In this article from ES Design Magazine, John Mossman, Control & Automation Marketing Manager for Maxim Integrated and a member of Maxim’s strategic marketing team, takes an in-depth look at how self-monitoring ICs can help industrial facilities keep running at maximum capacity 24 hours a day, 365 days a year.
We have all heard the phrase ‘time is money’; for industrial facilities it has never been more true. Unexpected downtime in factories can be extremely costly, as loss of output has a direct, negative impact on revenue. Furthermore, an unexpected factory shutdown can cause loss of work in progress (WIP), wasted resources and potential future losses if a restarted production line does not immediately produce output that meets specifications.
Some production facilities take days to stabilise after a restart before the output product qualifies for release. If the downtime is due to a catastrophic failure, there could be consequential environmental pollution, collateral damage, legal ramifications, injuries, and even loss of life.
In discrete manufacturing, individual items are assembled or fabricated on production lines. This can include anything from cell phones to automobiles. Certainly some of these lines move very quickly so uptime is critical.
Downtime in public facilities can cause different, but similarly detrimental consequences. An airport that shuts down when its lighting system fails would be extremely disruptive to thousands of people.
It is thus no surprise that today we, as both the operators of industrial facilities and the patrons of those facilities, expect 100% uptime. To increase uptime and maximise production efficiency, one must choose the highest reliability equipment and implement an appropriate maintenance program to keep that equipment running at peak performance.
Industry typically uses a variety of approaches for equipment maintenance (see ‘Maintenance Methodology’). Of all, self-maintenance is the most forward looking approach. Now the machine or system monitors itself; it diagnoses itself and can self-calibrate to continue operation until it is convenient to be brought down. This method requires equipment to have advanced intelligence; self-monitoring of more functions; and to be able to close the loop to implement the adjustments automatically and in the proper amount. Finally, equipment must be able to detect when these automatic adjustment ranges have reached their limit, at which time the machine requests maintenance, with some time allotted for a response. The result of self-maintenance is obviously more uptime. These systems are already in place on some equipment. Higher-end automobiles, for example, can now indicate the condition of engine oil, based on sensing the real oil condition and not merely on monitoring a record of engine run time. It is only a matter of time until the additional cost of these capabilities will be justified for more industrial equipment.
Reliability, Robustness, Safety, and Security
Equipment maintenance is not the whole story for industrial uptime and the consequent improvement to the bottom line. In some cases the cost of maintenance operations is not what drives decisions about uptime. In batch processes such as brewing or pharmaceuticals, for example, maintenance can be performed between batches. However, it can be extremely expensive or, more importantly, dangerous for a process to go down in the middle of a batch. This is when safety monitoring equipment and fail-safe systems become critically important for system uptime.
In production facilities equipment can be exposed to many common environmental conditions: high-voltage transients, cable damage, wiring errors during modifications or repairs, extreme temperatures, harsh EMI/RFI, corrosive or explosive atmospheres, high vibration, humidity, and dust. If these conditions compromise the accuracy of the equipment sensors and the sensor signal-conditioning electronics, then false readings or erroneous control signals are possible. This can lead to, at best, inferior results and at worst catastrophic failures. These are issues that clearly go beyond normal equipment maintenance.
In industrial situations when redundant systems cannot be justified, a high-reliability system must be designed. During the equipment design and development process FMEA (failure mode effects analysis), FMECA (failure mode effects and criticality analysis), or FMEDA (failure mode effects and detection analysis) can be used to assure that all failure modes have been anticipated.
A passing result from an FMEA confirms that the system detects, properly responds to, and reduces the criticality of every possible failure in the system. Industry standards such as IEC 61508 also apply to equipment used to carry out safety functions such as some programmable logic controllers (PLCs) used to monitor and shut down a dangerous process when a problem is detected. These requirements often lead to additional electronics to monitor the original signal path or power system. This is all well and good for reliability, robustness, safety, and security, but this added circuitry exacerbates the ever-present challenge to shrink the size, reduce its power consumption, and ultimately, simplify the design.
By implementing self-monitoring features on ICs, new devices can flag problems to alert the system that an anomaly has occurred. The response to these warnings is at the discretion of the system programmer or operator, but at least the data on the event was captured. New power-management ICs are, moreover, reducing power consumption wherever possible. Reference designs for these highly integrated solutions reduce the design time needed to get to market quickly.
A common problem today is that digital-input modules must dissipate significant amounts of power to be able to handle 24V signal levels. When one tries to shrink these modules, the power dissipated in the enclosure leads to heat buildup and, therefore, limits the maximum operating temperature range. Meanwhile, if the equipment is placed close to the machine, a high operating temperature range is required. That, in turn, requires a lower power solution.
The MAX31911 industrial, octal, digital input translator/serializer reduces the power dissipation in input modules by up to 60% compared to the traditional discrete resistor-divider approach. It meets the IEC61131-2 PLC standard for digital inputs types 1, 2, and 3. It serialises the eight inputs and translates them to CMOS-compatible 5V levels. Adjustable lowpass filtering enables flexible debouncing. The serial SPI output reduces the number of optocouplers for further power, size, and cost reduction. To assure valid data on the SPI interface, a CRC code is generated for each 8 bits of data. A similar device, the MAX31910, provides an even lower power input using advanced techniques. This device lowers power consumption by up to 40% over the already low-power MAX31911.
For systems with more than eight inputs, multiple MAX31910s and MAX31911s can be easily daisy chained. Figure 1 shows a 16-channel solution using two MAX31911s. Notice that no additional isolation channels or SPI chip selects are needed.
Figure 1: In a daisy-chain configuration, external components used to enhance EMC robustness do not need to be duplicated for each device on a circuit board. A 16-input application circuit is shown here.
With any parallel-input to serial-output system, the first question is how fast can it sample the input channels while maintaining valid data and throughput. The fastest mode is to select no debounce. At 0s debounce, there is no filtering, so the outputs of the eight internal comparators are latched into the serializer on the falling edge of chip select (CS). Every clock edge thereafter will clock out 1 bit corresponding to each input. In this case, speed is limited by the input bandwidth, which is 1MHz, so clocking the serializer at 8MHz will deliver 1Mbps throughput per channel (in 8-bit mode). If four chips are daisy chained for a 32-input application, now the maximum clock speed of the serializer will limit throughput. This is because clocking 32 bits out of the serializer at the maximum SPI clock rate of 25MHz gives a throughput per channel of 25MHz/32 = 0.8Mbps (instead of 1Mbps in the previous example). If filtering is enabled, throughput will be further limited by the debounce time used.
To support industrial applications, the MAX31911 has built-in high ±15kV ESD protection (HBM) on all field inputs and is rated for operation up to +150°C junction temperature. It comes in a 6.5mm x 9.8mm x 1.1mm, 28-pin TSSOP-EP package.
The trend towards Internet-connected industrial equipment offers many benefits, but the added security risks are real. Indeed, cyber warfare is a real threat to uptime and the bottom line.
New security solutions need to provide silicon level, standards-based encryption, authentication, and secure key storage that do not require a human to follow complex data handling rules and procedures to maintain facility firewalls. New solutions from Maxim Integrated prevent unauthorised communications and they encrypt communications exposed to the world outside the IC. They actively respond to a long list of physical and electrical attacks. The risk of infections from malware, the risk of theft of encryption keys and the risk of cloning authorised equipment are greatly reduced. These proven solutions have been in use for years in automated teller machines and point-of-sale (POS) terminals, successfully protecting financial transactions and personal identities. With these secure devices built in, hacking into a system is virtually impossible.
We can examine a new SHA-256 authentication solution composed of two ICs: the DS2465 secure coprocessor for the master, and the DS28E15 1-Wire SHA-256 secure authenticator for the slave device. They communicate over a single wire, and they enable a challenge/response authentication process. The algorithm rejects any newly connected module that does not calculate the proper result; the only way to calculate the proper result is to know the internal secret key. Both the master and the slave need to use this key in the hash algorithm along with a random number challenge. If the challenge-and-response results are not identical, the authentication fails and the newly connected device is prevented from communicating.
The DS2465 has a built in 1-Wire master that handles the 1-wire bus timing. It also provides user EEPROM and the crypto-industry-vetted SHA-256 hash algorithm so the system host processor is unburdened from these tasks. A simple I2C interface connects it to the host. The 1-Wire IO line has high 8kV ESD protection (HBM) and the device is rated for operation from -40°C to +85°C. It is packaged in the small 4.0mm x 4.45mm x 1.5mm, 6-pin TSOC package.
The DS28E15 combines secure challenge-and-response authentication based on the FIPS180-3 Secure Hash Algorithm (SHA-256). It has 512 bits of user EEPROM and additional secure memory holds the secret key. Every device has a unique 64-bit ROM ID number factory programmed into the chip. No two devices will ever be alike. A secure, low-cost factory service is available to pre-program device data, including the secret if desired. A variety of different methods exist to keep the secret under complete control, even in contract manufacturing environments. Figure 2 shows how simple the implementation is.
In Figure 2 each slave device needs only a single DS28E15 imbedded in it. When connected to a host, the challenge/response process is initiated. Only when the correct result is calculated by the slave, will the module be allowed to communicate with the master.
Figure 2: Typical implementation of the DS2465 SHA-256 coprocessor and three DS28E15 secure slaves on the 1-Wire bus.
There is a critical need to maximise uptime in process automation, building automation, and motor control applications to help maximise the bottom line. A variety of maintenance methods discussed here help in this regard. Nonetheless, equipment maintenance alone will not let plant operators achieve the maximum uptime nor ensure the optimal safety and security of their operation.
This is where, and how, equipment designers play an important role. We need to keep uptime, safety, and security goals in mind when developing products for the industrial market. When highly integrated solutions like those discussed above are available to industry, they definitely reduce the cost, complexity, size, and power consumption of systems. Ultimately, these integrated systems become integral to helping our customers increase their uptime. And that protects the bottom line.
Reactive maintenance or “run to failure” offers the lowest initial cost. Basically, no effort is put into maintenance; equipment simply runs until it fails. While this might sound misguided, it has its place in applications where maintenance is either impossible or cost prohibitive, and where the failure mode is predictable and anticipated. Systems with low criticality, some redundant systems, or systems that are unlikely to fail are appropriate for this approach.
Preventive maintenance is the standard method used in many installations, but it is proven to be one of the most costly approaches. Nonetheless, it also has its place. There are many cases where equipment can wear out or wear down predictably. Erosion and other material property changes can be directly correlated to service hours or just simply to ageing. In these situations, preventive maintenance is warranted.
Predictive maintenance (PdM) or condition-based maintenance (CbM) is effective when failures are generally random. Both of these approaches are based on tracking machine condition changes over time. In most cases either of these approaches is more effective than preventive maintenance for increasing uptime while costing less over time. However, the upfront costs to implement are higher since more resources, both human and equipment, are needed to gather the machine condition data and convert it into useful information.
Continuous condition monitoring (CCM) uses permanently installed sensors and data acquisition systems (DASs) to provide the ultimate protection and ensure uptime. The extra equipment cost and the associated training or contracting fees to implement the program equate to a relatively high initial setup cost. Payback comes from the prevention of unanticipated equipment failures. CCM is often the best approach where failures are random in time and where sensors can be installed to detect condition changes that provide the warnings needed to plan shutdowns.
Proactive maintenance is a forward-thinking maintenance philosophy. Central to this approach is the use of the knowledge learned from the maintenance history. By focusing on failure root-cause analysis, changes are put into place to reduce future maintenance needs. The goal here is to ultimately improve the equipment or its operating environment so failures are prevented wherever possible.
Reliability centred maintenance (RCM) draws from all of the above maintenance types with the realisation that different approaches are appropriate for different equipment and different usage in the specific installations. The focus here is on the optimal combination of maintenance approaches to maximise plant efficiency.
Author profile: John Mossman is the Control & Automation Marketing Manager for Maxim Integrated, and a member of Maxim Integrated’s strategic marketing team. He joined the company over a decade ago as a field applications engineer. He has 20 years experience in electronics engineering positions in military, industrial, consumer, and medical products companies and has earned several U.S. patents. He earned a BS in Physics (cum laude) from Humboldt State University in 1980.