The present invention generally relates to "front-end" communication techniques between process control computers and a plant/local area network. More specifically, the present invention relates to a front-end communication system which is capable of securely handling messages from the plant area network which could affect the operation of a process control computer.
In chemical manufacturing plants and other relatively large processing plants, a network of control computers and operator workstations may be needed to achieve automated control of an ongoing physical process in the plant. For example, the Jones el. al U.S. Pat. No. 4,663,704, issued on May 5, 1987, shows a distributed processing system for a plant in which a single data highway connects all the various input/output terminals, data acquisition stations, control devices, record keeping devices and so forth. Similarly, the Henzel U.S. Pat. No. 4,607,256, issued on Aug. 19, 1986, shows a plant management system which utilizes a plant control bus for the purpose of transmitting data to physical computer modules on the network.
In some of these process control computer networks, redundant process control computers are employed to enhance the reliability of the plant control and monitoring system. For example, the Fiebig et. al U.S. Pat. No. 5,008,805, issued on Apr. 16, 1991, shows a networked control system which includes a "hot standby" redundant processor that synchronously processes a control schedule table for comparison with control messages from a sender processor that are transmitted on the network. The redundant listener processor maintains a duplicate configuration in its memory ready to take over control of the system in the event of a failure of the sender processor. As another example, the McLaughlin et. al U.S. Pat. No. 4,958,270, issued on Sep. 18, 1990, shows a networked control system which employs a primary controller and a secondary controller. In order to maintain consistency between the primary data base and a secondary image of the data base, only predetermined areas changed are updated as a way of increasing the efficiency of the update function. Similarly, the Slater U.S. Pat. No. 4,872,106, issued on Oct. 3, 1989, shows a networked control system which employs a primary data processor and a back-up data processor. Normally, the back-up processor will be in a back-up mode of operation, and it will not operate to exercise control over the input/output devices or receive data concerning the states of the input/output devices. Accordingly, control over the input/output devices is exclusively carried out by the primary processor. However, the primary processor periodically transfers status data relating to its operation in the control of the input/output devices to the back-up data processor via a dual ported memory connected between the two processors.
In contrast with the above networked control systems, another control technique for redundant process control computers exists in which both of the process control computers operate on input data and issue control commands to the same output devices. This type of control technique may be referred to as active redundancy, became each of the redundant process control computers operate independently and concurrently on common input data. A discussion of this type of control technique may be found in the Glaser et. al U.S. patent application Ser. No. 07/864,931, filed on Mar. 31, 1991 still pending, entitled "Process Control Interface System Having Triply Redundant Remote Field Units". This application is hereby incorporated by reference.
The use of active redundancy as a control technique presents a difficult problem in terms of communication with the plant computer network, as each actively redundant process control computer will receive a set of input values and each of these process control computers will generate a set of output values. In the case where the actively redundant process control computers arbitrate or resolve some or all of the input and/or output values, to the extent that differences do exist, then multiple sets of input and output values could be created. For example, a set of pre-arbitration and post-arbitration input data values could potentially be available from each of the actively redundant process control computers. Accordingly, it would be desirable to enable some or all of these data sets to be matched up and analyzed by another computer on the plant network without interfering with or slowing down the operation of the actively redundant process control computers.
Additionally, it would be desirable to permit one or more of the computers on the plant network to modify certain values used by the program in each of the actively redundant process computers as the need may arise, such as analog constants. However, it should be appreciated that such an activity would need to be restricted in some manner, as predictable changes in the operation of physical devices should be assured.
Accordingly, it is a principal objective of the present invention to provide a secure front-end communication system and method for controlling signals transfers between an actively redundant process control computer and a plant/local area network.
It is another objective of the present invention to provide a secure front-end communication system which is capable of evaluating an instruction from the plant/local that could affect the operation of the actively redundant process control computer.
It is also an objective of the present invention to provide a secure front-end communication system which insures that there is proper alignment with the operating program in the actively redundant process control computers.
It is a further objective of the present invention to provide a secure front-end communication system which enables one of the actively redundant process control computers to receive a revised operating program without adversely affectly the operation of the other actively redundant process control computer.
It is an additional objective of the present invention to provide a secure front-end communication system and method which is capable of utilizing a plurality of different communication protocols and encryption techniques depending upon the type of message being transmitted.