System Redundancy

Increased system redundancy, which can benefit the network if the rerouting of traffic is necessary during an emergency, construction/reconstruction, collision, or other disruptive event.

From: Highway Engineering , 2016

MAN Energy Solutions

Malcolm Latarche , in Pounder's Marine Diesel Engines and Gas Turbines (Tenth Edition), 2021

Common rail engines

Like other major medium-speed engine designers, MAN Diesel has developed a modular CR fuel injection system to foster free selection of injection timing and pressure independent of engine load and speed. The CR system was first announced in 2004 in conjunction with the established 32/40 engine. Fuel pressure generation and injection processes are separated and electronically controlled. A prime advantage is the reduction of smoke emissions, especially at low loads and during starting, and an improvement in the NOx-specific fuel consumption trade-off.

Based on the segmented rail concept, MAN Diesel's CR system is served by high-pressure pumps which compress the fuel to the required pressure and deliver it to in-line accumulator units forming the CR (Figs 22.33 and 22.34). Connections are provided on the accumulators for the injection valves and for the fuel distribution and injection-control components. The CR injection system is fully compatible for use with heavy fuels having viscosities up to 700   cSt at 50°C and temperatures up to 150°C, with all relevant components designed to withstand these conditions; in addition, they meet stiff requirements with respect to resistance to wear by abrasive particles and the aggressive contents of HFO. CR engines can be started and stopped on HFO, and in a load range from 100% down to 20% they can be operated without interruption. Below 20% load, the engines can be run on HFO with a time limit.

Fig. 22.33

Fig. 22.33. Key elements of MAN Diesel's CR fuel injection system on a 32/44CR engine showing an accumulator served by a high-pressure pump and supplying two injectors.

Fig. 22.34

Fig. 22.34. Arrangement of the CR fuel injection system.

The CR injection system is modular in design and subdivided into a series of compact pressure reservoirs or accumulators; using multiple accumulators reduces pressure fluctuations in the system and makes rational use of space available on the engine. Each accumulator segment serves one or two fuel injectors featuring conventional nozzles. The solenoid injection-control valves are located on the segmented rails and connected to standard pressure-controlled injectors. No separate servo circuit is required for activating the electronically controlled injection valves which are arranged on the rail away from the hot cylinder heads to secure greater system reliability and easier maintainability. MAN Diesel reports that ease of installation and maintenance is also fostered by the simple assembly procedures.

System safety and redundancy was a priority in development, leading to the adoption of these key features:

Injection pressure only during injection at the injection valve (no risk of uncontrolled fuel injection because of leaking control or injection valves).

All high-pressure lines, rails, and units are double-walled (no risk arising from fuel escaping from leaking or damaged lines.

Fuel-limiting valves on each cylinder (prevent uncontrolled injection).

Nonreturn valves on each cylinder (ensure that fuel backflow from the fuel low-pressure system into the cylinder is impossible).

Use of at least three high-pressure pumps (emergency operation possible in the event of failure of one pump).

Safety valve with additional pressure control valve (emergency operation possible in the event of a fault in rail pressure control).

Two rail pressure sensors and two engine speed/top dead centre pickups (sustained operation if a sensor fault occurs).

MAN 32/44CR engine

MAN's first all-electronic four-stroke engine, the 32/44CR design, was launched in 2006 to supplement the popular 32/40 series with a CR fuel-injected derivative. Retaining the 320   mm bore, the designers sought a higher specific output (560   kW/cylinder), lower fuel consumption, and reduced emissions from a 10% increase in piston stroke (from 400 to 440   mm). The adoption of CR fuel injection and a considerably more efficient turbocharger also contributed to the power rise and emissions performance.

A higher power density than the 32/40 engine dictated a number of key component modifications. In particular, the cylinder head and valves were modified to cope with the increased cylinder pressure, and the valve guides were extended and the seats modified. In addition, the crank drive was completely revised and optimized using computer design techniques. An all-steel piston incorporating two compression rings as part of an enhanced three-ring package features an enlarged oil cooling gallery and larger piston pin diameter to match the higher rating of the engine. The piston length was also reduced so that, despite these measures, its weight was not higher than the 32/40 engine component.

Additionally, the cross-sectional diameter of the connecting rod shaft was increased and the number of bolts at the big end bearing increased from two to four. The higher number of bolts allowed for a more even distribution of the stresses at the joint line and facilitated a slimmer connecting rod than with the two-bolt design. Two camshafts are featured: a standard full-length unit for actuating the gas exchange valves and a shortened unit serving the high-pressure fuel injection pumps. Shortening the injection camshaft not only reduces its friction characteristics but also the engine manufacturing costs: cited by MAN Diesel as an example of how CR injection can improve not only engine performance but also design and production.

MAN CR engine parameters
32/44CR 48/60CR
Bore (mm) 320 480
Stroke (mm) 440 600
Cylinders 6–10L/12–20V 6–9L/12–18V
Speed (rev/min) 720/750 500/514
Mean piston speed (m/s) 10.6/11 10/10.3
Mean effective pressure (bar) 26.4/25.3 26.5/25.8
Max. combustion pressure (bar) 230
Output/cylinder (kW) 560 1200
Power range (kW) 3360–11   200 7200–21,600
Specific fuel consumption (g/kW   h) 177–179 174–180

MAN 48/60CR engine

CR fuel injection technology was extended by MAN Diesel to the 480   mm bore 48/60B design in 2007, the resulting 48/60CR engine retaining the 1200   kW/cylinder rating of its predecessor (Fig. 22.35). Following the precedent of the 32/44CR engine, the solenoid injection-control valves are located on the segmented rails and connected to standard pressure-controlled injectors. No servo assistance of injector opening is required. Such an arrangement keeps sensitive components away from the hot cylinder heads and facilitates retrofitting to engines in service since identical injectors are used on the 48/60B design.

Fig. 22.35

Fig. 22.35. A 48/60CR engine with a cylinder unit exposed for an exhibition.

MAN 45/60CR engine

In 2017 the company announced the 45/60CR medium-speed engine as the successor to the 48/60CR with designs on it becoming an engine of choice for the booming cruise ship sector. The new engine combines the proven characteristics of its predecessor—the MAN 48/60CR—including its in-house common-rail injection system, with the latest innovations in diesel-engine technology such as two-stage turbocharging.

With improved power output and specific fuel oil consumption compared to the MAN 48/60CR—the new engine will be available in both in-line and vee configurations.

The 12V and 14V versions, with power outputs of 15,600 and 18,200   kW, respectively, will be launched first towards the end of 2020, with the in-line range of engines from 6 to 10-cylinder models planned to be introduced in 2022. The engine is intended to be the start of a new family, and a dual-fuel version will be introduced at a later stage.

Unlabelled Image

MAN 45/60CR V12

The timing of the announcement of the new engine was done some 3 years before production was likely to begin so as to generate interest in it and most of cruise ship operators have several projects already under construction with most of the main cruise shipbuilding yards occupied through to 2021/22. If the new engine is specified for new projects after the current crop of newbuildings is delivered, it will be easy to bring into production.

In the development of the 45/60CR, much use was made of computational fluid dynamics to simulate and optimize the combustion process and finite element analysis was used to optimize the engine's mechanical strength and vibration behaviour.

The 12-cylinder vee engine will offer a further 300   kW/cylinder power increase and a −   4% decrease in SFOC from 173 to 166   g/kWh compared to the similarly configured 48/60CR, with just an extra 7   t of weight. The extra weight is due to reinforcing the engine base and the addition of a two-stage turbocharger. The turbocharger setup for V-Engines is foreseen as TCX for high-pressure stage and TCA for the low-pressure stage. Despite the turbo-charging being two-stage, load pickup behaviour is the same as for the single-stage turbocharged 48/60CR engine.

As well as the two-stage turbocharger, other crucial elements to the new engine include the latest generation safety and control (SaCos) system and a new version of the ECOMAP control software that enables users to optimize operation of the engine.

MAN 45/60CR specifications
Bore 450   mm
Stroke 600   mm
Power output per cylinder 1300   kW
Speed 600   rpm
BMEP 27.2   bar
Specific fuel oil consumption L: 167   g/kWh; V: 166   g/kWh
6L45/60CR 7800   kW
7L45/60CR 9100   kW
8L45/60CR 10,400   kW
9L45/60CR 11,700   kW
10L45/60CR 13,000   kW
12V45/60CR 15,600   kW
14L45/60CR 18,200   kW

Read full chapter

URL:

https://www.sciencedirect.com/science/article/pii/B9780081027486000220

Reliability and system design

Hugh Jack , in Engineering Design, Planning, and Management (Second Edition), 2022

8.6 Passive and active redundancy

A triple-modular-redundancy (TMR) system is shown in Fig. 8.17. In this system there are three modules that do the same calculations in parallel. If everything is operating normally they should produce the same results. Another system compares the results from the three modules, looking for a mismatch. If the results from any module do not match the other two, a fault is detected and the majority of the two sets the control output. This system was used for the navigation computers for the space shuttles. The systems were designed and built by three independent contractors. Despite all of the testing, these systems were not ultimately proven until the first space shuttle mission. The approach helped to offset the critical risk associated with the guidance system.

Figure 8.17. A triple-module passive-redundancy system.

If there is a random failure in any of the TMR modules, it will be outvoted and the system will continue to operate as normal. This type of module does not protect against design failures, where all three modules are making the same error. For example, if all three had Intel Pentium chips with the same math mistake, they would all be in error and the wrong control output would be the result. (Note: This design problem occurred in one generation of Intel CPUs.) This module design is best used when it is expected that one of the modules will fail randomly with an unrecoverable state.

When hardware or operating system issues are expected, backup hardware can be prepared for "hot swap" (Fig. 8.18). In this approach, there is a monitor that looks for failure in the prime module. In the event of failure the prime module is disconnected and the backup module is switched on to take its place. This approach is very common in mission-critical industrial control systems. The industrial controllers can self-detect software and hardware failures and can signal the next controller to take over. Another popular electronics approach is to use a watchdog timer. The software must reset the timer regularly, often every 1/10   s. If the timer is not updated, a fault condition is flagged. Sometimes all of the backup modules will run in parallel with the prime module, monitoring inputs but not able to change outputs.

Figure 8.18. An example of an active redundant system.

This method depends on a careful design of the monitor module. As with the TMR modules, this system is also best used to compensate for complete module failure. If needed, this system can be used with analog electronics and mechanical components.

Read full chapter

URL:

https://www.sciencedirect.com/science/article/pii/B9780128210550000086

Leak Detection System Infrastructure

Morgan Henrie PhD, PMP, PEM , ... R. Edward Nicholas , in Pipeline Leak Detection Handbook, 2016

8.5 Resilient System Design

Leak detection systems are safety systems. The intent and purpose of these systems are to provide the operator with reliable notification that a breach in pipeline integrity has occurred. As such, the system design must be resilient so it can graciously handle abnormal states while continuing to meet the design intent.

That said, what is a resilient system design? We can define resilience as the ability to gracefully handle both abnormal events and recovery. However, to expand on this further, we look at resilience as the ability of the system to handle variations, disruptions, and abnormal events without catastrophic failure.

We can demonstrate this with a balloon metaphor. Once inflated, we can push our finger into the balloon, but it does not pop. It changes shape and adapts to our prodding it. Once we remove our finger, it returns to a normal state. You can even have multiple people push on the balloon and it just changes shape until removal of these external forces occurs. However, you can exceed the balloon limits and stress it beyond its resilient level, and then it will pop. Implementing a resilient design does not guarantee that the system will not fail, but it does result in a system that can survive a broader set of variations, disruptions, and abnormal events.

Resilient system design includes all of the following:

1.

Telecommunications system redundancy between the field and the central leak detection location.

2.

Redundant communications between SCADA and the leak detection system.

3.

Leak detection system redundancy. The leak detection system should be installed on at least two independent hardware or virtual server platforms with automatic synchronization between the two on redundant communications circuits.

4.

Robustness of the leak detection system's algorithms and software. Garbage data should not cause the leak detection system to fail, although the results may cease to be meaningful until the data quality is restored.

Redundant field devices also contribute to a resilient system design. Unfortunately, it is rare that the field data itself is redundant. Therefore, even if all other aspects of the system are resilient, the system may be disabled by field data failures. For this reason, field maintenance personnel must treat instrumentation problems that impact the leak detection system as high-priority incidents.

Read full chapter

URL:

https://www.sciencedirect.com/science/article/pii/B978012802240500008X

Distributed control system

B.R. Mehta , Y.J. Reddy , in Industrial Process Automation Systems, 2015

3.8.6 Diagnostics

Integrated diagnostics is an important feature of the DCS. The diagnostics cover hardware, redundancy, communications, control, and, to some extent, the software that makes up the DCS. Usually a system alarm is reported on the failure or malfunction of any of these components and the necessary log messages are recorded.

The tests built into the control room equipment are designed to analyze a high proportion of all failures, diagnose the problem, and pinpoint the logical replaceable unit (LRU) or optimum replaceable unit without intervention by the operator or a maintenance technician while the system is online and controlling the process.

3.8.6.1 Redundancy

Redundancy is an important requirement for any critical process control application using DCS. Several DCS redundancies are built at the level of communication media, controllers, I/O cards and I/O communications/connections, and workstations. In very critical systems, where safety is a big concern, it is also possible to take redundant or preferably two out of three voting measurements and discard the defective or inaccurate one during control execution. Redundancy at various levels helps the user to upgrade components online in the control system. However, in critical processes this has to be very carefully planned so that neither safety is compromised nor does the enterprise suffer a production loss.

Read full chapter

URL:

https://www.sciencedirect.com/science/article/pii/B9780128009390000061

Smart Grid Infrastructures

Magdi S. Mahmoud , Yuanqing Xia , in Networked Control Systems, 2019

7.3.5 Coordinated Attacks on WAMPAC

Intelligent coordinated attacks can significantly affect a power system security and adequacy by negating the effect of system redundancy and other existing defense mechanisms. North American Electric Reliability Council (NERC) has instituted the Cyberattack Task Force (CATF) to gauge system risk from such attacks and develop feasible, and cost-effective mitigation techniques. NERC CATF identifies intelligent coordinated cyber attacks as a category of events that are classified as High Impact Low Frequency (HILF), which cause significant impacts to power system reliability beyond acceptable margins.

The failure of any single element in the power system, such as a transformer or a transmission line, is a credible contingency ( N 1 ). The possibility of simultaneous failures of more than one element in the system is also taken into account when they are either electrically or physically linked. However, the definition of a "credible" contingency changes when potential failures from coordinated cyberattacks are considered. Also, an intelligent coordinated attack has two dimensions, where attacks can be coordinated in space and/or time. For example, elements that do not share electrical or physical relationships can be forced to fail simultaneously, or in a staggered manner at appropriate time intervals depending on the system response, which could result in unanticipated consequences. See Fig. 7.9.

Figure 7.9

Figure 7.9. The network architecture in the smart grid: backbone and local-area networks

Read full chapter

URL:

https://www.sciencedirect.com/science/article/pii/B9780128161197000150

Submarine system powering

Koji Takehira , in Undersea Fiber Communication Systems (Second Edition), 2016

10.5.1 Power feeding system reliability

Power feeding equipment is designed to have several redundant functions/components such as:

1.

System redundancy: PFE located at both end stations in the trunk line is typically configured for double-end power feeding. As the line current is controlled by both stations, via current master-master control, in a double-end power feeding configuration, the line current is maintained at its desired value by the auto-adjustment of the feeding voltage at each PFE – even if a cable fault occurs in line between the stations, or if a fault develops in one PFE.

2.

Equipment redundancy: PFE located in a branch station which feeds the power to a BU sea-earth is configured for single-end power feeding. In this case, PFE equipment consists of distinct working and standby equipment, i.e. equipment redundancy is implemented. This single-end power feeding configuration cannot maintain system operation in the event of a cable fault, but can do so in the event of total failure of one PFE. For cost efficiency, equipment redundancy is not always provided; however, a full set of individual parts is typically provided as spares.

3.

Parts redundancy: PFE is designed to duplicate key components to maintain its functionality in case of the failure of subsystems. The key components of a typical PFE are: 1) power converter unit, 2) current/voltage detection package, and 3) current/voltage controller package. All such subsystems are protected by duplication.

In addition, the earth return current feeding path is also duplicated. The PFE is connected to both a sea earth and a station earth, and the changeover between these two return paths is generally automatic.

Furthermore, as described above, the power feeding path can be reconfigurable by using branching units, where deployed.

Based on a combination of these features, the overall reliability of the power feeding system is extremely high.

Read full chapter

URL:

https://www.sciencedirect.com/science/article/pii/B9780128042694000106

Reliability Engineering

D.R. Kiran , in Total Quality Management, 2017

27.14 Reliability Prediction

Reliability prediction, the process of forecasting the probability of success from available data is one of the important techniques in knowing the reliability of an equipment or system. It involves estimating the reliability (ie, performance of the system over a period of time) based on the failure rate of the components. It thus helps in identifying weak areas in a design, and also in choosing the best design from among alternate configurations.

27.14.1 Ingredients for Reliability Prediction

Reliability relationships

Reliability concepts

Constant failure rate

The "Bathtub" Failure Rate curve

System redundancy

Fault tolerance

Functional redundancy

Fault avoidance

27.14.2 Purposes of Reliability Prediction

1.

Assuring the feasibility of reliability requirements (downtime, etc.) for the design proposed

2.

Comparing competing designs

3.

Identifying potential reliability problems

4.

Planning maintenance and logistic support strategies

5.

Reliability predictions can be used to assess the effect of product

6.

Reliability on the maintenance activity and on the quantity of spare

7.

Units required for acceptable field performance of any particular system. For example, predictions of the frequency of unit level maintenance can be estimated

8.

Estimating unit and system lifecycle costs

9.

Provide necessary input to system level reliability models

10.

Assist in deciding which product to purchase from a list of competing products

11.

Useful in setting standards for factory reliability tests and field performance

The failure rate of all the cards in the system are evaluated as per "QM115A Quality Manual on Guidelines to calculate theoretical reliability failures for telecom equipment" issued by Telecom QA circle, DOT, Issue 2, Jan. 1997.

In his address on Prevention of Problems on Reliability and Safety at NIQR, Chennai, in January 2015, Professor Kazuyuki Suzuki of University of Electro-Communications, Tokyo, emphasized that events that cannot be predicted, cannot be prevented. But careful consideration of the following would provide an inductive approach to understand the situation for more accurate prediction.

Sharing of problem information beyond organization

Abstraction and generalization of individual problems

Implementation of PDCA cycle

Practical use of incident information

Read full chapter

URL:

https://www.sciencedirect.com/science/article/pii/B9780128110355000271

Integrated ESS application and economic analysis

In Grid-scale Energy Storage Systems and Applications, 2019

5.4.3.1 Reducing the need to construct new distribution stations for users

The capacity of distribution systems is usually determined by maximum load. In addition, for users that require higher power supply reliability, the distribution systems' redundancy should be increased. However, ESSs installed at the low-voltage side of the distribution systems can help fulfill power supply demand during peak hours and reduce the required capacity of the distribution systems and therefore save related investment. Equivalent annual revenue present value thereof should be calculated as follows:

(5.38) R 1 = d C d η ( P max P a )

Where d is the rate of depreciation of fixed assets for power distribution to users; C d is the unit cost of power distribution system for users, RMB/MW; η is the efficiency of energy storage devices; P max is the maximum load per day, MW; P a is the average load power per day, MW.

Read full chapter

URL:

https://www.sciencedirect.com/science/article/pii/B9780128152928000058

Cloud and IoT technologies

Nassim Khaled , ... Affan Siddiqui , in Digital Twin Development and Deployment on the Cloud, 2020

2.3 Evolution of cloud technologies

The cloud platform services have now evolved to include

a.

Infrastructure scalability at almost real time—to enable hardware scaling up/down without having to shut down the virtual PCs.

b.

Redundancy systems to secure data across geological locations serving for disaster recovery.

c.

Humongous storages for databases for storing customer data safe and secure (Database as a Service).

d.

Developer centric tools offered as SaaS—to enable small- to large-sized teams to collaborate and develop software using cloud licensing.

e.

Various collaboration tools to enable global teams to collaborate over Internet.

f.

Analytics tools for data scientists—which have huge horse power computers able to churn data and provide results in almost real time.

g.

Video analytics tools that are developed by experts, which are offered as services to do real-time video streaming to cloud and processing for object detection, analysis, etc.

h.

Image processing and computer vision toolkits and services with standard algorithms for face recognition, text recognition, speech processing, color segmentation, and object detection, etc.

i.

Security services—companies can now secure their web traffic by using services and cryptic authentication methods that use hardware keys for security signing, etc.

j.

Internet of things (IoT)—to enable machines to cloud interfacing, which has opened a new dimension in predictive maintenance, remote monitoring (real time), tracking of machine performances historically, etc.

Read full chapter

URL:

https://www.sciencedirect.com/science/article/pii/B9780128216316000025

Reliability, Availability, and Maintainability (RAM Analysis)

Dr Eduardo Calixto , in Gas and Oil Reliability Engineering (Second Edition), 2016

Cold Water Subsystem

The cold water subsystem will include four absorption and four electrical chillers, with pumps, valves, and control meshes, requiring at least one chiller for the CIPD supply. Thus the electrical chillers will remain as cold water system redundancy. This subsystem is essential to CIPD availability, because in the event of downtime the CIPD will be unavailable.

In the event of failed gas supply to absorption chillers and motor generators, the three electrical chillers go into operational mode automatically, with power provided by Light. In the event of simultaneous failure of gas and electrical power supply by respective providers, only the CIPD will be maintained, with electrical power provided by diesel generators. Thus, in the first phase, under emergency conditions (electrical power supply failure by provider and/or gas supply failure), the water-cooling system will minimally provide the volume required to maintain one electrical chiller operational so as to supply the CIPD.

Read full chapter

URL:

https://www.sciencedirect.com/science/article/pii/B978012805427700004X