1. Field of the Invention
The invention relates to automated processing systems which can operate independently or be interconnected to form a network. In particular the invention can be used in a Facilities Management Systems (FMS), although it is not limited to such systems.
2. Related Art
State of the art automated systems operating under processor control pass data to and from processors, operational units such as sensors and other physical parameter monitoring units, and other data acquisition and control instruments implemented in hardware. Facilities Management Systems (FMS) performing automated industrial and environmental control are among such contemporary systems. Since there is no uniformity among various types of data acquisition and control instruments, automated systems must be compatible with a multitude of non-standard operational units. To achieve compatibility, such systems have often relied on software tailored to specific interface requirements. This requires numerous compromises in software design. In addition, when new operational units are added, or existing operational units are changed, it often becomes necessary to rewrite one or more entire software packages. This is because requirements of new operational units are often incompatible with software written for earlier units. Since the interfaces among various portions of the software and between operational units and the processor are an integral part of the software, the entire software package must be rewritten.
One approach to reducing the extent of software affected by changes in operational units is the use of logical point information nodes. This is a modular approach which seeks to isolate high level software features from operational unit specific characteristics. However, this approach remains relatively dependent on the physical or logical location of operational units and on their individual characteristics. While some level of isolation of high level software features could be achieved by such a modular approach, it is still necessary to write operational unit specific software to accommodate inputs and outputs. Thus, using known technology, it has not been possible to provide software which would be relatively unaffected by the differences in operational unit hardware. As a result, it has also not been possible to produce software which need not be extensively modified when new operational units are added or existing data acquisition units are substantially changed.
A further limitation of the related art, especially in systems employing data acquisition and other remotely controlled hardware, is the limited data constructs available. Data acquisition and other remotely controlled hardware typically provide and require specifically formatted data and often do not allow convenient access to desired portions of the data. As a result, in current systems it is sometimes necessary to duplicate data to be used for different purposes or again access data previously obtained. Similarly, it is sometimes difficult in such systems to access intermediate data developed by a processing apparatus rather than data gathered directly by a data acquisition device.
Automated systems, including those used for facilities management, can operate using centralized or distributed processing techniques. As a result, data at a host node can be accessed for processing at another node (a referencing node) connected to the host node over a network. In distributed real time processing systems, processor nodes operating relatively independently communicate over one or more data buses to exchange information. In order for a referencing node to access a data element within the data base of a host node, a convention must be established whereby the referencing node can identify the host node whose data base contains the required data element and the specific location of the data element within the host node.
Such a convention should avoid relying on a central node to translate a data access request to the appropriate host node address or address within the host node. This is because a failure of the central node performing this function would prevent operation of the entire system.
It would also be unacceptable to search an entire real time network or even the data base of one node for a particular data element. This is because the time consumed by such a search would be excessive. Thus, a direct access mechanism to obtain the required data from within the host node is needed. Moreover, the data base at each node of the distributed system should be independent of data bases at other nodes of the system. It should not be necessary to synchronize the nodes by downloading new data into referencing nodes each time a host data base is changed. Data that was available previously from a host node should, if still present, be available to referencing nodes regardless of how the host node data base addresses are changed. Moreover, the data should still be available to the referencing node, even when the data element moves from one node to another.
Conventional techniques for referencing data between nodes on such distributed real time systems cannot meet all of the above requirements simultaneously. One known approach is the use of hard memory addresses. A referencing node maintains in its data base a fixed memory address of the data within the host data base. The address is normally bound to a named element of data when the referencing data base is generated, usually in an off-line generation device. The results are then downloaded to the on-line nodes to allow direct access to the data within the host node. While this technique provides quick access to data and does not require a central node to translate addresses, there is no adaptability to changes in the host node data base.
Host node data base changes that result in address changes within the node cause fixed memory addresses associated with the data elements in the referencing nodes to become obsolete. The same problem arises when a data element moves from one node to another. As a result, all the referencing nodes must be re-synchronized to the new addresses of the data elements. Especially in large systems, this is a time consuming task which causes the referencing nodes to be taken off line until the update is complete. In a facilities management system (FMS), the referencing nodes perform industrial and environmental control functions which often can no longer be maintained when the node is off line.
A second technique uses a "soft" address or record number to locate a data element within the host node. Using this technique, the relative position within a logical data base structure or a unique identifying number is assigned to a data element. As with the hard memory address technique, high speed and reliable access to the data is achieved. However, if the host node data base changes so that the relative position of the element in the data base is now different, the reference nodes are again obsolete and new information must be downloaded to the referencing devices. An additional problem occurs when attempting to assign a unique identifying number to a data item. Without further processing, it is impossible to guarantee that the same identifying number is not used by more than one host in the distributed system. This would create an intolerable conflict on the network. Finally, after referencing nodes are updated, it would not be possible to download an old data base to the host node since this would now invalidate the information in the referencing nodes.
A third conventional approach involves assigning a name to each data element in the system. The names are stored in a central node which is used to locate the data. While this allows increased flexibility because data elements can move at will, this central node containing the mapping of names to physical locations becomes a reliability problem. This is because a failure in the central node would eliminate all communication on the network.
The fourth conventional approach also assigns a name to each data element but avoids the central lookup node by searching the network each time the reference is made. However, in most systems, searching an entire network for a data element each time it is requested would result in an intolerable data communication and processing burden.
Networked systems with a plurality of nodes further require synchronizing time and global data for consistent operation. This is especially true in a facilities management system in which scheduled activities, such as temperature control of areas of a building, may operate routinely based on time of day and other variables. Thus, one of the nodes on the system must accurately track time and coordinate the time information among the other nodes. However, current systems employing master nodes risk losing time coordination should the master node fail.
As additional nodes are brought onto a networked system, it also becomes necessary to synchronize the data base of each new node with the most current data base of global variables. Traditional systems which employ a master node to perform these functions also risk reliability problems in this area should the master node fail.
Similarly, operational units communicating with individual nodes or intermediate processors between the nodes and the operational units can be connected to the nodes using data bus networks or similar structures. For consistency, it is necessary that operational and processing units connected to the individual nodes receive the most current values of system variables. Networked systems under master node control introduce similar reliability risks at this level.
In automatic processing systems, high level software features and routines may be triggered by events occurring in other processors at the same level or in lower level processors controlled by one of the nodes on the system. However, data base changes occurring from down-loading new information into one of the nodes could result in errors in such event triggering. Current systems which do not track these event triggering synchronization problems are unable to guarantee that important software functions will be performed after downloading new information into one of the nodes.
Similarly, reports of results produced by processes performed in the system, or of commands issued by the system, must be routed to appropriate display or storage devices. Current systems which do not accommodate changing the locations of such devices are severely restricted in dynamic environments. Similarly, current systems which do not synchronize changes in the location data of such devices downloaded into the nodes cannot guarantee that reports or messages will arrive at the correct device. Indeed, in some systems, messages which cannot be routed are discarded. This is a potentially serious limitation to applying such designs to facilities management systems.
Often, especially in facilities management systems, displays and reports include standardized summarizes of system data. In a typical approach to generating standard summaries, a processor retrieves individual records, either in response to a command or as part of routine polling of devices for data awaiting transmission. The processor must then test the retrieved data to determine if incorporation into the data summary being assembled is appropriate. Such dedicated summary report generation tests occupy the processors and intensify data communications, resulting in reducing achievable processing speeds.
In some cases, it is desirable to obtain reports by routing messages to devices which were not part of the network when configured. For example, ease of maintenance may be enhanced by allowing connection of a personal computer (PC) to an unoccupied port on a network node. It may also be desirable to provide other non-configured devices, such as printers, access to the nodes on the network. Traditional systems restrict the use of such non-configured devices, since there is no way to communicate with a device whose presence has not previously been made known to the network, for example, by assignment and storage of an address.
As previously noted, networked systems have at least 2 nodes with components for performing processing functions appropriate to the system and communicating with each other over communication links. In a facilities management system (FMS) such nodes can contain processors, A/D and D/A converters and other equipment interface circuits to obtain sensor data required for processes implemented in the node and to issue equipment commands. The communication links include various communication media facilitating communication among nodes on the same bus, subnet or network or between nodes on different networks over gateways. Nodes are configured on a system when they are defined in one or more storage devices as members of a network. Node configuration may occur by storing data defining a path to the node. Thus, the system has knowledge of the node's existence. Depending on the system, storage of configuration information may be centralized or distributed. Such configuration information may include data indicating the type of node, its location on the system, and other information defining a path to the node.
A number of techniques for communicating among nodes interconnected on a networked system currently exist. In broadcast communications methods, all nodes on a network receive a broadcast message or pass the message sequentially from one node to the next. Inefficient communications result from each node's handling of the broadcast message. Thus, other routing strategies have been developed to improve network efficiency.
Routing strategies may be adaptive or non-adaptive and systems may contain elements of both strategies. Non-adaptive routing strategies route messages independently of measurements or estimates of current traffic or topology. These may include flooding or broadcast, selective flooding, and static routing. One such non-adaptive routing strategy involves building a graph of communication paths from every node to every other node within the network and between networks interconnected by a gateway. Graph analysis techniques for determining the shortest path between pairs of nodes are employed and this information is then programmed into a static routing table. In one such routing table, each node stores partial path data identifying the next intermediate destination for a message ultimately targeted for a final destination node. Since each node has a static routing table which is defined at the time of node configuration, it is inconvenient to alter the routing table to facilitate communications by temporary or extraneous nodes which are not normally part of the network. This is because only nodes listed in the routing table are available for use in the data communications path.
Dynamic or adaptive routing strategies route messages over communications links in response to message traffic and topology. Adaptive strategies include centralized, isolated or decentralized, and dynamic routing. Centralized routing strategies have a central node monitoring the number and length of messages transmitted over communications links and dynamically issuing routing strategies based on message traffic patterns. This is usually accomplished by updating and changing routing tables in response to the changing traffic patterns. Decentralized strategies distribute partial routing tables among the nodes. For example, when a message is routed to an intermediate node along a path to its final destination, the intermediate node examines the traffic pattern among alternative remaining paths to the destination node and dynamically selects one of the several alternatives according to certain measures of efficiency. Thus, adaptive strategies provide for reconfiguring routing tables in response to changed conditions, including the addition of new devices. However, in many cases it is not possible to incorporate non-configured devices. Even where this is possible, the temporary incorporation of a previously non-configured device often does not justify the added processing required for dynamically adjusting routing tables. Such processing increases message transmission time and reduces overall system efficiency.
Regardless of the routing strategy employed by various parts of the system, in certain applications, such as maintenance, diagnostics, and administrative functions, it is desirable to allow data communications between a node on one of the communications links in the system and a temporary node or processing device. This is particularly true in automated networked control systems. Such systems often have need for emergency maintenance and diagnostic activities and for temporary load analysis. Present techniques are cumbersome because these require temporarily disabling at least portions of the network while a new node is configured onto the network. Configuring new nodes on a network is difficult since new data communication path strategies must be worked out. Moreover, developing temporary data path strategies could result in inefficient communication strategies between the temporary or non-configured device and the nodes configured on the network.
In networked automated processing or computer systems multiple processors requiring access to the same data may exist. Often this data is acquired by one of the processors which communicates with a particular sensor. Other processors requiring the same data communicate with the processor containing the data, either directly or through an intermediary, over a data bus. Using currently existing methods, a processor requiring sensor data not available through its own sensors, communicates over the data bus to signal the processor interfacing with the sensor that data is required. In response, the processor connected to the sensor polls the sensor and retrieves the data. It then transmits this data to the requesting processor for use in the remote processing routine. In another known arrangement, the remote processors signal a master node that data is required from a sensor controlled by a different processor. The master node then signals the sensor controlling processor which then retrieves the data and transmits it to the master node. The master node then provides the data to the requesting remote processor. Thus, each time a processor requires data from a sensor, the sensor controlling processor must access the sensor and transmit the information either to the requesting processor or the master node. If numerous processors request frequent access to sensor information, the data bus connecting the remote processors to each other and/or to a master node quickly becomes bogged down with message traffic.
In another known method, slave sensors connected on a bus to a master sensor are set up with a filtering increment. When a filtering increment is used, the slave processor controlling the sensor defines a certain "delta" value that the sensor must change before the slave will report the new value to the master. The master keeps a copy of the data as the slave transmits it. When a filtering increment is employed, the slave processor determines how often data is sent to the master. Thus, even if the master processor has no requirement for updated sensor information, the slave processor signals the master that the information is to be transmitted. If the sensor parameter is one which changes frequently, the slave processor may inordinately occupy the data bus with unnecessary updates of information to the master processor.
In another known method, the master regularly polls each processor for sensor updates. This also results in excessive message traffic on the interconnecting bus, since data is transmitted automatically, even when updates are not needed. In addition, polling systems risk missing important transient data transitions which might occur in a sensor while the master is polling another sensor.
In each of the above cases, unnecessary message traffic on the data bus tends to create bottlenecks and reduces the ability of the data bus to respond quickly to higher priority message traffic.
Presently known systems usually operate according to a fixed set of instructions forming one or more programs. Temporary or permanent variations to a program are accomplished using a software patch. A software patch directs the program to jump to another memory location, execute the steps beginning at that location and return either to the location following the calling location or to a different memory location, thereby skipping a portion of the program. Known systems using software patch techniques do not provide an easy mechanism for implementing the transfer of control. For example, one must leave intermediate memory available for possible insertion of the jump prior to the instructions to be by-passed. More importantly, if the jump is somehow missed, the incorrect code with its unfortunate consequences will be executed. Thus, in currently available systems, it is desirable to improve the certainty of executing a revised set of instructions.
Another factor often not considered in modern automated processing and data communication systems is the reliability or integrity of data acquired and communicated among the elements of the system. The level of data integrity and reliability is especially important to facilities management systems which seek to achieve robust control of an environment or process by updating manipulated variables to desired states based on measured parameters of the process. Current systems fail to develop and effectively use reliability or data integrity indicators to produce controlled variations of system performance based on the quality of measured data.
Numerous computerized systems exist which perform high-level functions based on data obtained from various data acquisition devices. A facilities management system (FMS) used for industrial and environment control is one example of such a computerized system. Due to the wide variety of data acquisition and control hardware used in such systems, standard functional interfaces usually do not exist. In conventional systems, different software implementations are required to accomplish the different functions performed by the hardware to which interfaces are made. For example, programming required to receive data from a counter is different from that required to receive data from a voltmeter. Conventional systems with proportional and integral and derivative (PID) controllers also do not have prepackaged software functions which can interface to a variety of physical instruments. Programming required to obtain specific functions results in software individually tailored for specific pieces of hardware. In addition, some PID controllers require additional hardware to interface with specific systems. Thus, conventional systems do not provide a convenient means for transferring information between a hardware device performing data acquisition functions and a controller.
In the case of operating hardware which provides a binary input having two possible states to the computer (binary input hardware), various debouncing functions may be required, a normally open or normally closed state may be reversed from one apparatus to another, and alarm processing and triggering may be different depending on a function being performed by higher level software. In addition, some systems may require displaying the state of a binary input or overriding such inputs under certain circumstances. Additionally, some higher level software features may also require maintaining a history of binary input hardware states, a function which cannot be performed by many binary input type devices. Thus, conventional systems do not provide a convenient means for transforming binary input information between an operating binary input hardware device and a controller.
Output drive requirements of numerous analog and digital devices present similar difficulties. For example, programming required to drive a counter is different from that required to drive a voltmeter. Conventional systems with proportional and integral and derivative (PID) controllers also do not have prepackaged software functions which can interface to a variety of physical instruments. Programming required to obtain specific functions results in software individually tailored for specific pieces of hardware. In addition, some PID controllers require additional hardware to interface with specific systems.
Different priority queues, different minimum on and off times, different delay features and different alarm reporting requirements result in multiple software implementations. In addition, various output devices which can be driven to one of two states may require either a momentary signal or a maintained signal on a single line or on different lines to remain in the desired state. Programming required to obtain specific functions results in software individually tailored for specific pieces of hardware. As a result, when the hardware is changed, numerous software changes are also required. Thus, conventional systems do not provide a convenient means for driving binary output hardware units.
In a conventional system, operation of proportional plus integral plus derivative controllers used in Facilities Management Systems has traditionally involved control of one loop at a time. Multiple instances of such PID loops have not been controlled using a single software approach due to the variations in such loops.
Another factor in the design of facilities management and other systems is the design of control systems which are tolerant of system component failures which has been an objective for decades. The motivations for increasing levels of fault tolerance include improved human safety, equipment safety, and control of system performance. The most basic form of fault tolerance involves the application of fail-safe system components. In the traditional pneumatic HVAC controls industry, this often involves the use of normally open valves for heating applications and normally closed actuators for mixed air damper applications. Under these circumstances, a system failure (e.g., loss of compressed air, temperature transmitter failure) returns the mechanical system to a safe, although potentially uncomfortable and uneconomic state. In electronic control systems, electric actuators can be specified with automatic spring returns to provide a similar fail-safe functionality.
With the introduction of digital control systems, a higher degree of fault tolerance is possible. The digital controller has the ability to trap specific input signal fault conditions, such as a sensor malfunction, and can then partially compensate for that failure in software. The flexible software response is referred to as a fail-soft feature. Examples of fail-soft functionality in the event of a sensor failure include: 1) maintaining the current control signal, 2) commanding the control device to an intermediate safe position, or 3) computing an appropriate control signal based on an alternative strategy.
Aside from the application of redundant components, the use of an alternative or backup control strategy provides the best opportunity for simultaneously maintaining equipment safety, occupant comfort, and energy efficiency in the event of an instrumentation failure. An extension of the fail-soft concept involves the application of an intelligent strategy which individually adapts to a specific controlled process and can satisfy nominal system performance requirements over extended periods of time in the event of a failure. Some intelligent strategies are currently applied in advanced military aircraft and nuclear power plants. The method and apparatus described below is an intelligent backup control strategy to be applied in the HVAC industry.
Facilities management systems employ both demand limiting and load rolling for energy optimization. The demand limiting feature monitors the current energy consumption over a sliding interval of time corresponding to the demand interval used by the power company. This feature controls the system to maintain an average energy consumption below an established limit. Conventional systems which do not use historical data to predict future demand, tend to overreact to sudden peaks in energy consumption, and as a result shed excessive loads. The load rolling feature reduces total energy consumption by periodically shutting loads off for short periods of time. The user specifies a target amount of load to remain off. Systems that do not accommodate environmental conditions may cause extremes in areas controlled by loads that are shed for too long a period of time.
In a distributed facilities management system, loads might be distributed over multiple control nodes. However, one node runs the demand limiting and load rolling features, shedding loads on its and other nodes in the system. After shedding a load, a problem can occur where communications can be lost between the node issuing the shed command and the node that contains the load. In such a situation the load could remain shed indefinitely causing environmental extremes in areas controlled by the load. The node commanding the load shedding may also experience time delays and information bottlenecks in its attempt to monitor every load and its environmental overrides.
Conventional structures of program instructions used in facilities management systems have several drawbacks. Program statements and instructions requiring data must access that data from addressable storage locations. Thus a two step process involving identifying the address and later accessing the data in the address is required. In addition, conventional program structures do not permit immediate response to changing system conditions. Presently the program must specifically test a variable periodic intervals. Similarly it is difficult to share variables among processes. The resulting limitations of these program language constraints reduce processing through put.
Motors, actuators, dampers, positioning type mechanisms, and other devices and transducers in control applications often require an analog drive signal. Such analog drive signals may be either voltage or current sources depending on the requirements of the driven device. Generally, such analog output signals have their voltage or current outputs referenced to a common ground and are thus single ended. Large physical distances often exist between the analog signal source and the driven device. Cable mismatches and noisy environments through which cables interconnecting the analog source and the driven device pass introduce a path for entry of noise and ground current loops in such multi-port control systems. Often, the noise introduced has a summing effect relative to a common node, such as circuit ground, resulting in distorting the system control and operation. While there have been some attempts to eliminate such problems in analog voltage output circuits, a more comprehensive approach addressing both analog voltage and analog current outputs is needed.
Another important factor in achieving high level performance of facilities management systems is reducing effects of both external and self-induced noise. In addition, it is necessary for a system to provide immunity to external electromagnetic interference (EMI) and prevent the generation of unwanted levels of EMI which may effect other systems. This is particularly critical where wide dynamic range is required, for example, to accommodate both extremely low level sensor signals and much larger digital and binary signals. Systems which employ a single power supply and other known power supply filtering techniques may fail to provide sufficient isolation from spurious signals or sufficient reliability, due to their reliance on a sole power supply. Similarly, many contemporary systems also fail to sufficiently isolate digital signal lines from sensors which are subject to extremes of environmentally induced spurious signals. This is particularly important in systems employing bus structures and networks. An unpredictable variation in a single sensor on a network can result in systemic problems, if the signal is communicated to other devices connected to the same communications media. A further need for isolation from effects of failures of devices interconnected on a common communications media also exist. Omitting such isolation exposes networks and sub-networks to complete breakdown should a failure occur in a single node. Thus, it is desirable at all levels of system interconnection to provide for isolating interconnected system components from each other. Similarly, as mentioned above, it is also desirable to provide graceful system degradation in the presence of a failure.
Other limitations of facilities management systems arise in the connections of various devices to control nodes. Multiple devices, especially if connected on a bus, introduce noise on the transmission medium. In addition, the transmission medium may be susceptible to noise from other internal and external sources. Both differential noise, in which opposite polarity voltages appear on two leads of a transmission medium, e.g., a twisted pair, and common mode noise, in which the same noise is induced on both lines of the bus, are possible. Even where optical coupling of devices to the bus is used, it may be necessary to take steps to further reduce noise effects.