a. Field of the Invention
One aspect of the invention relates to supplying power to a module for an Industrial Process Control System and for providing a power supply with over voltage protection in particular for an Industrial Process Control System suitable for:                Emergency Shutdown systems        Critical process control systems        Fire and Gas detection and protection systems        Rotating machinery control systems        Burner management systems        Boiler and furnace control systems        Distributed monitory and control systems        
Such control systems are applicable to many industries including oil and gas production and refining, chemical production and processing, power generation, paper and textile mills and sewage treatment plants.
b. Related Art
In industrial process control systems, fault tolerance is of utmost importance. Fault tolerance is the ability to continue functioning safely in the event of one or more failures within the system.
Fault tolerance may be achieved by a number of different techniques, each with its specific advantages and disadvantages.
An example of a system which provides redundancy is a Triple Modular Redundancy (TMR) system. Using TMR, critical circuits are triplicated and perform identical functions simultaneously and independently. The data output from each of the three circuits is voted in a majority-voting circuit, before affecting the system's outputs. If one of the triplicated circuits fails, its data output is ignored. However, the system continues to output to the process the value (voltage, current level, or discrete output state) that agrees with the majority of the functional circuits. TMR provides continuous, predictable operation.
However, TMR systems are expensive to implement if full TMR is not actually a requirement, and it is desirable to utilize an architecture which provides flexibility so that differing levels of fault tolerance can be provided depending upon specified system requirements.
Another approach to fault tolerance is the use of hot-standby modules. This approach provides a level of fault tolerance whereby the standby module maintains system operation in the event of module failure. With this approach there may be some disruption to system operation during the changeover period if the modules are not themselves fault-tolerant.
Fault tolerant systems ideally create a Fault Containment Region (FCR) to ensure that a fault within the FCR boundary does not propagate to the remainder of the system. This enables multiple faults to co-exist on different parts of a system without affecting operation.
Fault tolerant systems generally employ dedicated hardware and software test and diagnostic regimes that provide very fast fault recognition and response times to provide a safer system.
Safety control systems are generally designed to be ‘fail-operational/fail-safe’. Fail operational means that when a failure occurs, the system continues to operate: it is in a fail-operational state. The system should continue to operate in this state until the failed module is replaced and the system is returned to a fully operational state.
An example of fail safe operation occurs, for example if, in a TMR system, a failed module is not replaced before a second failure in a parallel circuit occurs, the second failure should cause the TMR system to shut down to a fail-safe state. It is worth noting that a TMR system can still be considered safe, even if the second failure is not failsafe, as long as the first fault is detected and annunciated, and is itself failsafe.
This invention relates to improved power supplies within a controller controlling an industrial process control system.
It is advantageous if input or output modules for an industrial process control system are powered with their own independently isolated power supplies. It is desired that the method for generating the isolated power supply for each channel require a minimum number of isolation components. This has benefits in the areas of cost and flexibility. If individual channel isolation supplies of an input module are excited independently then each channel power supply converter may be driven at a unique frequency or phase, providing a reduction in peak radiated and conducted EMI/RFI emissions.
Ideally, critical systems will be protected from over-voltage faults in the components of their power supplies. Preferably a method of overvoltage protection will provide for the detection of the over-voltage faults, while permitting the system to continue to operate. Ideally any power supply over-voltage fault circuitry is testable in order to detect any faults.
Preferably common mode noise spikes are suppressed within a power supply.