.5km 1.2km
levels on connection wires. Max data rate 20kbps 10mbps 10mbps
- A network protocol defines how a network will handle the following
problems and tasks: i) Rs 232
o communication line errors - The RS-232 interface standard (officially called TIA-232) defines the
o flow control (to keep buffers from overflowing) electrical and mechanical details of the interface between Data
o access by multiple devices Terminal Equipment (DTE) and Data Communications Equipment
o failure detection (DCE), which employ serial binary data interchange.
o data translation - The current version of the standard refers to DCE as Data Circuit-
o interpretation of messages terminating Equipment.
- Networking standards can be classified as proprietary, open or de
facto
o Proprietary standards are owned by one particular
organization.
o If that organization has sufficient market clout and the industry
lacks alternative to its standard, it may be adopted the whole
industry, becoming a de facto standard.
o Open standard are not owned by any one – they are created
by neutral organizations to ensure that compatible products - Its used for many purposes such as connecting mouse, printer as well
can be designed and developed by many different companies. as industrial instrumentation
- RS – 232 is limited to point to point connections between pc serial
Serial Interface Standards ports and devices.
- Many devices used in industrial applications use EIA standards RS – - The RS-232 standard consists of three major parts, which define:
232, RS 422 or RS 485 to connect to computers and to one another. • Electrical signal characteristics
- The EIA RS–XXX standard specifies only the electrical characteristics • Mechanical characteristics of the interface
– not the software protocol • Functional description of the interchange circuits
- The whole purpose of a serial interface is to provide a single path for - The standard defines a logic and voltage between -3v and -25v and a
data transmission wirelessly or a over a cable. logic 0 as a voltage level between +3V and +25v
- Serial interfaces can be used to provide standardized logic levels from - Many RS 232 connections are one-way or simplex However, using
transmitter to receiver, define transmission medium and connectors the special signaling and control voltages available, this way or half
and specify timing and data rates. duplex operation is possible.
- The definition of logic levels, medium and connectors is part of layer 1 - The two connected devices alternate transmitting and receiving
of OSI model (physical layer) while data handling is part of MAC layer operations.
or layer 2(Data link layer) - The central signal in the interface defines the protocol for transmitting
and receiving data.

58
- These signals tie the two communicating devices when they are busy,
transmitting, ready and receiving.
- The transmitting device is the DTE (devices that are either the source
or destination of data frames) such as computer, work station.
- The receiving device is the DCE (device that receive and forward
frames across the network) – such as printer, modem, interface card.
- The control signal used on the common nine-pin connector are:-
a) Data carrier detect (DCD) – the DCE tells the DTE it is receiving a
valid input signal (Pin 1)
b) Data set ready (DSR) – The DCE tells the DTE it is connected and
ready to receive (pin 6)
c) Received data (RD): This is the actual signal received from DTE
(Pin 2).
d) Request to send (RTS) – This signal from the DTE tells the DCE it
is ready to transmit (pin 7)
e) Signal ground:- This is the common ground connection for all
signals (pin 5)
f) Transmit data (TD) – This is the transmitted signal from the DTE
(pin 3)
g) Data terminal ready (DTR) – This line is from the DTE to the DCE
indicating readiness to send or receive data (pin 4)
h) Clear to send (CTS) – This line from the DCE tells the DTE it is
ready to receive data (pin 8)
i) Ring indicator (R1) – This line was used in order modem
connection but it is not used anymore (pin 9)
Limitations and drawback
- Limited distance – cable length limited to 1.5 meter
- Not multidrop – it can only connect on RS – 232 device per port.
- Susceptible to noise – RS 232 is single-ended, which means that they
transmit and receive lines are referenced to a common ground.
(ii) RS – 422 (EIA – 422)
- It is similar to RS 232, and can be programmed in the same way. This
is a technical standard that specified electrical characteristics of a
digital signaling circuit.
- Differential signaling can transmit data at rates as high as 10 mbps
along a cable of 1500m.
- The advantage offered by this standard includes the differential
receiver, a differential driver and high data rates.
- However RS 422 cannot implement a truly multipoint communication
network such as with RS 485, but one driver can be connected to up
to ten receivers.
(iii) RS 485 (TIA 485)
- It defines not only a single device to device interface but also a
communication bus that can be used to form simple networks of
multiple devices.
- It specifies differential signaling on two lines rather than single ended
with a voltage referenced to ground
- A logic is a level greater than -200mv and a logic O is a level greater
than +200 mv
- The standard transmission medium is twisted-pair cable of 22 or 24
AWG solid wire. Two lines are minimum but reference wire can be
used.
- Four wire can be used if full duplex operation is desired.
- Maximum cable length is defined as 1.2 km at maximum data rate of
100mbps
- A common configuration is bus network topology with multiple drops
or connections.
- The standard species a maximum of 32 drivers (transmitters) and 32
receivers.
- Line drivers are disconnected from the line when not transmitting. All
receivers are fully connected and the bus line is terminated in a load
matching resistance.
Applications of serial interface
- RS 232 standard is deployed in a wide range of low data rate short
range applications.
- It is particularly effective in equipment used in noisy environment such
as factories, process control and utilities sites.
59
- Common equipment include low-speed modems, industrial control
equipment like PLC, computer, numerical controlled (CNC) machine
tools, robots, embedded control computers, medical instrument and
equipment and embedded controller development systems.
- The RS 485 – Interface is also widely used in industrial applications
where higher speeds and longer distances are needed.
- It is used in the same type of equipment as defined for the RS 232
interface puts devices like point of sale (pos) terminal, metering
instruments, and large special automated machines.
Ethernet
- The term refers to the family of LAN module covered by the IEEE
802.3 standard that defines what is the CSMA/CIS protocol
- The Ethernet standards comprise several wiring and signaling
variants of the OSI physical layer in the use with Ethernet.
- Three data rates are defined for operation over optical fibre and
twisted-pair cables.
o 10 BASE – T Ethernet
o Fast Ethernet (100 BASE – T Ethernet)
o Gigabit Ethernet 1000 BASE-T Ethernet
- The protocol has the following characteristics:
o Easy to understand, implement, manage and maintain
o Allows low cost network implementation
o Provides extensive topologies flexibility for network installation
o Guarantees successful, interconnection and operation of
standard – compliant products, regardless of manufacture
- Twisted-pair Ethernet standards are such that the majority of cables
can be wired ‘straight through’ pin1 to pin1 pin 2 to pin 2 and so on,
but others may need to be wired in the ‘crossover’ form (receive to
transmit and transmit to receive)
Industrial Ethernet
- This refers to the use of standard Ethernet protocols with rugged
connectors and extended temperature switches in an industrial
environment for automation or process control.
- Components used in plant process areas must be designed to work in
harsh environment of temperature extremes, humidity and vibration
that exceeds the ranges for information technology equipment
intended for installation in controlled environment.
- The use of fibre Ethernet reduces the problem of electrical noise and
provides electrical isolation to prevent equipment damage.
- Some industrial networks emphasis deterministic delivery of
transmitted data, whereas Ethernet used collision detection which
made transport time for individual data packets difficult to estimate
with increasing network traffic.
- In addition to physical compatibility and low level transport protocols a
practical industrial Ethernet system must also provide interoperability
of high levels of the OSI model.
- An industrial network use network switches to segment a large system
into logical sub-networks, divided by address, protocol or application.
- Using network switches allows the network to be broken up into many
small collision domains.
- This reduces the risk of a faulty or misconfigured device generating
excess network traffic.
Benefits of industry-standard networks
- Modern control and business systems require open, digital
communications.
- Industrial networks replace conventional point-to-point RS-232, RS-
485, and 4-20 mA wiring between existing measurement devices and
automation systems with an all-digital, 2-way communication network.
- Industrial networking technology offers several major improvements
over existing systems.
- With industry-standard networks, we can select the right instrument
and system for the job regardless of the control system manufacturer.
- Other benefits include:
o Reduced wiring -- resulting in lower overall installation and
maintenance costs
o Intelligent devices -- leading to higher performance and
increased functionality such as advanced diagnostics
o Distributed control -- with intelligent devices providing the
flexibility to apply control either centrally or distributed for
improved performance and reliability
o Simplified wiring of a new installation, resulting in fewer,
simpler drawings and overall reduced control system
engineering costs
o Lower installation costs for wiring, marshalling, and junction
boxes
60
61
I/O BUS NETWORKS
- I/O bus networks allow PLCs to communicate with I/O devices in a
manner similar to how local area networks let supervisory PLCs
communicate with individual PLCs.
- This configuration decentralizes control in the PLC system, yielding
larger and faster control systems.
- The topology, or physical architecture, of an I/O bus network follows
the bus or extended bus (tree) configuration, which lets field devices
(e.g., limit, photoelectric, and proximity switches) connect directly to
either a PLC or to a local area network bus.
- Remember that a bus is simply a collection of lines that transmit data
and/or power. Figure illustrates a typical connection between a PLC, a
local area network, and an I/O bus network
- The basic function of an I/O bus network is to communicate
information with, as well as supply power to, the field devices that are
connected to the bus.
- In an I/O bus network, the PLC drives the field devices directly,
without the use of I/O modules; therefore, the PLC connects to and
communicates with each field I/O device according to the bus’s
protocol.
- In essence, PLCs connect with I/O bus networks in a manner similar
to the way they connect with remote I/O, except that PLCs in an I/O
bus use an I/O bus network scanner.
- An I/O bus network scanner reads and writes to each field device
address, as well as decodes the information contained in the network
information packet.
- A large, tree topology bus network (i.e., a network with many
branches) may have up to 2048 or more connected discrete field
devices.
- The field devices that connect to I/O bus networks contain intelligence
in the form of microprocessors or other circuits). These devices
communicate not only the ON/OFF state of input and output controls,
but also diagnostic information about their operating states.
- I/O bus networks can be separated into two different categories—one
that deals with low-level devices that are typical of discrete
manufacturing operations and another that handles high-level devices
found in process industries.
- These bus network categories are:
• Device bus networks
• Process bus networks
- Device bus networks interface with low-level information devices
(e.g., push buttons, limit switches, etc.), which primarily transmit data
relating to the state of the device (ON/OFF) and its operational status
(e.g., operating OK). These networks generally process only a few
bits to several bytes of data at a time.
- Process bus networks, on the other hand, connect with high-level
information devices (e.g., smart process valves, flow meters, etc.),
which are typically used in process control applications. Process bus
networks handle large amounts of data (several hundred bytes),
consisting of information about the process, as well as the field
devices themselves.
62
- The majority of devices used in process bus networks are analog,
while most devices used in device bus networks are discrete.
- However, device bus networks sometimes include analog devices,
such as thermocouples and variable speed drives that transmit only a
few bytes of information.
- Device bus networks that include discrete devices, as well as small
analog devices, are called byte-wide bus networks. These networks
can transfer between 1 and 50 or more bytes of data at a time.
- Device bus networks that only interface with discrete devices are
called bit-wide bus networks. Bit-wide networks transfer less than 8
bits of data from simple discrete devices over relatively short
distances.
Protocol Standards
- Neither of the two I/O bus networks have established protocol
standards; however, many organizations are working towards
developing both discrete and process bus network specifications.
- In the process bus area, two main organizations, the Fieldbus
Foundation (which is the result of a merger between the Interoperable
Systems Project, ISP, Foundation and the World FIP North American
group) and the Profibus (Process Field Bus) Trade Organization, are
working to establish network and protocol standards.
- Other organizations, such as the Instrument Society of America (ISA)
and the European International Electronics Committee (IEC), are also
involved in developing these standards.
- This is the reason why some manufacturers specify that their analog
products are compatible with Profibus, Fieldbus, or another type of
protocol communication scheme.
- Although no proclaimed standards exist for device bus network
applications, several de facto standards are emerging due to the
availability of company specific protocol specifications from device
bus network manufacturers.
- These network manufacturers or associations provide I/O field device
manufacturers with specifications in order to develop an open network
architecture, (i.e., a network that can interface with many types of field
devices).
- In this way, each manufacturer hopes to make its protocol the industry
standard.
- One of these de facto standards for the byte-wide device bus network
is DeviceNet, originally from PLC manufacturer Allen-Bradley and now
provided by an independent spin-off association called the Open
DeviceNet Vendor Association.
- Another is SDS (Smart Distributed System) from Honeywell. Both of
these device bus protocol standards are based on the control area
network bus (CANbus), developed for the automobile industry, which
uses the commercially available CAN chip in its protocol.
- InterBus-S from Phoenix Contact is another emerging de facto
standard for byte-wide device bus network.
63
- The de facto standards for low-end, bit-wide device bus networks - Each interbus sensor loop system can act as a single station on an
include Seriplex, developed by Square D, and ASI (Actuator Sensor interbus-S network, on the sensor loop can be connected directly to a
Interface), a standard developed by a consortium of European controller or master.
companies. - Interbus–S devices are usually implemented with a special ASIC
- Again, this is why I/O bus network and field device manufacturers will (application specific integrated circuit).
specify compatibility with a particular protocol (e.g., ASI, Seriplex,
InterBus-S, SDS, or DeviceNet) even though no official protocol ii) CANbus networks
standard exists. - CANbus networks are byte-wide device bus networks based on the
widely used CAN electronic chip technology, which is used inside
1. Byte-Wide Device Bus Networks automobiles to control internal components, such as brakes and other
- The most common byte-wide device bus networks are based on the systems.
InterBusS network and the CANbus network. - A CANbus network is an open protocol system featuring variable
length messages (up to 8 bytes), nondestructive arbitration, and
i) InterBus-S advanced error management. A four-wire cable plus shield— two
- InterBus-S is a sensor/actuator device bus network that connects wires for power, two for signal transmission, and a “fifth” shield wire—
discrete and analog field devices to a PLC or computer (soft PLC) via provides the communication link with field devices.
a ring network configuration. - This communication can either be master/slave or peer to peer. The
- The InterBusS has built-in I/O interfaces in its 256 possible node speed of the network (data transmission rate) depends on the length
components, which also include terminal block connections for easy of the trunk cable.
I/O interfacing.
- This network can handle up to 4096 field I/O devices (depending on
the configuration) at a speed of 500 kbaud with cyclic redundancy
check (CRC) error detection.
- A PLC or computer in an InterBus-S network communicates with the
bus in a master/slave method via a host controller or module.
- The topology of the network is a ring, with data being sequentially
shifted from point to point on the ring under the control of a network
master.
- Each device is the ring acts as a shift register, transmitting and
receiving data simultaneously at 500 KHz.
- The actual serial data transmission between stations conforms to RS-
485.
- Interbus–S (interbus–S remote Bus) has also been extended to
include a sub-protocol called interbus – sensor loop (or interbus–S
local Bus). - The DeviceNet byte-wide network can support 64 nodes and a
- This subprotocol provides an alternate physical layer, with a single maximum of 2048 field I/O devices.
twisted pair carrying power and data on the same lines and a - The SDS network can also support 64 nodes; however, this number
reduction in the minimum size of the shift register in each station from increases to 126 addressable locations when multiport I/O interfaces
16 to 4 bits. are used to multiplex the nodes.

64
- Using a 4-to-1 multiport I/O interface module, an SDS network can
connect to up to 126 nonintelligent I/O devices in any combination of
inputs and outputs.
- This multiport interface to nonintelligent field devices contains a slave
CAN chip inside the interface, which provides status information about
the nodes connected to the interface.
- In a DeviceNet network, the PLC connects to the field devices in a
trunkline configuration, with either single drops off the trunk or
branched drops through multiport interfaces at the device locations.
- Because an SDS network can transmit many bytes of information in
the form of variable length messages, it can also support many
intelligent devices that can translate one, two, or more bytes of
information from the network into 16 or 32 bits of ON/OFF information.
- An example of this type of intelligent device is a solenoid valve
manifold.
- This kind of manifold can have up to 16 connections, thereby
receiving 16 bits (two bytes) of data from the network and controlling
the status of 16 valve outputs.
- However, this device uses only one address of the 126 possible
addresses. Thus, in this configuration, the SDS network can actually
connect to more than just 126 addressable devices.
- The CANbus device bus network uses three of the ISO layers and
defines both the media access control method and the physical
signaling of the network, while providing cyclic redundancy check
(CRC) error detection.
- The media access control function determines when each device on
the bus will be enabled.
2. Bit-wide device bus networks
- Bit-wide device bus networks are used for discrete applications with
simple ON/OFF devices (e.g., sensors and actuators).
- These I/O bus networks can only transmit 4 bits (one nibble) of
information at a time, which is sufficient to transmit data from these
devices
- The smallest discrete sensors and actuators require only one bit of
data to operate.
- By minimizing their data transmission capabilities, bit-wide device bus
networks provide optimum performance at economical costs. The
most common bit-wide device bus networks are ASI, InterBus Loop,
and Seriplex
i) ASI Bit-Wide Device Bus Network.
- ASI (Actuator sensor interface) was developed for low-cost, flexible
method for connecting sensor and actuators at the lowest levels of
industrial control system.
- The ASI network protocol is used in simple, discrete network
applications requiring no more than 124 I/O field devices.
65
- These 124 inputs and output devices can be connected to up to 31
nodes in either a tree, star, or ring topology. The I/O devices connect
to the PLC or personal computer via the bus through a host controller
interface.
- It provides a two-wire, non-twisted cable for interconnection of
devices. Devices may draw current from the two wires for powering
circuitry, and data communications are modulated on top of the
nominal d.c level at a bit rate of 167KHZ, under control of the master.
One single parity bit per station is used for error detection.
- The maximum cable length is 100 meters (330 ft) from the master
controller.
- The ASI network protocol is based on the ASI protocol chip, thus the
I/O devices connected to this type of network must contain this chip.
- Typical ASI-compatible devices include proximity switches, limit
switches, photoelectric sensors, and standard off-the-shelf field
devices.
- However, in an application using an off-the-shelf device, the ASI chip
is located in the node (i.e., an intelligent node with a slave ASI chip),
instead of in the device.
- Figure below illustrates an I/O bus network that uses both the ASI bit-
wide network and the byte-wide CANbus network. Note that the ASI
network connects to the byte-wide CANbus network through a
gateway.
ii) InterBus Loop Bit-Wide Device Bus Network
- The InterBus Loop from Phoenix Contact Inc. is another bit-wide
device bus network used to interface a PLC with simple sensor and
actuator devices.
- The InterBus Loop uses a power and communications technology
called PowerCom to send the InterBus-S protocol signal through the
power supply wires (i.e., the protocol is modulated onto the power
supply lines).
- This reduces the number of cables required by the network to only
two conductors, which carry both the power and communication
signals to the field devices.
- Since the InterBus-S and InterBus Loop networks use the same
protocol, they can communicate with each other via an InterBus Loop
terminal module.
- The InterBus Loop connects to the bus terminal module, located in the
InterBus-S network, which attaches to the field devices via two wires.
- An InterBus Loop network can also interface with non-intelligent, off -
the-shelf devices by means of module interfaces containing an
intelligent slave network chip.
iii) Seriplex Bit-Wide Device Bus Network.
- The Seriplex device bus network can connect up to 510 field devices
to a PLC in either a master/slave or peer-to-peer configuration.
- The Seriplex network is based on the application specific
integrated circuit, or ASIC chip, which must be present in all I/O field
devices that connect to the network.
- I/O devices that do not have the ASIC chip embedded in their circuitry
(i.e., off-the-shelf devices) can connect to the network via a Seriplex
I/O module interface that contains a slave ASIC chip.
- The ASIC I/O interface contains 32 built-in Boolean logic function
used to create logic that will provide the communication,
addressability, and intelligence necessary to control the field devices
connected to the network bus.
- A Seriplex network can span distances of up to 5,000 feet in a star,
loop, tree, or multidrop configuration.
- This bit-wide bus network can also operate without a host controller.
Unlike the ASI network, the Seriplex device bus network can interface
with analog I/O devices; however, the digitized analog signal is read
or written one bit at a time in each scan cycle
66
Process Bus Network
- A process bus network is a high-level, open, digital communication
network used to connect analog field devices to a control system.
- It is used in process applications, where the analog input/output
sensors and actuators respond slower than those in discrete bus
applications (device bus networks).
- The size of the information packets delivered to and from these
analog field devices is large, due to the nature of the information
being collected at the process level.
- The two most commonly used process bus network protocols are
Fieldbus and Profibus.
- Although these network protocols can transmit data at a speed of 1 to
2 megabits/sec, their response time is considered slow to medium
because of the large amount of information that is transferred.
- Nevertheless, this speed is adequate for process applications,
because analog processes do not respond instantaneously, as
discrete controls do.
- Process bus networks can transmit enormous amounts of information
to a PLC system, thus greatly enhancing the operation of a plant or
process.
- For example, a smart, process bus–compatible motor starter can
provide information about the amount of current being pulled by the
motor, so that, if current requirements increase or a locked-rotor
current situation occurs, the system can alert the operator and avoid a
potential motor failure in a critical production line.
- Implementation of this type of system without a process bus network
would be too costly and cumbersome because of the amount of wire
runs necessary to transmit this type of process data.
- Process bus networks will eventually replace the commonly used
analog networks, which are based on the 4–20 mA standard for
analog devices.
- This will provide greater accuracy and repeatability in process
applications, as well as add bidirectional communication between the
field devices and the controller (e.g., PLC). A PLC or computer
communicates with a process bus network through a host controller
interface module using either Fieldbus or Profibus protocol format.
- Block transfer instructions relay information between the PLC and the
process bus processor. The process bus processor is generally
inserted inside the rack enclosure of the PLC.
i) Fieldbus Process Bus Network
- The Fieldbus process bus network from the Fieldbus Foundation (FF)
is a digital, serial, multiport, two-way communication system that
connects field equipment, such as intelligent sensors and actuators,
with controllers, such as PLCs.
- This process bus network offers the desirable features inherent in 4–
20 mA analog systems, such as:
• a standard physical wiring interface
• bus-powered devices on a single pair of wires
• intrinsic safety options
- However, the Fieldbus network technology offers the following
additional advantages:
• reduced wiring due to multidrop devices
• Compatibility among Fieldbus equipment
• reduced control room space requirements
• Digital communication reliability
Fieldbus Protocol
- The Fieldbus network protocol is based on three layers of the ISO’s
seven-layer model. These three layers are layer 1 (physical interface),
layer 2 (data link), and layer 7 (application).
- It has optimized the OSI architecture for process control by removing
the middle layers that are generally associated with non-time critical
applications such as file transfer.
- The section comprising layers 2 and 7 of the model are referred to as
the Fieldbus communication stack.
- In addition to the ISO’s model, Fieldbus adds an extra layer on top of
the application layer called the user layer.
- This user layer provides several key functions, which are function
blocks, device description services, and system management.
Physical Layer (Layer 1)
- The physical layer of the Fieldbus process bus network conforms with
the ISA SP50 and IEC 1152-2 standards.
- These standards specify the type of wire that can be used in this type
of network, as well as how fast data can move through the network.
- Moreover, these standards define the number of field devices that can
be on the bus at different network speeds, with or without being
powered from the bus with intrinsic safety (IS).
67
- Intrinsically safe equipment and wiring does not emit enough thermal
or electrical energy to ignite materials in the surrounding atmosphere.
- Thus, intrinsically safe devices are suitable for use in hazardous
environments(e.g., those containing hydrogen or acetylene).
- The Fieldbus has two speeds—a low speed of 31.25 kbaud, referred
to as H1, and a high speed of 1 Mbaud or 2.5 Mbaud (depending on
the mode—AC current or DC voltage mode), called H2.
- At a speed of 31.25 kbaud, the physical layer of the Fieldbus process
network can support existing 4–20 mA wiring.
- This increases cost-effectiveness when upgrading a plant or process’s
network communication scheme. At this H1 speed, the Fieldbus
network can also support intrinsically safe network segments with
bus-powered devices.
Communication Stack (Layers 2 and 7)
- The communication stack portion of the Fieldbus process bus network
consists of layer 2 (the data link layer) and layer 7 (the application
layer).
- The data link layer controls the transmission of messages onto the
Fieldbus through the physical layer.
- It manages access to the bus through a link active scheduler, which
is a deterministic, centralized bus transmission regulator based on
IEC and ISA standards.
- The application layer contains the Fieldbus messaging
specification (FMS) standard, which encodes and decodes
commands from the user layer, Fieldbus’s additional 8th layer.
- The FMS is based on the Profibus process bus standard. Layer 7 also
contains an object dictionary, which allows Fieldbus network data to
be retrieved by either tag name or index record
User Layer (Layer 8)
- The user layer implements the Fieldbus network’s distributed control
strategy.
- It contains three key elements, which are function blocks, device
description services, and system management.
- The user layer, a vital segment of the Fieldbus network, also defines
the software model for user interaction with the network system.
- Function Blocks: are encapsulated control functions that allow the
performance of input/output operations, such as analog inputs, analog
outputs, PID control, discrete inputs/outputs, signal selectors, manual
loaders, bias/gain stations, and ratio stations. The function block
capabilities of Fieldbus networks allow Fieldbus-compatible devices to
be programmed with blocks containing any of the instructions
available in the system. Through these function blocks, users can
configure control algorithms and implement them directly through field
devices.
- Device Description Services. Device descriptions (DD) are Fieldbus
software mechanisms that let a host obtain message information,
such as vendor name, available function blocks, and diagnostic
capabilities, from field devices. Device descriptions can be thought of
as “drivers” for field devices connected to the network, meaning that
they allow the device to communicate with the host and the network.
All devices connected to a Fieldbus process network must have a
device description. When a new field device is added to the network,
the host must be supplied with its device description.
- System Manager. The system management portion of the user layer
schedules the execution of function blocks at precisely defined
intervals. It also controls the communication of all the Fieldbus
network parameters used by the function blocks. Moreover, the
system manager automatically assigns field device addresses.
68
Profibus Process Bus Network
- Profibus (PROcess FIeld BUS) is a digital process bus network
capable of communicating information between a master controller (or
host) and an intelligent, slave process field device, as well as from
one host to another.
- Profibus actually consists of three intercompatible networks with
different protocols designed to serve distinctive application
requirements. The three types of Profibus networks are: Profibus-
FMS, Profibus-DP and Profibus-PA
- Profibus-FMS network is the universal solution for communicating
between the upper level, the cell level, and the field device level of the
Profibus hierarchy.
- Cell level control occurs at individual (or cell) areas, which exercise
the actual control during production. The controllers at the cell level
must communicate with other supervisory systems.
- The Profibus-FMS utilizes the Fieldbus message specification
(FMS) to execute its extensive communication tasks between
hierarchical levels.
- This communication is performed through cyclic or acyclic messages
at medium transmission speeds.
- Profibus-DP (Decentralized Peripherals) network is a
performance-optimized version of the Profibus network. It is designed
to handle time-critical communications between devices in factory
automation systems. - In broadcast communication, an active station sends an unconfirmed
- The Profibus-DP is a suitable replacement for 24-V parallel and 4–20 message to all other stations.
mA wiring interfaces. - Any of these stations (including both masters and slaves) can take
- Profibus-PA (Process Automation) network is the process this information. In multicast communication, an active station sends
automation version of the Profibus network. It provides bus-powered an unconfirmed message to a particular group of master or slave
stations and intrinsic safety according to the transmission stations.
specifications of the IEC 1158-2 standard. The Profibus-PA network - The physical layer or layer 1, of the ISO model defines the network’s
has device description and function block capabilities, along with field transmission medium and the physical bus interface.
device interoperability. - The Profibus network adheres to the EIA RS-485 standard, which
- Profibus-PA is designed for use in an explosion / hazardous areas. uses a two-conductor, twisted-pair wire bus with optional shielding.
The physical layer (cable) allows power to be delivered over the bus - The maximum number of stations or device nodes per segment is 32
to field instruments, while limiting current flows so that explosive without repeaters and 127 with repeaters.
conditions are not created, even if a malfunction occurs. - The network transmission speed is selectable from 9.6 kbaud to 12
- Profibus networks support both peer-to-peer and multipeer Mbaud, depending on the distance and cable type. Without repeaters,
communication in either broadcast or multicast configurations. the maximum bus length is 100 m at 12 Mbaud.
- The type of connector used is a 9-pin, D-sub connector.

69
Modbus Network
- It is a serial communication protocol published by Modicons for use
with its PLCs.
- Simple and robust, it has since become a de facto standard
communication protocol, and it is now commonly available means of
connecting electronic devices.
- The main reasons for the use of modbus in the industrial environment
are:
- Developed with industrial application in mind
- Openly published and royalty free
- Easy to deploy and maintain
- Moves raw bits or words without placing many instructions.
- It allows for communication between many (approx 240) devices
connected to the same network.
- It is used to connect a supervisory computer with a remote terminal
unit (RTU) in SCADA systems.
- A Modbus command contains the modbus address of the device it is
intended for. All modbus commands contain checking information,
ensuring that a command arrives undamaged.
- The basic modbus command can instruct an RTU to change a value
in one of its registers, control or read an 1/0 port as well as command
the device to send back one or more values contained in its registers.
- Modbus Messaging protocol is an Application layer (OSI layer 7)
protocol that provides client/server communication between devices
connected to different types of buses or networks.
- The Modbus Messaging protocol is only a protocol and does not imply
any specific hardware implementation. Also note that the Modbus
Messaging protocol used with Modbus Serial is the same one used
with Modbus Plus and Modbus TCP.
- Modbus messaging is based on a client/server model and employs
the following messages:
- Modbus requests, i.e. the messages sent on the network by the
clients to initiate transactions. These serve as indications of the
requested services on the server side
- Modbus responses, i.e. the response messages sent by the
servers. These serve as confirmations on the client side.
- Modbus (or to be more exact; the Modbus Messaging protocol) is just
a protocol, Modbus Plus is a complete system with a predefined
medium and Physical layer (OSI layer 1) implementation.
4 to 20 mA Current Loop
- The 4 to 20 mA current loop is a widely used method for transferring
information from one station (the transmitter) to another station (the
receiver). Therefore, this system allows for only two stations.
- A typical current loop system assigns a sensing range (e.g., 0 to
100°C) to the current range between 4 and 20 mA.
- A loop exists (i.e., two wires) between the transmitter and receiver.
- The transmitter can impress a certain current in the loop (using a
controlled current source) so that the receiver can measure the
current in the loop (e.g., by placing a small resistor in series with the
loop and measuring the voltage drop across the resistor).
- After measuring the current, the receiver can then determine the
present level of the sensed signal within the defined sensing range.
- This method uses current signaling, instead of voltage signaling, and
therefore is relatively unaffected by potential differences between the
transmitter and the receiver.
- This is similar to the benefit of differential (voltage) signaling, which
also requires two wires.
- Another characteristic of this method is that it is not primarily digital in
nature, as many other sensor communication systems are.
- The measured value can vary continuously in the range of 4-20 mA,
and therefore can easily represent an analog sensing range, rather
than a set of digital signals. Also, the signal is continuously variable
and available.
- Another characteristic of this method is that the integrity of the loop
can be verified.
- As long as the loop is unbroken and the transmitter is in good working
order, the current in the loop should never fall below 4 mA.
- If the current approaches 0 mA, then the receiver can determine that
a fault exists — perhaps a broken cable.
- These systems are widely used in various process control industries
(e.g., oil refining) for connecting sensors (transmitters) with control
computers.
- Because one station is always the transmitter and one station is
always the receiver, this is a unidirectional, half duplex communication
system.
70
HART (Highway Addressable Remote Transducer) - The digital signal is made up of two frequencies— 1,200 Hz and 2,200
- The HART system (and its associated protocol) was originally Hz representing bits 1 and 0, respectively.
developed by Rosemount and is regarded as an open standard, - Sine waves of these two frequencies are superimposed on the direct
available to all manufacturers. current (dc) analog signal cables to provide simultaneous analog and
- Its main advantage is that it enables the retention of the existing 4- digital communications.
20mA instrumentation cabling whilst using, simultaneously, the same - Because the average value of the 1200/2400Hz sine wave
wires to carry digital information superimposed on the analog signal. superimposed on the 4-20mA signal (FSK signal) is always zero,
- HART is a hybrid analog and digital system, as opposed to most field hence, the 4-20mA analog information is not affected.
bus systems, that are purely digital. - The HART FSK signaling enables two-way digital communication and
- HART products generally fall into one of three categories: field makes it possible for additional information beyond just the normal
devices, host systems, and communication support hardware. process variable to be communicated to or from a smart field
· Field devices include transmitters, valves, and controllers. There instrument.
are HART transmitters for almost any standard process - The HART protocol communicates at 1200 bits per second without
measurement including pressure, temperature, level, flow, and interrupting the 4-20mA signal and allows a host application (master)
analytical (pH, ORP, density). to get two or more digital updates per second from a field device.
· Host systems range from small handheld communicators to PC - A minimum loop impedance of 230 W is required for communication.
based maintenance management software to large scale
distributed control systems.
· Communication support hardware includes simple single loop
modems as well as an assortment of multiplexers that allow a host
system to communicate with a large number of field devices.
- It uses a Frequency Shift Keying (FSK) technique based on the Bell
202 standard.
- HART can be used in either one of the two network configuration :
· Point-to-point mode
· Multi-drop mode
- The HART protocol has two formats for digital transmission of data:
· Poll/response mode
· Burst (broadcast) mode
- HART follows the basic Open Systems Interconnection (OSI)
reference model. The OSI model describes the structure and
elements of a communication system. The HART protocol uses a
reduced OSI model, implementing only layers 1, 2 and 7

Frequency Shift Keying (FSK)

- The HART communication protocol is based on the Bell 202
telephone communication standard and operates using the frequency
shift keying (FSK) principle.

71
HART Networks
- HART devices can operate in one of two network configurations—
point-to-point or multidrop.
- The connection can be in form of:
- In conjunction with the 4-20mA current signal in point-to-
point mode,
- in conjunction with other field devices in multi-drop mode
- in point-to-point mode with only one field device
broadcasting in burst mode
i) Point-To-Point:
- In point-to-point mode, the traditional 4–20 mA signal is used to
communicate one process variable, while additional process
variables, configuration parameters, and other device data are
transferred digitally using the HART protocol.
- The 4–20 mA analog signal is not affected by the HART signal and
can be used for control in the normal way.
- The HART communication digital signal gives access to secondary
variables and other data that can be used for operations,
commissioning, maintenance, and diagnostic purposes
ii) Multidrop:
- The multidrop mode of operation requires only a single pair of wires
and, if applicable, safety barriers and an auxiliary power supply for up
to 15 field devices.
- All process values are transmitted digitally. In multidrop mode, all field
device polling addresses are >0, and the current through each device
is fixed to a minimum value (typically 4 mA).
- Thus, setting the smart device polling address to a number greater
than zero implies a multi-drop loop.
- Obviously the 4-20mA concept only applies to a loop with a single
transducer; hence for a multi-drop configuration the smart device sets
its analog output to a constant 4mA and communicates only digitally.
Communication Modes
- The HART protocol can be used in various modes for communicating
information to/from smart field instruments and central control or
monitoring equipment
- These protocols are: Poll/response mode and Burst (broadcast)
mode.
i) Poll/Response Mode (Master/Slave Mode)
- HART is a master-slave communication protocol, which means that
during normal operation, each slave (field device) communication is
initiated by a master communication device.
- The master polls each of the smart devices on the highway and
requests the relevant information.
- Two masters can connect to each HART loop. The primary master is
generally a distributed control system (DCS), programmable logic
72
 controller (PLC), or a personal computer (PC). The secondary master
can be a handheld terminal or another PC.
- Slave devices include transmitters, actuators, and controllers that
respond to commands from the primary or secondary master.
- This mode, allows digital information from the slave device to be
updated twice per second in the master. The 4-20 mA analog signals
are continuous and can still carry the primary variable for control.
ii) Burst Mode (Broadcast mode)
- This mode is an optional communication mode.
- In burst mode, the master instructs the slave device to continuously
broadcast a standard HART reply message (e.g., the value of the
process variable).
- The master receives the message at the higher rate until it instructs
the slave to stop bursting.
- This mode frees the master from having to send repeated command
requests to get updated process variable information
- Data update rates of 3-4 per second are typical with “burst” mode
communication and will vary with the chosen command. Burst mode
should be used only in single slave device networks.
HART Commands
- The HART command set provides uniform and consistent
communication for all field devices.
- Layer 7, the Application layer, consists of three classes of HART
commands: Universal, Common Practice, and Device Specific
- Host applications may implement any of the necessary commands for
a particular application.
i) Universal
- All devices using the HART protocol must recognize and support the
universal commands.
- Universal commands provide access to information useful in normal
operations (e.g., read primary variable and units).
ii) Common Practice
- Common practice commands provide functions implemented by
many, but not necessarily all, HART communication devices.
iii) Device Specific
- Device-specific commands represent functions that are unique to
each field device.
- These commands access setup and calibration information, as well as
information about the construction of the device. Information on
device-specific commands is available from device manufacturers.
73
Benefits of HART Communication
- The HART protocol is a powerful communication technology used to
exploit the full potential of digital field devices.
- Preserving the traditional 4–20 mA signal, the HART protocol extends
system capabilities for two-way digital communication with smart field
instruments.
- The HART protocol offers the best solution for smart field device
communications and has the widest base of support of any field
device protocol worldwide.
- More instruments are available with the HART protocol than any other
digital communications technology.
- Almost any process application can be addressed by one of the
products offered by HART instrument suppliers.
- Unlike other digital communication technologies, the HART protocol
provides a unique communication solution that is backward
compatible with the installed base of instrumentation in use today.
- This backward compatibility ensures that investments in existing
cabling and current control strategies will remain secure well into the
future.
- Other benefits include:
- Improved plant operations: HART-communicating devices
provide accurate information that helps improve the efficiency of
plant operations. During normal operation, device operational
values can be easily monitored or modified remotely.
- Operational flexibility: The HART protocol allows two masters
(primary and secondary) to communicate with slave devices and
provide additional operational flexibility. A permanently connected
host system can be used simultaneously, while a handheld
terminal or PC controller is communicating with a field device
- Instrumentation investment protection:. HART field instruments
protect the investment (existing plants and processes e.g. wiring,
analog controllers, smart instrumentation) by providing compatible
products with enhanced digital capabilities. These enhanced
capabilities can be used incrementally.
- Digital communication: A digital device provides advantages
such as improved accuracy and stability. The HART protocol
enhances the capabilities of digital instruments by providing
communication access and networking.

74
TOPIC 5: CALIBRATION SYSTEM
Calibration
- Calibration is the act or result of quantitative comparison between a
known standard and the output of the measuring system.
- If the output-input response of the system is linear, then a single-
point calibration is sufficient.
- However, if the system response is non-linear, then a set of
known standard inputs to the measuring system are employed for
calibrating the corresponding outputs of the system.
- This refers to the act of evaluating and adjusting the precision and
accuracy of measurement equipment.
- Instrument calibration is intended to eliminate or reduce bias in an
instrument's readings over a range for all continuous values.
· Precision is the degree to which repeated measurements under
unchanged conditions show the same result
· Accuracy is the degree of closeness of measurements of a
quantity to its actual true value.
- In general use, calibration is often regarded as including the process
of adjusting the output or indication on a measurement instrument to
agree with value of the applied standard, within a specified accuracy.
- There are three main reasons for having instruments calibrated:
1. To ensure readings from an instrument are consistent with other
measurements.
2. To determine the accuracy of the instrument readings.
3. To establish the reliability of the instrument i.e. that it can be
trusted.
- Calibration is carried out by agencies of the metrological service,
using reference standards and base standards.
- Governmental calibration is obligatory for measuring devices used in
reporting material value, for government tests and expert
examinations, and for recording national and international sports
records, and also for calibration of the original base standards.
- All other measuring devices are calibrated by the appropriate
departments.
Calibration Standards
- Calibration Standards of measurements can be classified according to
their function and type of application as:
International standards
- International standards are devices designed and constructed to the
specifications of an international forum.
- They represent the units of measurements of various physical
quantities to the highest possible accuracy that is attainable by the
use of advanced techniques of production and measurement
technology.
- These standards are maintained by the International Bureau of
Weights and Measures at Sevres, France. For example, the
International Prototype kilogram, wavelength of Kr86 orange-red lamp
and cesium clock are the international standards for mass, length and
time, respectively.
- However, these standards are not available to an ordinary user for
purposes of day-to-day comparisons and calibrations.
Primary standards
- Primary standards are devices maintained by standards
organizations / national laboratories in different parts of the world.
- These devices represent the fundamental and derived quantities and
are calibrated independently by absolute measurements.
- These are the most precise and accurate physical standards, which
are derived from international standards.
- They specify the most stringent conditions and are used only at rare
intervals for comparison with secondary standards.
- One of the main functions of maintaining primary standards is to
calibrate / check and certify secondary reference standards.
- Like international standards, these standards also are not easily
available to an ordinary user of instruments for verification / calibration
of working standards. These standards are not portable.
Secondary standards
- Secondary standards are basic reference standards employed by
industrial measurement laboratories.
- These are derived from primary standards. They are portable and are
often used as national standards.
- They are less precise than primary standards but are still very precise.
- They are used at rare intervals to calibrate tertiary and working
standards. These are maintained by the concerned laboratory.
75
- One of the important functions of an industrial laboratory is the
maintenance and periodic calibration of secondary standards against
primary standards of the national standards laboratory / organization.
- In addition, secondary standards are freely available to the ordinary
user of instruments for checking and calibration of working standards.
Working standards
- These are high-accuracy devices that are commercially available and
are duly checked and certified against either the primary or
secondary standards.
- For example, a standard cell and a standard resistor are the working
standards of voltage and resistance, respectively.
- Working standards are very widely used for calibrating general
laboratory instruments, for carrying out comparison measurements or
for checking the quality (range of accuracy) of industrial products.
Calibration Procedure
- The process of calibration involves the estimation of uncertainty
between the values indicated by the measuring instrument and the
true value of the input.
- Calibration may be called for:
· a new instrument
· after an instrument has been repaired or modified
· when a specified time period has elapsed
· when a specified usage (operating hours) has elapsed
· before and/or after a critical measurement
· after an event, for example
o after an instrument has had a shock, vibration, or has been
exposed to an adverse condition which potentially may
have put it out of calibration or damage it
o sudden changes in weather
· whenever observations appear questionable or instrument
indications do not match the output of surrogate instruments
· As specified by a requirement, e.g., customer specification,
instrument manufacturer recommendation.
- There are four types of calibration:
· Primary calibration, which is performed when a measuring
device is put into circulation from production or returned from
repair;
· Periodic calibration, which is conducted during use or storage of
a device;
· Special calibration, which results from the need for immediate
verification of the good condition of a device; and
· Inspection calibration, which is performed during metrological
inspections of enterprises, supply centers, warehouses, and
commercial organizations.
Calibration Concepts
- There are two fundamental operations involved in calibrating any
instrument:
· Testing the instrument to determine its performance,
· Adjusting the instrument to perform within specification.
- Testing the instrument requires collecting sufficient data to calculate
the instrument's operating errors.
- This is typically accomplished by performing a multiple point test
procedure that includes the following steps.
· Using a process variable simulator that matches the input type
of the instrument, set a known input to the instrument.
· Using an accurate calibrator, read the actual (or reference)
value of this input.
· Read the instrument's interpretation of the value by using an
accurate calibrator to measure the instrument output.
- By repeating this process for a series of different input values, you
can collect sufficient data to determine the instrument's accuracy.
- Depending upon the intended calibration goals and the error
calculations desired, the test procedure may require from 5 to 21 input
points.
- The first test that is conducted on an instrument before any
adjustments are made is called the As-Found test.
- If the accuracy calculations from the As-Found data are not within the
specifications for the instrument, then it must be adjusted.
- Adjustment is the process of manipulating some part of the
instrument so that its input to output relationship is within
specification. For conventional instruments, this may be zero and
span screws.
- For HART instruments, this normally requires the use of a
communicator (handheld or PC) to convey specific information to the
instrument.
76
- After adjusting the instrument, a second multiple point test is required
to characterize the instrument and verify that it is within specification
over the defined operating range. This is called the As-Left test.
Error Calculations
- Error calculations are the principal analysis performed on the As-
Found and As-Left test data.
- There are several different types of error calculations, most of which
are defined in the publication "Process Instrumentation Terminology".
- They are usually expressed in terms of the percent of ideal span
which is defined as:
% span = (reading - low range) / (high range - low range) x 100
- The first step in the data analysis is to convert the engineering unit
values for input and output into percent of span. Then for each point,
calculate the error, which is the deviation of the actual output from the
expected output.
· The Maximum error is the most common value used to evaluate
an instrument's performance. If a computer program is not used to
analyze the test data, it is often the only error considered and is
taken to be the largest deviation from the ideal output.
By itself, the maximum error does not give a complete indication of
an instrument's performance. With the availability of computer
software to facilitate calculations, other error values are gaining
popularity including zero error, span error, linearity error, and
hysteresis error.
· Zero error is defined as the error of a device when the input is at
the lower range value.
· Span error is defined as the difference between the actual span
and the ideal span, expressed as a percentage of the ideal span.
· Linearity error is a measure of how close the error of the
instrument over its operating range approaches a straight line.
Unfortunately, there are three different methods used to calculate
this, resulting in an independent linearity, a terminal based linearity,
and a zero based linearity. In practice, it is best to choose one
method and apply it consistently. Note that the calculation of
linearity error is also greatly facilitated by a curve fit of the error
data.
· Hysteresis error is a measure of the dependence of the output at a
given input value upon the prior history of the input. This is the most
difficult error to measure since it requires great care in the collection
of data, and it typically requires at least 9 data points to develop
reasonable curves for the calculations. Thus a technician must
collect at least five data point traversing in one direction, followed
by at least four more in the opposite direction, so that each leg has
five points, including the inflection point.
· If any of these errors is greater than or equal to the desired accuracy
for a test, then the instrument has failed and must be adjusted.
Hand-Held Device
- This is a mobile/portable device which is a small, handheld computing
device, typically having a display screen with touch input and/or a
miniature keyboard and weighing less than 0.91kg.
- A handheld computing device has an operating system (OS), and can
run various types of application software.
- Most handheld devices can also be equipped with Wi-Fi, Bluetooth,
and GPS capabilities that can allow connections to the Internet and
other Bluetooth-capable devices, such as an automobile or a
microphone headset.
- It delivers messages and performance data to the operator and is
used to support installation, configuration, provisioning, calibration
and maintenance and network performance.
Advantages of handheld calibration
· No process interruption
o The main advantage of handheld calibration over other traditional
methods is that it allows meter verifications to be carried out
directly in the process without additional costs for removal of the
instrument or process interruptions.
o As a result, downtime is minimized and critical processes can be
verified and optimized efficiently.
o By supporting and facilitating regular on-site verification, handheld
equipment helps users to quickly diagnose any failures and to
swiftly remedy the situation.
· Time and cost savings
o Device verification using handheld equipment requires a
maximum of 15-30 minutes per instrument.
77
 o The device does not need to be sent away to the calibration
centre and production can, therefore, resume faster than with any
other method.
o After the process has been completed, the direct uploading of the
device parameters avoids time-consuming configuration.
o This method helps achieve optimum availability of plant
equipment.
o The production does not need to be suspended resulting in
considerable savings.
o What’s more, frequent test functions allow costly calibration cycles
to be extended.
· Complete on-site verification
o Handheld electronic verification not only checks the accuracy of
the device under test, but also performs a complete check of the
entire measurement chain.
· Simulation of the process
o As safety during operation is considered a ‘must’ for plant
operators, testing the safety and functionality of equipment in the
process is often indispensable.
o Simulation of the measuring signals during calibration or
verification processes can achieve that.
o Handheld calibrators can simulate process states, in flow
applications for example, even without real flow.
o Handheld verification devices can simulate different flow rates in
the process; high and low limit values, receiving signal chains
(operation of valves or control loops) and different flow behaviour
in piping, for example, such as flow curves in bottling machines.
Calibration Methods using Handheld Equipment
- Calibration is an important aspect of an instrument’s life cycle.
However, it can be difficult to choose the correct calibration method to
suit your requirements and specification.
- Handheld devices are typically used to calibrate parameters including
flow, pressure, temperature and conductivity.
- Taken as a whole, the benefits of these systems are numerous and
obvious in terms of time, cost and convenience.
- Handheld equipment allows electronic verification and calibration in
situations where inline calibration is essential but mobile rigs may be
impractical.
- Internal procedures or official requirements and conformity reasons
might also stipulate that certain instruments must be checked more
frequently than others to verify that they are working correctly in the
process.
Calibrating a Conventional Instrument
- For a conventional 4-20 mA instrument, a multiple point test that
stimulates the input and measures the output is sufficient to
characterize the overall accuracy of the transmitter.
- The normal calibration adjustment involves setting only the zero value
and the span value, since there is effectively only one adjustable
operation between the input and output as illustrated below.
- This procedure is often referred to as a Zero and Span Calibration. If
the relationship between the input and output range of the instrument
is not linear, then you must know the transfer function before you can
calculate expected outputs for each input value.
- Without knowing the expected output values, you cannot calculate the
performance errors.
Calibrating a Hart Instrument
- It is important to note that in most cases, proper calibration of a HART
instrument requires the use of a communicator (handheld or PC) that
is capable of issuing device specific commands (in layer 7).
- According to international standards, calibration is a comparison of
the device under test against a traceable reference instrument (a
calibrator) and documentation of this comparison.
78
- In order to do a calibration of a HART device, a traceable metrological
reference device is needed, which can be a handheld calibrator
- Configuration means using the digital communication protocol as a
way to change settings inside the field device from the device or from
a remote location.
- Configuration can be done with a PC and configuration software or a
handheld communicator.
- It is important to remember that although a communicator can be
used for configuration and checking diagnostic information, it cannot
be used for metrological calibration to check the measurement (PV)
accuracy of a field device.
- Configuring parameters of a HART transmitter with a communicator is
not metrological calibration and does not assure accuracy.
- For a real metrological calibration, a traceable reference standard is
always needed.
- Calibration procedure for a HART instrument is significantly different
than for a conventional instrument. The specific calibration
requirements depend upon the application.
- If the application uses the digital representation of the process
variable for monitoring or control, then the sensor input section must
be explicitly tested and adjusted.
- Note that this reading is completely independent of the milliamp
output, and has nothing to do with the zero or span settings.
- The PV as read via HART communication continues to be accurate
even when it is outside the assigned output range.
- If the current loop output is not used (that is the transmitter is used as
a digital only device), then the input section calibration is all that is
required.
- If the application uses the milliamp output, then the output section
must be explicitly tested and calibrated.
- Note that this calibration is independent of the input section, and
again, has nothing to do with the zero and span settings.
- If there is a desire to validate the overall performance of a HART
transmitter, run a Zero and Span test just like a conventional
instrument.
- However, passing this test does not necessarily indicate that the
transmitter is operating correctly.

79