RIFT VALLEY INSTITUTE OF SCIENCE AND TECHNOLOGY

ELECTRICAL AND ELECTRONICS ENGINEERING DEPARTMENT

DIPLOMA IN ELECTRICAL & ELECTRONICS ENGINEERING

(POWER & TELECOMM OPTIONS) – MODULE II

INDUSTRIAL PROGRAMMABLE LOGIC CONTROLLER

COURSE OUTLINE

1, Introduction to Industrial PLC 8 hrs

Need for Industrial PLC

Types of Industrial PLC

2. PLC system 15 hrs

Hardware Configuration

Ladder Logic Programming

External Peripherals

PLC Maintenance

3. Supervisory Control and Data Acquisition (SCADA) 15 hrs

Definition

Human Machine Interface (HMI)

Data Acquisition

Sequence Control

Data Storage and Activity

Security (Access Control)

4. Industrial Communication Network 15 hrs

Networks - LAN & WAN

Industrial Network Topologies

Industrial Network Protocol

Network Construction

Physical Network Address

Network Device

5. Calibration Software 13 hrs

Types of Calibration Software

Operation of Calibration Software

Device Connection to Software

Books

Programmable Logic Controllers: Programming Methods and Applications by John R.

Hackworth and Frederick D. Hackworth, Jr.

Programmable Logic Controllers by W. Bolton 4th Edition

Programmable Controllers: Theory and Implementation by L.A. Bryan and E.A. Bryan. 2nd
Ed.

Industrial Automation by Srinivas Medida Vol. 6

Practical SCADA for Industry by David Bailey, Edwin Wright

Industrial Networks for Communication and Control by S. Djiev,

 TOPIC 1: INTRODUCTION TO INDUSTRIAL PLC

Process Control

Process control consists of monitoring the state of a critical parameter, detecting when it varies
from desired state, and taking action to restore it. It involves the process variable, set points and
manipulated variable.

Most basic process control systems consist of a control loop. This has four main components
which are:

A measurement of the state or condition of a process

A controller calculating an action based on this measured value against a pre-set or desired
value (set point)
An output signal resulting from the controller calculation which is used to manipulate the
process action through some form of actuator

The process itself reacting to this signal, and changing its state or condition

Two of the most important signals used in process control are called

Process Variable or PV

Manipulated Variable or MV

In industrial process control, the Process Variable (PV) is measured by an instrument in the
field and acts as an input to an automatic controller which takes action based on the value of it.

The PV is the parameter that is to be controlled. To be controlled, the PV must be capable of

being measured and that measurement converted into a signal that can be acted on by the
controller.

Devices that measure PV are transducers or sensors. In many cases, the PV sensor consists of
a direct measurement device called an element and a separate signal processor called a
transmitter.

The set-point is the desired value of the PV, normally preset into the control system by an
operator, or derived as an output of another control calculation.

The error signal is the difference between the PV and the set-point, and is the basis for control
action.
The controller is the device that processes the error signal, determines the required control
action and provides a control output Manipulated Variable (MV) to the process. The device that
converts the control output into control action is the actuator.

Control Modes

In control, there are control systems which can be discrete or analog, manual or automated,
periodic or continuous.

There are five basic forms of control available in Process Control:

On-Off control: The oldest strategy for control is to use a switch giving simple on-off control.
This is a discontinuous form of control action, and is also referred to as two-position control. A
perfect on-off controller is 'on' when the measurement is below the set-point (SP) and the
manipulated variable (MV) is at its maximum value. Above the SP, the controller is 'off' and the
MV is at a minimum.

Modulating control: If the output of a controller can move through a range of values, this is
modulating control. Modulation Control takes place within a defined operating range only. That
is, it must have upper and lower limits. Modulating control is a smoother form of control than
step control. It can be used in both open loop and closed loop control systems.

Open loop control: Open loop control is thus called because the control action (Controller
Output Signal) is not a function of the PV (Process Variable) or load changes. The open loop
control does not self-correct, when these PV’s drift.

Feed forward control: Feed forward control is a form of control based on anticipating the
correct manipulated variables required to deliver the required output variable. It is seen as a
form of open loop control as the PV is not used directly in the control action.

Closed loop or feedback control: If the PV, the objective of control, is used to determine the
control action it is called closed loop control system.

Industrial Control System (ICS)

Industrial Automation is a discipline that includes knowledge and expertise from various
branches of engineering including electrical, electronics, chemical, mechanical, communications
and more recently computer and software engineering.

ICS is a term that encompasses several types of control systems used in industrial production.
These include: Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control
Systems (DCS) and other smaller control systems configuration such as Programmable Logic
controllers (PLC).

The application for industrial process control systems are diverse ranging from simple traffic
control to complex electrical grid, from environmental control system to oil refinery process
control.

The intelligence of these automated systems lies in their measurement and control units.

SCADA is a combination of telemetry and data acquisition. It encompasses the collecting of the
information, transferring it back to the central site, carrying out any necessary analysis and
control and then displaying that information on a number of operator screens or displays. The
SCADA is a centralized system and is composed of various subsystems like Remote Telemetry
Units, Human Machine Interface, Programmable Logic Controller (PLC) and Communications
networks.

DCS is a process-oriented system and it treats the control of the process as its main task, and it
presents data to operators as part of its job.

PLC is an industrial computer control system that continuously monitors the state of input
devices and makes decision based upon a custom program, to control the state of devices
connected as output. They are based on the Boolean logic operations whereas some models
use timers and some have continuous control. These devices are computer based and are used
to control various process and equipments within a facility. PLCs control the components in the
DCS and SCADA systems but they are primary/main components in smaller control
configurations.

Embedded Control: In this control system, small components are attached to the industrial
computer system with the help of a network and control is exercised.

User Configuration Open System (UCOS) is a control system that employs object-oriented
technique at every level of its system architecture, and includes a number of subsystems which
segment the functionality of UCOS. The subsystems include: an Engineering Workstation
Subsystem, an Operator Workstation Subsystem, and a Field Control Unit (FCU) Controller
Subsystem. The subsystems communicate via a Control Network.
 TOPIC 2: PROGRAMMABLE LOGIC CONTROLLER (PLC)

Introduction
PLC is a unit of hardware used to control and automate industrial processes. It is a micro-
computer based controller that uses stored instructions in programmable memory to implement
logic, sequencing, timing, counting and arithmetic functions through digital or analog
input/output modules, for controlling machines and processes.

The term logic is used because programming is primarily concerned with implementing logic
and switching operation.

The PLC is designed as replacement for the hard-wired relay and timer logic to be found in
traditional control panels, where PLC provides ease and flexibility of control based on
programming and executing logic instructions.

A PLC has three main aspects: the inputs and outputs and the control program. In figure below,
PLC has eight inputs and four outputs.

The input is anything that can sense the status of the environment and then convert that
information in to a signal. Often the signal can
simply be a voltage that is either on or off. For
example, input devices can be proximity switches,
photoelectric sensors, temperature sensors,
push buttons, or pressure sensors.

The outputs are connected to the devices that

need to be controlled like motors, indicator
lights, fans, warning sirens or heating elements.

Control processes need devices to monitor events or measure needed values. These devices
are generically called inputs to the PLC.

The program uses a set of logical instructions that drives the outputs based on the inputs.

The Need for PLCs

Hardwired panels were very time consuming to wire, debug and change. The PLCs eliminates
much of the hard wiring that was associated with conventional relay control circuits.

PLCs have the great advantage that the same basic controller can be used with a wide range of
control systems.

PLCs require shorter installation and commissioning times than do hard-wired systems. To
modify a control system and the rules that are to be used, all that is necessary is for an operator
to key in a different set of instructions. There is no need to rewire.

The result is a flexible, cost effective, system which can be used with control systems which
vary quite widely in their nature and complexity.
PLCs are similar to computers but whereas computers are optimized for calculation and display
tasks, PLCs are optimized for control tasks and the industrial environment.

Thus PLCs have specific features suited for industrial control :-

Rugged and designed to withstand vibrations, temperature, humidity and noise

Modular plug-in construction, allowing easy replacement or addition of units (e.g. input/output);

Standard input/output connections and signal levels

Have interfacing for inputs and outputs already inside the controller.

Easily understood programming language which is primarily concerned with logic and switching
operations

Ease of programming and reprogramming in-plant;

Capable of communicating with other PLCs, computers and intelligent devices;

Competitive in both cost and space occupied with relay and solid-state logic systems.

These features make programmable controllers highly desirable in a wide variety of

industrial-plant and process-control situations.

PLC Advantages
Flexibility: One single PLC can easily run many machines.

Correcting Errors: With PLC control, any change in circuit design or sequence is as simple as
retyping the logic. Correcting errors in PLC is extremely short and cost effective.

Space Efficient: Today's PLC memory is getting bigger and bigger this means that we can
generate more and more contacts, coils, timers, sequencers, counters and so on. It is possible
to have thousands of contact timers and counters in a single PLC.

Low Cost: Prices of PLC vary from few hundreds to few thousands.

Testing: A PLC program can be tested and evaluated in a lab. The program can be tested,
validated and corrected saving very valuable time.

Visual observation: When running a PLC program a visual operation can be seen on the
screen. Hence troubleshooting a circuit is really quick, easy and simple.
Typical PLC Applications
PLCs are used to operate greenhouse irrigations systems. It can be used to control how often
and the amount of water distributed to certain areas. It can control a large amount of valves to
certain areas and is flexible as the greenhouse’s needs change.

PLCs are used for sorting packages on a conveyor by operating a diverter. A sensor can detect
a package type and a series of diverters can sort them at the end of the belt. But the PLC is
flexible, it can be reprogrammed if and when the sorting task changes or if enhanced operation
is needed.

PLCs are implemented in a variety of control operations from large to small. Carwashes are a
popular use for PLCs because it involves intricate use of sensors and motors, but also has the
need for relatively complex logic.

Lumber mills use PLCs to control the main saw and loading of wood while various sensors
ensure safe operation so that people and equipment are not harmed

PLCs can withstand the harsh condition desert conditions while controlling an oil recovery
process. Temperatures can get higher than 120 degrees Fahrenheit in the desert, yet a PLC
can read sensors and control the motors necessary for oil extraction.

PLC Architecture

There are two types:

Open architecture design allows the system to be connected easily to devices and programs
made by other manufacturers.

Closed architecture or proprietary system is one whose design makes it more difficult to
connect devices and programs made by other manufacturers.

NOTE: When working with PLC systems that are proprietary in nature you must be sure that
any generic hardware or software you use is compatible with your particular PLC.

PLC Hardware

The structure of a PLC can be divided several parts/components. The main parts are
input/output modules, central processing unit, memory and programming terminal.

Processor unit or central processing unit (CPU) is the unit containing the microprocessor
and this interprets the input signals and carries out the control actions, according to the program
stored in its memory, communicating the decisions as action signals to the outputs.

Memory unit is where the program is stored that is to be used for the control action to be
exercised by the microprocessor and data stored from the input for processing and for the
output for outputting.
Input and output modules – are where the processor receives information from external
devices and communicates information to external devices. The I/O unit provides the interface
between the system and the outside world, allowing for connections to be made through I/O
channels to input devices such as sensors and output devices such as motors and solenoids. It
is also through the I/O unit that programs are entered from a program panel. Every I/O point has
a unique address which can be used

Input and output (I/O) devices - is collection of physical elements of the control system that
either provide or use I/O data.

Programming device / terminal are used to enter the required program into the memory of the
processor. The program is developed in the device and then transferred to the memory unit of
the PLC.
Power supply unit is needed to convert the mains A.C voltage to low d.c. voltages necessary
for the processor and the circuits in the input end output interface modules.

Rack Assembly: Most medium to large PLC systems are assembled such that the individual
components - CPU, I/O, power supply - are modules that are held together within a rack. In
smaller PLC systems - all of these components may be contained in a single housing or "brick" -
these smaller systems are sometimes referred to as "bricks" or "shoebox" PLCs.

Communication interface is used to receive and transmit data on communication network from
or to other remote PLC. It is concurred with such actions as device verification, data acquisition,
synchronization between user applications and connection management.

PLC CPU architecture

The CPU controls and supervises all operations within the PLC, carrying out programmed
instructions stored in the memory.

An internal communications highway, or bus system, carries information to end from the CPU,
memory and I/O units, under control of the CPU.

The CPU controls and processes all the operation within the PLC. It is supplied with a clock with
a frequency of between 1 and 8 MHz. This frequency determines the operating speed of the
PLC and provides the timing and synchronization for all elements in the systems.

The information within the PLC is carried by means of digital signals.

The internal paths along digital signal flow are called buses. A bus is just a number of
conductors along which electrical signals can flow.

The internal structure of the CPU depends on the microprocessor concerned

The simplified model consist of five parts ALU, CU, Registers, Buses, and memory.

Arithmetic and Logic Unit (ALU) Which is responsible for data manipulation and carrying
out arithmetic operations of addition and subtraction and logic operations of AND, OR, NOT
and EXCLUSIVE – OR(X-OR) it receives control signals from the control unit telling it to
carry out these operations

Control Unit – This controls the movement of instruction in and out of the processor and
also controls the operation of ALU. It consists of a decoder, controls logic circuit and a clock
to ensure everything happens at the correct time. It is also responsible for performing the
instruction execution cycle.
Registers – located within the microprocessor and used to store information involved in
program execution. It is a small amount of internal memory that is used for the quick storage
and retrieval of data and instructions. All processors include some common registers used
for specific functions, namely the program counter, instruction register, accumulator,
memory address register and stack pointer.

Bus - Buses are the paths used for communication within the PLC. The information is
transmitted in binary form i.e. as a group of bits with a bit being a binary digit of 0 or 1.

System bus is used for communication between the I/O ports and I/O unit. It is a cable
which carries data communication between the major components of the computer
including the microprocessor.
 Control bus carries the signals relating to the control and co-ordination of the various
activities across the computer which can be sent from the control unit within the CPU. It
informs memory devices whether they are to receive data from an input or output data
and to carry out timing signals used to synchronize actions.

Data bus carries the data used in the process carried out by the CPU. It is used for the
exchange of data between the processor, memory and peripherals, and is bidirectional.
A micro processor termed as being 8-bit has an internal data bus which can handle 8-bit
number.

Address bus is used to carry the addresses of memory location. It contains the
connection between the microprocessor and memory that carry the signals relating to
the addresses which the CPU is processing at that time, such as the locations that the
CPU is reading from or writing to. Every memory location is given a unique address.

Memory: - There are several memory elements in a PLC system.

Executive memory or operating system memory which is read only memory (ROM) to
give permanent storage for operating system and fixed data used by the CPU. It is the
one that actually does the scanning in the PLC.

System memory – in order for the operating system to function, a section of the
memory is allotted for system administration. As the executive program performs its
duties, it often requires a place to store intermediate results and information. A section of
RAM (Random Access Memory) is installed for this purpose.

Data memory – This is a RAM where information is stored on the status of input and
output devices and the values of timers and counters and other internal devices. Data
RAM is sometimes referred to as data table or register table.

User program memory – The final area of memory in a PLC is allocated to the storage
of the user program. It is this memory area that the executive program instructs the
micro-processor to examine or ‘scan’ to find the user instructions.

I/O status memory or I/O image table. A portion of RAM is allocated for the storage of
current I/O status. Every single I/O module has been assigned to a particular location
within the I/O image table. The location within the input and output image table/map are
identified by addresses, each location has its own unique address.

Memory organization

This refers to how certain areas of memory in a PLC are utilized. Physical addressing is the
ability to read data from a specific module terminal or write information to a specific module
terminal.
During the execution of user program, the micro processor scans the user program and
interprets the user command, when information is read from a contact or input, it is stored in
memory. This portion of memory is the input image table/map which is designated to store this
input information. Each input typically has at a minimum, a single bit designated to store its
information

Data resulting from logical analysis by the CPU i.e. various output device status generated
during the execution of user program is stored in memory labeled as the output image
table/map

From this point, the information is transferred to a designated output module and then to a
particular field device.

Basic PLC Operation

A PLC works by continuously running a program that checks the
inputs and then updates the outputs. The process of the
PLC running throughout its program is called scanning.
Scanning speed depends on the program size and execution
time.

The total time for a PLC to check the inputs, run the program and
update the outputs is called the cycle time. Typical cycle
times are 10 ms to 100 ms. Every cycle the inputs are check
and saved to memory.

Then the program is run using the status of the saved inputs. After the program is done the
outputs are updated and the cycle starts again.

Scanning processes

The PLC’s CPU monitors the status of all inputs. It takes these values and energizes or de-
energizes the outputs according to the ladder diagram / user program. This is referred to as
Scanning. The CPU of the PLC executes the user program over and over again when it is in
the run mode.

A scan does not consist of a PLC executing ladder diagram rung by rung, but instead the PLC
performs an I/O and program scan. The I/O scans transfers data to and from the output and
input modules respectively.

The information is transferred in the form of bits and stored in image tables (image maps) are
block of memory designated to store the input and output bit state)

The input and output is the portion of the PLC that interfaces with the outside world. The actual
bridge between the physical world and internal world of the PLC is the optical isolation circuitry.
There are four basic steps in the operation of all PLCs; input scan, program scan, output
scan, and house keeping. These steps continually take place in a repeating loop.

Input scan: During the input scan, the current status of every input module is stored in the input
image (memory) table, bringing it up-to-date. Thus all the status of the input devices (which in
turn is connected to the input module) is updated in the input memory table.

Program scan: Following the input scan, the CPU enters its user program execution, or
program scan. The execution involves starting at the program's first instruction, then moving on
to the second instruction and carrying out its execution sequence. This continues to the last
program instruction. Throughout the user-program execution, the CPU continually keeps its
output image (memory) table up-to-date.

Output scan: During program scan, the output modules themselves are not kept continually up
to date. Instead, the entire output image table is transferred to the output modules during the
output scan which comes after the program execution. Thus the output devices are activated
accordingly during the output scan.

Housekeeping – these steps includes communication with programming, internal diagnostic

activities etc.
PLC input and output (I/O) devices

Input/output (I/O) is information representing the data that is received from senses elements /
devices and the commands that are sent to actuating and indicating devices. The I/O system is
collection of physical elements of the control system that either provide or use I/O data.

The term sensor is used for an input device that provides a usable output in response to a
specified physical input. For example, a thermocouple is a sensor which converts a temperature
difference into an electrical output.

The term transducer is generally used for a device that converts a signal from one form to a
different physical form. Thus sensors are often transducers, but also other devices can be
transducers, e.g. a motor which converts an electrical input into rotation.

The number of I/O devices used within a control system is called its point count. Thus the total
number of digital and analog point is used to give an indication of the size of a control system.

PLC has input and output lines through which is connected to a system it directs. Any electrical
signal processing always requires a voltage supply (an active part) and a load (passive part) or
vice versa.

I/O modules connect "real world" field devices to the controller. They convert the electrical
signals used in the field devices into electronic signals that can be used by the control system,
and translate real world values to IO table values.
I/O modules communicate with PLC CPU in one of three ways:

Backplane - The I/O modules can be located in the same rack or station. Communications then
takes place within the rack or across the backplane.

Backplane extension - backplane extension modules allow I/O modules to be located in racks
or stations which are separated from the controller.

Device network - modules can communicate with a controller over a network. Industrial
networks are used to interconnect field level devices with controllers. Common IO networks are
FieldBus, Profibus, and DeviceNet.

There are major types of I/O

Analog – continuous devices that sense and respond to a range of values

Digital – binary devices which must be in one of only two states on or off.

Analog input and output devices

Analog input devices senses continuous parameters common analog inputs are pressure,
temperature, speed transducers etc.

An analog input card converts a voltage by current leg or signal that can be anywhere from 0 to
20mA) into digitally equivalent number that can be understood by the CPU.

To input an analog voltage (into a PLC or any other computer) the continuous voltage value
must be sampled and then converted to a numerical value by an A/D converter. The process of
sampling the data is not instantaneous, so each sample has a start and stop time. The time
required to acquire the sample is called the sampling time. A/D converters can only acquire a
limited number of samples per second. The time between samples is called the sampling period
T, and the inverse of the sampling period is the sampling frequency (also called sampling rate).
The sampling time is often much smaller than the sampling period

Analog output devices respond to a range of output values from the controller common analog
output signals include motor speed, valve position, air pressure etc. An analog output card will
convert a digital number sent by the CPU to its real world voltage or current. Analog device data
requires significantly more manipulation and processing then digital device data.

Digital input and output devices

Inputs come from sensors that translate physical phenomena into digital signal. Thus digital
input devices may be either on or off, they may not hold any other value.

Common digital field input devices include push buttons, unit switches and photo eyes.
Digital output devices are devices which give either on or off. Common types are relays, motor
starter, solenoid valves etc.

Examples of inputs and outputs

Inputs for a PLC come in a few basic varieties the simplest are AC and DC inputs. Examples of
input devices are:

Proximity switches – use inductance, capacitance or light to detect an object logically

Switches – mechanical mechanisms will open or close electrical contacts for a logical
signal

Potentiometer – measures angular position continuously using resistance.

LVDT (Linear variable differential transformer) – measures linear displacement

continuously using magnetic coupling.

Outputs to actuators allow a PLC to cause something to happen in a process. Outputs from PLC
are often relays, but they can also be solid state electronics such as transistors for DC output or
TRIACs for AC outputs. Continuous output requires special output cards with digital to analog
converters.

Examples are

Solenoid valves – logical output that can switch a hydraulic or pneumatic flow

Lights – logical output that can often be powered directly from PLC output boards

Motor starters – motors often draw a large amount of current when started, so they
require motor starters which are basically large relays.

Servo motors – a continuous output from the PLC can command a variable speed or
position.

Active and passive inputs/outputs

Active I/O are those inputs or outputs which have the power source and are referred to as
having a current source or voltage source (sourcing)

Passive I/O are those inputs or outputs which do not have power source and acts as the load or
current sink (sinking)

In order that an electrical circuit can function properly, current must flow in a circuit even when
an instrument is usually known as a load, the current is not consumed by its rather it only flows
from the current or voltage source through the load and back to the current source.
Sourcing and sinking

Sourcing and sinking are used to describe the way in which d.c devices are connected to a
PLC and uses d.c currents and voltages.

Sourcing – When active, current flows from supply, through the use a single supply voltage.
With sourcing, using the conventional current flow direction as from positive to negative, an
input device receives current from the input module i.e. the input module is the source of the
current (Fig a)

If the current flows from the output module to an output load then the output module is referred
as to sourcing (fig b)

Sinking- when active the output allows current to flow to a common ground. This is best
selected when different voltages are supplies.

With sinking, using the conventional current flow direction from positive to negative, our input
device supplies current to the input module i.e. the input module is the sink for the current (fig a)

If the current flows to the output module from an output load then the output module is referred
to as sinking (fig b)
 Typical Connections of PLC

.
Types of PLC system

The PLC sizes are given in terms of program memory size and the maximum number of I/O
points the system can support.
However to evaluate properly any PLC, consideration is taken for many additional features such
as its processor, cycle time, language facilities, functions expansion capability etc.

PLC size Max I/O point User memory size

defined (No. of instructors)

Small 40/40 1k

Medium 128/128 4k

Large >128/>128 >4k

Small PLC – small and mini PLCs are designed as robust, compact units which can be
mounted on or beside the equipment to be controlled. They are mainly used to replace hard
wired logic relays, timers, counters etc that control individual items of plant or machinery, but
can also be used to co-ordinate several machines working in conjunction with each other.
Programming is by way of logic instruction list (mnemonic) or relay ladder diagrams.

Medium-sized PLC: - In this range, modular construction predominates with plug-in modules
on rack mounting system or Back plane system. This allows the simple upgrading or
expansion of the system by fitting additional 1/0 cards into the racks

Large PLC - where control is very large numbers of input and output points is necessary or
complex control functions are required, a large PLC is selected. It is designed for use in large
plants or machines requiring continuous control. They are also employed as supervisory
controllers to monitor and control several other PLCs or intelligent machines e.g. CNC tools.

PLC styles of construction

The main styles are unitary, modular and rack mounting.

Unitary PLC - is the smallest and least expensive. It contains every feature of a basic system in
one box and is attached to the machine being controlled. They are not expandable so the
application is limited to on-board I/O.

Modular – These are a range of modules that slot together to build up a system. Basic modules
are the power supply, the main module containing the CPU, the input module and the output
module. Modular PLCs are used in applications where a higher I/O count is needed or when
using specialty modules such as quadrature encoders. They may be designed to be fixed direct
to a back panel. Usually they are arranged on a rack or rail and mounted inside a large cabinet
for protection and security. The main advantage is that the number of input and output terminals
can be expanded to cope with changes to the hardware system.
Rack mounting – are usually
more expensive, expandable
and powerful than modular
PLC. The rack provides a
power and communication
backplane that greatly
increases the communication
rate between the processor
and the modules as well as
allowing some specialty
modules to communicate with each other without the processor. The number of available 1/0
points is also much higher in the rack systems.

PLC Programming

Programming devices can be hand-held devices, a desktop console or a computer. Only when
the program has been designed on the programming device is ready, it is transferred to the
memory unit of the PLC

Hand-held programming devices – will normally contain enough memory to allow the
unit to retain programs while being carried from one place to another.

Desktop consoles – are likely to have a visual display unit with a full keyboard and
screen displays.

Personal computers – are widely configured as program development work station. A

major advantage of using a computer is that the program can be stored on the hand disk
or CD and copies easily made.
PLC programming process is to plan activities such as design and write a program to perform the
required tasks. The parts that should be there in a PLC program are shown.

While ladder logic is the most commonly used PLC programming language, it is not the only
one.

IEC 61131-3 (Formerly IEC 1131-3) is the international standard for PLC languages. The
following is a list of programming languages specified by this standard.

Ladder diagram (LD)

Instruction list (IL)

Function block diagram (FBD)

Structured text (ST)

Sequential function chart (SFC)

Ladder diagram language (LD): It uses a standardized set of ladder programming symbols to
implement control functions. Initially programmed with simple contacts that simulated the
opening and closing of relays, ladder logic, programming has extended to include such
functions as counters, timers, shift registers and mathematical operations.

Instruction list – a low level (assemble like) language that is based on similar instructions list
languages found in a wide range of today’s PLCs.

Structured text – A high level text language that encourages structured programming. It has a
language structure (syntax) that strongly resembles PASCAL and supports a wide range of
standard functions and operations. For example

IF (Limit_switch1 AND Workpiece_Present) THEN

 Gate1 :- Open;

Gate2 :- Close;

ELSE

Gate1 :- Close;

Gate2 :- Open;

End_IF;

Function block diagram (FBD) –is a graphical language that allows the user to program
elements (e.g., PLC function blocks) in such a way that they appear to be wired together like
electrical circuits. It is very useful for expressing the interconnection of control system
algorithms and logic.

Sequential function chart: A method of programming complex control systems at a more

highly structure level. It is an over view of the control system, in which the basic building blocks
are entire program files.

Ladder diagram Language

A ladder diagram is a symbolic representation of an electrical circuit. Thus the symbols utilized
closely resemble schematic symbols for electrical devices.

This language is a symbolic instruction set that is used to create PLC programs. The ladder
instruction symbols can be formatted to obtain the desired control logic, which is then entered
into memory. Since this type of instruction set consists of contact symbols, it is also referred to
as contact symbology

To introduce ladder logic programming, simple switch circuits are converted to relay logic and
then to PLC ladder logic.

The industry trend is toward using the IEC 61131-3 standard, though a voluntary standard;
individual manufactures here some freedom in the implementation.

Other PLC manufacturers are Allen-Bradley, Control Logix, Modicon, Siemens 57 etc.

Ladder logic symbols

1. The basic ladder logic input symbols are

Normally open (NO) contact: pass power

(ON) if coil driving the contact is ON (closed)

Normally closed (NC) contact: pass power

(ON) if coil driving the contact is off (open)

Positive transition sensing contact: if

condition before the instruction change from
OFF to ON, this instruction passes power for
only one scan (until rung is scanned again)

Negative transition sensing contact: if

condition before this instruction change from
ON to OFF, this instruction passes power for
only one scan (until rung is scarred again)

2. The basic ladder logic coil (output) symbols

Output or coil: if any left-to-right path of

instruction passes power, the output is
energized. If there is no continuous left-to-
right path of instruction passes power, the
output is de-energized.

Negated coil: if any left-to-right path of inputs

passes power, the output is de-energized. If
there is no continuous left to right path of
Output or coil: if any left-to-right path of
instruction passes power, the output is
energized. If there is no continuous left-to-
right path of instruction passes power, the
output is de-energized.

instructions passing power the output is

energized

Set coil: if any rung bath passes power output

is energized and remains

energized, even when no rung path pass

power

Reset coil: if any rung path passes power

output is de-energized and remains de-
energized, even when no rung path passes
power.
Since the PLC was developed to replace relay logic control system, it was only natural that
initial language closely resembles the diagrams used to document the relay logic.

By using this approach, the engineers and technicians using the early PLC did not need
retraining to understand the program.

The use combinational logic where the output is purely dependent of the combination of inputs
at any instant in time. They use AND, OR, NOT, X-OR to create ladder logic. In all the ladder
logic, symbols are used for all inputs, outputs and internal memory.

Vertical lines on the left and right are called the power rails. The contacts are arranged
horizontally between the power rails, hence the term rung.

The main functions of a ladder diagram program are to control outputs and perform functional
operations based on input conditions. Ladder diagrams use rungs to accomplish this control.

In general, a rung consists of a set of input conditions (represented by contact instructions) and
an output instruction at the end of the rung (represented by a coil symbol). The contact
instructions for a rung may be referred to as input conditions, rung conditions, or the control
logic

Ladder diagram rules

A ladder diagram is read from left to right and from top to bottom.

The vertical power lines or rails may be labeled L1, L2 or X1, X2 when the voltage potential is
derived from a transformer.

Devices are shown in order of importance whenever possible. Stop button should be given a
higher order of importance.
All contracts associated with a device change state when the device is energized.

Devices that perform a stop function are normally placed in series on a rung.

Devices that perform a start function are normally placed in parallel or in a branch configuration.

Contact associated with relays timers, motor starters always have the same number or letter
designation as the device that controls them.

Example 1

Two switches labeled A and B are wired in SERIES controlling a lamp. Implement this function
as PLC ladder logic where the two switches are separate inputs.

Solution

X=A.B

The PLC ladder logic notation is shortened from the relay wiring diagram to show only the third
line, the relay contacts and coil of the output relay.
Example 2

Two switches labeled A and B are wired in PARALLEL controlling a lamps implement this
function as PLC ladder logic where the two switches are separate inputs.

Solution

X=A+B

Example 3

Draw a ladder diagram for the NOT, NAND, NOR and XOR gate

i) NOT gate

ii) NAND gate

iii) NOR gate

iv) XOR gate

Questions

Devise a ladder diagram for a system where there has to be no output when any one of four
sensors gives an output, otherwise there is to be an output.

A signal lamp is required to be switched on if a pump is running and the pressure is satisfactory,
or if the lamp test switch is closed. Draw a ladder diagram.

Consider a valve which is to be operated to lift a load when a pump is running and either the lift
switch is operated or a switch operated indicating that the load has not already been lifted and is
at the bottom of its lift channel. Devise a ladder diagram.

An Alarm system is used in conjunction with an automated bottling system in a milk bottling
plant. A conveyer belt carries empty bottles that are to be filled with milk. The alarm goes off in
any of the conditions occurs.

Milk tank is empty and bottles are in conveyor belt.

There are no bottles in the conveyer and there is milk in the tank.

There is milk in the tank and bottles on the conveyor belt but electric power is off.

There is no milk in the tank, no bottles on the conveyor belt and electric power is off.

Write down a Boolean expression for the alarm system.

Implement this system using a PLC ladder diagram.

Draw the ladder rungs to represent:

Two switches are normally open and both have to be closed for a motor to operate.

Either of two, normally open, switches have to be closed for a coil to be energized and operate
an actuator.

A motor is switched on by pressing a spring-return push button start switch, and the motor
remains on until another spring-return push button stop switch is pressed.

A lamp is to be switched on if there is an input from sensor A or sensor B

A light is to come on if there is no input to a sensor.

A solenoid valve is to be activated if sensor A gives an input.

Instruction List

This is a low-level language similar to the machine or assembly language used with
microprocessors. This type of language is useful for small applications, as well as applications
that require speed optimization of the program or a specific routine in the program

This programming method, which can be considered to be the entering of a ladder program
using text, gives programs which consist of a series of instructions, each instruction being on a
new line. An instruction consists of an operator followed by one of more operands, i.e. the
subjects of the operator. In terms of ladder diagrams an operator may be regarded as a ladder
element.

Each instruction may either use or change the value stored in a memory register.

There are a lot of instructions used to develop the PLC program. Each instruction has a
respective function. For this, mnemonic codes are used, each code corresponding to an
operator/ladder element. The codes used differ to some extent from manufacturer to
manufacturer, though a standard IEC 1131-3 has been proposed and is being widely adopted.

Instruction code mnemonics

LD - LOAD Instruction: These instructions are use to start a line of the program. It is used in
the first contacts in the normally open condition (NO). The Execution Conditions of the
instruction on the right will be ON when internal relay (IR) 00000 is ON.

LD NOT - LOAD NOT Instruction: These instructions are use to start a line of the program. It is used in
the first contacts in the normally closed condition (NC). The Execution Conditions of the instruction
on the right will be ON when IR 00000 is OFF.
AND - AND Instruction: These instructions are used in the second contact in a normally open
(NO) and a series with previous contacts. The Execution Conditions of the instruction on the
right will be ON when IR 00000 and IR 00001 are ON.

AND NOT - AND NOT Instruction: These instructions are used in the second contact in a
normally closed (NC) and in series with previous contacts. The Execution Conditions of the
instruction on the right will be ON when IR 00000 ON and IR 00001 are OFF.

OR - OR Instruction: These instructions are used in the second contact in a normally open
(NO) and in line (parallel) with previous contacts. The Execution Conditions of the instruction on
the right will be ON when either IR 00000 or IR 00001 are ON.
OR NOT - OR NOT Instruction: These instructions are used in the second contact in a
normally closed (NC) and in line (parallel) with previous contacts. The Execution Conditions of
the instruction on the right will be ON when either IR 00000 is ON or IR 00001 is OFF or IR
00000 ON, IR 00001 OFF simultaneously.

OUT - OUTPUT Instruction: These instructions are used for the coil output. IR 10000 will ON
when IR 00000 is ON.

END: END instruction has no physical contact device. It is the last instruction required for
completion of a program. If no END instruction, the program cannot be implemented. For PLC
type OMRON - SYSMAC CQM1H, the instruction FUN 01 is the END instruction.
OR LD - BLOCK LOGIC OR Instruction: The OR LD instruction has no physical contact device. Only a
programming tool for solving complex OR function as a series of contacts LD (or LD NOT), in parallel with
a series of other contacts.

AND LD - BLOCK LOGIC AND Instruction: The AND LD no physical contact device. Only a programming
tool for solving complex functions such as AND connects a number of OR, OR NOT, OR LD in the series.
OR LD and AND LD: When both logic block instruction is to be used in Ladder Diagram, a
program must be written from the bottom up to merge logic blocks. For example, ladder
diagram below: Logic block of instruction for the last two blocks (blocks b1 and b2 blocks) are
written first and then followed by the first logic block instruction (block a).
Examples

A signal lamp is required to be switched on if a pump is running and the pressure is satisfactory,
or if the lamp test switch is closed.

For a valve which is to be operated to lift a load when a pump is running and either the lift switch
is operated or a switch operated indicating that the load has not already been lifted and is at the
bottom of its lift channel, Figure shows the ladder program and the related instruction list.
For a system where there has to be no output when any one of four sensors gives an output,
otherwise there is to be an output, Figure shows the ladder program and the instruction list .

Sequential control

This is where the output is dependent not only on the actual inputs but on the sequence of the
previous inputs and outputs (memorizing events).

Sequential problems have long been solved using conventional logic gates as building blocks,
but using certain techniques to express and identify the sequence logic equations that control
the system outputs.

Advanced PLC instructions such as shift registers, sequencers, master control relays, timers etc
are provided to simplify the design and implementation of sequence systems.
Internal Relay

In PLCs there are elements that are used to hold data, i.e. bits, and behave like relays, being
able to be switched on or off and switch other devices on or off. Hence the term internal relay.

Such internal relays do not exist as real-world switching devices but are merely bits in the
storage memory that behave in the same way as relays.

For programming, they can be treated in the same way as an external relay output and input.
Thus inputs to external switches can be used to give an output from an internal relay.

This then results in the internal relay contacts being used, in conjunction with other external
input switches to give an output, e.g. activate a motor.

For the first rung: when input 1 or input 3 is closed and input 2 closed, then internal relay IR 1 is
activated. This results in the contacts IR 1 closing. If input 4 is then activated, there is an output
from output 1.

Such a task might be involved in the automatic lifting of a barrier when someone approaches
from either side. Input 1 and input 3 are inputs from photoelectric sensors that detect the
presence of a person, approaching or leaving from either side of the barrier, input 1 being
activated from one side of it and input 3 from the other. Input 2 is an enabling switch to enable
the system to be closed down.

Thus when input 1 or input 3, and input 2, are activated, there is an output from the internal
relay 1. This will close the internal relay contacts. If input 4, perhaps a limit switch, detects that
the barrier is closed then it is activated and closes. The result is then an output from Out 1, a
motor which lifts the barrier.

If the limit switch detects that the barrier is already open, the person having passed through it,
then it opens and so output 1 is no longer energized and a counterweight might then close the
barrier.

The internal relay has enabled two parts of the program to be linked, one part being the
detection of the presence of a person and the second part the detection of whether the barrier is
already up or down

SET and RESET

Another function which is often available is the ability to set and reset an internal relay. The SET
instruction causes the relay to self-hold, i.e. latch. It then remains in that condition until the
RESET instruction is received. The term flip-flop is often used.

The SET coil is switched on when power is supplied to it and remains set until it is RESET. The
RESET coil is reset to the off state when power is supplied to it and remains off until it is SET.

SET and RESET instruction will change the status of bit operations only when the
implementation is ON. In the OFF condition, the instructions will not change the bit operation
status.

When the input instruction LD 00000 is ON, SET instruction command to ON and always ON
regardless of whether the input instruction LD 00 000 is ON or OFF.

When the inputs instruction LD 00001 is ON, RESET instruction is ON and

SET instruction will be off.

Example
An example of the basic elements of a simple program for use with a fire alarm system is
shown. Fire sensors provide inputs to a SET-RESET function block so that if one of the sensors
is activated the alarm is set and remains set until it is cleared by being reset. When set it sets of
the alarm.

Timers

In many control tasks there is a need to control time. Timers are devices that count increments
of time. PLCs thus have timers as built-in devices. Timers count fractions of seconds or seconds
using the internal CPU clock.

The way the timers work varies from one type of PLC to another. A common approach is to
consider timers to behave like relays with coils which when energized result in the closure or
opening of contacts after some preset time. The timer is thus treated as an output for a rung
with control being exercised over pairs of contacts elsewhere.

The timer compares its current time with the preset time. The output of the timer is a logic 0 as
long as the current time is less than the preset time. When the current time is greater than the
preset time the timer output is a logic 1.

TIMER (TIM) is the instructions that require numbers TIM (N) and the set value (SV). The range
of numbers TIM is from 000 to 511, while the range of set values for the TIM is 0000 to 9999

The numbers TIM can not be used twice. When a number has been used as definer, such as
number 000 for instructions on TIM, the number can not be used again.

When a number is defined as the number of TIM, it can be used as often as required as an
operator operand in other instructions from the command TIMER.

Example 1

Timer is enabled / activated when the execution condition is ON and will be reset to set value
(SV) when the execution condition is OFF.
The set value (SV) of TIMER is the BCD between #0000 to #9999. For example if TIMER be set
0 – 5 seconds, then the set value is # 0050

Operation condition: When the input (LD 00000) is ON, the timer contact will be activated after
5 seconds. Next the output (OUT 10000) will be ON.

Example 2
Operating condition: When the input (LD 00000) ON, the timer (TIM 000) will be activated
after 5 seconds and the output (OUT 10000) will be ON. While the output (OUT 10001) will be
ON as soon as the supply is supplied and will be OFF after 5 seconds. Timer will continue to be
active as long as the input 00000 state is ON.

Example 3
When the input (LD 00000) ON, the timer (TIM 000) will be activated after 5 seconds. Next the
output (OUT 10000) will be ON. After 3 seconds the output (OUT 10000) ON, the timer (TIM
001) will be activated the next output (OUT 10000) will be OFF and the timer (TIM 001) will be
OFF. When the timer TM001 OFF, contact TIM 001 (NC) will be ON and the output (OUT
10000) is ON state. Output (OUT 10000) will continue ON and OFF until the input (LD 00000) in
the OFF state.

Question

Two motors (M1 and M2) are to be controlled as follows:

When the run switch is operated both motor must run

After 4 min motor 1 must stop

Motor 2 continues running for another 2 min and stops

At this point a lamp is switched on

After a further 90 sec, the lamp goes off and the cycle restarts

If a stop switch is operated at any time, the system will continue to the end of the cycle and then
stop. Produce the PLC program

Counters
Counters used in PLCs serve the same function as mechanical counters. Counters compare an
accumulated value to a preset value to control circuit functions.

Counter is used to count and store the number of occurrence of an input signal. Control
applications that commonly use counters include the following:

• Count to a preset value and cause an event to occur

• Cause an event to occur until the count reaches a preset value

Counters increment/decrement one count each time the input transitions from off (logic 0) to on
(logic 1).

Counter (CNT) is the instructions that require numbers TIM/CNT (N) and
the set values (SV).

The range of numbers CNT is from 000 to 511, while the range of set
values for the CNT is 0000 to 9999

When a number is defined as the number of CNT, it can be used as

often as required as operator operand in other instructions from the
command COUNTER.

The counters are reset when a RESET instruction is executed

Example 1

Counter set to count 10. When the input (LD 00,000) is the pulse of ten, a counter will be
activated and thus the output (OUT 10000) will be ON. When reset (LD 00,001) ON, a counter
will be in original condition
Example 2

Counter set to count 5. When the input (LD 00,000) is the pulse of five, a counter will be
activated and thus the output (OUT 10000) will be ON. When the output (OUT 10000) ON, TIM
001 will be activated after 3 seconds and then the output (OUT 10 001) will be ON. Both the
output (OUT 10000) and (OUT 10 001) will always be ON until reset (LD 00001) in the ON state.
Reset will return the counter to its original condition.
Questions

Components pass along a chute and interrupt a light switch which goes low (off) each time it is
interrupted. Every time 6 components have been counted, an eject operation is used to remove
the batch and the then it all starts again.

Produce a ladder logic diagram to do this operation. The counter is designated C460

Design a ladder program for an industrial control system that:

Count ten objects passing along a conveyor belt;

Closes a deflecting gate when the number has been deflected into a carton

Allows a time of 5 seconds between the tenth object counted and closing of the deflector.

A controlled car park has 4 spaces in the packing lot. Cars are detected and allowed to enter
into the parking space if available. If NO space a “Full” indicator lamp should be lit, otherwise
individual indicator lamps should light to show the available parking space. Design a PLC ladder
diagram of the car parking system; include comments on every rung.

With the aid of a ladder program and a process control figure, explain how a converter can be
used in a machine to direct 6 products to a packaging box and 12 products to another box
simultaneously.
PLC External peripherals

A peripheral is a device that is connected to a host PLC, but not part of it. It expands the host’s
capabilities but does not form part of the core PLC architecture.

Peripheral devices to the PLC and its I/O base(s) can be anything from a host computer and
controls console to a motor drive unit or field unit switch.

Printers end industrial terminals used for programming are also peripheral devices.

These external operating devices, with their sometimes harsh and/or fast signal characteristics,
must be able to interface with the PLC’s sensitive microprocessor.

There are three different types of peripherals:

Input, used to interact with, or send data to the computer/ PLC (mouse, keyboard etc)

Output, which provides output to the user from the PLC/computer (Monitors, printers,
displays etc)

Storage, which stores data processed by the computer (Hand drives, flash drives etc)

Printers

In computing, a printer is a peripheral which produces a representation of an electronic

document on physical media such as paper. Many printers are local peripherals connected
directly to a nearby personal computer. Individual printers are often designed to support both
local and network connected users at the same time. Most Multifunction printers (MFPs) include
printing, scanning, and copying among their many features.

Printers can be classified by the printer technology they employ, with many techniques being
available as commercial products.

The choice of print technology has a great effect on the cost of the printer and cost of operation,
speed, quality and permanence of documents and noise.

A second aspect of printer technology that is often forgotten is resistance to alteration: liquid ink,
such as from an inkjet head or fabric ribbon, becomes absorbed by the paper fibers, so
documents printed with liquid ink are more difficult to alter than documents printed with toner or
solid inks, which do not penetrate below the paper surface.

Network interface controller (NIC)

NIC also known as network interface card, network adaptor is a computer hardware component
that connects a PLC to a computer network.

It is an expansion card that allows PLC/computers to communicate over a computer network

The network controller implements the electronic circuitry required to communicate using a
specific physical layer end data link layer standard such as Ethernet, WI-FI or token ring.

This provides a base for a full network protocol stack, allowing communication among small
groups of PLC/computers on the same LAN and large – scale network communication through
routable protocols such as IP.

The NIC may use one or more of two techniques to indicate the availability of packets to
transfer.

Polling is where the CPU examines the status of the peripheral under program control

Interrupt – driven I/O is where the peripheral alerts the CPU that it is ready to transfer data.

and may use one or more of two techniques to transfer packet data:
Programmed input/output is where the CPU moves the data to or from the designated
peripheral to memory.

Direct memory access is where an intelligent peripheral assumes control of the system bus to
access memory directly. This removes load from the CPU but requires more logic on the card.
In addition, a packet buffer on the NIC may not be required and latency can be reduced.

Programmer interface

The programmer interface in the industrial design field of human – machine interaction, is the
space where interaction between human and machine occurs.

The goal of this interaction is effective operation and control of the machine on the user’s end,
and feedback from the machine which aids the operator in making operational decisions.

Examples of this broad concept of user interfaces include the interactive aspects of computer
operating systems, hand tools, heavy machinery operator controls, and process controls.

The user/programmer interface includes hardware (physical) and software (logical) components

It provides a means of

Input, allowing the user to manipulate a system

Output, allowing the system to indicate the effects of the user’s manipulation.

Generally, the goal of human-machine interaction engineering is to produce a user interface

which makes it easy, efficient, and enjoyable to operate a machine in the way which produces
the desired result. This generally means that the operator needs to provide minimal input to
achieve the desired output, and also that the machine minimizes undesired outputs to the
human.

With the increased use of personal computers and the relative decline in societal awareness of
heavy machinery, the term user interface is generally assumed to mean the graphical user
interface, while industrial control panel and machinery control design discussions more
commonly refer to human-machine interfaces.

PLC Systems and safety

An important standard is IEC (International Electro-technical Commission) 61508: functional

safety of electrical/electronic programmable electronic safety-related systems.

In order to provide functional safety of a machine or plant, the safety-related protective or

control systems must function correctly and when a failure occurs it must operate so that the
plant or machine is brought into a safe shut-down state.

Fail-safe design

Safety must be a priority in the design of a PLC system. Thus emergency stop buttons and
safety guard switches must be hard wired and not depend on the PLC software for
implementation so that in the situation where there is a failure of the stop switch or PLC, the
system is automatically safe. The system must be fail-safe.

Fail-safe design is a method of designing control system such that if a critical component in the
system fails, the system immediately becomes disabled.

Hence, fail-safe design is the procedure or programming to ensure safety of the operator and
processes.

Fail-safe design rules of thumb for selecting No or NC devices are as follows:

NO – when wiring switches or sensors that start actions, use normally open switches so there is
a problem with the switch the process will not start.

NC – When wiring switches that stop process use normally closed switches so if they fail the
process will stop.

The following program, START will override STOP and RUN will switch on as long as START is
pressed.
 Unsafe start/stop
program

With a PLC system, a stop signal can be provided by a switch as above

This arrangement however is unsafe as an emergency stop because if there is fault and the
switch cannot be operated, then no stop the system.

What is required is a system that will still stop if a failure occurs in the stop switch.

The program has the STOP switch as the open contacts. However, because the hardwired stop
switch has normally closed contacts then the program has the signal to close the program
contacts.

Pressing the stop switch opens the program contacts and stops the system.

Phases of creating a PLC system

This involves fives phases; design, selection and supply, programming, installation,
commissioning.

Phase 1 – Design – This is the designing of the system installation which include
communication systems. In this stage, it shows all design basis documents, now the system will
be constructed and commissioning of the same.
Phase 2 – Selection and Supply – After the planning phase of the design, the equipment can
be ordered. The first decision is the type of controller rack, mini, micro or software based. The
decision will depend on:-

Number of logical inputs and outputs

Memory size

Number of special I/O modules

Method/techniques of communication – serial and networked communication allow the

PLC to be programmed and talk to other PLC

Availability of programming software and other tools that determine the programming and
debugging

Scan time – the shorter the scan time the higher the cost.

The process of selecting a PLC follows the following steps

Understand the process to be controlled

Select the vendor/seller of PLC modules

Plan the ladder logic for the control

Count the program instructions and enter the values into the sheet.

Phase 3 – Programming: This stage involves programming the PLC, depending on the
language used. It will also depend on the type of programmer available.

PLC software for personal computers – Similar to the specialized programming

units, but software runs on a multi-use, user supplied computer. This approach is
typically preferred.

Hand held units (or integrated) – allow programming PLC using a calculator type
interface. Often done using mnemonics.

Specialized programming units – effectively a portable computer that allows

graphical editing of the ladder logic, and fast uploads/downloads/monitoring of the
PLC

Phase 4 – installation

This stage involves installing and placing all components of PLC system hardware and
software in compliance with the design document. It entails the following phase/steps:
 Panel/cabinet installation – The panel/cabinet installed should allow enough space for air
circulation. Do not install PLC above equipment that generate large amount of heat. Do
not install the PLC in a panel or cabinet with high voltage equipment. Provide a clear
path for operation and maintenance.

Installation of CPU unit and I/O unit – The small PLC must be installed in the horizontal
position for the big PLC before installing; the units have to be compiled one by one. To
build a rack PLC, provide back plane (Back plane is a simple device having two
functions. The first is to provide physical support for units to be mounted to it. The
second is to provide the connectors and electrical pathways necessary for connecting
the units mounted to it.

Installing the expansion unit or expansion I/O unit – expansion I/O unit are usually
attached when amount of I/O devices to be controlled increase its amount over than
capabilities of the existing I/O unit or attached when needed to a special need like
temperature sensor. Insert the expansion I/O units connecting cable into the CPU units
or expansion I/O unit expansion connector.

Installing I/O devices – I/O devices are attached at the place has been determined in the
work plan and wiring diagram. For switches are usually attached at the panel while the
sensor, solenoid and motor is usually placed at the machine to be controlled.

Wiring and connection – Hanging ducts is used if power cables carrying more than 10A
400v or 20A 220V must be run alongside the I/O wiring (that is in parallel with it); at least
300mm must be left between the power cables and the I/O wiring. Ensure proper
grounding of all electrical installation. All electrical rack and machine element should be
grounded to a central ground bus.

Phase 5 - Commissioning

Commissioning of a PLC system involves

Checking that all the cable connection between the PLC and the plant being controlled
are complete, safe and to the required specifications and meeting standards.

Checking that the incoming power supply matches the voltage setting for which the PLC
is set.

Checking that emergency stop buttons work.

 Checking that all protective devices are set to their appropriate trip settings.

Checking that all I/O devices are connected to the correct I/O points and giving the
correct signals.

Loading and testing the software.

Fault finding

With any PLC controlled plant, the major faults are likely to be with sensors, actuators and
wiring rather than within the PLC itself.

Of the fault within the PLC, most likely to be in the I/O channels or power supply rather than in
the CPU

For example, consider a single output device failing to turn on though the output LED is on. If
testing of the PLC output voltage indicates that its normal then the fault might be a wiring fault or
a device fault. If checking of the voltage at the device indicates the voltage there is normal then
the fault is the device.

Many PLCs provide built-in fault analysis procedure which carries out self-testing and display
fault codes, with possibly a brief message, which can be translated by looking up the code in a
list to give the source of the fault and possible methods of recovery.

Fault detection technique

The following are some of the common fault detection techniques used.

Timing checks – The term watching is used for a timing check that is carried out by the
PLC to check that some function has been carried out within the normal time. If the function
is not carried out within the normal time, then a fault is assumed to have occurred and the
watch dog timer trips, setting off an alarm and perhaps closing down the PLC. As part of the
internal diagnostic of PLC, watchdog timers are used to detect for faults.

Time check can also be built into the ladder logic program. This is where additional
ladder rungs might included so that when a function starts, a timer is started. If the
function does not complete when the timer finishes a fault is signaled.
Last output set – This technique involves the use of status lamps to indicate the last output
that has been set during a process which has come to a halt. Such lamps are built into the
program so that as each output occurs a lamp comes on. The lamps on thus indicate which
output are occurring. The program has to be designed to turn off previous status lamps and turn
on a new status lamp as each new output is turned on.

Replication – replication check involves duplication i.e. replication, the PLC system. This could
mean that the system repeats every operation twice and if it gets the same result it is assumed
there is no fault. This procedure can detect transient fault.

Alternatively, is to have duplicate PLC systems and compare the results given by the two
systems. In the absence of the fault the two results should be the same, a fault showing
up as a difference.

Expected values checks – Software errors can be detected by checking whether an expected
value is obtained when a specific input occurs. If the expected value is not obtained then a fault
is assumed to be occurring.

Installation and Maintenance

The design of programmable controllers includes a number of rugged features that allow
PLCs to be installed in almost any industrial environment.

System layout is the conscientious approach to placing and interconnecting components not
only to satisfy the application, but also to ensure that the controller will operate trouble free
in its environment.
 In addition to programmable controller equipment, the system layout also encompasses the
other components that form the total system. These components include isolation
transformers, auxiliary power supplies, safety control relays, and incoming line noise
suppressors.

Although programmable controllers are tough machines, a little foresight during their
installation will ensure proper system operation.

In a carefully constructed layout, these components are easy to access and maintain.
Nevertheless, careful installation planning can increase system productivity and decrease
maintenance problems.

The best location for a programmable controller is near the machine or process that it will
control, as long as temperature, humidity, and electrical noise are not problems.

Placing the controller near the equipment and using remote I/O where possible will minimize
wire runs and simplify start-up and maintenance

Programmable controllers are designed to be easy to maintain, to ensure trouble-free

operation. Still, several maintenance aspects should be considered once the system is in
place and operational. Certain maintenance measures, if performed periodically, will
minimize the chance of system malfunction.

Preventive maintenance of programmable controller systems includes only a few basic

procedures, which will greatly reduce the failure rate of system components.

Preventive maintenance for the PLC system should be scheduled with the regular machine
or equipment maintenance, so that the equipment and controller are down for a minimum
amount of time.

However, the schedule for PLC preventive maintenance depends on the controller’s
environment—the harsher the environment, the more frequent the maintenance.

The following are guidelines for preventive measures:

Periodically clean or replace any filters that have been installed in enclosures at a frequency
dependent on the amount of dust in the area.

Do not allow dirt and dust to accumulate on the PLC’s components; the central processing unit
and I/O system are not designed to be dust proof. If dust builds up on heat sinks and electronic
circuitry, it can obstruct heat dissipation, causing circuit malfunction.
Periodically check the connections to the I/O modules to ensure that all plugs, sockets, terminal
strips, and modules have good connections. Also, check that the module is securely installed.

Ensure that heavy, noise-generating equipment is not located too close to the PLC.

Make sure that unnecessary items are kept away from the equipment inside the enclosure.

If the PLC system enclosure is in an environment that exhibits vibration, install a vibration
detector that can interface with the PLC as a preventive measure. This way, the programmable
controller can monitor high levels of vibration, which can lead to the loosening of connections

Topic Questions

Define a programmable Logic Controller (PLC’s).

State the four steps in the operation of programmable logic controller (PLC).

Draw a labeled block diagram of the internal architecture of a Programmable Logic

Controller (PLC) and state the function of each block.

Define ladder logic control system.

With the aid of a block diagram, explain how a PLC process input from the sensors.

Describe the following Programmable Logic Controller (PLC) system styles.

Unitary

Modular

Rack Mounting

With the aid of a diagram, explain how PLC’s can be used to control water level in a tank.

Explain why user interface is necessary in PLC’s.

Explain how fault-finding is carried out in PLC systems.

Explain the operation of the following input devices, stating the form of the signal being
sensed and the output: (a) reed switch, (b) incremental shaft encoder, (c) photoelectric
transmissive switch, (d) diaphragm pressure switch

Explain how the on-off operation and direction of a d.c. motor can be controlled by switches

Explain the continuous updating and the mass input/output copying methods of processing
inputs/outputs.

Devise a timing watchdog program to be used to switch off a machine if faults occur in any
of the systems controlling its actions.
 Devise ladder programs which can be used to:

Maintain an output on, even when the input ceases and when there is a power failure.

Switch on an output for a time of one cycle following a brief input.

Switch on the power to a set of rungs.

Devise ladder programs for systems that will carry out the following tasks:

Switch on an output 5 s after receiving an input and keep it on for the duration of that input.

Switch on an output for the duration of the input and then keep it on for a further 5 s.

Switch on an output for 5 s after the start of an input signal

Devise ladder programs for systems that will carry out the following tasks:

Give an output after a photocell sensor has given 10 pulse input signals as a result of detecting
10 objects passing in front of it.

Give an output when the number of people in a store reaches 100, there continually being
people entering and leaving the store.

Topic 3

SUPERVISORY CONTROL AND DATA ACQUISITION (SCADA)

Introduction

In modern manufacturing and industrial processes, mining industries, public and private utilities,
leisure and security industries telemetry is often needed to connect equipment and systems
separated by large distances.
Control system architecture can range from simple local control to highly redundant distributed
control. The SCADA system applies to facilities that are large enough that a central control
system is necessary.

SCADA refers to the combination of telemetry and data acquisition. It encompasses the
collecting of the information, transferring it back to the central site, carrying out any necessary
analysis and control and then displaying that information on a number of operator screens or
displays. The required control actions are then conveyed back to the process.

SCADA is a widely distributed computerized system primarily used to remotely control and
monitor the conditions of field based assets from a centralized location.

The PLC is still one of the most widely used control systems in industry. As need to monitor and
control more devices in the plant grew, the PLCs were distributed and the systems became
more intelligent and smaller in size. PLCs and DCS (distributed control systems) are used

Components of a SCADA system

SCADA encompasses the transfer of data between a SCADA central host computer and
number of remote sites (RTU) and the central host and the operator terminals.

The figure below shows a generic SCADA system that employs data multiplexing (MUX)
between the central host and the RTU.

SCADA system consist of:

Remote terminal unit (RTU): They are primarily used to convert electronic signals received
from field devices into (or from) the language (known as the communication protocol) used to
transmit the data over a communication channel.

It connects to sensors in the process, converting data to the supervisory system.

PLC used as field devices because they are more economical, versatile, flexible and
configurable than special-purpose RTU’s

RTU gathers data from field devices (pump, valves alarms etc) in memory, until the MTU
(master terminal unit) initiates a second command.

Communication network / system – used to transfer data between field data interface
devices and control units and the computers in the SCADA host computer (MTU)

This is intended to provide the means by which data can be transferred between the central
host computer server and field based RTU.

Communication network refers to the equipments needed to transfer data to and from different
sites.

The medium used can either be cable, telephone or radio

The way the SCADA system network (topology) is set up can vary with each system but there
must be uninterrupted, bidirectional communication between the MTU and the RTU for a
SCADA or data acquisition system (DAS) to function properly.

This can be accomplished in various way i.e private wire lines, underground cables, telephone
radio, modern, microwave dishes, satellite and other atmospheric means and many times,
system employ more than one means of communicating to the remote site.

Communication systems used for SCADA are often split into two distinct part: WAN and LAN.

The interface between the two parts is commonly achieved through some form of multiplexing.

Multiplexing allows different data streams to share single data link. It combines communication
paths to and from many RTUs into a single bit stream, usually using Time Division Multiplexing
(TDM).

It may itself be a SCADA processing device that manages the local network and not only
combines data, but also reduces the amount of data that be interchanged within the central
host.

Central computer or master terminal unit (MTU)

It is defined as the master or heart of a SCADA system and is located at the operator’s central
control facility.

Most often it is a single computer or a network of computer servers that provide a man-machine
operator interface to the SCADA system.
The computers process the information received from or sent to the RTU sites and present it to
human operator in a form that the operators can work with.

Operators terminals are connected to the central host computer by a computer network so that
the viewing screens end associated data can be displayed for the operator.

Some examples of the types of display screens offered by most systems include:

System overview pages displaying the entire system often summarizing SCADA sites that might
be faulty

Site mimic screens for each individual RTU location showing up to the minute site information

Alarm summary pages displayed current alarms and other types of alarms in which have been
acknowledged or not

Trend screens enabling the operator to display the behaviour of a particular variable over time.

Human machine interface (HMI)

It is the apparatus which present process data to a human operator, and through which the
human operator controls the process.

This displays this information in an easily understood graphical form, a rehives the data
received, transmit alarms and permit operator control as required.

The HMI is essentially a PC system running powerful graphic and alarm software programs.

It is usually linked to the SCADA system’s database and software programs, to provide
trending, diagnostic data and information management.

SCADA software

SCADA software can be divided into two types: open and proprietary.

Proprietary software often is configured for a specific hardware platform and may not interface
with the software or hardware produced by competing vendors.

Commercial off-the shelf (COTS)/open software are more flexible, and will interface with
different types of hardware and software.

The focus of proprietary software is on process and control functionality while COTS software
emphasizes on compatibility with a variety of equipment and instrumentation.
Software products typically used within a SCADA system are as follows:-

Central host computer operating system:- software used to control the central host computer
hardware.

Operator terminal operating system – Software used to control the central host computer
hardware at the operators terminal. It contributes to the networking of the central host and
operator’s terminal.

Applications – They are of two types; central host computer application and operator terminal
applications. These handles transmitted and reception of data to and from the RTU and central
computer. It also provides the GU/ which offers mimic screens, alarm pages trend.

Communication protocol drives: - required to control the translation and interpretation of the
data between ends of the communication links in the systems.

How does SCADA Work

SCADA is a computer system for gathering and analyzing real time data

The ability to monitor the entire control system in real time is facilitated by data acquisition
including meter reading and checking status of sensors that are communicated at standard
intervals depending on the system.

The collected field data is transmitted through a communication network to the master terminal
unit which the data is processed.

The MTU monitors and control data from various field devices (sensor) that are either in close
proximity or off site.

Thus in summary, the SCADA system perform the following four functions:

Data acquisition

Networked data communication

Data presentation

Control

Data acquisition

This is the process of sampling signals that measure real world physical conditions and
converting the resulting samples into digital numerical values that can be manipulated by a
computer.
Data acquisition within SCADA system is accomplished first by the RTU scanning the field data
interface devices connected to the RTU.

The time to perform this task is called the scanning internal. The MTU scans RTU to access
data in the process referred to as polling the RTU.

Some systems allow the RTU to transmit field values and alarms to the central host without
being processed by the central host.

The components of data acquisition systems include:

Sensors that converts physical parameters to electrical signals

Signal conditioning circuitry to convert sensor signals into a form that can be
converted to digital values e.g implication, alternation multiplexing.

Analog to digital converters, which converts conditioned signals to digital values.

Data acquisition hardware acts as the interface between the computer and the outside
world. It primarily functions as a device that digitizes incoming signal so that the
computer can interpret them.

Types of data acquisition systems (DAS)

These depend on type of communication protocol used.

Wireless data acquisition system: consist of one or more wireless transmission sending
data back to a wireless receiver connected to a remote computer.

Serial communication data acquisition system: are good choices when the
measurement needs to be made at a location which is distance from computer.

USB DAS: The Universal Serial Bus (USB) is a new standard for connecting P.C to peripheral
devices such as monitor, DAS.

Processing Data from the field

Data can be of three main types:

Analog data (real numbers) which will be trended (placed in graphs)

Digital data (ON/OFF) which may have alarms attached to one state or the other

Pulse data (e.g. counting revolution of a meter) is analog data normally accumulated or counted
such data are treated within the SCADA operator terminal software displays as analog data and
may be trended.
 Data from the field are processes to detect alarm conditions, and if alarm is predicted, it will be
displayed on dedicated alarm list on the application software running on the central host
computer.

Where variables in the field have been changing over time, the SCADA system usually offers a
trending system where the behaviour of a particular variable can be plotted on a GUI screen
(graphical user interface screen).

Tasks in SCADA system

Input/output task – This program is the interface between the control and monitoring system
and plant floor.

Alarm task – this manages all alarms by detecting digital alarm point and comparing the values
of analog alarm points to alarm thresh hold.

NB: SCADA can be seen as a system with many data elements called points. Each
point is a monitor or sensor and there points can be either soft or hard. Hard data points
can be on actual monitor; soft point can be application or software calculation. Data
elements from hand and soft points are usually always recorded and logged to create a
time stamp or history.

Trend task: it collects data to be monitored over time.

Report task – Reports are produced from plant data. These reports are periodic, event
triggered or activated by the operator.

Display task – manages all data to be monitored by the operator and all control actions
requested.

Application of SCADA system

In essence, SCADA application has two elements:-

The process/system/machinery needed to be monitored or controlled: - This can take the form of a
power plant, water system, network, traffic light system.

A network of intelligent devices that interfaces with the first system through sensors and control
output. This network, which is the SCADA system, gives the capability to measure and control
specific elements of the first system.

SCADA systems control are used in the following industries

Manufacturing: SCADA system manages parts inventories, regulate industrial automation and
robots, and monitor process and quality control.

Traffic signals: SCADA regulates traffic lights, controls traffic flow and detects out of order signals.
Electric power generation, transmission and distribution: Electric utilities use SCADA system to
detect current flow and line voltage, monitor the operation of circuit breakers, and to take
sections of the power grid outline or offline.

Building, facilities and environment: Facility managers use SCADA to control HVAC,
refrigeration units lighting and entry systems.

Water and Sewage: state and municipal water utilities use SCADA to monitor and regulate water
flow, reservoir levels and pipe pressure.

Mass transit: transit authorities use SCADA to regulate electricity to subways, trains and trolley
buses, to automate traffic signals for rail system; to track and locate trains and buses; and to
control rail road – crossing gates.

Benefits of SCADA

Improved operation of the plant or process resulting in savings due to optimization of the
system.

Reduces the operating and maintenance cost hence maximize the profits.

Maximize productivity, ensure continuous production and increased productivity of the

personnel.

Improved safety of the system due to better information and improved control.

Protection of the plant equipment.

Safeguarding the environment from a failure of the system.

Enhances reliability and robustness of critical industrial processes.

Improved energy savings due to optimization of the plant.

Improved and quicker receipt of data so that clients can be invoiced more quickly and
accurately.

Government regulations for safety and metering of gas (for royalties & tax etc).

Creating a functional SCADA system

Phase 1: The DESIGN of the system architecture includes the communication system. Also
involved in this initial phase will be any site instrumentation that is not currently in existence,
but will be required to monitor desired parameters. Design stage translate the design basis
document into a system design and document the design clearly and completely so that it
 can be constructed properly, commissioned completely, and operated and maintained
reliably and efficiently.
Phase 2: The SUPPLY of RTU, communication, and HMI equipment, which consists of a
PC system and the required powerful graphic and alarm software programs.
Phase 3: The PROGRAMMING of the communication equipment and the powerful HMI
graphic and alarm software programs.
Phase 4: The INSTALLATION of the communication equipment and the PC system. The
stage involves installing and placing into operation the SCADA system hardware and
software in compliance with the design documents.
Phase 5: The COMMISSIONING of the system, where communication and HMI
programming problems are solved, and the system is proven to the client, and operator
training and system documentation is provided. Commissioning is the formal process of
verifying and documenting that the installed SCADA system complies with and performs in
accordance with the design intent, as defined in the design documentation

Design approaches/strategies for SCADA system

Local control system

It describes a system architecture in which sensors, controllers and controlled equipments are
within close proximity and the scope of each controller is limited to a specific system or sub-
system.

Local controllers are typically capable of accepting inputs from a supervisory controller to initiate
or terminate locally.

Controlled automatic sequence, or to adjust control set points, but the control action itself is
determined in the local controller.
a) Local b) Centralized

Centralized control system

Describes a system in which all sensors, actuators and other equipment within the facility are
connected to a single controller or a group of controllers located in a common control room.

This type was common for power plants and other facilities using single-loop controllers.

Distributed control system

It offers the best features of both local control and centralized control.

In a DCS, controllers are provided locally to systems or group of equipment but networked to
one or more operator stations in a central location through a digital communication circuit.

Control action for each system or subsystem takes place in a local controller but the central
operator station has complete visibility of the status of all systems and the input and output data
in each controller, as well as the ability to intervene in the control logic of the local controller if
necessary.

In a DSC, data acquisition and control functions are performed by a number of distributed micro-
processor-based units, situated near to the devices being controlled or the instrument from
which data is being gathered.
Input and output wiring runs are short and less vulnerable to physical description or electro-
magnetic interference.

The data highway is normally capable of high speed

User Configurable Open System (UCOS)

UCOS is a control system that employs object-oriented techniques at every level of its
system architecture. It includes a number of subsystems which segment the functionality of
UCOS. This includes an Engineering Workstation Subsystem, an Operator Workstation
Subsystem, and a Field Control Unit (FCU) Controller Subsystem. The subsystems
communicate via a Control Network.

Engineering Workstation (EWS) used for project development. The EWS is the development
tool where control schemes are configured then downloaded to the OWS, FCU, and SDS. The
entire project is configured using a single integrated tool based on graphical Windows
standards. Graphical techniques are also used to define the logical relationships among the
devices in a process area. Project configuration begins by defining the system architecture:
workstations, field control units (FCUs), I/O, networking, etc. Graphical techniques are also used
to define the logical relationships among the control elements for multiple devices.

Operator Workstation (OWS) for operator interface. This is used to monitor and control the
process. It uses the project screens created during project development and animates them
based on real-time data received from field control units and field data servers. Authorized
operators can monitor detailed activities for many types of devices and send commands using
standard faceplate command windows and group displays.

Field Control Unit (FCU) for control logic execution and direct scanning of I/O. The FCU
provides I/O services by monitoring and controlling I/O across standard networks and data
highways. The FCU can provide simultaneous support for multiple vendors’ I/O and I/O
networks. The variety of platform and form-factor options supported by the FCU allows
incorporation of distributed, distinct I/O subsystems into common control strategies.

Control Network. System supports redundant and non-redundant fiber optic and Ethernet local
networks using the TCP/IP networking protocol for standardized, advanced application
connectivity. The LAN/WAN can be extended to other sites inside or outside the plant using
such remote communications technologies as satellite, radio, microwave, and dial-up running
such standard protocols as TCP/IP, Modbus, OPC, DDE

I/O Subsystem supporting I/O from all industry standard suppliers. The same logic can be
solved to manipulate different I/O subsystems from different manufacturers without having to
change any of the programming or operational parameters of the configured system.

SCADA Data Server (SDS) for interfacing data from intelligent devices, such as PLCs, Fieldbus
technologies, RTUs, PLC I/O, and other third-party devices

Process Historical Archiver (PHA) for storing and retrieving historical data collected by the
FCU, SDS or any other intelligent device in the system

microFCU: is a small, low-powered PLC that executes sequential and regulatory logic and
directly scans onboard I/O. It can replace RTUs at a significant reduction in cost and power
consumption – plus it can provide local intelligent control of devices, which RTUs can't do.
SCADA SECURITY / ACCESS CONTROL

Access control is the selective restriction to access to a plant/place or other resources. Hence
the security access control is the act of ensuring that an authenticated user accesses only what
they are authorized to and no more.

SCADA systems are used to control and monitor physical processes, however the security of
these system is important because compromise or destruction of these system may impact
multiple areas of society or industries.

It is important to be able to detect possible attacks and respond in an appropriate manner in

order to minimize the impacts.

Protect: Deploying specific protection measures to prevent and discourage electronic

attack against the process control systems.
 Detect: Establishing mechanisms for rapidly identifying actual or suspected electronic
attacks.

Respond: Undertaking appropriate action in response to confirmed security incidents

against the process control systems.

Defence in Depth

Where a single protection measure has been deployed to protect a system, there is a risk that if
a weakness in that measure is identified and exploited there is effectively no protection
provided.

No single security measure itself is foolproof as vulnerabilities and weaknesses could be

identified at any point in time. In order to reduce these risks, implementing multiple protection
measures in series avoids single points of failure.

In order to safeguard the process control system from electronic attacks (e.g. hackers, worms
and viruses), it may be insufficient to rely on a single firewall, designed to protect the corporate
IT network.

A much more effective security model is to build on the benefits of the corporate firewall with an
additional dedicated process control firewall and deploy other protection measures such as anti-
virus software and intrusion detection

Remote access

Maintain an inventory of all remote access connections and types (e.g. virtual private network or
modems).

Ensure that a valid business justification exists for all remote access connections and keep
remote connections to a minimum.

Implement appropriate authentication mechanisms (e.g. strong authentication) for remote

access connections.

Implement appropriate procedures and assurance mechanisms for enabling and disabling
remote access connections.

Ensure that remote access computers are appropriately secured (e.g. anti-virus, anti- spam and
personal firewalls).

Anti-virus:
Protect process control systems with anti-virus software on workstations and servers.

Where anti-virus software cannot be deployed other protection measures should be

implemented (e.g. gateway anti-virus scanning or manual media checking)

E-mail and Internet access

Disable all email and internet access from process control systems.

System hardening

Undertake hardening of process control systems to prevent network based attacks.

Remove or disable unused services and ports in the operating systems and applications to
prevent unauthorized use.

Understand what ports are open and what services and protocols used by devices (especially
embedded devices such as PLCs and RTUs). This could be established by a port scan in a test
environment. All unnecessary ports and services should be disabled (e.g. embedded web
servers).

Ensure all inbuilt system security features are enabled.

Where possible restrict the use of removable media (e.g. CDs, floppy disks, USB memory sticks
etc.) and if possible removable media should not be used. Where it is necessary to use
removable media then procedures should be in place to ensure that these are checked for
malware prior to use.

Backups and recovery

Ensure effective backup and recovery procedures are in place, and are appropriate for the
identified electronic and physical threats. These should be reviewed and regularly tested.

Test the integrity of backups regularly through a full restore process. Store backups at on and
off site locations.

Media should be transported securely and stored in appropriately secure locations.

Physical security

Deploy physical security protection measures to protect process control systems and associated
networking equipment from physical attack and local unauthorized access.
A combination of protection measures is likely to be required which could include, drive locks,
tamper proof casing, secure server rooms, access control systems and CCTV.

Security patching

Implement processes for deployment of security patches to process control systems.

These processes should be supported by deployment and audit tools.

The processes should make allowance for vendor certification of patches, testing of patches
prior to deployment and a staged deployment process to minimize the risk of disruption from the
change.

Where security patching is not possible or practical, alternative appropriate protection measures
should be considered.

Personnel background checks

Ensure all staff with operational or administration access to process control systems are
appropriately screened.

Passwords and accounts

Implement and enforce a password policy for all process control systems that cover strength of
passwords and expiration times.

It is recommended that passwords are changed frequently, but where this is not possible or
practical, alternative appropriate protection should be considered.

Regularly review all access rights and decommission old accounts.

Where possible change vendor passwords from default settings.

Passwords may not be deemed necessary for some functions (e.g. view only mode).

Consider stronger authentication methods for critical functions.

Document security framework

Document a full inventory of the process control systems and components.

Document the framework that provides the security for the process control systems and
regularly review and update to reflect current threats.
This document should include details of the risk assessments, assumptions made, known
vulnerabilities and security protection measures deployed.

Ensure all process control system documentation is secured and access limited to authorized
personnel
Topic 4: INDUSTRIAL COMMUNICATION NETWORK

Introduction

Industrial communication refers to the wide range of hardware and software products and
protocols used to communicate between standard computer platforms and devices used in
industrial automation.

Although a communication circuit can involve only two pieces of equipment with a circuit
between them, the term network typically refers to connecting many devices together to permit
sharing of data between devices over a single or redundant circuit.

The industrial automation systems are often implemented as an open distributed architecture
with communication over digital communication networks.

It is now common for users connected to a local area network to communicate with computers
or automation devices on other local area networks via gateways linked by a wide area network.

As the industrial automation systems becomes large and the number of automation devices
increases, it has become very important for industrial automation to provide standards which
make it possible to interconnect many different automation devices in a standard way.

Considerable international standardization efforts have been made in the area of local area
networks. The Open Systems Interconnection (OSI) standards permit any pair of automation
devices to communicate reliably regardless of the manufacturer.

By definition, an industrial network requires geographical distribution of the physical

measurement I/O and sensors or functional distribution of applications. Most industrial networks
transfer bits of information serially.

Serial data transfer has the advantage of requiring only a limited number of wires to exchange
data between devices. With fewer wires, we can send information over greater distances.
Because industrial networks work with several devices on the same line, it is easier to add a
new device to existing systems.
To make all this work, our network must define a set of rules – a communication protocol -- to
determine how information flows on the network of devices, controllers, PCs, and so on.

With improved communication protocols, it is now possible to reduce the time needed for the
transfer, ensure better data protection, and guarantee time synchronization, and real-time
deterministic response in some applications.

Industrial networks also ensure that the system sends information reliably without errors and
securely between nodes on the network.

Network levels

The industrial automation systems can be very complex, and it is usually structured into several
hierarchical levels. Each of the hierarchical level has an appropriate communication level, which
places different requirements on the communication network.

Industrial networks may be classified in several different categories based on functionality:

field-level networks (sensor, actuator or device buses), control-level networks (control buses)
and information-level networks
Field level

The lowest level of the automation hierarchy is the field level, which includes the field devices
such as actuators and sensors.

The elementary field devices are sometimes classified as the element sublevel. The task of the
devices in the field level is to transfer data between the manufactured product and the technical
process.

The data may be both binary and analogue. Measured values may be available for a short
period of time or over a long period of time. For the field level communication, parallel, multi-
wire cables, and serial interfaces such as the 20mA current loop has been widely used from the
past.

The serial communication standards such as RS232C, RS422, and RS485 are most commonly
used protocols together with the parallel communication standard IEEE488.

Those point-to-point communication methods have evolved to the bus communication network
to cope with the cabling cost and to achieve a high quality communication.

Field-level industrial networks are a large category, distinguished by characteristics such as

message size and response time.

In general, these networks connect smart devices that work cooperatively in a distributed, time-
critical network. They offer higher-level diagnostic and configuration capabilities generally at the
cost of more intelligence, processing power, and price.

At their most sophisticated, fieldbus networks work with truly distributed control among
intelligent devices like FOUNDATION Fieldbus.

Common networks included in the devicebus and fieldbus classes include CANOpen,
DeviceNet, FOUNDATION Fieldbus, Interbus-S, LonWorks, Profibus-DP, and SDS.

Nowadays, the fieldbus is often used for information transfer in the field level. Due to timing
requirements, which have to be strictly observed in an automation process, the applications in
the field level controllers require cyclic transport functions, which transmit source information at
regular intervals.
The data representation must be as short as possible in order to reduce message transfer time
on the bus.

Control Level

At the control level, the information flow mainly consists of the loading of programs, parameters
and data.

In processes with short machine idle times and readjustments, this is done during the
production process. In small controllers it may be necessary to load subroutines during one
manufacturing cycle.

This determines the timing requirements. It can be divided into two: cell and area sublevels.

i) Cell sublevel:

For the cell level operations, machine synchronizations and event handlings may require short
response times on the bus. These real-time requirements are not compatible with time
excessive transfers of application programs, thus making adaptable message segmentation
necessary.

In order to achieve the communication requirements in this level, local area networks have been
used as the communication network. After the introduction of the CIM concept and the DCCS
concept, many companies developed their proprietary networks for the cell level of an
automation system.

The Ethernet together with TCP/IP (transmission control protocol/internet protocol) was
accepted as a de facto standard for this level, though it cannot provide a true real-time
communication.

Many efforts have been made for the standardization of the communication network for the cell
level.

The IEEE standard networks based on the OSI layered architecture were developed and the
Mini-MAP network was developed to realize a standard communication between various
devices from different vendors. Some fieldbuses can also be used for this level.

ii) Area sublevel:

The area level consists of cells combined into groups. Cells are designed with an application-
oriented functionality.
By the area level controllers or process operators, the controlling and intervening functions are
made such as the setting of production targets, machine startup and shutdown, and emergency
activities.

Control-level networks are typically used for peer-to-peer networks between controllers such
as programmable logic controllers (PLCs), distributed control systems (DCS), and computer
systems used for human-machine interface (HMI), historical archiving, and supervisory control.

Control buses are used to coordinate and synchronize control between production units and
manufacturing cells.

Typically, ControlNet, PROFIBUS-FMS and (formerly) MAP are used as the industrial networks
for controller buses.

In addition, we can frequently use Ethernet with TCP/IP as a controller bus to connect upper-
level control devices and computers.

Information level

The information level is the top level of a plant or an industrial automation system.

The plant level controller gathers the management information from the area levels, and
manages the whole automation system.

At the information level there exist large scale networks, e.g. Ethernet WANs for factory
planning and management information exchange.

Ethernet networks are used as a gateway to connect other industrial networks.

With respect to management Information System Communication in automated system, there

are three types of networks used:

Local Area Network (LAN)

Wide Area Network (WAN)

Metropolitan area network (MAN)

1) Local Area Network (LAN)

These types of networks connect network devices over a relatively short distance.

Quite often, a networked office building, home or school contains a single LAN although it is
normal to come across a building that contains a few small LANs.
On a few occasions, a LAN may also span over a group of nearby buildings. Such networks are
usually owned by one organization.

It interconnects computers and filed devices/peripherals over a common medium so users might
share access to host computers, database, files, applications and peripherals.

The following characteristics differentiate one LAN from another

Topology – The geometric arrangement of devices on the network e.g. star, ring etc.

Protocols – The rules and encoding specifications for sending data. The protocol also
determines whether the network uses peer to peer or client/server architecture.

Medium/media – Devices can be connected by twisted pain wire, coaxial cable, or fibre optic
cables. Some networks do without connecting media instead communicate through radio
waves.

2) Wide Area Network (WAN)

WAN is a data communication network that covers a relatively broad geographical area and
often uses transmission facilities provided by common carriers e.g telephone companies.

WAN technologies generally function at the lower layers of the OSI reference model (Open
system Interconnection) the physical layer, data link layer and network layer.

It’s used to connect LANs and other types of networks together so that users and computers in
one location can communicate with users and computers in other location.

LANs are connected to a WAN through a device referred to as a router. In IP networking, both
the LAN and WAN addresses are maintained by the router.

Most WANs exist under distributed or collective ownership and management and unlike the
LANs, are not necessarily owned by one organization.

3) Metropolitan Area Network (MAN)

This is a network that spans over a physical area like a city that is smaller than a WAN but
larger than a LAN.

Quite often, such computer networks are owned and operated by single entities such as
government bodies or large corporations

4) Controller Area Network (CAN)

The CAN protocol is a priority based bus network using a career sense multiple Access with
collision Avoidance (CSMA/CA) medium access scheme.

In this protocol, any station can access the bus when ever it becomes idle.

This is a communication protocol specification that defines parts of the OSI physical and data
link layer. It meets real-time requirements encountered in any industries. The network protocol
can detect and correct transmission errors caused by electromagnetic interference

It is suitable for industrial applications because:

Low cost

Suitability for harsh electrical environment

Good real-time capabilities

Ease of configuration

CAN is particularly well suited to networking smart I/O devices sensors and actuators either in a
single machine or plant.

Networks Models/Layers

Network model defines a set of network layer and how they interact. There are several different
network models depending on what organization/industry want.

The most important are:

The TCP / IP model

OSI network model

1. The TCP/IP model

TCP/IP (Transmission Control Protocol/Internet Protocol) is the basic communication language

or protocol of the Internet. It can also be used as a communications protocol in a private
network (either an intranet or an extranet).

TCP/IP is the de facto global standard for the Internet (network) and host–to–host (transport)
layer implementation of internet work applications because of the popularity of the Internet.

The TCP/IP (Transmission Control Protocol / Internet) is a layer protocol where it defines 4
layers’
 i) Network access/interface layer

It provides access to the physical-network. The purpose of a network interface is to allow your
PC to in order to access the wireless or fiber-optic network-infrastructure & send data to other
computer systems.

Its main function is to connect host and devices using some protocol so that data or IP packet
can transmit over it.

ii) Internet layer

Internet Layer provides connectionless communication across one or more networks. It is

concerned with network-to-network communication. This layer is responsible for addressing &
routing of data on the network.

It is used to allow hosts to insert packets into any network and have them to deliver
independently to the destination.

It specifies an official packet format and protocol known on internet protocol. Packet routing is
very essential task in order to avoid congestion.

iii) Transport layer

It provides the means for the transport of data segments across the Internet-layer. It is
concerned with end-to-end communication.

This layer sends the data to the internet-layer when transmitting & sends data to the
Application-layer when receiving.

It specifies 2 end-to-end protocol; TCP and UDP (Transmission Control Protocol and user
datagram protocol).

TCP is a reliable connection – oriented protocol that permits a byte stream originating on one
machine to be transported without error on any machine in the internet.

UDP is an unreliable, connectionless protocol for applications that do not want TCPs
sequencing on flow control and wish to offer their own.

iv) Application layer

It provides the user with the interface to communication. This Application layer is where web
browser, TELNET, FTP, email, or other client application runs. This layer sends to & receives
data from the transport-layer
The virtual terminal protocol (VTP) permits a user on one machine to log into a distant
machine and work there.

The file transfer protocol (FTP) permits a user on one machine to log into a distant machine
and work there. It offers a way to more data efficiently from one machine to another.

Electronic mail (simple mail transfer protocol (SMTP) sends emails to other computers that
support the TCP/IP protocol.

Advantages TCP/IP model:

It can be used to establish/set up connection b/w different types of computers.

It operates/works independently of the operating system.

It support for a number of routing-protocols.

It enables the internetworking between the organizations.

It has a scalable, client-server architecture.

Disadvantages:

It is complex to set up & manage.

Internetwork Packet Exchange (IPX) is faster than TCP/IP model.

The shallow/overhead of TCP/IP is higher-than IPX.

2. OSI network model

Developed by international standards organization (ISO) to standardize protocols used in

version (TCP/IP) layers.

The model is known as the OSI (open systems interconnectivity) reference model because
it is related with connecting open system i.e. systems that are open for communication with
other system.

It describes seven layers as they relate to one host computer communicating to another host
computer.

i) Physical layer

This is the lowest layer which describes the way actual data in the form of symbols that are sent
over a medium such as copper wire or fibre optic cabling. Item like signal level symbol
representation and connector pinout are defined at this layer. The main functions are

Hardware specification – the details of the physical cables, network interface cards, wireless
radios etc are part of this layer.

Encoding and signaling – How are the bits encoded in the medium is also decided by this
layer.

Data transmission and reception: the transfer of each bit of data and assures the
transmission of each bit with a high probability.

Topology and network design: the type of network topologies to be used and which part of the
network in the routes going to be placed, where the switches will be used etc.

ii) Data link layer

This layer provides reliable transmission of a packet by using the services of the physical
layer which transmits bits over the medium in an unreliable fashion.
 It maintains a reliable connection between adjacent nodes or stations over a physical
channel

To distinguish one from another, a method of node addressing must be defined.

To ensure only one node has access at any one time, a method of medium access control
(MAC) must be implemented.

Information sent over the data link layer is called frames. This layer is concerned with:

Framing – breaking input data into frames and caring about the frame boundaries and the size
of each frame (a few hundred bytes)

Acknowledgement: sent by receiving end to inform the source that the frame was received
without any error.

Sequence numbering – to acknowledge which frame was received.

Error detection: the frames may be damaged lost or duplicated leading to errors. The error
control is on link to link basis.

Retransmission – The packet is retransmitted if the source fails to receive acknowledgment.

Flow control – necessary for a fast transmitter to keep pace with a slow receiver.

iii) Network layer

It is concerned with logical addressing process of nodes and routing schemes. The basic
functions of the layer are routing and congestion control.

Routing deals with determining how packets will be routed (transferred) from source to
destination.

Congestion control involves the control of packets minimizing dropping of packets, transmitting
fine and delays.

It is required when communication must span multiple networks – interconnecting.

iv) Transport layer

This layer is concerned with the variable transmission of messages sent between two host
computers.

It is responsible for the end to end communication control. This is different from the data link
layer which only concerned with the transmission of frames.
A message usually requires many – frames to be sent before the complete message can be
received.

This requires fragmenting the message into many pieces to be re-assembled at the other end.
Missing fragments must be re-sent. The transport layer addresses this issue.

Other functions are:-

Multiplexing and de-multiplexing

Error control mechanism on end to end basis

Flow control – regulate flow of information

Connection establishment / release.

v) Session layer

The layer is concerned with the establishment and termination of communication sessions
between processors in host computers.

It also ensures that the data transfer starts from where it breaks, keeping it transparent to the
end user.

vi) Presentation layer

The presentation layer translates the format of data between sender and receiver.

It is responsible for the data interpretation, which allows for inter- operability among different
equipments.

vii) Application layer

This layer provides the services that are required by specific applications. It contains application
protocols with which the user gains access to the network.

The choice of which specific protocols end their associated functions are to be used at the
application level is up to the individual user. For example commonly used protocols or HTTP( for
web browsing), FTP (or file transfer)

HTTP – Hyper text transfer protocol – permits applications such as browser to upload and
download web pages.
Operation of OSI layer

From the figure, if a node wants to sent a data packet from the application, it must first call for
the sending service of its application layer which in turn will call the sending function in the next
layer, and so on till the data is sent at the physical medium to other node.

This node will reverse the sequence till the received data reaches the application. Layer of its
node then to the application which will use this data.

Any communication system that is based on the OSI seven layer has high flexibility and
compatibility with product from different vendors.

However OSI system is often too complex for network architecture hence has a considerable
overhead in both the communication and the processing.

Strictly speaking, a network requires only layers 1, 2, and 7 of the protocol model to operate.

In fact, many device bus networks use only these three layers. The other layers are added only
as more services are required (e.g., error-free delivery, routing, session control, data
conversion, etc.).

Most of today’s local area networks contain all or most of the OSI layers to allow connection to
other networks and devices.
Advantages:

It provides wide variety of choice.

It does not depend or rely on a specific computer system.

It interprets the product functionality at each-stage.

It encrypts the data for security purpose.

It is easy to add multiple-network models.

Disadvantages:

Many applications do not require/need the data integrity, which is provided by OSI-model.

In order to fast set up OSI requires agreement between three-parties: users & service provider.

Complex.

This model is not adapted at all to telecommunication applications on computer.

3. Field bus model

Due to complexity of the OSI model, modification has been done on the industrial networks,
where only three layers are left.

The resulting fieldbus is referred to as a 3 – layer architecture. These layers are:-

Application layer

Data link layer

Physical layer
Several characteristics and functions in the data link layer are key to the distributed real time
control capabilities of fieldbus.

The data link layer is based on a token passing protocol.

The Link Active Scheduler (LAS) is a centralized device that acts as the arbitrator of the bus.

The LAS executes a schedule that makes possible deterministic communication.

The LAS distributes time to the network to permit all devices to share the same sense of time.

The user application layer defines blocks that represent the functions and data available in a
device.

Rather than interface to a device through a set of commands as commonly used with
communication protocols, fieldbus user interacts with device through a set of blocks that define
device capabilities in a standardized way.

The data link layer has important aspect which is medium access control.

Medium Access Control (MAC)

In a field bus or industrial network, several stations share the same communications media in
order to save wiring costs. However, since the medium is shared, not all devices can
communicate simultaneously.

Therefore there must be rules to govern who gains access to the medium and those rules are
called medium access control (MAC). Thus MAC addresses identify network devices in LANS.

This process of media access requires that each node be able to shut down its transmitter
without interfering with the network’s operation.

This can be done in one of the following ways:

with a modem that can turn off its carrier

with a transmitter that can be set to a high independence state

with a passive current-loop transmitter, wired in series with the other transmitters, that shorts
when inactive

Although many access methods exist, the most commonly used ones are polling, collision
detection, and token passing.
Polling

The access method most often used in master/slave protocols is polling.

In polling, the master interrogates, or polls, each station (slave) in sequence to see if it has data
to transmit. The master sends a message to a specific slave and waits a fixed amount of time
for the slave to respond.

The slave should respond by sending either data or a short message saying that it has no data
to send. If the slave does not respond within the allotted time, the master assumes that the
slave is dead and continues polling the other slaves.

Interslave communication in a master/slave configuration is inefficient, since polling requires

that data first be sent to the master and then to the receiving slave.

Since master/slave configurations use this technique, polling is often referred to as the
master/slave access method.

Carrier Sense, Multiple Access (CSMA)

The basic media access method that uses first-come-first served principle.

It is probabilistic media access control (MAC) protocol in which a node verifies the absence
other traffic before transmitting on a shared transmission medium, such as an electrical bus or a
band of the electromagnetic spectrum.

It is based on the principle sense before transmitting or ‘listen before talk’.

CSMA/CD collision detection – performance by terminating transmission as soon as a

collision detected, thus shortening the time required before a retry can be attempted.

This method handles collision as they occur, but if the bus is constantly busy, collision can occur
so often that performance drops drastically. Thus this method works well as long as the network
does not have an excessive amount of traffic.

CSMA/CA collision avoidance – is used to improve the performance by attempting to be less

‘greedy’ on the channel.

If the channel is sensed busy before transmission then the transmission is differed for a random
interval.

If the channels sensed ‘idle’ then the station is permitted to transmit. Once the channel is
clear a station sends a signal telling all other stations not to transmit, and then sends its packet.
Token passing protocol

With this approach, each participant to the network is guaranteed some time to transmit a
message on a permission basis.

This permission occurs when a participant receives the one token that exist in the network
(token is a small frame)

The token is passed from one participant to another in a circular fashion in what is called logical
ring.

Once a participant receives the token, the participant must initiate a transmission or pair the
token to the next participant in an orderly fashion.

The token is usually passed from one participant to another with the highest address regardless
of the next participant’s physical location.

The participant with the highest address will pair the token to a participant with the lowest
address.

It’s not necessary to have one master to hand out the token.

Participant could be peer to one another and simply agree that they will not possess the token
for more time than previously agreed.

Token passing networks are deterministic, which means that its possible to calculate the
maximum time that will pair before any end station will be capable of transmitting.

Token ring networks are ideal for application, in which delays must be predictable and robust
network operation is important.

Factory automation environment are examples of such applications.

Physical layer

Physical layer is concerned with transmitting raw bits over a communication channel.

Types of medium

Medium can be classified into two categories

Guided media – means that signals is guided by the presence of physical media i.e. signals are
under control and remains in the physical wire e.g. copper wire

Unguided media – means that there is no physical path for the signal to propagate. This is
done through electromagnetic waves.
Communication links

In a network nodes are connected through links.

The communication through links can be classified as

Simplex – communication can take place only in one direction e.g. radio, T.V

Half duplex – communication can take place in one direction at a time. Suppose node A and B
are connected, then half duplex communication means that at a time data can flow from A to B
or from B to A but not simultaneously.

Full duplex – communication can take place simultaneously in both direction mobile phone.

Links can be further classified as

Point the point – in this communication only two nodes are connected to each other side and
non else.

Multipoint – It is a kind of shaving communication in which signals can be received by all nodes.
This is also called broadcast.

Media standard

Industry standard for communications media define both the physical and electrical (or optical)
characteristics of both the conductors and the connectors used to mate them to communication
ports.

Some common network conductor, physical standards and then characteristics are listed
below:-
Standard Conductor Connection Transmission Maximum Typical
designation type speed distance application

RS – 232 Copper Point to 265 kbps 15m Laptop

M/C with point comp to
a pin PLC
connector

RS – 485 Copper Multi-drop 10 mbps 1000m PLC to field

UTP or devices
STD

CAT 5 Copper Multi-drop 100 mbps Depends PLC to PLC

UTP or on
STD protocol

RG 6 Copper Multi-drop 5 mbps 1000m PLC to PLC

coax video

Single Point to 1 Gbps 50km No typical

mode point applications
fibre

Multi- Point to 1 Gbps 1000m PLC to

mode point control
fibre Room and
PLC to PLC

In guided transmission media, two kind of materials used:

Copper – twisted pair

Coaxial fibre

Optical fibre

Twisted pair

Twisted pair cabling is a type of wiring in which two conductors of a single circuit are twisted
together for the purposes of canceling out electromagnetic interference (EMI) from external
sources.

The wires are twisted together in a helical form and the purpose of twisting is to reduce
crosstalk interference between neighbouring pairs.

Twisted pair is much cheaper than coaxial cable but it is susceptible to noise and
electromagnetic inference and attenuation is large.
When electrical current flow through a wire, it creates a small, circular magnetic field around the
wire.

When two wires in an electrical circuit are placed close together, their magnetic fields are the
exact, opposite of each other.

Thus the two magnetic fields cancel each other out. They also cancel out any outside magnetic
fields. Twisting the wires can enhance this cancellation effect.

Twisted pair can be further classified into two categories:

Unshielded twisted pair (UTP)

Shielded Twisted Pair (STP)

Unshielded twisted pair (UTP)

UTP cable is a medium that is composed of pairs of wires and used in variety of networks.

Each of the eight individual copper wires in UTP cable is covered by an insulating material. In
addition the wires in each pair are twisted around each other.

UTP cable must follow precise specification governing how many twists or braids permitted per
meter of cable

It is often installed using a registered Jack 45 (RJ 45) connector. The RJ-45 is an eight wire
connector used commonly to connect computers into a LAN especially Ethernets.

When used as a networks, UTP cable has four pairs of either 22 – or 24 American wire gauge
(AWG) copper wire.

UTP used as a networking medium has an impedance of 1000 ohms whereas for telephone is
6000.

Commonly used type of UTP cabling are as follows:-

Category (CAT 1) used for telephone communication. It is not suitable for transmitting data.

Category 2 (CAT 2) capable of transmitting data at speed up to 4 megabits per sec (mbps)

Category 3 (CAT 3) used in 10 BASE – T network. It can transmit data at speeds up to

10mbps, with a possible bandwidth of 16mhz.
 Category 4 (CAT 4) used in token ring, 10 BASE – T networks. It can transmit data at
speeds up to 16mbps and performance of up to 20mhz

Category 5 (CAT 5). This type of cable is used in structured cabling for computer network
such as Ethernet. The cable standard provides performance of up to 100mhz and suitable
for 10 BASE-T, 100 BASE – TX(fast Ethernet) and 1000 BASE-T (Gigabit Ethernet)

Category 5e (CAT 5e) – category 5 enhanced used in network running at speeds up to 1000
mbps (1Gbps) in category 6 (CAT 6) – consist of four pairs of 24 American wire gauge
(AWG) copper wire. It provides lower crosstalk, a higher signal to noise ratio, and are
suitable for 10 GBASE – T (10- Gigabit Ethernet)

Category 6 (CAT 6) patch cable is normally terminated in 8P8C module connectors (RJ 45).

Category Speed Use

1 1 Mbps Voice Only (Telephone Wire)

2 4 Mbps LocalTalk & Telephone (Rarely used)

3 16 Mbps 10BaseT Ethernet

4 20 Mbps Token Ring (Rarely used)

100 Mbps (2 pair) 100BaseT Ethernet

5
1000 Mbps (4 pair) Gigabit Ethernet

5e 1,000 Mbps Gigabit Ethernet

6 10,000 Mbps Gigabit Ethernet

Connectors use either T568A or T568B pin assignment, although performance is comparable
provided both ends of a cable are the same. RJ45 or 8P8C connector is clipped from left to right
with the plastic latching tab facing away from the viewer. (8P8C – eight positions, eight
conductors)
PIN T568A T568B T568 A T568B

PAIR PAIR COLOUR COLOUR

1 3 2 White green White orange

2 3 2 Green Orange

3 2 3 White orange White green

4 1 1 Blue Blue

5 1 1 White blue White blue

6 2 3 Orange Green

7 4 4 White brown White green

8 4 4 Brown Brown

The following summarizes the features of UTP cable

Speed and throughput – 10 – 1000 mbps

Average cost per node – least expensive

Media and connector size – small

Maximum cable length – 100m (shout)

ii) Shielded twisted pair cable (STP)

This cable combines the technique of shielding cancellation and wire twisting.

Each pain of wire is wrapped in a metal foil. The foil pairs of wires are then wrapped in an
overall metallic braid or foil usually 150R cable.

As specified for use in Ethernet network installation, STP reduces electrical noise both within
the cable (pair to pair coupling or cross talk) and from outside the cable (EMI or RFI).

STP usually is installed wire STP data connector which is created especially for the STP cable

However, STP cabling can also use the same RJ connector that UTP cable uses.

Although STP prevents interference better than UTP, it is more expensive and difficult to install.

In addition, the metallic shielding must be grounded at both ends. If it’s improperly grounded,
the shield acts like an antennae and picks up unwanted signals.
Because of its cost and difficulty with termination, STP is rarely used in Ethernet network.

The feature of STP cable are:-

Speed and throughput – 10 to 100 mbps

Average cost per node – moderately expensive

Media and connect to site – medium to large

Maximum cable length – 100m (short)

2. Coaxial cable (coax)

It consists of a hollow other cylindrical conductor that surround a single inner wire made of two
conducting elements.

One of these elements, located in the centre of the cable is a copper conductor surrounding the
copper is a layer of flexible insulation.

Over this insulating material is a woven copper braid or metallic foil that acts both as the second
wire in the circuit and as shield for the inner conductor.

This second layer or shield can help reduce the amount of outside interference.

BNC connector

The cable supports 10 to 100 mbps and relatively

cheap. It can be cabled over longer distances than
the twisted-pair cable.

It lowers with variety of sizes; the largest diameter (1cm) is specified for use as Ethernet
backbone cable because it has greater transmission length and noise rejection characteristics.
Mostly referred as thicknet coaxial cable with outside diameter of 0.3cm is thin net.

The most common connectors used with thinnet are British Naval Connector (BNC) or (Bayonet
Neill Concelman)

The basic BNC is a made type mounted at each end of a cable.

This connector has T centre Pin connected to the centre cable conductor and a metal tube
connected to the outside cable shield.

A rotating ring outside the tube locks the cable to any female connectors.

Optical fibre
It’s a glass or plastic fibre designed to guide light along its length. The optic fiber therefore
acts as a conduit (or wave-guide) for pulses of light generated by a light source.

The light source is typically either an injection laser diode (ILD) or LED operating at wavelengths
of 0.85, 1.2 or 1.5 µm (micrometers). The optic fiber is coated with a protective colored sheath
to provide stability and allow easy identification.

Fibre optics is widely used in fibre optic communication, which permits transmission over longer
distance and at higher data rates.

Light is kept in the core of the optical fibre by total interval reflection. This causes the fibre to
act as a wave guide.

A transverse mode of a beam of electromagnetic radiation in a particular intensity pattern of

radiation measure in a plane perpendicular (i.e transverse) to the propagation direction of the
beam.

Transverse modes occur because of boundary condition imposed on the wave by the wave
guide.

Fiber optic cables offer the following advantages over other types of transmission media:

Light signals are impervious to interference from EMI or electrical crosstalk

Light signals do not interfere with other signals

Optical fibers have a much wider, flatter bandwidth than coaxial cables and equalization
of the signals is not required

The fiber has a much lower attenuation, so signals can be transmitted much further than
with coaxial or twisted pair cable before amplification is necessary

Optical fiber cables do not conduct electricity and so eliminate problems of ground loops,
lightning damage and electrical shock

Fiber optic cables are generally much thinner and lighter than copper cables

Fiber optic cables have greater data security than copper cables

Fibres which support only a single mode are called single mode fibre while fibres which support
many propagation paths or transverse modes are called multimode fibre.
Single mode fibre

It supports one confined transverse mode by which light can propagate along the fibre.

They are used for most communication links longer than 200 metres single modem fibre is used
in many applications when data is sent at multi-frequent (WDM – wave division multiplexing)

So only one cable is needed.

Multimode fibre

Multimode fibre supports many propagation path end generally have a larger diameter core.

It is used for short distance communication links or for application when high power must be
transmitted.

As each mode travels at its own propagation velocity, multimode fibre suffers from modal
dispersion which limits the maximum length a signal can be transmitted through it.

There are two types:

Step Index multimode

Graded Index multimode

i) Step Index Multimode fibre

A refractive index profile characterized by a uniform refractive index within the core or a sharp
decrease in refractive Index at the core – clad interface.

In a step index multimode fibre, rags of light are guided along the fibre core by total internal
reflection.

Rays that meet the core-cladding boundary at a high angle, greater than the critical angle for
these boundaries are completely reflected.

ii) Graded Index multimode fibre

An optical fibre whose core has a refractive index that decreases with increasing radial distance
from the fibre axis which causes light rays to follow sinusoidal path down the fibre.

The resulting curved paths reduce multipath dispersion because high angle rays pass more
through the lower index periphery of the core, rather than the high – index centre.

The idea index profile is very close to a parabolic relationship between the index and the
distance from the axis.

Wireless media

Wireless media carry electromagnetic signal at radio and microwave frequencies that represent
the binary digits of data communications.

Wireless networks are useful for the following situation:

Spaces where cabling would be impossible or inconvenient

Temporary installations.

Transmission and reception are achieved using an antenna transmitter sends out the EM signal
into the medium. Receiver picks up the signal from the surrounding medium.

Directional Transmission – Transmitter sends out a focused EM beam. Transmitter end

receiver antennae must be carefully aligned. It is more suitable for higher frequency signal.

Omni directional transmission – Transmitted signals spread out in all directions. It may be
received by many antennae

There are several ways of transmission

Radio – This is effective for short ranges and is in expensive and easy to install. Depending on
frequency radio offers different bandwidth. Wireless local area networks use a high-frequency
radio technology similar to digital cellular and a low-frequency radio technology. Wireless LANs
use spread spectrum technology to enable communication between multiple devices in a limited
area. IEEE 802.11 defines a common flavor of open-standards wireless radio-wave technology
known as Wifi.

Some of limitations are: can create interference with communication devices, susceptible
to eavesdropping.

Terrestrial microwave – two antennae are used for communication. A focused beam emerges
from an antennae and is received by the other antenna, provided that antenna’s should be
facing each other with no obstacle in between due to curvature of earth terrestrial microwave
can be used fro long distance communication with high bandwidth.

Terrestrial microwave communication uses Earth-based transmitters and receivers

resembling satellite dishes. Terrestrial microwaves are in the low-gigahertz range, which
limits all communications to line-of-sight. Relay stations are spaced approximately 48 km
(30 mi) apart.

Satellites – satellite acts as a switch in sky. On earth VSAT (very small aperture terminal) are
used to transmit and receive data from satellite. Satellites communicate via microwave radio
waves, which are not deflected by the Earth's atmosphere. The satellites are stationed in space,
typically in geosynchronous orbit 35,400 km (22,000 mi) above the equator. These Earth-
orbiting systems are capable of receiving and relaying voice, data, and TV signals.

Cellular radio technology: defined cellular service areas around a radio transreceiver and
computerized control. It uses several radio communications technologies. The systems divide
the region covered into multiple geographic areas. Each area has a low-power transmitter or
radio relay antenna device to relay calls from one area to the next area.
Infrared communication: can transmit signals for small distances, typically no more than 10
meters. In most cases, line-of-sight propagation is used, which limits the physical positioning of
communicating devices.

Types of wireless network

The IEEE and telecommunication industry standard for wireless data communications cover
both the data link and physical layers.

For common data communication standards that apply to wireless media are:-

Standard IEEE 802.11- Commonly referred to as Wi-Fi, is a wireless LAN (WLAN) technology
that uses a contention or non deterministic system with a carrier sense multiple access /
collision avoidance (CSMA/CA) media access process

Standard IEEE 802:15 – Wireless Personnel Area Network (WPAN) standard, commonly
known as “Bluetooth’ uses a device pairing process to communicate over distances from 1 to
10 metres.

Standard IEEE 802.16 – Commonly known as WiMAX (Worldwide Interoperability for

Microwave Access) uses a joint to multipoint topology to provide wireless broadband access.

Global System for Mobile Communication (GSM) – includes physical layer specification that
enable the implementation of the layer 2 general packet radio service (GPRS) protocol to
provide data transfer over mobile cellular telephoning network.

The physical layer specification are applied to areas that include –

Data to radio encoding

Frequency and power transmission

Signal reception and decoding

Antenna design and construction

Wireless LAN

A Common wireless data implementation is enabling devices to wirelessly connect via a LAN.

In general, a wireless LAN requires the following network devices:-

Wireless access point (WAP) – concentrates the wireless signals from users and connects
usually through a copper cable, to the existing copper based network infrastructure such as
Ethernet.

Wireless NIC adapter – provides wireless communication capability to each network host.

There are a number of WLAN Ethernet-based standards used:

IEEE 802:11a - Operates in the 5 GHZ frequency band at speed of up to 54 mbps. It covers
smaller areas and less penetrating building structures.

IEEE 802:11b - operates in the 2.4 GHZ frequency band at speed of up to 11mbps. It has
longer range and able to penetrate building structures.

IEEE 802.11n – operates in 2.4 GHz frequency band ac data rates 100 to 210 mbps with
distance range of 70m.

Standar Max Typical

d Speed Range

802.11a 54 Mbps 50 m

802.11b 11 Mbps 100m

802.11g 54 Mbps 100m

802.11n 100 Mbps 100m +

Advantages of wireless networks:

Mobility - access can be available throughout industry or organization. More and more
businesses are also offering free WiFi access ("Hot spots").

Fast setup - If your computer has a wireless adapter, locating a wireless network can be as
simple or will connect automatically to networks within range.

Cost - Setting up a wireless network can be much more cost effective than buying and installing
cables.

Expandability - Adding new nodes to a wireless network is as easy as turning the node on (as
long as you do not exceed the maximum number of devices).
Disadvantages of wireless networks:
Security – susceptible to security breach. Protect sensitive data with backups, isolated private
networks, strong encryption and passwords, and monitor network access traffic to and from
wireless network.

Interference - Because wireless networks use radio signals and similar techniques for
transmission, they are susceptible to interference from lights and electronic devices.

Inconsistent connections - Because of the interference caused by electrical devices and/or

items blocking the path of transmission, wireless connections are not nearly as stable as those
through a dedicated cable.

Speed - The transmission speed of wireless networks is improving; however, faster options
(such as gigabit Ethernet) are available via cables.

LOCAL AREA NETWORKS (LAN)

LAN interconnects computer and devices over a common medium so users share access to
host computers, databases, files, applications and peripheral.

The following characteristics differentiate one LAN from another.

Topology

Protocol

Media

The four primary devices used in LAN are:

Hubs

Bridges

Switches

Routers

There devices operates on the following layers:

OSI layer 1 (physical) – Hubs, repeaters. Hubs are considered to be multi-port repeaters

OSI layer 2 (data link) bridges switches

OSI layer 3 (network) – routers.

LAN transmits in three modes

Unicast – a single packet is sent from the source to a destination on a network. The source
node addresses the packet by using the network address of the destination node.

Multi-cast – A single packet is copied and forwarded to a specific subset of nodes on the
network. The source node addresses the packet by using a multicast address. The packet
is then sent to the network, which makes copies of the packet and sends a copy to each
segment with a node that is part of the multicast address.

Broadcast. This is the term used to describe communication where a piece of information is
sent from one joint to all other points. In this case there is just one sender, but the
information is sent to all connected receivers. Broadcast transmission is supported on most
LANS and may be used to send the same message to all computers on the LAN.

LAN Topologies

A network topology is the basic design of a computer network.

Networking is a collection of computers or other hardware devices that are connected together
either physically or logically, using special hardware and software, to allow them to exchange
information and cooperate.

Topology which is a pattern of interconnection among nodes influences a networks cost and
performance.

There are several topologies used:

Point to point topology

Bus topology

Star topology

Ring topology

Mesh topology

Star topology

It is a physical topology in which a multiple nodes are connected to a central component

known as Hub. Signals are transmitted and received through the hub. The hub may actually
be a file server, central computer that contains a centralized file and control system with all
its nodes attached directly to the server.
Advantages

Network runs even if one host fails

More suitable for larger network

It is easier to add or remove nodes, and to modify the cable layout

Network administration and error detection is easier because is isolated to central node.

Disadvantages

Installation costs are high because each node needs to be connected to the central switch

If the hub fails the entire network fails

Broadcasting and multicasting is not easy.

Bus topology

Bus consists of a single cable called a backbone that connects all workstation on the
network using a single line.

All transmissions must pass through each of the connected devices to complete the desired
request.

Each workstation has its own individual signal that identifies it and allows for the requested
data to be returned to the correct originator
Advantages

Broadcasting and multicasting is much simpler

It is simple and flexible

It is easy to extend a bus topology by adding or removing nodes from a bus

Least expensive since less amount of cabling is required and no network switches are required.

Disadvantages

Limited in size and speed

There can be a security problem, since every node may see every message – even those that
are not destined for it , sniffing is easier

Diagnosis / troubleshooting (fault-isolation), can be difficult, since the fault can be anywhere
along the bus.

There is no automatic acknowledgment of messages, since messages get absorbed at the end
of the bus and do not return to the sender.

The bus cable can be a bottleneck when network traffic gets heavy. This is because nodes can
spend much of their time trying to access the network.

Ring topology - All the nodes in a ring network are connected in a closed circle of cable
messages that are transmitted travel around the ring until they reach the computer that they are
addressed to the signal being refreshed by each node.

In a ring topology, the network signal is passed through each network card of each device and
passed on to the net device
 Advantages

Has minimum cable requirement

Each node can regenerate the signal

Broadcasting and multicasting is simple since you just need to send out one message.

The message can be automatically acknowledged.

Disadvantages

Failure of one node brings the whole network down

Diagnosis/troubleshooting (fault isolation is difficult)

Adding or removing nodes disrupts the network

Mesh topology

This is a topology where each node must not only capture and disseminate its own data but also
serve as a relay for other nodes i.e. it must collaborate to propagate the data in the network.

A mesh network whose nodes are all connected to each other is a fully connected network.

Advantages

Point to point line configuration makes identification and isolation of faults easy.

Network can be easily expanded

If one node fails, other continue to work

It is more secure

Disadvantages
 Quite expensive due to cabling and installation cost is high.

LAN Network devices

These devices interconnect individual computers and ensure that they communicate efficiently.

Network interfaces, hubs, bridges, switches, routers and firewalls work together in a number of
ways to create these different kinds of network roadways.

The functions of network devices are:

To regulate the speed at which the network information travels

To manage the flow of traffic, opening, closing or directing it to specific streets as the need
arises.

To help protect sensitive information within the network.

i) Network Interface card (NIC)

This is a chipset on PCB that provide physical access from the node to the LAN medium.

Its responsible for fragmenting the data transmission and formatting the data packets with the
necessary header and trailer.

It function at the lower two layers of OSI model, that is both an OSI layer 1 (physical layer) and
layer 2 (data link layer) device, as it provides physical access to a networking medium and
provides a low-level addressing system through the use of MAC addresses. It allows users to
connect to each other either by using cables or wirelessly

It contains a microprocessor that can relieve the attached device of some routine.

.
ii) Bridges

A bridge is a device that connects two or more local area network or two or more segments of
the same network.

Bridge connects two networks (e.g 10 BASET Ethernet and Local Tank Connection) so that they
can share information with each other.

In addition to connecting networks, they filter information so that network traffic intended for one
portion of the network does not congest the rest of network.

Bridges may consist either standalone hardware devices or of software running on a client or
server.

Like switches, bridges learn the MAC addresses of all connected clients, servers and
peripherals and associate each address with a bridge port (network connection).

When a bridge (or switch) receives an incoming frame, it opens and reads its destination MAC
address.

If the port that will receive the frame is different from the port connected to the sender, the
bridge drops the frame.

If the bridge cannot determine which port is associated with a destination address, it passes the
frame along to all ports.

iii) Hubs

This is a small box that gathers the signal from each individual device optionally amplifies each
signal and then sends the signal out to all other connected devices.

Amplification helps to ensure that devices on the network receive variable information. Hubs are
also called concentrators or repeaters.
They come in various sizes, 12 port or 24 port etc. All the client, servers and peripherals
connected to a hub (or to a set of interconnected hubs) share the bandwidth (data delivery
capacity) of that network.

They form a single collision domain – on area of an Ethernet network in which data sent to or
from a device may potentially collide with the data from other devices.

iv) Switches

Like a hub, an Ethernet switch is a device that gathers the signals from devices that are
connected to it, and then regenerates a new copy of each signal.

Switches are more powerful than hubs and can substantially increase the network performance

Most common switches operate by learning the MAC addresses of all connected clients, servers
and peripheral and associating each address with one of its ports.

When a switch receives an incoming signal it creates a temporary circuit between the sender
and receiver.

The temporary circuit provides two important benefits.

The circuit allows the sender and receiver momentarily to exchange information without
intrusion from other devices on the network.

The circuit ensures the information travels directly between the communicating computers.

The switch installed should be compatible with physical network and data link protocols.

v) Routers

Like bridges, routers are devices whose primary purpose is to connect two or more networks
and to filter network signals so that only desired information travels between them.

Routers regulate network traffic more precisely and are aware of many possible paths across
the network and can choose the best one for each data packet to travel.
They operate primarily by examining incoming data for its network routing and transport
information.

This information includes the source and destination network routing addresses.

Routers can be programmed to prevent information from being sent to or received from certain
networks or computers based on all or part of their network routing addresses.

vi) Multiplexers

Multiplexers (mux) acts as both concentrators and contention devices that enable multiple
relatively low speed terminal devices to share a single high capacity circuit (physical path)
between two points in a network.

vii) Modems

These are devices that allow digital data signals to be transmitted across an analogue link.

Modem stand for Modulator Demodulator, and it changes signal to an analogue frequency and
send this tone across the analogue link.

At the other end, another modem receives the signal and converts it back to digital.

viii) Wireless Access Point (WAP)

WAP is a device that allows wireless communication devices to connect to a wireless network
using WI-FI, blue tooth or related standard.

The WAP usually connects to a wired network, and can relay data between the wireless devices
and wired devices or the network.

ix) Amplifiers and repeaters

Electromagnetic energy attenuates over a distance whether the energy passes through a
conductor or air. In addition to attenuating, the signal accumulates noise as it transverse the
network, the amplifier boosts the noise along with the signal. The resulting signal to noise ratio
(SNR) can produce unacceptable results.

These boosting units receive a weakened incoming signal and transmit a stronger outgoing
signal, which propagates across the network, weakening until it reaches other boosting unit, and
so on.

Analog networks make use of devices known as amplifiers. Digital networks employ repeaters

Amplifiers are spaced every 6km or so in a typical analog voice. The exact spacing is sensitive
to: transmission medium and carrier frequency which affects bandwidth, transmission speed
and attenuation level.

The repeater essentially generates the binary value (10 rO) of the weak incoming signal based
on its relative voltage level and regenerates a strong signal of the same value without noise.
This process enhances the signal quality.

Repeaters are spaced at approximately the same intervals as amplifiers.

Because repeaters work with the actual physical signal, and do not attempt to interpret the data
being transmitted, they operate on the physical layer, the first layer of the OSI model.
x) Fire wall

A firewall is part of a computer system or network that is designed to block unauthorized access
while permitting actual communication.

It is also a device or set of devices configured to permit, deny, encrypt, decrypt or proxy all
computer traffic between difficult security. Domain based upon a set of rules and other criteria.

It can be implemented in both hardware or software or a combination of both.

Firewalls can be an effective means of protecting a local system or network of systems from
network based security threats while at the same time affording access to the outside world via
wide area networks and the internet.

Firewall provides an additional layer of defense, insulating the internal systems from external
networks.

Firewall has the following capabilities.

A firewall defines a single choke point that keeps unauthorized user out of the protected
network, prohibits potentially vulnerable services from entering or leaving the network and
provides protection from various kinds of IP Spooting and routing attacks.

A firewall provider a location for monitoring security related events. Audit and alarm can be
implemented on the firewall system.

A firewall is a convenient platform for several internet functions that are not security related.

However firewalls have their limitations including:-

It cannot protect against attacks that by passes the firewall

It may not protect fully against internal threats such as a disgruntled employee.

An improperly secured wireless LAN may be accessed from outside the organization.

A firewall may act as a packet filter. It can operate as a positive filter, allowing passing only
packets that meet specific criteria or as a negative fitter, rejecting any packet that meets certain
criteria.
Types of firewalls

Packet filtering firewalls

It applies a set of rules to each incoming and outgoing IP packet and then forwards or discards
the packet. It is typically configured to filter packets going in both direction (from and to the
internal network)

It generally falls into two subcategories; stateful and stateless.

Stateful firewalls maintain context about active section, and use that state information to speed
packet processing. If a packet does not watch on existing connection, it will be evaluated
according to the ruleset for new connections.

Stateless firewalls require less memory and can be faster for simple filters that require less
time to filter them to look up a session.

The major advantage of packet filtering firewalls is its simplicity. Also, packet filters typically are
transparent to user end are very fast..

However packet filtering firewall has the following weaknesses:-

Most do not support advanced user authentication schemes

It is vulnerable to attacks and exploits that take advantage of problems within the TCP/IP
specification and protocol stack such as network layer address spoofing.

It is susceptible to security breaches caused by improper configuration.

It does not examine upper layer data, hence it cannot prevent attacks that employ application

2) Application – level firewall

Also called application proxy, acts as a relay of application – level traffic.

The user contacts the gateway using TCP/IP application and the gateway asks the user for the
name of the remote hot to be accessed.

It works on the application level of the TCP/IP stack and may intercept all packets traveling to or
from an application.

They block other packets (usually dropping them without acknowledgement to the sender)

It functions by determining whether a process should accept any given connection. It

accomplishes their function by hooking into socket cause to filter the connection between the
application layer and the lower layer of the OSI model.
It work much as like a packet filter but application filters apply filtering rules (allow/block) on a
per process basis instead of filtering connections on a per port basis.

The major advantages of these fire walls are:

It is more secure than packet filters

It is easy to log and audit all incoming traffic at the application level.

However the disadvantage is:

The additional processing overhead on each connection.

3) Proxies

A proxy server may act as firewall by responding to put packets (connection requests) in the
manner of an application, while blocking other packets.

It is a gateway from one network to another for a specific network application in the sense that it
functions as a proxy on behalf of the network user.

Proxies make tampering with an internal system from the external network more difficult and
misuse of one internal system would not necessarily cause a security breach exploitable from
outside the firewall.
Protocols and standards

Protocol is a kind of agreement about the exchange of information in a distributed system. It is a

set of rules that two or more devices must follow if they are to communicate with each other.

Protocol includes everything from the meaning of data to the voltage levels on connection wires.

A network protocol defines how a network will handle the following problems and tasks:

communication line errors

flow control (to keep buffers from overflowing)

access by multiple devices

failure detection

data translation

interpretation of messages

Networking standards can be classified as proprietary, open or de facto

Proprietary standards are owned by one particular organization.

If that organization has sufficient market clout and the industry lacks alternative to its standard, it
may be adopted the whole industry, becoming a de facto standard.

Open standard are not owned by any one – they are created by neutral organizations to
ensure that compatible products can be designed and developed by many different companies.

Serial Interface Standards

Many devices used in industrial applications use EIA standards RS – 232, RS 422 or RS 485 to
connect to computers and to one another.

The EIA RS–XXX standard specifies only the electrical characteristics – not the software
protocol

The whole purpose of a serial interface is to provide a single path for data transmission
wirelessly or a over a cable.

Serial interfaces can be used to provide standardized logic levels from transmitter to receiver,
define transmission medium and connectors and specify timing and data rates.
The definition of logic levels, medium and connectors is part of layer 1 of OSI model (physical
layer) while data handling is part of MAC layer or layer 2(Data link layer)

Type of transmission lines unbalanced Differential Differential

Max number of drivers 1 1 32

Max number of receivers 1 10 32

Max cable length (m) 15m 1.5km 1.2km

Max data rate 20kbps 10mbps 10mbps

i) Rs 232

The RS-232 interface standard (officially called TIA-232) defines the electrical and mechanical
details of the interface between Data Terminal Equipment (DTE) and Data Communications
Equipment (DCE), which employ serial binary data interchange.

The current version of the standard refers to DCE as Data Circuit-terminating Equipment.

Its used for many purposes such as connecting mouse, printer as well as industrial
instrumentation

RS – 232 is limited to point to point connections between pc serial ports and devices.

The RS-232 standard consists of three major parts, which define:

• Electrical signal characteristics

• Mechanical characteristics of the interface

• Functional description of the interchange circuits

The standard defines a logic 1 and voltage between -3v and -25v and a logic 0 as a voltage
level between +3V and +25v
Many RS 232 connections are one-way or simplex However, using the special signaling and
control voltages available, this way or half duplex operation is possible.

The two connected devices alternate transmitting and receiving operations.

The central signal in the interface defines the protocol for transmitting and receiving data.

These signals tie the two communicating devices when they are busy, transmitting, ready and
receiving.

The transmitting device is the DTE (devices that are either the source or destination of data
frames) such as computer, work station.

The receiving device is the DCE (device that receive and forward frames across the
network) – such as printer, modem, interface card.

The control signal used on the common nine-pin connector are:-

Data carrier detect (DCD) – the DCE tells the DTE it is receiving a valid input signal (Pin 1)

Data set ready (DSR) – The DCE tells the DTE it is connected and ready to receive (pin 6)

Received data (RD): This is the actual signal received from DTE (Pin 2).

Request to send (RTS) – This signal from the DTE tells the DCE it is ready to transmit (pin 7)

Signal ground:- This is the common ground connection for all signals (pin 5)

Transmit data (TD) – This is the transmitted signal from the DTE (pin 3)

Data terminal ready (DTR) – This line is from the DTE to the DCE indicating readiness to send
or receive data (pin 4)

Clear to send (CTS) – This line from the DCE tells the DTE it is ready to receive data (pin 8)

Ring indicator (R1) – This line was used in order modem connection but it is not used anymore
(pin 9)
Here are some typical wiring diagrams for each interface type:

Limitations of RS -232

Limited distance – cable length limited to 1.5 meter

Not multi-drop – it can only connect on RS – 232 device per port.

Susceptible to noise – RS 232 is single-ended, which means that they transmit and
receive lines are referenced to a common ground.
(ii) RS – 422 (EIA – 422)

It is similar to RS 232, and can be programmed in the same way. This is a technical standard
that specified electrical characteristics of a digital signaling circuit.

Differential signaling can transmit data at rates as high as 10 mbps along a cable of 1500m.

The advantage offered by this standard includes the differential receiver, a differential driver and
high data rates.

Long Distance Runs - Up to 1500m is generally supported, and with repeaters, even further
distances can be achieved.

Multi-Drop - Usually, up to 32 devices can be connected per port, and even more using
repeaters.

Noise Resistant - Since it uses a separate FLOATING transmit and receive pair (four wires), it
offers better noise immunity than RS-232.

However RS 422 cannot implement a truly multipoint communication network such as with RS
485, but one driver can be connected to up to ten receivers.

(iii) RS 485 (TIA 485)

It defines not only a single device to device interface but also a communication bus that can be
used to form simple networks of multiple devices.

It specifies differential signaling on two lines rather than single ended with a voltage referenced
to ground

A logic 1 is a level greater than -200mv and a logic 0 is a level greater than +200 mv

The standard transmission medium is twisted-pair cable of 22 or 24 AWG solid wire. Two lines
are minimum but reference wire can be used.

Four wire can be used if full duplex operation is desired.

Maximum cable length is defined as 1.2 km at maximum data rate of 100mbps

A common configuration is bus network topology with multiple drops or connections.

The standard species a maximum of 32 drivers (transmitters) and 32 receivers.

Line drivers are disconnected from the line when not transmitting. All receivers are fully
connected and the bus line is terminated in a load matching resistance.
Applications of serial interface

RS 232 standard is deployed in a wide range of low data rate short range applications.

It is particularly effective in equipment used in noisy environment such as factories, process

control and utilities sites.

Common equipment include low-speed modems, industrial control equipment like PLC,
computer, numerical controlled (CNC) machine tools, robots, embedded control computers,
medical instrument and equipment and embedded controller development systems.

The RS 485 – Interface is also widely used in industrial applications where higher speeds and
longer distances are needed.

It is used in the same type of equipment as defined for the RS 232 interface puts devices like
point of sale (pos) terminal, metering instruments, and large special automated machines.

Ethernet

The term refers to the family of LAN module covered by the IEEE 802.3 standard that defines
what is the CSMA/CIS protocol

The Ethernet standards comprise several wiring and signaling variants of the OSI physical layer
in the use with Ethernet.

Three data rates are defined for operation over optical fibre and twisted-pair cables.

10 BASE – T Ethernet

Fast Ethernet (100 BASE – T Ethernet)

Gigabit Ethernet 1000 BASE-T Ethernet

The protocol has the following characteristics:

Easy to understand, implement, manage and maintain

Allows low cost network implementation

Provides extensive topologies flexibility for network installation

Guarantees successful, interconnection and operation of standard – compliant products,

regardless of manufacture

Twisted-pair Ethernet standards are such that the majority of cables can be wired ‘straight
through’ pin1 to pin1 pin 2 to pin 2 and so on, but others may need to be wired in the
‘crossover’ form (receive to transmit and transmit to receive)
Industrial Ethernet

This refers to the use of standard Ethernet protocols with rugged connectors and extended
temperature switches in an industrial environment for automation or process control.

Components used in plant process areas must be designed to work in harsh environment of
temperature extremes, humidity and vibration that exceeds the ranges for information
technology equipment intended for installation in controlled environment.

The use of fibre Ethernet reduces the problem of electrical noise and provides electrical
isolation to prevent equipment damage.

Some industrial networks emphasis deterministic delivery of transmitted data, whereas Ethernet
used collision detection which made transport time for individual data packets difficult to
estimate with increasing network traffic.

In addition to physical compatibility and low level transport protocols a practical industrial
Ethernet system must also provide interoperability of high levels of the OSI model.

An industrial network use network switches to segment a large system into logical sub-
networks, divided by address, protocol or application.

Using network switches allows the network to be broken up into many small collision domains.

This reduces the risk of a faulty or misconfigured device generating excess network traffic.

Benefits of industry-standard networks

Modern control and business systems require open, digital communications.

Industrial networks replace conventional point-to-point RS-232, RS-485, and 4-20 mA wiring
between existing measurement devices and automation systems with an all-digital, 2-way
communication network.

Industrial networking technology offers several major improvements over existing systems.

With industry-standard networks, we can select the right instrument and system for the job
regardless of the control system manufacturer.

Other benefits include:

Reduced wiring -- resulting in lower overall installation and maintenance costs

Intelligent devices -- leading to higher performance and increased functionality such

as advanced diagnostics
Distributed control -- with intelligent devices providing the flexibility to apply control
either centrally or distributed for improved performance and reliability

Simplified wiring of a new installation, resulting in fewer, simpler drawings and overall
reduced control system engineering costs

Lower installation costs for wiring, marshalling, and junction boxes

I/O BUS NETWORKS

I/O bus networks allow PLCs to communicate with I/O devices in a manner similar to how local
area networks let supervisory PLCs communicate with individual PLCs.

This configuration decentralizes control in the PLC system, yielding larger and faster control
systems.

The topology, or physical architecture, of an I/O bus network follows the bus or extended bus
(tree) configuration, which lets field devices (e.g., limit, photoelectric, and proximity switches)
connect directly to either a PLC or to a local area network bus.

Remember that a bus is simply a collection of lines that transmit data and/or power. Figure
illustrates a typical connection between a PLC, a local area network, and an I/O bus network
The basic function of an I/O bus network is to communicate information with, as well as supply
power to, the field devices that are connected to the bus.

In an I/O bus network, the PLC drives the field devices directly, without the use of I/O modules;
therefore, the PLC connects to and communicates with each field I/O device according to the
bus’s protocol.

In essence, PLCs connect with I/O bus networks in a manner similar to the way they connect
with remote I/O, except that PLCs in an I/O bus use an I/O bus network scanner.

An I/O bus network scanner reads and writes to each field device address, as well as decodes
the information contained in the network information packet.

A large, tree topology bus network (i.e., a network with many branches) may have up to 2048 or
more connected discrete field devices.

The field devices that connect to I/O bus networks contain intelligence in the form of
microprocessors or other circuits). These devices communicate not only the ON/OFF state of
input and output controls, but also diagnostic information about their operating states.

I/O bus networks can be separated into two different categories—one that deals with low-level
devices that are typical of discrete manufacturing operations and another that handles high-level
devices found in process industries.

These bus network categories are:

• Device bus networks

• Process bus networks

Device bus networks interface with low-level information devices (e.g., push buttons, limit
switches, etc.), which primarily transmit data relating to the state of the device (ON/OFF) and its
operational status (e.g., operating OK). These networks generally process only a few bits to
several bytes of data at a time.

Process bus networks, on the other hand, connect with high-level information devices (e.g.,
smart process valves, flow meters, etc.), which are typically used in process control
applications. Process bus networks handle large amounts of data (several hundred bytes),
consisting of information about the process, as well as the field devices themselves.

The majority of devices used in process bus networks are analog, while most devices used in
device bus networks are discrete.

However, device bus networks sometimes include analog devices, such as thermocouples and
variable speed drives that transmit only a few bytes of information.

Device bus networks that include discrete devices, as well as small analog devices, are called
byte-wide bus networks. These networks can transfer between 1 and 50 or more bytes of data
at a time.
Device bus networks that only interface with discrete devices are called bit-wide bus
networks. Bit-wide networks transfer less than 8 bits of data from simple discrete devices over
relatively short distances.

Protocol Standards

Neither of the two I/O bus networks has established protocol standards; however, many
organizations are working towards developing both discrete and process bus network
specifications.

In the process bus area, two main organizations, the Fieldbus Foundation (which is the result of
a merger between the Interoperable Systems Project, ISP, Foundation and the World FIP North
American group) and the Profibus (Process Field Bus) Trade Organization, are working to
establish network and protocol standards.

Other organizations, such as the Instrument Society of America (ISA) and the European
International Electronics Committee (IEC), are also involved in developing these standards.

This is the reason why some manufacturers specify that their analog products are compatible
with Profibus, Fieldbus, or another type of protocol communication scheme.
Although no proclaimed standards exist for device bus network applications, several de facto
standards are emerging due to the availability of company specific protocol specifications from
device bus network manufacturers.

These network manufacturers or associations provide I/O field device manufacturers with
specifications in order to develop open network architecture, (i.e., a network that can interface
with many types of field devices).

In this way, each manufacturer hopes to make its protocol the industry standard.

One of these de facto standards for the byte-wide device bus network is DeviceNet, originally
from PLC manufacturer Allen-Bradley and now provided by an independent spin-off association
called the Open DeviceNet Vendor Association.

Another is SDS (Smart Distributed System) from Honeywell. Both of these device bus protocol
standards are based on the control area network bus (CANbus), developed for the automobile
industry, which uses the commercially available CAN chip in its protocol.

InterBus-S from Phoenix Contact is another emerging de facto standard for byte-wide device
bus network.

The de facto standards for low-end, bit-wide device bus networks include Seriplex, developed
by Square D, and ASI (Actuator Sensor Interface), a standard developed by a consortium of
European companies.

Again, this is why I/O bus network and field device manufacturers will specify compatibility with
a particular protocol (e.g., ASI, Seriplex, InterBus-S, SDS, or DeviceNet) even though no official
protocol standard exists.
1. Byte-Wide Device Bus Networks

The most common byte-wide device bus networks are based on the InterBusS network and the
CANbus network.

i) InterBus-S

InterBus-S is a sensor/actuator device bus network that connects discrete and analog field
devices to a PLC or computer (soft PLC) via a ring network configuration.

The InterBusS has built-in I/O interfaces in its 256 possible node components, which also
include terminal block connections for easy I/O interfacing.

This network can handle up to 4096 field I/O devices (depending on the configuration) at a
speed of 500 kbaud with cyclic redundancy check (CRC) error detection.

A PLC or computer in an InterBus-S network communicates with the bus in a master/slave

method via a host controller or module.

The topology of the network is a ring, with data being sequentially shifted from point to point on
the ring under the control of a network master.

Each device is the ring acts as a shift register, transmitting and receiving data simultaneously at
500 KHz.

The actual serial data transmission between stations conforms to RS- 485.

Interbus–S (interbus–S remote Bus) has also been extended to include a sub-protocol called
interbus – sensor loop (or interbus–S local Bus).

This subprotocol provides an alternate physical layer, with a single twisted pair carrying power
and data on the same lines and a reduction in the minimum size of the shift register in each
station from 16 to 4 bits.

Each interbus sensor loop system can act as a single station on an interbus-S network, on the
sensor loop can be connected directly to a controller or master.

Interbus–S devices are usually implemented with a special ASIC (application specific integrated
circuit).

ii) CANbus networks

CANbus networks are byte-wide device bus networks based on the widely used CAN electronic
chip technology, which is used inside automobiles to control internal components, such as
brakes and other systems.
A CANbus network is an open protocol system featuring variable length messages (up to 8
bytes), nondestructive arbitration, and advanced error management. A four-wire cable plus
shield— two wires for power, two for signal transmission, and a “fifth” shield wire—provides the
communication link with field devices.

This communication can either be master/slave or peer to peer. The speed of the network (data
transmission rate) depends on the length of the trunk cable.

The DeviceNet byte-wide network can support 64 nodes and a maximum of 2048 field I/O
devices.

The SDS network can also support 64 nodes; however, this number increases to 126
addressable locations when multiport I/O interfaces are used to multiplex the nodes.

Using a 4-to-1 multiport I/O interface module, an SDS network can connect to up to 126
nonintelligent I/O devices in any combination of inputs and outputs.

This multiport interface to nonintelligent field devices contains a slave CAN chip inside the
interface, which provides status information about the nodes connected to the interface.

In a DeviceNet network, the PLC connects to the field devices in a trunkline configuration, with
either single drops off the trunk or branched drops through multiport interfaces at the device
locations.
Because an SDS network can transmit many bytes of information in the form of variable length
messages, it can also support many intelligent devices that can translate one, two, or more
bytes of information from the network into 16 or 32 bits of ON/OFF information.

An example of this type of intelligent device is a solenoid valve manifold.

This kind of manifold can have up to 16 connections, thereby receiving 16 bits (two bytes) of
data from the network and controlling the status of 16 valve outputs.

However, this device uses only one address of the 126 possible addresses. Thus, in this
configuration, the SDS network can actually connect to more than just 126 addressable devices.

The CANbus device bus network uses three of the ISO layers and defines both the media
access control method and the physical signaling of the network, while providing cyclic
redundancy check (CRC) error detection.

The media access control function determines when each device on the bus will be enabled.

2. Bit-wide device bus networks

Bit-wide device bus networks are used for discrete applications with simple ON/OFF devices
(e.g., sensors and actuators).

These I/O bus networks can only transmit 4 bits (one nibble) of information at a time, which is
sufficient to transmit data from these devices

The smallest discrete sensors and actuators require only one bit of data to operate.

By minimizing their data transmission capabilities, bit-wide device bus networks provide
optimum performance at economical costs. The most common bit-wide device bus networks are
ASI, InterBus Loop, and Seriplex

i) ASI Bit-Wide Device Bus Network.

ASI (Actuator sensor interface) was developed for low-cost, flexible method for connecting
sensor and actuators at the lowest levels of industrial control system.

The ASI network protocol is used in simple, discrete network applications requiring no more
than 124 I/O field devices.

These 124 inputs and output devices can be connected to up to 31 nodes in either a tree, star,
or ring topology. The I/O devices connect to the PLC or personal computer via the bus through
a host controller interface.
It provides a two-wire, non-twisted cable for interconnection of devices. Devices may draw
current from the two wires for powering circuitry, and data communications are modulated on
top of the nominal d.c level at a bit rate of 167KHZ, under control of the master. One single
parity bit per station is used for error detection.

The maximum cable length is 100 meters (330 ft) from the master controller.

The ASI network protocol is based on the ASI protocol chip, thus the I/O devices connected to
this type of network must contain this chip.

Typical ASI-compatible devices include proximity switches, limit switches, photoelectric sensors,
and standard off-the-shelf field devices.

However, in an application using an off-the-shelf device, the ASI chip is located in the node
(i.e., an intelligent node with a slave ASI chip), instead of in the device.

Figure below illustrates an I/O bus network that uses both the ASI bit-wide network and the
byte-wide CANbus network. Note that the ASI network connects to the byte-wide CANbus
network through a gateway.
ii) InterBus Loop Bit-Wide Device Bus Network

The InterBus Loop from Phoenix Contact Inc. is another bit-wide device bus network used to
interface a PLC with simple sensor and actuator devices.

The InterBus Loop uses a power and communications technology called PowerCom to send the
InterBus-S protocol signal through the power supply wires (i.e., the protocol is modulated onto
the power supply lines).

This reduces the number of cables required by the network to only two conductors, which carry
both the power and communication signals to the field devices.

Since the InterBus-S and InterBus Loop networks use the same protocol, they can
communicate with each other via an InterBus Loop terminal module.

The InterBus Loop connects to the bus terminal module, located in the InterBus-S network,
which attaches to the field devices via two wires.

An InterBus Loop network can also interface with non-intelligent, off -the-shelf devices by
means of module interfaces containing an intelligent slave network chip.

iii) Seriplex Bit-Wide Device Bus Network.

The Seriplex device bus network can connect up to 510 field devices to a PLC in either a
master/slave or peer-to-peer configuration.

The Seriplex network is based on the application specific integrated circuit, or ASIC chip,
which must be present in all I/O field devices that connect to the network.

I/O devices that do not have the ASIC chip embedded in their circuitry (i.e., off-the-shelf
devices) can connect to the network via a Seriplex I/O module interface that contains a slave
ASIC chip.

The ASIC I/O interface contains 32 built-in Boolean logic function used to create logic that will
provide the communication, addressability, and intelligence necessary to control the field
devices connected to the network bus.

A Seriplex network can span distances of up to 5,000 feet in a star, loop, tree, or multidrop
configuration.

This bit-wide bus network can also operate without a host controller. Unlike the ASI network, the
Seriplex device bus network can interface with analog I/O devices; however, the digitized
analog signal is read or written one bit at a time in each scan cycle

Process Bus Network

A process bus network is a high-level, open, digital communication network used to connect
analog field devices to a control system.

It is used in process applications, where the analog input/output sensors and actuators respond
slower than those in discrete bus applications (device bus networks).

The size of the information packets delivered to and from these analog field devices is large,
due to the nature of the information being collected at the process level.

The two most commonly used process bus network protocols are Fieldbus and Profibus.

Although these network protocols can transmit data at a speed of 1 to 2 megabits/sec, their
response time is considered slow to medium because of the large amount of information that is
transferred.

Nevertheless, this speed is adequate for process applications, because analog processes do
not respond instantaneously, as discrete controls do.

Process bus networks can transmit enormous amounts of information to a PLC system, thus
greatly enhancing the operation of a plant or process.

For example, a smart, process bus–compatible motor starter can provide information about the
amount of current being pulled by the motor, so that, if current requirements increase or a
locked-rotor current situation occurs, the system can alert the operator and avoid a potential
motor failure in a critical production line.

Implementation of this type of system without a process bus network would be too costly and
cumbersome because of the amount of wire runs necessary to transmit this type of process
data.

Process bus networks will eventually replace the commonly used analog networks, which are
based on the 4–20 mA standard for analog devices.

This will provide greater accuracy and repeatability in process applications, as well as add
bidirectional communication between the field devices and the controller (e.g., PLC). A PLC or
computer communicates with a process bus network through a host controller interface module
using either Fieldbus or Profibus protocol format.

Block transfer instructions relay information between the PLC and the process bus processor.
The process bus processor is generally inserted inside the rack enclosure of the PLC.

i) Fieldbus Process Bus Network

The Fieldbus process bus network from the Fieldbus Foundation (FF) is a digital, serial,
multiport, two-way communication system that connects field equipment, such as intelligent
sensors and actuators, with controllers, such as PLCs.

This process bus network offers the desirable features inherent in 4–20 mA analog systems,
such as:
 • a standard physical wiring interface

• bus-powered devices on a single pair of wires

• intrinsic safety options

However, the Fieldbus network technology offers the following additional advantages:

• reduced wiring due to multidrop devices

• Compatibility among Fieldbus equipment

• reduced control room space requirements

• Digital communication reliability

Fieldbus Protocol

The Fieldbus network protocol is based on three layers of the ISO’s seven-layer model. These
three layers are layer 1 (physical interface), layer 2 (data link), and layer 7 (application).

It has optimized the OSI architecture for process control by removing the middle layers that are
generally associated with non-time critical applications such as file transfer.

The section comprising layers 2 and 7 of the model are referred to as the Fieldbus
communication stack.

In addition to the ISO’s model, Fieldbus adds an extra layer on top of the application layer
called the user layer.

This user layer provides several key functions, which are function blocks, device description
services, and system management.

Physical Layer (Layer 1)

The physical layer of the Fieldbus process bus network conforms with the ISA SP50 and IEC
1152-2 standards.

These standards specify the type of wire that can be used in this type of network, as well as
how fast data can move through the network.

Moreover, these standards define the number of field devices that can be on the bus at different
network speeds, with or without being powered from the bus with intrinsic safety (IS).

Intrinsically safe equipment and wiring does not emit enough thermal or electrical energy to
ignite materials in the surrounding atmosphere.
Thus, intrinsically safe devices are suitable for use in hazardous environments(e.g., those
containing hydrogen or acetylene).

The Fieldbus has two speeds—a low speed of 31.25 kbaud, referred to as H1, and a high speed
of 1 Mbaud or 2.5 Mbaud (depending on the mode—AC current or DC voltage mode), called H2.

At a speed of 31.25 kbaud, the physical layer of the Fieldbus process network can support
existing 4–20 mA wiring.

This increases cost-effectiveness when upgrading a plant or process’s network communication

scheme. At this H1 speed, the Fieldbus network can also support intrinsically safe network
segments with bus-powered devices.

Communication Stack (Layers 2 and 7)

The communication stack portion of the Fieldbus process bus network consists of layer 2 (the
data link layer) and layer 7 (the application layer).

The data link layer controls the transmission of messages onto the Fieldbus through the
physical layer.

It manages access to the bus through a link active scheduler, which is a deterministic,
centralized bus transmission regulator based on IEC and ISA standards.

The application layer contains the Fieldbus messaging specification (FMS) standard, which
encodes and decodes commands from the user layer, Fieldbus’s additional 8th layer.

The FMS is based on the Profibus process bus standard. Layer 7 also contains an object
dictionary, which allows Fieldbus network data to be retrieved by either tag name or index
record

User Layer (Layer 8)

The user layer implements the Fieldbus network’s distributed control strategy.

It contains three key elements, which are function blocks, device description services, and
system management.

The user layer, a vital segment of the Fieldbus network, also defines the software model for
user interaction with the network system.

Function Blocks: are encapsulated control functions that allow the performance of input/output
operations, such as analog inputs, analog outputs, PID control, discrete inputs/outputs, signal
selectors, manual loaders, bias/gain stations, and ratio stations. The function block capabilities
of Fieldbus networks allow Fieldbus-compatible devices to be programmed with blocks
containing any of the instructions available in the system. Through these function blocks, users
can configure control algorithms and implement them directly through field devices.

Device Description Services. Device descriptions (DD) are Fieldbus software mechanisms
that let a host obtain message information, such as vendor name, available function blocks, and
diagnostic capabilities, from field devices. Device descriptions can be thought of as “drivers”
for field devices connected to the network, meaning that they allow the device to communicate
with the host and the network. All devices connected to a Fieldbus process network must have a
device description. When a new field device is added to the network, the host must be supplied
with its device description.

System Manager. The system management portion of the user layer schedules the execution
of function blocks at precisely defined intervals. It also controls the communication of all the
Fieldbus network parameters used by the function blocks. Moreover, the system manager
automatically assigns field device addresses.
Profibus Process Bus Network

Profibus (PROcess FIeld BUS) is a digital process bus network capable of communicating
information between a master controller (or host) and an intelligent, slave process field device,
as well as from one host to another.

Profibus actually consists of three inter-compatible networks with different protocols designed to
serve distinctive application requirements. The three types of Profibus networks are: Profibus-
FMS, Profibus-DP and Profibus-PA

Profibus-FMS network is the universal solution for communicating between the upper level,
the cell level, and the field device level of the Profibus hierarchy.

Cell level control occurs at individual (or cell) areas, which exercise the actual control during
production. The controllers at the cell level must communicate with other supervisory systems.

The Profibus-FMS utilizes the Fieldbus message specification (FMS) to execute its extensive
communication tasks between hierarchical levels.

This communication is performed through cyclic or acyclic messages at medium transmission

speeds.

Profibus-DP (Decentralized Peripherals) network is a performance-optimized version of the

Profibus network. It is designed to handle time-critical communications between devices in
factory automation systems.

The Profibus-DP is a suitable replacement for 24-V parallel and 4–20 mA wiring interfaces.

Profibus-PA (Process Automation) network is the process automation version of the Profibus
network. It provides bus-powered stations and intrinsic safety according to the transmission
specifications of the IEC 1158-2 standard. The Profibus-PA network has device description and
function block capabilities, along with field device interoperability.

Profibus-PA is designed for use in an explosion / hazardous areas. The physical layer (cable)
allows power to be delivered over the bus to field instruments, while limiting current flows so that
explosive conditions are not created, even if a malfunction occurs.

Profibus networks support both peer-to-peer and multipeer communication in either broadcast
or multicast configurations.
In broadcast communication, an active station sends an unconfirmed message to all other
stations.

Any of these stations (including both masters and slaves) can take this information. In multicast
communication, an active station sends an unconfirmed message to a particular group of
master or slave stations.
The physical layer or layer 1, of the ISO model defines the network’s transmission medium and
the physical bus interface.

The Profibus network adheres to the EIA RS-485 standard, which uses a two-conductor,
twisted-pair wire bus with optional shielding.

The maximum number of stations or device nodes per segment is 32 without repeaters and 127
with repeaters.

The network transmission speed is selectable from 9.6 kbaud to 12 Mbaud, depending on the
distance and cable type. Without repeaters, the maximum bus length is 100 m at 12 Mbaud.

The type of connector used is a 9-pin, D-sub connector.

Modbus Network

It is a serial communication protocol published by Modicons for use with its PLCs.

Simple and robust, it has since become a de facto standard communication protocol, and it is
now commonly available means of connecting electronic devices.

The main reasons for the use of Modbus in the industrial environment are:

Developed with industrial application in mind

Openly published and royalty free

Easy to deploy and maintain

Moves raw bits or words without placing many instructions.

It allows for communication between many (approx 240) devices connected to the same
network.

It is used to connect a supervisory computer with a remote terminal unit (RTU) in SCADA
systems.

A Modbus command contains the Modbus address of the device it is intended for. All Modbus
commands contain checking information, ensuring that a command arrives undamaged.

The basic Modbus command can instruct an RTU to change a value in one of its registers,
control or read an 1/0 port as well as command the device to send back one or more values
contained in its registers.

Modbus Messaging protocol is an Application layer (OSI layer 7) protocol that provides
client/server communication between devices connected to different types of buses or networks.

The Modbus Messaging protocol is only a protocol and does not imply any specific hardware
implementation. Also note that the Modbus Messaging protocol used with Modbus Serial is the
same one used with Modbus Plus and Modbus TCP.
Modbus messaging is based on a client/server model and employs the following messages:

Modbus requests, i.e. the messages sent on the network by the clients to initiate
transactions. These serve as indications of the requested services on the server side

Modbus responses, i.e. the response messages sent by the servers. These serve as
confirmations on the client side.

Modbus (or to be more exact; the Modbus Messaging protocol) is just a protocol, Modbus Plus
is a complete system with a predefined medium and Physical layer (OSI layer 1)
implementation.

4 to 20 mA Current Loop

The 4 to 20 mA current loop is a widely used method for transferring information from one
station (the transmitter) to another station (the receiver). Therefore, this system allows for only
two stations.

A typical current loop system assigns a sensing range (e.g., 0 to 100°C) to the current range
between 4 and 20 mA.

A loop exists (i.e., two wires) between the transmitter and receiver.

The transmitter can impress a certain current in the loop (using a controlled current source) so
that the receiver can measure the current in the loop (e.g., by placing a small resistor in series
with the loop and measuring the voltage drop across the resistor).

After measuring the current, the receiver can then determine the present level of the sensed
signal within the defined sensing range.

This method uses current signaling, instead of voltage signaling, and therefore is relatively
unaffected by potential differences between the transmitter and the receiver.

This is similar to the benefit of differential (voltage) signaling, which also requires two wires.

Another characteristic of this method is that it is not primarily digital in nature, as many other
sensor communication systems are.

The measured value can vary continuously in the range of 4-20 mA, and therefore can easily
represent an analog sensing range, rather than a set of digital signals. Also, the signal is
continuously variable and available.

Another characteristic of this method is that the integrity of the loop can be verified.

As long as the loop is unbroken and the transmitter is in good working order, the current in the
loop should never fall below 4 mA.

If the current approaches 0 mA, then the receiver can determine that a fault exists — perhaps a
broken cable.
These systems are widely used in various process control industries (e.g., oil refining) for
connecting sensors (transmitters) with control computers.

Because one station is always the transmitter and one station is always the receiver, this is a
unidirectional, half duplex communication system.

HART (Highway Addressable Remote Transducer)

The HART system (and its associated protocol) was originally developed by Rosemount and is
regarded as an open standard, available to all manufacturers.

Its main advantage is that it enables the retention of the existing 4-20mA instrumentation
cabling whilst using, simultaneously, the same wires to carry digital information superimposed
on the analog signal.

HART is a hybrid analog and digital system, as opposed to most field bus systems, that are
purely digital.

HART products generally fall into one of three categories: field devices, host systems, and
communication support hardware.

Field devices include transmitters, valves, and controllers. There are HART transmitters for
almost any standard process measurement including pressure, temperature, level, flow, and
analytical (pH, ORP, density).

Host systems range from small handheld communicators to PC based maintenance

management software to large scale distributed control systems.

Communication support hardware includes simple single loop modems as well as an

assortment of multiplexers that allow a host system to communicate with a large number of field
devices.

It uses a Frequency Shift Keying (FSK) technique based on the Bell 202 standard.

HART can be used in either one of the two network configuration :

Point-to-point mode

Multi-drop mode

The HART protocol has two formats for digital transmission of data:

Poll/response mode
 Burst (broadcast) mode

HART follows the basic Open Systems Interconnection (OSI) reference model. The OSI model
describes the structure and elements of a communication system. The HART protocol uses a
reduced OSI model, implementing only layers 1, 2 and 7

Frequency Shift Keying (FSK)

The HART communication protocol is based on the Bell 202 telephone communication standard
and operates using the frequency shift keying (FSK) principle.

The digital signal is made up of two frequencies— 1,200 Hz and 2,200 Hz representing bits 1
and 0, respectively.

Sine waves of these two frequencies are superimposed on the direct current (dc) analog signal
cables to provide simultaneous analog and digital communications.

Because the average value of the 1200/2400Hz sine wave superimposed on the 4-20mA signal
(FSK signal) is always zero, hence, the 4-20mA analog information is not affected.

The HART FSK signaling enables two-way digital communication and makes it possible for
additional information beyond just the normal process variable to be communicated to or from a
smart field instrument.

The HART protocol communicates at 1200 bits per second without interrupting the 4-20mA
signal and allows a host application (master) to get two or more digital updates per second from
a field device.

A minimum loop impedance of 230 W is required for communication.

HART Networks

HART devices can operate in one of two network configurations—point-to-point or multidrop.

The connection can be in form of:

In conjunction with the 4-20mA current signal in point-to-point mode,

in conjunction with other field devices in multi-drop mode

in point-to-point mode with only one field device broadcasting in burst mode

i) Point-To-Point:

In point-to-point mode, the traditional 4–20 mA signal is used to communicate one process
variable, while additional process variables, configuration parameters, and other device data are
transferred digitally using the HART protocol.

The 4–20 mA analog signal is not affected by the HART signal and can be used for control in
the normal way.
The HART communication digital signal gives access to secondary variables and other data that
can be used for operations, commissioning, maintenance, and diagnostic purposes

ii) Multidrop:

The multidrop mode of operation requires only a single pair of wires and, if applicable, safety
barriers and an auxiliary power supply for up to 15 field devices.

All process values are transmitted digitally. In multidrop mode, all field device polling addresses
are >0, and the current through each device is fixed to a minimum value (typically 4 mA).

Thus, setting the smart device polling address to a number greater than zero implies a multi-
drop loop.

Obviously the 4-20mA concept only applies to a loop with a single transducer; hence for a multi-
drop configuration the smart device sets its analog output to a constant 4mA and communicates
only digitally.
Communication Modes

The HART protocol can be used in various modes for communicating information to/from smart
field instruments and central control or monitoring equipment

These protocols are: Poll/response mode and Burst (broadcast) mode.

i) Poll/Response Mode (Master/Slave Mode)

HART is a master-slave communication protocol, which means that during normal operation,
each slave (field device) communication is initiated by a master communication device.

The master polls each of the smart devices on the highway and requests the relevant
information.

Two masters can connect to each HART loop. The primary master is generally a distributed
control system (DCS), programmable logic controller (PLC), or a personal computer (PC). The
secondary master can be a handheld terminal or another PC.

Slave devices include transmitters, actuators, and controllers that respond to commands from
the primary or secondary master.

This mode, allows digital information from the slave device to be updated twice per second in
the master. The 4-20 mA analog signals are continuous and can still carry the primary variable
for control.
ii) Burst Mode (Broadcast mode)

This mode is an optional communication mode.

In burst mode, the master instructs the slave device to continuously broadcast a standard HART
reply message (e.g., the value of the process variable).

The master receives the message at the higher rate until it instructs the slave to stop bursting.

This mode frees the master from having to send repeated command requests to get updated
process variable information

Data update rates of 3-4 per second are typical with “burst” mode communication and will vary
with the chosen command. Burst mode should be used only in single slave device networks.

HART Commands

The HART command set provides uniform and consistent communication for all field devices.

Layer 7, the Application layer, consists of three classes of HART commands: Universal,
Common Practice, and Device Specific

Host applications may implement any of the necessary commands for a particular application.
i) Universal

All devices using the HART protocol must recognize and support the universal commands.

Universal commands provide access to information useful in normal operations (e.g., read
primary variable and units).

ii) Common Practice

Common practice commands provide functions implemented by many, but not necessarily all,
HART communication devices.

iii) Device Specific

Device-specific commands represent functions that are unique to each field device.

These commands access setup and calibration information, as well as information about the
construction of the device. Information on device-specific commands is available from device
manufacturers.
Benefits of HART Communication

The HART protocol is a powerful communication technology used to exploit the full potential of
digital field devices.

Preserving the traditional 4–20 mA signal, the HART protocol extends system capabilities for
two-way digital communication with smart field instruments.

The HART protocol offers the best solution for smart field device communications and has the
widest base of support of any field device protocol worldwide.

More instruments are available with the HART protocol than any other digital communications
technology.

Almost any process application can be addressed by one of the products offered by HART
instrument suppliers.

Unlike other digital communication technologies, the HART protocol provides a unique
communication solution that is backward compatible with the installed base of instrumentation in
use today.

This backward compatibility ensures that investments in existing cabling and current control
strategies will remain secure well into the future.

Other benefits include:

Improved plant operations: HART-communicating devices provide accurate

information that helps improve the efficiency of plant operations. During normal
operation, device operational values can be easily monitored or modified remotely.

Operational flexibility: The HART protocol allows two masters (primary and secondary)
to communicate with slave devices and provide additional operational flexibility. A
permanently connected host system can be used simultaneously, while a handheld
terminal or PC controller is communicating with a field device

Instrumentation investment protection:. HART field instruments protect the

investment (existing plants and processes e.g. wiring, analog controllers, smart
instrumentation) by providing compatible products with enhanced digital capabilities.
These enhanced capabilities can be used incrementally.

Digital communication: A digital device provides advantages such as improved

accuracy and stability. The HART protocol enhances the capabilities of digital
instruments by providing communication access and networking.
TOPIC 5: CALIBRATION SYSTEM

Calibration
Calibration is the act or result of quantitative comparison between a known standard and the
output of the measuring system.

If the output-input response of the system is linear, then a single-point calibration is sufficient.

However, if the system response is non-linear, then a set of known standard inputs
to the measuring system are employed for calibrating the corresponding outputs of the system.

Calibration refers to the act of evaluating and adjusting the precision and accuracy of
measurement equipment.

Instrument calibration is intended to eliminate or reduce bias in an instrument's readings over a

range for all continuous values.

Precision is the degree to which repeated measurements under unchanged conditions show
the same result
Accuracy is the degree of closeness of measurements of a quantity to its actual true value.

In general use, calibration is often regarded as including the process of adjusting the output or
indication on a measurement instrument to agree with value of the applied standard, within a
specified accuracy.

There are three main reasons for having instruments calibrated:

To ensure readings from an instrument are consistent with other measurements.

To determine the accuracy of the instrument readings.

To establish the reliability of the instrument i.e. that it can be trusted.

Calibration is carried out by agencies of the metrological service, using reference standards and
base standards.
Governmental calibration is obligatory for measuring devices used in reporting material value,
for government tests and expert examinations, and for recording national and international
sports records, and also for calibration of the original base standards.
All other measuring devices are calibrated by the appropriate departments.

Calibration Standards

Calibration Standards of measurements can be classified according to their function and type of
application as:

International standards

International standards are devices designed and constructed to the specifications of an

international forum.

They represent the units of measurements of various physical quantities to the highest possible
accuracy that is attainable by the use of advanced techniques of production and
measurement technology.

These standards are maintained by the International Bureau of Weights and Measures at
Sevres, France. For example, the International Prototype kilogram, wavelength of Kr86 orange-
red lamp and cesium clock are the international standards for mass, length and time,
respectively.

However, these standards are not available to an ordinary user for purposes of day-to-day
comparisons and calibrations.

Primary standards
Primary standards are devices maintained by standards organizations / national
laboratories in different parts of the world.

These devices represent the fundamental and derived quantities and are calibrated
independently by absolute measurements.

These are the most precise and accurate physical standards, which are derived from
international standards.

They specify the most stringent conditions and are used only at rare intervals for comparison
with secondary standards.

One of the main functions of maintaining primary standards is to calibrate / check and certify
secondary reference standards.

Like international standards, these standards also are not easily available to an ordinary user of
instruments for verification / calibration of working standards. These standards are not portable.

Secondary standards

Secondary standards are basic reference standards employed by industrial measurement

laboratories.

These are derived from primary standards. They are portable and are often used as national
standards.

They are less precise than primary standards but are still very precise.

They are used at rare intervals to calibrate tertiary and working standards. These are
maintained by the concerned laboratory.

One of the important functions of an industrial laboratory is the maintenance and periodic
calibration of secondary standards against primary standards of the national standards
laboratory / organization.

In addition, secondary standards are freely available to the ordinary user of instruments for
checking and calibration of working standards.

Working standards

These are high-accuracy devices that are commercially available and are duly checked and
certified against either the primary or secondary standards.

For example, a standard cell and a standard resistor are the working standards of voltage and
resistance, respectively.
Working standards are very widely used for calibrating general laboratory instruments, for
carrying out comparison measurements or for checking the quality (range of accuracy) of
industrial products.

Calibration Procedure

The process of calibration involves the estimation of uncertainty between the values
indicated by the measuring instrument and the true value of the input.

Calibration may be called for:

a new instrument

after an instrument has been repaired or modified

when a specified time period has elapsed

when a specified usage (operating hours) has elapsed

before and/or after a critical measurement

after an event, for example

after an instrument has had a shock, vibration, or has been exposed to an adverse condition
which potentially may have put it out of calibration or damage it

sudden changes in weather

whenever observations appear questionable or instrument indications do not match the output
of surrogate instruments

As specified by a requirement, e.g., customer specification, instrument manufacturer

recommendation.

There are four types of calibration:

Primary calibration, which is performed when a measuring device is put into circulation from
production or returned from repair;
Periodic calibration, which is conducted during use or storage of a device;
Special calibration, which results from the need for immediate verification of the good
condition of a device; and
Inspection calibration, which is performed during metrological inspections of enterprises,
supply centers, warehouses, and commercial organizations.

Calibration Concepts

There are two fundamental operations involved in calibrating any instrument:

Testing the instrument to determine its performance,

Adjusting the instrument to perform within specification.

Testing the instrument requires collecting sufficient data to calculate the instrument's
operating errors.

This is typically accomplished by performing a multiple point test procedure that includes the
following steps.

Using a process variable simulator that matches the input type of the instrument, set a known
input to the instrument.

Using an accurate calibrator, read the actual (or reference) value of this input.

Read the instrument's interpretation of the value by using an accurate calibrator to measure the
instrument output.

By repeating this process for a series of different input values, you can collect sufficient data
to determine the instrument's accuracy.

Depending upon the intended calibration goals and the error calculations desired, the test
procedure may require from 5 to 21 input points.

The first test that is conducted on an instrument before any adjustments are made is called
the As-Found test.

If the accuracy calculations from the As-Found data are not within the specifications for the
instrument, then it must be adjusted.

Adjustment is the process of manipulating some part of the instrument so that its input to
output relationship is within specification. For conventional instruments, this may be zero
and span screws.

For HART instruments, this normally requires the use of a communicator (handheld or PC)
to convey specific information to the instrument.

After adjusting the instrument, a second multiple point test is required to characterize the
instrument and verify that it is within specification over the defined operating range. This is
called the As-Left test.

Error Calculations

Error calculations are the principal analysis performed on the As-Found and As-Left test data.

There are several different types of error calculations, most of which are defined in the
publication "Process Instrumentation Terminology".
They are usually expressed in terms of the percent of ideal span which is defined as:

% span = (reading - low range) / (high range - low range) x 100

The first step in the data analysis is to convert the engineering unit values for input and output
into percent of span. Then for each point, calculate the error, which is the deviation of the actual
output from the expected output.

The Maximum error is the most common value used to evaluate an instrument's
performance. If a computer program is not used to analyze the test data, it is often the
only error considered and is taken to be the largest deviation from the ideal output.

By itself, the maximum error does not give a complete indication of an instrument's
performance. With the availability of computer software to facilitate calculations, other
error values are gaining popularity including zero error, span error, linearity error, and
hysteresis error.

Zero error is defined as the error of a device when the input is at the lower range value.

Span error is defined as the difference between the actual span and the ideal span,
expressed as a percentage of the ideal span.

Linearity error is a measure of how close the error of the instrument over its operating
range approaches a straight line. Unfortunately, there are three different methods used to
calculate this, resulting in an independent linearity, a terminal based linearity, and a zero
based linearity. In practice, it is best to choose one method and apply it consistently. Note
that the calculation of linearity error is also greatly facilitated by a curve fit of the error
data.

Hysteresis error is a measure of the dependence of the output at a given input value
upon the prior history of the input. This is the most difficult error to measure since it
requires great care in the collection of data, and it typically requires at least 9 data points
to develop reasonable curves for the calculations. Thus a technician must collect at least
five data point traversing in one direction, followed by at least four more in the opposite
direction, so that each leg has five points, including the inflection point.

If any of these errors is greater than or equal to the desired accuracy for a test, then the
instrument has failed and must be adjusted.

Hand-Held Device

This is a mobile/portable device which is a small, handheld computing device, typically having a
display screen with touch input and/or a miniature keyboard and weighing less than 0.91kg.

A handheld computing device has an operating system (OS), and can run various types of
application software.
Most handheld devices can also be equipped with Wi-Fi, Bluetooth, and GPS capabilities that
can allow connections to the Internet and other Bluetooth-capable devices, such as an
automobile or a microphone headset.

It delivers messages and performance data to the operator and is used to support installation,
configuration, provisioning, calibration and maintenance and network performance.

Advantages of handheld calibration

No process interruption
The main advantage of handheld calibration over other traditional methods is that it
allows meter verifications to be carried out directly in the process without additional costs
for removal of the instrument or process interruptions.
As a result, downtime is minimized and critical processes can be verified and optimized
efficiently.
By supporting and facilitating regular on-site verification, handheld equipment helps
users to quickly diagnose any failures and to swiftly remedy the situation.

Time and cost savings

Device verification using handheld equipment requires a maximum of 15-30 minutes per
instrument.
The device does not need to be sent away to the calibration centre and production can,
therefore, resume faster than with any other method.
After the process has been completed, the direct uploading of the device parameters
avoids time-consuming configuration.
This method helps achieve optimum availability of plant equipment.
The production does not need to be suspended resulting in considerable savings.
What’s more, frequent test functions allow costly calibration cycles to be extended.

Complete on-site verification

Handheld electronic verification not only checks the accuracy of the device under test,
but also performs a complete check of the entire measurement chain.

Simulation of the process

As safety during operation is considered a ‘must’ for plant operators, testing the safety
and functionality of equipment in the process is often indispensable.
Simulation of the measuring signals during calibration or verification processes can
achieve that.
Handheld calibrators can simulate process states, in flow applications for example, even
without real flow.
Handheld verification devices can simulate different flow rates in the process; high and
low limit values, receiving signal chains (operation of valves or control loops) and
different flow behaviour in piping, for example, such as flow curves in bottling machines.
Calibration Methods using Handheld Equipment

Calibration is an important aspect of an instrument’s life cycle. However, it can be difficult to

choose the correct calibration method to suit your requirements and specification.

Handheld devices are typically used to calibrate parameters including flow, pressure,
temperature and conductivity.

Taken as a whole, the benefits of these systems are numerous and obvious in terms of time,
cost and convenience.

Handheld equipment allows electronic verification and calibration in situations where inline
calibration is essential but mobile rigs may be impractical.

Internal procedures or official requirements and conformity reasons might also stipulate that
certain instruments must be checked more frequently than others to verify that they are working
correctly in the process.

Calibrating a Conventional Instrument

For a conventional 4-20 mA instrument, a multiple point test that stimulates the input and
measures the output is sufficient to characterize the overall accuracy of the transmitter.

The normal calibration adjustment involves setting only the zero value and the span value, since
there is effectively only one adjustable operation between the input and output as illustrated
below.
This procedure is often referred to as a Zero and Span Calibration. If the relationship between
the input and output range of the instrument is not linear, then you must know the transfer
function before you can calculate expected outputs for each input value.

Without knowing the expected output values, you cannot calculate the performance errors.

Calibrating a Hart Instrument

It is important to note that in most cases, proper calibration of a HART instrument requires the
use of a communicator (handheld or PC) that is capable of issuing device specific commands
(in layer 7).

According to international standards, calibration is a comparison of the device under test against
a traceable reference instrument (a calibrator) and documentation of this comparison.

In order to do a calibration of a HART device, a traceable metrological reference device is

needed, which can be a handheld calibrator

Configuration means using the digital communication protocol as a way to change settings
inside the field device from the device or from a remote location.

Configuration can be done with a PC and configuration software or a handheld communicator.

It is important to remember that although a communicator can be used for configuration and
checking diagnostic information, it cannot be used for metrological calibration to check the
measurement (PV) accuracy of a field device.

Configuring parameters of a HART transmitter with a communicator is not metrological

calibration and does not assure accuracy.

For a real metrological calibration, a traceable reference standard is always needed.

Calibration procedure for a HART instrument is significantly different than for a conventional
instrument. The specific calibration requirements depend upon the application.

If the application uses the digital representation of the process variable for monitoring or control,
then the sensor input section must be explicitly tested and adjusted.

Note that this reading is completely independent of the milliamp output, and has nothing to do
with the zero or span settings.

The PV as read via HART communication continues to be accurate even when it is outside the
assigned output range.

If the current loop output is not used (that is the transmitter is used as a digital only device), then
the input section calibration is all that is required.
If the application uses the milliamp output, then the output section must be explicitly tested and
calibrated.

Note that this calibration is independent of the input section, and again, has nothing to do with
the zero and span settings.

If there is a desire to validate the overall performance of a HART transmitter, run a Zero and
Span test just like a conventional instrument.

However, passing this test does not necessarily indicate that the transmitter is operating
correctly.
Past papers

KENYA NATIONAL EXAMINATION COUNCIL

PAST PAPERS

2521/202 INDUSTRIAL CONTROL SYSTEMS

June/July 2013

6. a) i) State the four steps in the operation of programmable logic controller (PLC)

There are four basic steps in the operation of all PLCs; Input Scan, Program Scan, Output Scan,
and Housekeeping. These steps continually take place in a repeating loop.
Input Scan: Detects the state of all input devices that are connected to the PLC
Program Scan: Executes the user created program logic
Output Scan: Energizes or de-energize all output devices that are connected to the PLC.
Housekeeping: Operational commands to the controlled devices. This step includes communications
with programming terminals, internal diagnostics, etc...

ii) Explain with aid of examples the following PLC programming languages

Functional block diagrams

Instruction lists

Function Block Diagram (FBD) - A graphical language for depicting signal and data flows through re-
usable function blocks. FBD is very useful for expressing the interconnection of control system
algorithms and logic

Ladder Diagram (LD): Traditional ladder logic is graphical programming language. Initially
programmed with simple contacts that simulated the opening and closing of relays, Ladder Logic
programming has been expanded to include such functions as counters, timers, shift registers,
and math operations

Instruction List (IL): A low level “assembler like” language that is based on similar instructions list
languages found in a wide range of today’s PLCs.
LD R1
MPC RESET
LD PRESS_1
ST MAX_PRESS
RESET: LD 0
ST A_X43

Structured Text (ST) – A high level text language that encourages structured programming. It has a
language structure (syntax) that strongly resembles PASCAL and supports a wide range of
standard functions and operators. For example;
If Speed1 > 100.0 then
Flow_Rate: = 50.0 + Offset_A1;
Else
Flow_Rate: = 100.0; Steam: = ON
End_If;
 Sequential Function Chart (SFC): A method of programming complex control systems at a more
highly structured level. A SFC program is an overview of the control system, in which the basic
building blocks are entire program files. Each program file is created using one of the other
types of programming languages. The SFC approach coordinates large, complicated
programming tasks into smaller, more manageable tasks.

b) Write an instruction list for the ladder diagram provided in fig below
 c) Design a ladder program for an industrial control system that:

- counts ten objects passing along a conveyer belt;

- closes a deflecting gate when that number has been deflected into a carton;

- Allows a time of 5 seconds between the tenth object counted and the closing of the deflector.

7. a) Describe the following components used in a SCADA system

i) Remote Terminal unit (RTU)

ii) Human Machine Interface (HMI)

A SCADA system usually consists of the following components:

Remote Terminal Unit (RTU):- RTU is a device installed at a remote location that collects data,
codes the data into a format that is transmittable and transmits the data back to a central
station, or master (supervisory system). An RTU also collects information from the master device
and implements processes that are directed by the master

A human–machine interface or HMI is the apparatus or device which presents processed data
to a human operator, and through this, the human operator monitors and controls the process.
The HMI of a SCADA system is where data is processed and presented to be viewed and
monitored by a human operator. This interface usually includes control where the individual can
interface with the SCADA system

A supervisory (computer) system/ Master Terminal Unit (MTU):- gathering (acquiring) data on
the process and sending commands (control) to the process. This is the servers and software
responsible for communicating with the field equipment (RTUs, PLCs, etc), and then to the HMI
software running on workstations in the control room, or elsewhere.

Programmable logic controller (PLCs) used as field devices because they are more economical,
versatile, flexible, and configurable than special-purpose RTUs.

Communication Network: Communication infrastructure connecting the supervisory system to

the remote terminal units. The communication equipment needed to transfer the data to and
from different sites to the central station. The medium used can either be cable or telephone.
Remotes are usually not Accessible by telephone lines. The use of radio offers an economical
solution. Modems are used to connect the remote sites to the host.
 Field Instrumentation: refers to the devices that are connected to the equipment or machines
being controlled and monitored by the SCADA system .These are sensors for monitoring certain
parameters; and actuators for controlling certain modules of the system.

b) Explain the following strategies used to develop SCADA security

i) Border router Firewalls

ii) Proxy server

Border router is a router that is usually deployed in front of the organization's main firewalls and
performs some basic checks on network activity, such as ingress and egress filtering that may be
helpful in stopping some Internet-based worms from reaching the organization's firewall.
Although the firewall should also block such worms, having the Internet border routers do so
can take some load off the firewall. During a major worm incident, organizations might need to
reconfigure some of their Internet border routers to block incoming worm activity so that the
firewalls do not become overloaded.

Proxy server is a server (a computer system or an application) that acts as an intermediary for
requests from clients seeking resources from other servers. A client connects to the proxy
server, requesting some service, such as a file, connection, web page, or other resource
available from a different server and the proxy server evaluates the request as a way to simplify
and control its complexity. A proxy server is associated with or part of a gateway server that
separates the enterprise network from the outside network and a firewall server that protects
the enterprise network from outside intrusion. Proxy servers have two main purposes:

Improve Performance: Proxy servers improve performance for groups of users. This is because it saves
the results of all requests for a certain amount of time.

Filter Requests: Proxy servers can also be used to filter requests. For example, a company might use a
proxy server to prevent its employees from accessing a specific set of Web sites.

c) A manufacturing company wants to develop a supervisory control and data acquisition (SCADA)
system in its establishment. Describe the five phases of creating a functional SCADA system.

Phase 1: The DESIGN of the system architecture includes the communication system. Also involved in
this initial phase will be any site instrumentation that is not currently in existence, but will be required to
monitor desired parameters. Design stage translate the design basis document into a system design and
document the design clearly and completely so that it can be constructed properly, commissioned
completely, and operated and maintained reliably and efficiently.
Phase 2: The SUPPLY of RTU, communication, and HMI equipment, which consists of a PC system and
the required powerful graphic and alarm software programs.
Phase 3: The PROGRAMMING of the communication equipment and the powerful HMI graphic and
alarm software programs.
Phase 4: The INSTALLATION of the communication equipment and the PC system. The stage involves
installing and placing into operation the SCADA system hardware and software in compliance with the
design documents.
Phase 5: The COMMISSIONING of the system, where communication and HMI programming problems
are solved, and the system is proven to the client, and operator training and system documentation is
provided. Commissioning is the formal process of verifying and documenting that the installed SCADA
system complies with and performs in accordance with the design intent, as defined in the design
documentation

8 a) State any two disadvantages of using network bridges in extending networks

Bridging does not acquire any address placement related to the physical address of the connected
terminals. Thus a data packet is sent to every address.

All bridges are unable to read specific IP address; they are more concerned with the MAC addresses.

Bridges cannot help to build a communication network between the networks of different architectures.

Bridges transfer all types of broadcast messages, thus bridges are unable to limit the scope of these
messages.

Extremely large networks cannot rely on bridges; therefore the large networks as WAN which are IP
address specific can not make use of it.

It is unable to handle more complex and variable data load such as occurring from WAN.

b) Describe the following HART communication modes:

i) Master slave mode

ii) Burst mode

Master Slave Mode: This means that during normal operation, each slave (field device) communication
is initiated by a master communication device. Two masters can connect to each HART loop. The
primary master is generally a distributed control system (DCS), programmable logic controller (PLC), or a
personal computer (PC). The secondary master can be a handheld terminal or another PC. Slave devices
include transmitters, actuators, and controllers that respond to commands from the primary or
secondary master.

Burst Mode: It enables faster communication (3–4 data updates per second). In burst mode, the master
instructs the slave device to continuously broadcast a standard HART reply message (e.g., the value of
the process variable). The master receives the message at the higher rate until it instructs the slave to
stop bursting. Use of burst mode enables more than one passive HART device to listen to
communications on the HART loop.

c) Cargo handling Company Limited is located in industrial area of Nairobi. In their neighbourhood
are other companies dealing with motor rewinding and lathe machining. The company intends
to implement a network in their offices and you have been consulted to advice them on the
merits of each of the following types of cables in order to help them make informed decision on
the right cable selection from the following:

i) UTP

ii) STP

iii) Fibre
 What advice would you offer?

UTP
PRO: Most flexible; cheapest cable (but requires expensive support components); easy to install;
easy to add users; may be able to use existing phone cable if data grade

CON: Shortest usable cable length; susceptible to electrical interference; unsecure; generally not
good for use between buildings

Shielded twisted pair (STP) is similar to UTP except it contains a copper braid jacket to ‘shield’ the
wires from electrical interference. It can support transmissions over greater distances than UTP.
Fiber-Optic
PRO: Fastest transmission rate; not susceptible to electrical interference; secure; good for use
between buildings

CON: Most expensive; relatively difficult to work with

Coaxial Cable
PRO: Flexible and easy to install; relatively good resistance to electronic interference; electronic
support components are relatively inexpensive

CON: Short cable length; more expensive than UTP; unsecure; hard to change configuration; thinnet
generally not good for use between buildings

d) With aid of a diagram, describe the mesh topology used in industrial networks and state its
advantage.

In a mesh network, devices are connected with many redundant interconnections between network
nodes. In a true mesh topology every node has a connection to every other
node in the network. There are two types of mesh topologies:

Full mesh topology occurs when every node has a circuit connecting it to
every other node in a network. Full mesh is very expensive to implement but
yields the greatest amount of redundancy, so in the event that one of those
nodes fails, network traffic can be directed to any of the other nodes. Full
mesh is usually reserved for backbone networks.

Partial mesh topology is less expensive to implement and yields less redundancy than full mesh
topology. With partial mesh, some nodes are organized in a full mesh scheme but others are only
connected to one or two in the network. Partial mesh topology is commonly found in peripheral
networks connected to a full meshed backbone.
Advantages
Point-to-point line configuration makes identification and isolation of faults easy.

Messages travel through a dedicated line, directly to the intended recipient; privacy and security are
thus enhanced.

Should a fault occur in a given link, only those communications between that specific pair of devices
sharing the link will be affected.

Dedicated links ensure that each connection carries its own data load, thereby preventing the sort of
traffic problems that may arise in shared-link architectures.

Disadvantages
The more extensive the network, in terms of scope or of physical area, the greater the investment
necessary to build it will be, due, among other considerations, to the amount of cabling and the number
of hardware ports it will require. For this reason, such networks are uncommon.

Because every device must be connected to every other device, installation and reconnection are
difficult.
2521/202 INDUSTRIAL CONTROL SYSTEMS

Oct/Nov 2012

6 a) Draw a labeled block diagram of the internal architecture of a Programmable Logic Controller
(PLC) and state the function of each block
 b) Describe the following Programmable Logic Controller (PLC) system styles

i) Unitary

ii) Modular

iii) Rack Mounting

Unitary: The Unitary PLC is typically the smallest and least expensive. It would be used in a small
machine or fixed application such as overhead door controls or a stand-alone parts inspection
system. They are not expandable so the application is limited to on-board I/O. There are, however,
some very powerful units available with built in GSM, color screens, and web servers. Most have 1
or 2 analog I/O channels as well as a high speed input and pulse train output for simple motion
control.
Modular: The Modular PLCs start with a processor with a few or no on-board I/O. They typically mount
to a DIN rail and sometimes require a separate power supply. Additional I/O as well as specialty
modules also snap onto the DIN rail and plug into the processor or adjacent module. Modular PLCs
are used in applications where a higher I/O count is needed or when using specialty modules such as
quadrature encoders, thermocouple inputs, etc. They are also useful in small applications that have
options or “upgrades” available to the end user. Systems can be expanded (within certain limits)
without adding additional rack space.

Rack Mounting PLCs are usually more expensive, expandable, and powerful than unitary or modular
PLCs. The rack provides a power and communication backplane that greatly increases the
communication rate between the processor and the modules as well as allowing some specialty
modules to communicate with each other without the processor. In some brands, multiple
processors can be in the same rack and share the inputs. Racks also allow for redundant processors
for critical systems such as waste water pumps or fire control systems. The types of modules
available for rack systems are far more extensive than modular systems. The number of available I/O
points is also much higher in the rack systems. Around 1000 for some modular PLCs versus over
100,000 for the same brand of rack system

c) State any two programming languages used in PLC

Part 3 of IEC 61131 deals with programming languages and defines two graphical and two
textual PLC programming language standards:

Ladder diagram (LD), graphical

Function block diagram (FBD), graphical

Structured text (ST), textual

Instruction list (IL), textual

Sequential function chart (SFC), has elements to organize programs for sequential and parallel control
processing.

7 a) With the aid of a block diagram, explain how a PLC process input from the sensors

Input scan: During the input scan, the current status of every input module is stored in the input
image (memory) table, bringing it up-to-date. Thus all the status of the input devices (which in
turn is connected to the input module) is updated in the input memory table.
Program scan: Following the input scan, the CPU enters its user program execution, or program
scan. The execution involves starting at the program's first instruction, then moving on to the
second instruction and carrying out its execution sequence. This continues to the last program
instruction. Throughout the user-program execution, the CPU continually keeps its output image
(memory) table up-to-date.

Output scan: During program scan, the output modules themselves are not kept continually up to
date.

Instead, the entire output image table is transferred to the output modules during the output scan
which comes after the program execution. Thus the output devices are activated accordingly
during the output scan.
 b) i) Define a SCADA system

SCADA refers to the combination of telemetry and data acquisition. SCADA encompasses the
collecting of the information, transferring it back to the central site, carrying out any necessary
analysis and control and then displaying that information on a number of operator screens or
displays. The required control actions are then conveyed back to the process.

ii) State any three advantages of using PLC in a SCADA system

The advantages of the PLC / DCS SCADA system are:

Cost effective for controlling complex systems.

Flexible and can be reapplied to control other systems quickly and easily.

Computational abilities allow more sophisticated control.

Trouble shooting aids make programming easier and reduce downtime.

Reliable components make these likely to operate for years before failure.

The computer can record and store a very large amount of data.

The data can be displayed in any way the user requires.

Thousands of sensors over a wide area can be connected to the system.

The operator can incorporate real data simulations into the system.

Many types of data can be collected from the RTUs.

The data can be viewed from anywhere, not just on site.

The disadvantages are:

The system is more complicated than the sensor to panel type.

Different operating skills are required, such as system analysts and programmer.

With thousands of sensors there is still a lot of wire to deal with.

The operator can see only as far as the PLC.

 c) Describe the following communication systems used in a SCADA system.

i) Ethernet

ii) Device Net

iii) Profibus

Ethernet works on the principle of media access controlled by a collision detection mechanism. Each
station is identified by a unique key, or MAC address, to ensure that every computer on an Ethernet
network has a different address. This technology known as Carrier Sense Multiple Access with Collision
Detection (CSMA/CD) ensures that only one station can transmit a message on the medium at a time.
Successive Ethernet upgrades have given rise to the IEEE 802.3 standard which only defines the
characteristics of the physical layers; the way the data accesses the network and the data frame must be
defined by further layers.

DeviceNet is a network system used in the automation industry to interconnect control devices for data
exchange. It uses Controller Area Network as the backbone technology and defines an application layer
to cover a range of device profiles. Typical applications include information exchange, safety devices,
and large I/O control networks.

PROFIBUS (Process Field Bus) is a standard for fieldbus communication which is a widely accepted
international networking standard, commonly found in process control and in large assembly and
material handling machines in automation technology.

It supports single-cable wiring of multi-input sensor blocks, pneumatic valves, complex intelligent
devices, smaller sub-networks (such as ASi), and operator interfaces.

It is an open, vendor independent standard. It adheres to the OSI model, ensuring that devices from a
variety of different vendors can communicate easily and effectively.

The bus interfacing hardware is implemented on ASIC (Application Specific Integrated Circuit) chips
produced by multiple vendors, and are based on RS-485 as well as the European EN50170 Electrical
specification.

ProfiBus uses 9-Pin D-type connectors (impedance terminated) or 12mm round (M12-style) quick-
disconnect connectors. The number of nodes is limited to 127.

The distance supported is up to 24km (with repeaters and fiber optic transmission), with speeds varying
from 9600bps to 12Mbps. The message size can be up to 244 bytes of data per node per message (12
bytes of overhead for a maximum message length of 256 bytes), while the medium access control
mechanisms are polling and token passing.

ProfiBus supports two main types of devices, namely, masters and slaves.
 Master devices control the bus and when they have the right to access the bus, they may
transfer messages without any remote request. These are referred to as active stations

Slave devices are typically peripheral devices i.e. transmitters/sensors and actuators. They
may only acknowledge received messages or, at the request of a master, transmit messages to
that master. These are also referred to as passive stations.

There are two variations of PROFIBUS in use:

PROFIBUS DP (Decentralized Peripherals) is used to operate sensors and actuators via a centralized
controller in production (factory) automation applications.

PROFIBUS PA (Process Automation) is used to monitor measuring equipment via a process control
system in process automation applications. This variant is designed for use in explosion/hazardous areas
(Ex-zone 0 and 1). The Physical Layer (i.e. the cable) conforms to IEC 61158-2, which allows power to be
delivered over the bus to field instruments, while limiting current flows so that explosive conditions are
not created, even if a malfunction occurs. The number of devices attached to a PA segment is limited by
this feature. PA has a data transmission rate of 31.25 kbps.

d) Differentiate between centralized and distributive approaches used in designing a SCADA system.

There have been two main approaches to follow in designing the SCADA system:

Centralized, where a single computer or mainframe performs all plant monitoring and all plant data
is stored on one database which resides on this computer.

Distributed, where the SCADA system is shared across several small computers (usually PCs).

8. a) Describe the following network connection giving examples in each case.

i) LAN

ii) Internet

Local Area Network LAN –is a computer network that interconnects computers in a limited area such
as a home, school, computer laboratory, or office building using network media.

Internet is a global system of interconnected computer networks that use the standard Internet
protocol suite (TCP/IP) to serve several billion users worldwide. It is a network of networks that
consists of millions of private, public, academic, business, and government networks, of local to
global scope, that are linked by a broad array of electronic, wireless and optical networking
technologies. The Internet carries an extensive range of information resources and services, such
 as the inter-linked hypertext documents of the World Wide Web (WWW), the infrastructure to
support email, and peer-to-peer networks.

b) Using OSI reference model diagram indicate different encapsulation process at every peer-to peer
communication layer of two Remote Terminal Unit (RTU) of a SCADA system starting with the top
most down to the lowest layers.
c) An Alarm system is used in conjunction with an automated bottling system in a milk bottling plant.
A conveyer belt carries empty bottles that are to be filled with milk. The alarm goes off in any of
the conditions occurs.

Milk tank is empty and bottles are in conveyor belt.

There are no bottles in the conveyer and there is milk in the tank.

There is milk in the tank and bottles on the conveyor belt but electric power is off.

There is no milk in the tank, no bottles on the conveyor belt and electric power is off.

Write down a Boolean expression for the alarm system.

Implement this system using a PLC ladder diagram.

Tank with no – 0, Bottles in conveyer – 1 A.B = X

Tank with milk – 1, No bottle in conveyer – 0 A.B = X

Tank with Milk – 1, Bottles in conveyer – 1, Power off – 0 A.B.C = X

Tank with Milk – 0, No Bottles in conveyer – 0, Power off – 0

A.B.C = X

A.B + A.B+ A.B.C + A.B.C = X

2601/201 CONTROL SYSTEMS AND PROGRAMMABLE LOGIC CONTROLLERS

Oct/Nov 2012

5 a) Define the term ‘Programmable Logic Controller’

A Programmable Logic Controller (PLC) is an industrial computer control system that

continuously monitors the state of input devices and makes decisions based upon a custom
program, to control the state of devices connected as outputs.

b) State two advantages of Programmable Logic Controller

Cost effective for controlling complex systems.

Flexible and can be reapplied to control other systems quickly and easily.
Computational abilities allow more sophisticated control.

Trouble shooting aids make programming easier and reduce downtime.

Reliable components make these likely to operate for years before failure.

c) With the aid of a block diagram, describe the construction of a Programmable Logic Controller

In the figure, the heart of the “PLC” is in the center, i.e., the Processor or CPU (Central Processing
Unit).

The CPU regulates the PLC program, data storage, and data exchange with I//O modules.

Input and output modules are the media for data exchange between field devices and CPU. It tells CPU
the exact status of field devices and also acts as a tool to control them.

A programming device is a computer loaded with programming software, which allows a user to create,
transfer and make changes in the PLC software.

Memory provides the storage media for the PLC program as well as for different data.

OR
 CPU or processor: The main processor (Central Processing Unit or CPU) is a microprocessor-based
system that executes the control program after reading the status of field inputs and then sends
commands to field outputs.

I/O section: I/O modules act as “Real Data Interface” between field and PLC CPU. The PLC knows the
real status of field devices, and controls the field devices by means of the relevant I/O cards.

Programming device: A CPU card can be connected with a programming device through a
communication link via a programming port on the CPU.

Operating station: An operating station is commonly used to provide an "Operating Window" to the
process. It is usually a separate device (generally a PC), loaded with HMI (Human Machine Software).

6. a) Define the term ‘Computer networking’

Computer networking is the interconnection, as over communication lines, of computer

systems. This involves connecting computers and peripherals using pieces of equipment;
switches and routers etc to enable the devices that are connected to your network to
communicate with each other, as well as with other networks.

b) Describe the following types of computer networks

i) LAN

ii) WAN

iii) MAN

Local Area Network LAN – These types of computer networks connect network devices over a relatively short
distance. Quite often, a networked office building, home or school contains a single LAN although it is
normal to come across a building that contains a few small LANs. On a few occasions, a LAN may also
span over a group of nearby buildings. Such computer networks are usually owned by one organization.

Wide Area Network WAN – As the name suggests, a WAN spans over a large physical distance. It may be
regarded as a collection of LANs dispersed over a geographical area. The internet is a very good example
of a WAN. LANs are connected to a WAN through a device referred to as a router. In IP networking, both
the LAN and WAN addresses are maintained by the router. Most WANs exist under distributed or
collective ownership and management and unlike the LANs, are not necessarily owned by one
organization.

Wireless Local Area Network WLAN – These types of computer networks refer to LANs that are based on Wi-
Fi wireless network technology.
Metropolitan Area Network MAN – This is a network that spans over a physical area like a city that is smaller
than a WAN but larger than a LAN. Quite often, such computer networks are owned and operated by
single entities such as government bodies or large corporations

c) With the aid of diagram, explain the following topologies:

i) Bus

ii) Star

Bus Topology

A bus topology consists of a main run of cable with a terminator at each end. All nodes (file server,
workstations, and peripherals) are connected to the linear cable.

Advantages of a Bus Topology

Easy to connect a computer or peripheral to a linear bus.

Requires less cable length than a star topology.

Disadvantages of a Bus Topology

Entire network shuts down if there is a break in the main cable.
Terminators are required at both ends of the backbone cable.

Difficult to identify the problem if the entire network shuts down.

Not meant to be used as a stand-alone solution in a large building.

Star Topology
A star topology is designed with each node (file server, workstations, and peripherals) connected
directly to a central network hub, switch, or concentrator.
Data on a star network passes through the hub, switch, or concentrator before continuing to its
destination. The hub, switch, or concentrator manages and controls all functions of the network. It also
acts as a repeater for the data flow. This configuration is common with twisted pair cable; however, it
can also be used with coaxial cable or fiber optic cable.
Advantages of a Star Topology
Easy to install and wire.

No disruptions to the network when connecting or removing devices.

Easy to detect faults and to remove parts.

Disadvantages of a Star Topology

Requires more cable length than a linear topology.

If the hub, switch, or concentrator fails, nodes attached are disabled.

More expensive than linear bus topologies because of the cost of the hubs, etc.

Ring Network Topology: A local-area network (LAN) whose topology is a ring. That is, all of the
nodes are connected in a closed loop. Messages travel around the ring, with each node reading
those messages addressed to it. One of the advantages of ring networks is that they can span larger
distances than other types of networks, such as bus networks, because each node regenerates
messages as they pass through it.

Mesh network Topology: The mesh network topology employs either of two schemes, called full
mesh and partial mesh. In the full mesh topology, each workstation is connected directly to each of
the others. In the partial mesh topology, some workstations are connected to all the others, and
some are connected only to those other nodes with which they exchange the most data.
Tree Network Topology: The tree network topology uses two or more star networks connected
together. The central computers of the star networks are connected to a main bus. Thus, a tree
network is a bus network of star networks.
7 a) Describe ‘SCADA’ system

A SCADA (or supervisory control and data acquisition) system means a system consisting of a
number of remote terminal units (or RTUs) collecting field data connected back to a master
station via a communications system. The master station displays the acquired data and also
allows the operator to perform remote control tasks.

b) Define the following terms in reference to SCADA

i) Human machine Interface

ii) Programmable Logic Controller

A human–machine interface or HMI is the apparatus or device which presents processed data to a
human operator, and through this, the human operator monitors and controls the process. The HMI of a
SCADA system is where data is processed and presented to be viewed and monitored by a human
operator. This interface usually includes control where the individual can interface with the SCADA
system

Programmable logic controller (PLCs) used as field devices because they are more economical, versatile,
flexible, and configurable than special-purpose RTUs.

c) Explain the functions of the following parts of a SCADA system:

i) Remote Terminal unit

ii) Supervisory station

Remote Terminal Unit (RTU):- RTU is a device installed at a remote location that collects data, codes the
data into a format that is transmittable and transmits the data back to a central station, or master
(supervisory system). An RTU also collects information from the master device and implements
processes that are directed by the master

A supervisory (computer) system/ Master Terminal Unit (MTU):- gathering (acquiring) data on the
process and sending commands (control) to the process. This is the servers and software responsible for
communicating with the field equipment (RTUs, PLCs, etc), and then to the HMI software running on
workstations in the control room, or elsewhere.

d) With the aid of a ladder program and a process control figure, explain how a converter can be used
in a machine to direct 6 products to a packaging box and 12 products to another box
simultaneously.
The control of a machine which is required to direct 6 products along one path for packaging in a box
and then 12 products along another path the packaging in another box.

A deflector plate might be controlled by a photocell sensor which gives an output every time a product
passes it. Thus the numb rod pulse from the sensor has to be counted and used to control the deflector.

On rung 1, each time the photo sensor is triggered it causes C1’s count to increase. When C1, the six
product counter, reaches six it causes the deflector to activate.

On rung 3, while the deflector is activated C2, the 12 products counter, and starts counting the products.
On rung 4, after 12 products are counted the counters are reset and the process starts again.

The process can also be reset at anytime using the start button.
8) a) Explain how fault-finding is carried out in PLC systems

With any PLC controlled plant, by far the greater percentage of the faults are likely to be with
sensors, actuators and wiring rather than within the PLC itself.

Of the faults within the PLC, most are likely to be in the input/output channels or power supply
rather than in the CPU.

The actual fault finding starts once the actual status has been established and compared with
the required status. This comparison frequently leads to the discovery of the error source, if the
fault is visible (e.g. mechanical damage to a signal generator), audible (e.g. leakage on a valve),
detectable by smell (e.g. cable burnt out). If this is not the case, the fault can only be found and
eliminated by means of a systematic procedure.

Many PLCs provide built-in fault analysis procedures which carry out self-testing and display
fault codes, with possibly a brief message, which can be translated by looking up the code in a
list to give the source of the fault and possible methods of recovery. For example, the fault code
may indicate that the source of the fault is in a particular module with the method of recovery
given as replace that module or perhaps switch the power off and then on.
b) Describe the following fault detection techniques in reference to PLCs:

i) time checks

ii) Replication

Fault Detection Techniques

Timing checks: The term watchdog is used for a timing check that is carried out by the PLC to check
that some function has been carried out within the normal time. If the function is not carried
out within the normal time then a fault is assumed to have occurred and the watchdog timer
trips, setting off an alarm and perhaps closing down the PLC. As part of the internal diagnostics
of PLCs, watchdog timers are used to detect for faults. The watchdog timer is preset to a time
slightly longer than the scan time would normally be. They are then set at the beginning of each
program scan and if the cycle time is as normal they do not time out and are reset at the end of
a cycle ready for the next cycle. However, if the cycle time is longer than it would normally be,
the watchdog timer times out and indicate that the system has a fault.

Time checks can also be built into the ladder logic program. This is where additional ladder
rungs might be includes so that when a function starts a timer is started. If the function does not
complete when the timer finishes a fault is signaled.

Last output set: This technique involves the use of status lamps to indicate the last output that has
been set during a process which has come to a halt. Such lamps are built into the program so
that as each output occurs a lamp comes on. The lamps on thus indicate which outputs are
 occurring. The program has to be designed to turn off previous status lamps and turn on a new
status lamp as each new output is turned on.

Replication: Where there is concern regarding safety in the case of a fault developing, checks may
be constantly used to detect faults. One technique is replication checks which involves
duplicating, i.e. replicating, the PLC system. This could mean that the system repeats every
operation twice and if it gets the same result it is assumed there is no fault. This procedure can
detect transient faults. A more expensive alternative is to have duplicate PLC systems and
compare the results given by the two systems. In the absence of a fault the two results should
be the same, a fault showing up as a difference.

Expected value checks: Software errors can be detected by checking whether an expected value is
obtained when a specific input occurs. If the expected value is not obtained then a fault is
assumed to be occurring.

c) i) Define the term calibration with reference to PLCs.

Calibration is the process of checking PLC/field devices and making sure that values used in
measurements remain at standard points. It is the process of verifying the PLC and I/O devices
work and performance within a set of specifications.

Calibration is defines as determination of the experimental relationship between the quantity

being measured and the output of the device which measures it; where the quantity measured
is obtained through a recognized standard of measurement. There are two fundamental
operations involved in calibrating any instrument:

Testing the instrument to determine its performance,

Adjusting the instrument to perform within specification.

ii) Describe the following characteristics of calibration:

Tolerance

Accuracy

Tolerance: Permissible deviation from a specified value; may be expressed in measurement

units, percent of span, or percent of reading.

Accuracy: The ratio of the error to the full scale output or the ratio of the error to the output,
expressed in percent span or percent reading, respectively.
d) Explain how zero and span errors are corrected in measuring instruments

Zero and span errors are corrected by performing a calibration. Most instruments are provided with
a means of adjusting the zero and span of the instrument, along with instructions for performing
this adjustment.

The zero adjustment is used to produce a parallel shift of the input-output curve.

The span adjustment is used to change the slope of the input-output curve.

Linearization error may be corrected if the instrument has a linearization adjustment. If the
magnitude of the nonlinear error is unacceptable and it cannot be adjusted, the instrument
must be replaced.
2601/201 CONTROL SYSTEMS AND PROGRAMMABLE LOGIC CONTROLLERS

Oct/Nov 2011

5. a) i) Define a programmable Logic Controller (PLC’s)

A programmable logic controller (PLC) is a microcomputer-based controller that uses stored

instructions in programmable memory to implement logic, sequencing, timing, counting, and
arithmetic functions through digital or analogue input/output modules, for controlling machines
and processes. PLCs are used in a large variety of scenarios, both in process industries and
discrete manufacturing.

ii) Distinguish between supervisory control and data acquisition and distributed control system

A DCS is a process-oriented system and it treats the control of the process, (the chemical plant, refinery
or whatever) as its main task, and it presents data to operators as part of its job.

A SCADA system is data gathering oriented; and the control center and operators are its focus. However,
the remote equipment is merely there to collect the data - though it may also do some very complex
process control.

A DCS operator station is intimately connected with its input/output signals (I/O) through local wiring,
communication buses (e.g. Field Bus, networks) etc. When the DCS operator wants to see information
he/she usually makes a request directly to the field I/O and gets a response. Field events can directly
interrupt the system and advise the operator.
A SCADA system must continue to operate when field communications have failed. The ‘quality’ of data
shown to the operator is an important facet of SCADA system operation. SCADA systems often provide
special ‘event’ processing mechanisms to handle conditions that occur between data acquisition
periods.

There are many other differences, but they tend to involve a lot of detail. The underlying points are:

A SCADA system needs to transfer secure data and control signals over a potentially slow, unreliable
communications medium, and needs to maintain a database of ‘last known good values’ for prompt
operator display. It frequently needs to do event processing and data quality validation. Redundancy is
usually handled in a distributed manner.

A DCS is always connected to its data source, so it does not need to maintain a database of ‘current
values’. Redundancy is usually handled by parallel equipment, not by diffusion of information around a
distributed database.

b) With the aid of a diagram, explain how PLC’s can be used to control water level in a tank

c) Explain why user interface is necessary in PLC’s

 A user interface is the system by which people (users) interact with a machine. The user interface
includes hardware (physical) and software (logical) components. User interfaces exist for various
systems, and provide a means of:

Input, allowing the users to manipulate a system

Output, allowing the system to indicate the effects of the users' manipulation

6) i) Define ladder logic control system

It is a control system whish uses ladder logic to manage, command, directs or regulates the
behavior of other device(s) or system(s).

ii) With aid of a labeled block diagram, explain the hardware architecture of a SCADA system
Basic layers in a SCADA system can be classified in two parts generally: the “client layer” which
caters for the man machine interaction and the “data server layer” which handles most of the
process data control activities. The data servers communicate with devices in the field through
process controllers.
Process controllers, e.g. PLCs, are connected to the data servers either directly or via networks
or fieldbuses. Data servers are connected to each other and to client stations via an Ethernet
LAN.
The RTU connects to physical equipment. Typically, an RTU converts the electrical signals from the
equipment to digital values such as the open/closed status from a switch or a valve, or measurements
such as pressure, flow, voltage or current. By converting and sending these electrical signals out to
equipment the RTU can control equipment, such as opening or closing a switch or a valve, or setting the
speed of a pump.
Supervisory Station; The term “Supervisory Station” refers to the servers and software responsible for
communicating with the field equipment (RTUs, PLCs, etc), and then to the HMI software running on
workstations in the control room, or elsewhere.
In smaller SCADA systems, the master station may be composed of a single PC. In larger SCADA systems,
the master station may include multiple servers, distributed software applications, and disaster recovery
sites.
To increase the integrity of the system the multiple servers will often be configured in a dual-redundant
or hot-standby formation providing continuous control and monitoring in the event of a server failure.
b i) State and explain four user configurable open system (UCOS) components

UCOS is a control system that employs object-oriented techniques at every level of its system
architecture. It includes a number of subsystems which segment the functionality of UCOS. This
includes an Engineering Workstation Subsystem, an Operator Workstation Subsystem, and a Field
Control Unit (FCU) Controller Subsystem. The subsystems communicate via a Control Network.

Engineering Workstation (EWS) used for project development. The EWS is the development tool where
control schemes are configured then downloaded to the OWS, FCU, and SDS. The entire project is
configured using a single integrated tool based on graphical Windows standards. Graphical techniques
are also used to define the logical relationships among the devices in a process area. Project
configuration begins by defining the system architecture: workstations, field control units (FCUs), I/O,
networking, etc. Graphical techniques are also used to define the logical relationships among the control
elements for multiple devices.

Operator Workstation (OWS) for operator interface. This is used to monitor and control the process. It
uses the project screens created during project development and animates them based on real-time
data received from field control units and field data servers. Authorized operators can monitor detailed
activities for many types of devices and send commands using standard faceplate command windows
and group displays.

Field Control Unit (FCU) for control logic execution and direct scanning of I/O. The FCU provides I/O
services by monitoring and controlling I/O across standard networks and data highways. The FCU can
provide simultaneous support for multiple vendors’ I/O and I/O networks. The variety of platform and
form-factor options supported by the FCU allows incorporation of distributed, distinct I/O subsystems
into common control strategies.
Control Network. System supports redundant and non-redundant fiber optic and Ethernet local
networks using the TCP/IP networking protocol for standardized, advanced application connectivity. The
LAN/WAN can be extended to other sites inside or outside the plant using such remote communications
technologies as satellite, radio, microwave, and dial-up running such standard protocols as TCP/IP,
Modbus, OPC, DDE

I/O Subsystem supporting I/O from all industry standard suppliers. The same logic can be solved to
manipulate different I/O subsystems from different manufacturers without having to change any of the
programming or operational parameters of the configured system.

SCADA Data Server (SDS) for interfacing data from intelligent devices, such as PLCs, Fieldbus
technologies, RTUs, PLC I/O, and other third-party devices

Process Historical Archiver (PHA) for storing and retrieving historical data collected by the FCU, SDS or
any other intelligent device in the system

microFCU: is a small, low-powered PLC that executes sequential and regulatory logic and directly scans
onboard I/O. It can replace RTUs at a significant reduction in cost and power consumption – plus it can
provide local intelligent control of devices, which RTUs can't do.

ii) Distinguish between data hacking and cracking

Hacking, is the act of stealing personal or private data, without the owner's knowledge or
consent, it could also include other things like stealing passwords, creating a bot net, or pretty
much any act that breaches someone's privacy, without their knowledge, or consent.

Hacking is any technical effort to manipulate the normal behavior of network connections and
connected systems
 Cracking is where edit a program's source code, or you could create a program, like a key
generator (more commonly known as a 'keygen'), patch, or some sort of application that tricks
an application in to thinking that a particular process has occurred.

7 a) i) Define the term computer network

A computer network or data network is a telecommunications network that allows computers

to exchange ((data. In computer networks, networked computing devices (((network nodes)
pass data to each other along data connections. The connections (network links) between
nodes are established using either cable media or wireless media. The best-known
computer network is the Internet.

A computer network is a group of computer systems and other computing hardware devices
that are linked together through communication channels to facilitate communication and
resource-sharing among a wide range of users. Networks are commonly categorized based
on their characteristics.

ii) Distinguish between internet and Ethernet

Ethernet is a local area network used to connect computers near one another. Ethernet is a
family of frame-based computer networking technologies for local area networks (LANs).
The name comes from the physical concept of the ether. Ethernet is a set of standards for
physically connecting computers in a local area network. In terms of OSI network layers,
Ethernet provides only the physical layer and the data link layer. It defines a number of
wiring and signaling standards for the Physical Layer of the OSI networking model, through
means of network access at the Media Access Control (MAC) /Data Link Layer, and a
common addressing format. Ethernet is standardized as IEEE 802.3.

Internet is a global network of interconnected computers, enabling users to share

information along multiple channels. Typically, a computer that connects to the Internet can
access information from a vast array of available servers and other computers by moving
information from them to the computer's local memory. The same connection allows that
computer to send information to servers on the network; that information is in turn
accessed and potentially modified by a variety of other interconnected computers

iii) Describe the following cables used in networking

Coaxial cable

Fibre optic cable

 Networking cables are used to connect one network device to other network devices or to
connect two or more computers to share resources. Different types of network cables like
Coaxial cable, Optical fiber cable, Twisted Pair cables are used depending on the network's
topology, protocol and size. The devices can be separated by a few meters (e.g. via Ethernet) or
nearly unlimited distances (e.g. via the interconnections of the Internet).

Twisted pair cabling is a form of wiring in which pairs of wires (the forward and return
conductors of a single circuit) are twisted together for the purposes of canceling out
electromagnetic interference (EMI) from other wire pairs and from external sources. This
type of cable is used for home and corporate Ethernet networks. There are two types of
twisted pair cables: shielded, unshielded. STP is commonly used in Token Ring networks
and UTP in Ethernet networks where it is referred to as "10baseT and above."
Transmission rates vary between 10-1000 Mbps.

Fiber-optic cable consists of a thin cylinder of glass surrounded by glass cladding, encased in
protective outer sheath. Fiber-optic cable is very fast (100 -1000 Mbps). It can transmit
over long distances (2 km +) but is expensive.

Coaxial cable has a single copper conductor at its center. A plastic layer provides insulation
between the center conductor and a braided metal shield. The metal shield helps to
block any outside interference. Coaxial cable comes in two versions: Thinnet and
Thicknet. Thinnet is about 1/4 inch in diameter and is very flexible and easy to work with.
In contrast, Thicknet is about 1/2 inch in diameter and not very flexible. Coax transmits at
10 Mbps.

b) With the aid of diagram, describe the following types of topologies

i) Star

ii) Bus
Star topology: This is the Ethernet topology, the most common at management and shop floor levels. It
has the advantage of being very flexible to run and repair. The end stations are linked together via an
intermediate device (repeater, switch). Failure of a node does not prevent the network as a whole from
working, though the intermediate device linking the nodes together is a point of weakness.

Bus topology: This is one of the simplest layouts; all the elements are wired together along the same
transmission line. The word bus refers to the physical line. This topology is easily implemented and the
failure of a node or element does not prevent the other devices from working. Machine and sensor level
networks, otherwise known as field buses, use this system. The bus topology is implemented by linking
devices together in a chain or to the main cable via a connection box (TAP)

8 a) Define the following network components:

i) Repeater

ii) Switch

iii) Bridge

Repeater: a device which amplifies or regenerates digital signals received while sending them from one
part of a network into another. It works on OSI layer 1.

Switch: a device that allocates traffic from one network segment to certain lines (intended
destination(s)) which connect the segment to another network segment. Unlike a hub, a switch splits the
network traffic and sends it to different destinations rather than to all systems on the network. It works
on OSI layer 2.

Bridge: a device that connects multiple network segments along the data link layer. It separates two or
more network segments within one logical network (e.g. a single IP-subnet). It works on OSI layer 2.

Hub: a device that connects multiple Ethernet segments, making them act as a single segment. When
using a hub, every attached device shares the same broadcast domain and the same collision domain.
Therefore, only one computer connected to the hub is able to transmit at a time. Depending on the
network topology, the hub provides a basic level 1 OSI model connection among the network objects
(workstations, servers, etc.). It provides bandwidth which is shared among all the objects, in contrast to
switches, which provide a connection between individual nodes. It works on OSI layer 1.

b) i) State three factors which necessitate calibration

 Calibration is defined as “a test during which known values of measurand are applied to the
transducer and corresponding output readings are recorded under specified conditions.” The
definition includes the capability to adjust the instrument to zero and to set the desired span.
There are three main reasons for having instruments calibrated:

To ensure readings from an instrument are consistent with other measurements.

To determine the accuracy of the instrument readings.

To establish the reliability of the instrument i.e. that it can be trusted.

ii) Describe the following communication devices:

RS232

HART

RS-232 is a standard communication protocol for linking computer and its peripheral devices to allow
serial data exchange. It is an interface between Data terminal equipment (DTE) and Data communication
equipment (DCE). It defines the voltage for the path used for data exchange between the devices. It
specifies common voltage and signal level, common pin wire configuration and minimum, amount of
control signals.

HART (Highway Addressable Remote Transducer) is a master-slave communication protocol, which

means that during normal operation, each slave (field device) communication is initiated by a master
communication device. Two masters can connect to each HART loop. The primary master is generally a
distributed control system (DCS), programmable logic controller (PLC), or a personal computer (PC). The
secondary master can be a handheld terminal or another PC. Slave device include transmitters,
actuators, and controllers that respond to commands from the primary or secondary master.

c) With aid of a diagram explain the importance of calibration of equipment and products.

To ensure readings from an instrument are consistent with other measurements.

To determine the accuracy of the instrument readings.

To establish the reliability of the instrument i.e. that it can be trusted.

d) Explain how CAN works

CAN (Controller Area Network) is a serial bus based on a publisher/subscriber model in which a
publisher sends a message to subscribers. CAN was developed with broadcast architecture.

The sender (publisher) sends the message with an identifier. The recipients (subscribers) filter messages
from the bus based on their send criteria so if a message is intended for them, they read and process it.
The recipient then becomes a sender.

The diagram shows the push (send) mode of the publisher/subscriber model. CAN also support its pull
(receive) mode.

A client can send a message based on a remote transmission request (RTR), which is a CAN frame with
RTR flags (status bits). When the producer receives such a request, it transmits the related answer.

In a broadcast architecture, the network nodes can transmit at the same time. CAN have 2 mechanisms
to deal with this: first, a sender surveys the communication artery to check if another node is already
transmitting.

If the artery is free, the node starts to transmit. Several nodes can start transmitting but never at the
same time. This problem is overcome by a priority system.