Substations in high and medium-voltage power networks include primary devices such as electrical cables, lines, bus bars, switches, power transformers and instrument transformers, which are generally arranged in switch yards and/or bays. These primary devices are operated in an automated way via a Substation Automation (SA) system. The SA system comprises microprocessor based, programmable secondary devices, so-called Intelligent Electronic Devices (IED) responsible for protection, control and monitoring of the primary devices. The IEDs are generally assigned to one of three hierarchical levels, i.e. the station level, the bay level, and the process level being separated from the bay level by a process interface. The station level of the SA system includes an Operator Work Station (OWS) with a Human-Machine Interface (HMI). Further, the SA system includes a gateway to a Network Control Centre (NCC). The NCC hosts a central Energy Management System (EMS) and/or a Supervisory Control And Data Acquisition (SCADA) system for managing power generation and load flow to consumers. IEDs on the bay level, also termed bay units, in turn are connected to each other and to the IEDs on the station level via an optical inter-bay or station bus.
IEDs on the process-level comprise e.g. non-conventional or electronic sensors for voltage, current and gas density measurements, contact probes for sensing switch and transformer tap changer positions, or intelligent actuators for controlling switchgear like circuit breakers or disconnectors. Breaker-IEDs, if shielded against electromagnetic disturbances, may even be directly integrated into the switchgear or respective intelligent primary equipment. Such process-level IEDs are connected to the bay units via a process bus, preferably optical, which can be considered as the process interface replacing the hard-wired process-interface that conventionally connects the switchyard to the bay level equipment.
SA systems today involve interoperability between all substation devices. As such, the substation IEDs from different manufacturers should be interoperable with each other. To achieve this, an internationally accepted communication standard for communication between the secondary devices of a substation has been introduced by the International Electrotechnical Committee (IEC), as part of the standard IEC 61850 entitled “communication networks and systems in substations”.
IEC 61850 defines an abstract object model for compliant substations and a method for accessing these objects over a network. This allows the substation-specific applications such as the OWS, to operate with standard objects, while the actual objects in the substation may be realized differently by the IEDs of different manufacturers. The abstract object model according to the above standard represents the SA functionality in terms of the logical nodes within the logical devices that are allocated to the IEDs as the physical devices. The actual communication between the IEDs is handled, for non-time critical messages, via IEC 61850 protocols with a Manufacturing Message Specification (MMS) communication stack built on Open Systems Interconnection (OSI), Transmission Control Protocol (TCP), Internet Protocol (IP), and Ethernet.
One consequence of the aforementioned interoperability is that the IEDs from different suppliers may be combined into one SA system. Since the IEDs are initially configured during an engineering phase, the corresponding dedicated engineering or SA configuration tools of different suppliers need to be able to exchange information about the IEDs. To this effect, the complete SA system, with all its primary devices, IEDs and communication links must be specified in a computer-readable way. This is enabled by the comprehensive XML-based Substation Configuration description Language (SCL) that is part of the IEC 61850 standard. In short, the IEC 61850 SCL language provides for a standardized description of the primary devices, the secondary devices with their protecting, controlling and monitoring (PCM) functions, the logical structure of the communication system, and the relation between the IEDs and the primary devices.
The SCL language is used to describe the capabilities of a particular IED or IED type in an IED Capability Description (ICD) file. The IED Capability Description (ICD) file lists the application functions of a physical device, for example, its implemented protection functionality. A Substation Configuration Description (SCD) file in the SCL language describes the primary objects, the functions implemented in each IED in terms of logical nodes, and the communication connections of a particular substation. Therefore, the SCD file comprises (1) a switch yard naming and topology description, (2) an IED configuration description, (3) the relationships between switch yard elements and IED functions, and (4) a description of a communication network.
High availability of a SA or any other control system, or of its critical components, is achieved by one of the following known procedures:                Hot-hot or hot-standby computers: For each IED associated with a high availability a second computer is online in the system. In a hot-hot system both IEDs are running in parallel, for a hot-standby system the standby IED is taken into active use when the hot IED fails, which in turn is supervised by the standby IED. This concept means to double each (critical) IED.        Multiple, identical CPUs within a computer: The IED's operating system (OS) distributes the application tasks to several CPUs. If one of them fails, the OS redistributes the tasks running on it to the other CPUs. All CPUs are transparently managed by this common operating system, all tasks must be able to run on this operating system and this type of CPU. Normally peripheral interfaces e.g. to program memory or to the communication system are common for all CPUs, which means that either they may fail without redundancy, or must also be handled in a hot-hot respective hot-standby mode by the OS.        Central supervision with manual repair: A central supervisory means continuously checks if an IED is working correctly, has some fault, or has failed completely. In the latter cases maintenance personnel is alarmed to replace the defect part. The mean time to repair is in the order of 6 to 24 h, which considerably reduces the availability of the system.        
The patent U.S. Pat. No. 5,448,766 is concerned with a radio communication system including a terminal/controller for generating useful data and a normally operating transmitter for transmitting the useful data and generating status information. In a hot-hot configuration, a redundant transmitter is coupled to the terminal controller and the normally operating transmitter and transmits the useful data latter in case the status information indicates abnormal operation of the normally operating transmitter.