FAT & SAT in Automation System
FAT & SAT in Automation System
FAT & SAT in Automation System
n),
the protective circuit will dissolve and break the current. The relay must then be reset (usually
manually) before the circuit begins to operate normally again.
Figure 9. Modern earth fault relay, ABB
(http://www.relayspec.com/Company_listings/a/Abb/news/2012/05_15a/05_15a.jpg)
22
Generator protection
As a generator is a major component in a power system, it is quite necessary to take all
preventive measures possible for the protection of the generator. /4/
Both fault conditions and operating condition faults may occur, and protection relays need to
be able to protect the generator from both of these faults.
When connecting the generator to the step-up transformer an isolated phase bus is used. This
separated phase greatly reduces the possibility of a phase-to-phase fault at the terminals of the
generator. /4/
Possible fault conditions for generators are:
Stator short circuits
Stator/rotor interturn faults
Stator earth faults
Rotor earth faults
External faults
23
Figure 10. Possible faults in generator windings /4/
Stator short-circuits
Stator short-circuits are often caused by a deterioration of insulation, as deterioration occurs
over time and usage.
The consequences of a stator short circuit can be:
Insulation, windings and stator core can be damaged
Large forces caused by large fault currents may damage other components in the plant
Risk of explosion and fire
Mechanical stress on generator and turbine shafts
24
Because the risk of getting large fault currents when short-circuits do occur, a fast operating
(instantaneous) protection function is needed to prevent damages to the generator and other
parts in the power network.
Fault current fed from the generator can trip the field breaker and interrupt the primary power
to the turbine.
Turn-to-turn (interturn) faults
Generator differential protection will not detect these faults (even when 100% of the winding
is short circuited!), which is why you may want turn-to-turn fault protection. However, this
protection is often omitted because turn-to-turn faults are quite rare and they will sooner or
later evolve into stator earth-fault. /4/
Stator earth faults
A stator core damage is dependent on the earth fault current, and to decrease the possible earth
fault current (typically to less than 10A), different grounding methods are used, in order to:
Reduce the iron core damage and mechanical stress
Limit the transient voltages during the fault
Provide a means to detect a ground fault
Causes for a stator ground fault can be:
Transient overvoltage
- Caused by e.g. lightning or switching overvoltages
Temporary overvoltage
Degraded insulation, caused by e.g.
- High temperature
- Aging
- Vibration / mechanical impact
25
The consequences of a ground fault are:
Damages to the stator iron
Increased voltage on healthy phases
Rotor earth faults
The field circuit of the generator is normally isolated from earth. With a single fault in the
rotor circuit it is possible to continue operation without any generator damages. However, if a
second rotor ground fault occurs, there will be unbalanced currents in the rotor poles and risk
of severe damages due to high vibrations. The requirement of fast fault clearance is moderate
but has to be done. /4/
Possible operating condition faults are:
Overcurrent/overload
Unbalanced load/open phase
Overtemperature
Over- and undervoltage
Over- and underexcitation
Over- and underfrequency
Over-fluxing (excessive V/Hz)
Asynchronous running
Out of step
Generator motoring
Failures in the machine control system (e.g. AVR or governor failure)
Failures in the machine cooling system
Failures in the primary equipment (e.g. CBF, breaker head flashover) /4/
26
Unbalanced load/open phase
If the generator load becomes unbalanced, negative phase sequence currents flow. This will
cause a magnetic field rotation in direct opposite to the direction of the rotor field. The relative
speed between the two is double the rotor speed. Double frequencies are induced in the rotor,
which causes severe heating of the rotor and can damage it.
Unbalanced stator currents also cause severe vibrations and heating of the stator. Hence it is
necessary to provide protection against unbalanced load condition.
Overtemperature
If the protection relay supports overtemperature protection, it can be configured to trip the
generator offline when the generators thermal limits are reached, or close an alarm contact to
announce the operating personnel that actions need to be taken to prevent damage to the
generator.
Over- and undervoltage
With faulty AVR, overvoltage can cause damage on the insulation system of stator windings
and overexcitation of the generator transformer block. Measurement is done over all three
voltages and by phase-to-phase or phase-to-neutral conductor with selectable x out of 3 logic
for tripping. /4/
Undervoltage is not critical for the generator-transformer block itself, but critical for auxiliary
services.
27
Over- and underexcitation
Overexcitation, also called overfluxing, can be caused by failure of the voltage feedback
circuit to the AVR, which may ramp up the generator current in an attempt to achieve the
desired voltage.
However, overexcitation can be used to protect the generator and the transformer magnetic
core from overheating, especially during start-up and shut-down.
Underexcitation, also called loss of field protection, can like overexcitation be caused by
faulty AVR operation or incorrect handling of the voltage regulator. This can also be caused
by the generator running with too high a capacitive load.
Other reasons for possible failures of excitation may be short circuit in the excitation circuit,
or interruption in the excitation circuit. /4/, /6/
28
Transformer protection
Transformer theory
A transformer is an electrical device designed to transfer energy from one circuit to another by
means of a magnetic field. There is no direct electrical wiring between the two circuits,
transformation is done over the magnetic field.
When alternating current flows through a conductor, a magnetic field is generated around it. If
a second conductor is placed in the field generated by the first conductor, voltage is also
induced in the second conductor. The use of a magnetic field from one coil to induce voltage
into a second is the basics of transformer theory and application. /11/
Figure 11. Transformer example (http://wiki.4hv.org/images/e/e0/Transformerex.jpg)
Air core transformer
Normally an iron or steel core is used between the two coils, but it is also possible to use air
core transformers. However, such transformers are quite inefficient since the percentage of the
flux from the first coil that links to the second coil is small. One way of improving the
efficiency is to increase the number of turns in the coil, but this will increase the costs.
29
Iron or steel core transformer
The efficiency of these kinds of transformers is much greater than air core transformers. The
ability to carry flux is called permeability, and modern electrical steels have the permeabilities
of around 1500, compared to 1 for air. This means that a steel core is able to carry a magnetic
flux 1500 times greater than an air core. /11/
Protection
Transformer failures need expensive and long time repairs. Because of this, good protection
against possible faults is needed.
Although fuses can work in certain situations, it is not recommended that transformers larger
than 10 MVA are protected with fuses. Larger transformers are to be protected with more
sensitive devices, such as differential relays. /11/
Transformer faults can be caused by:
Long time overheat caused by aging of the insulation
Dirty or bad quality oil in transformer
Overvoltages
Overcurrents
Short circuit forces at windings caused by external faults /16/
30
Motor protection
Induction AC motor
This motor, often called the squirrel cage motor is the most common type of large motors used
in a thermal generating plant. These motors are very rugged and require very little
maintenance. The induction AC motor consists of two main components: the stator and the
rotor. As the name implies, the stator is stationary and does not move and the rotor is thus the
rotating part of the motor.
The stator contains a pattern of coils arranged in windings. As alternating current is passed
through the windings, a moving magnetic field is formed near the stator. A more thorough
description of the induction phenomena can be found in chapter 2.3.8, excitation.
Figure 12. Rotor and stator /17/
Protection
Protection needs to be able to handle abnormal conditions. These faults can be internal or
external.
Internal: The cause of these faults may be insulation failure, bearing failure or under-
excitation.
External: The cause of these faults may be due to insufficient cooling, reverse starting,
over- and undervoltage, vibration etc.
31
Testing
The protection relays are tested at FAT and SAT with Omicron CMC 356 plus High
precision relay test set and universal calibrator. Omicrons high accuracy and flexibility make
it ideal for testing and measuring. /5/
With Omicron Control Center you can create automatically generated relay specific test
reports. These automatically generated test reports are often too long to have people reading
through them in detail, thus besides Omicrons automatically generated test reports, a checklist
containing the most vital data is also brought to the FAT or SAT.
Omicron is connected to the protection relays, and a computer is then connected to the
Omicron and tested with the omicron control center (OCC).
Figure 13. Omicron 356 Plus /5/
32
2.3.8. Excitation
The magnetic field may be produced either by permanent magnets or by field coils. If field
coils are used, a current must flow in the coils to generate the field, otherwise no power is
transferred to or from the rotor. The process of generating a magnetic field by means of an
electric current is called excitation. /9/
Electromagnetic induction is the basis for all electric motors. When a conductor moves
relative to a magnetic field, the two sides of the coil move in the opposite direction, and
voltage is induced at each side. The value of the resulting voltage is equal to the minus of the
rate of change in magnetic flux times the number of turns in the coil: .
This relationship has been found experimentally and is called Faradays law. /9/
Figure 14. End view of two rotor segments (magnetic interaction with stator) /16/
Permanent magnet synchronous generators are usually used in ABBs excitation systems,
since the planned power plants (usually bigger than 5MVA) are too big to use field coil
generators in. In permanent magnet synchronous generators the magnetic field of the rotor is
produced by permanent magnets. This excitation can be done either by having alternating
north and south poles around the rotor diameter, or by having the same number of rotor poles
as the stator poles. /15/, /11/
33
Synchronous generators require direct current field excitation to the rotor, provided by the
excitation system. /11/
The main functions of excitation systems are to provide variable DC current with short time
overload capability, to control the generator terminal voltage with suitable accuracy, to ensure
stable operation with network and/or other machines, to contribute to the transient stability
subsequent to a fault, and to communicate with the power plant control system. With these
functions met the system will have a high reliability. /10/
34
3. The standard templates
The results of this thesis consist of an investigation of old FAT and SAT documents and an
attempt to get good standardized documents for ABBs various automation and electrical
system cabins.
The standardization is divided into several smaller areas around the main topic FAT/SAT:
General
800xA + Panels
AC800 + S800
Turbine modules
Protection relays
Excitation
3.1. General
This part covers vital information that needs to be checked and/or filled in before starting any
measurements of the actual FAT or SAT. In this part there are tables for filling in what is to be
tested and when, the participants and the company they work for, the system structure and
other necessary points of preparation. This part of the standard in found in appendix 1.
3.2. AC800 + S800
This part is the largest one, containing controller tests, IP address configurations, alarm
configurations and signal test tables etc. After each successful test, the date and signature are
noted in their respective fields.
35
3.3. 800xA and panel
The control panels and the 800xA system are tested according to this template. Since different
systems contain differently programmed systems and panels, it is hard to create a standard
template for this part. However, a basic template is found in the appendix 3.
3.4. Turbine modules
Normal turbine modules in hydroelectric power plant automation are the valve positioned
module VP800, the frequency measurement module AS800 and the vibration measuring
module MCM800. These are to be tested according to the test document template found in
appendix 4. As these modules follow the same looking template, only one is attached in this
thesis.
3.5. Excitation
The excitation part has not been dealt with at all in this thesis although this part also needs its
own template. This is due to the fact that the standard documents are ready-made and finalized
by ABB colleagues in Switzerland, and their standards have to be followed and used.
Consequently, when testing ABBs excitation systems, the Swiss standard documents are
used.
Besides these Swiss standard documents, there are boxes for filling in excitation tests in the
same appendix as the protection relay appendix 5.
36
3.6. Protection relays
As mentioned earlier, protection relays are tested with Omicron CMC 356 Plus, which is
connected to a computer with the Omicron Control Center (OCC). OCC can create
automatically generated test documents, but these are often too long for anyone to read.
Therefore a checklist of necessary information is good to bring to a FAT or SAT. This
checklist has been created and can be found appendix 5.
4. Discussion
I got the assignment in the autumn of 2012 and had at that time only worked at the service
department of Power Generation, where I handled after sales and warranties. Since I had not
been involved in any projects at all other than looking at their list of apparatus to determine
what spare parts to offer, there were quite many parts and functionalities I didnt know much
or anything about.
When I started out with the thesis work I didnt really know where to start because it is such a
wide area. Along with that I only had access to a handful of old test documents, and they
differed quite much compared to one another. Consequently, the first thing I had to do was to
make sure I would get access to the different network places where I could find the old
documents. After getting access to the different network places where I could find the test
documents I started digging through these places to get a good handful of them. While
investigating the documents I then had gathered, a tip was given to sort the documents I had in
different plant types and inside the plant types also in different systems. When this was done, a
meeting was held and at that meeting decided that my work would be restricted to hydropower
plants only.
37
With the restriction done I started reading about hydropower theory along with trying to figure
out what to add in the standard test documents, by investigating old hydro FAT and SAT
documents. From the old documents I chose the best summarized parts, with both instructions
and ease of use in mind. These documents were then tidied up and translated into English.
While doing this work I have learned a lot about both how a hydropower plant works,
functions of ABBs electrical and automation cabinets although I havent actually been
involved in any project or done any testing myself.
To succeed even better with the thesis work, better starting conditions would have been good.
If I would have been able to participate in at a few FATs and SATs before I started, or while
doing the work would have helped a lot. Furthermore, better planning from the start would
have been good, since e.g. the hydropower restriction came quite late. However, the extra
search and investigation of other power plant type tests is not wasted time.
Finally I want to thank my supervisors and all people that have helped me at ABB , and also
my supervisor at Novia University of Applied Sciences.
38
5. List of references
/1/ The ABB Group
http://www.abb.com
(Read 11.01.2013)
/2/ FK10-7-1S Relskydd.pdf
ABB internal document
(Read 12.01.2013)
/3/ System 800xA introduction
http://www.abb.com
(Read 20.01.2013)
/4/ SEP661 Generator protection REG670/650
ABB internal document
(Read 31.01.2013)
/5/ CMC 256 Plus
http://www.omicron.at/en/products/pro/secondary-testing-calibration/cmc-356/
(Read 30.01.2013)
/6/ Under Excitation Protection
http://www.scribd.com/doc/8690902/Under-Excitation-Protection
(Read 31.01.2013)
/7/ System 800xA Modules and Termination Units
ABB internal document
(Read 04.02.2013)
/8/ AC 800M Controller Hardware
ABB internal document
(Read 04.02.2013)
/9/ How a Generator Works
http://www.generatorguide.net/howgeneratorworks.html
(Read 13.02.2013)
/10/ Excitation Basics Theory UNITROL 1000
ABB internal document
(Read 13.02.2013)
/11/ Grigsby, L.L. (2001). The Electric Power Engineering Handbook, chapter 2.4
Auburn, Alabama: CRC Press LLC
(Read 13.03.2013)
/12/ Hydroelectricity
http://en.wikipedia.org/wiki/Hydroelectricity
(Read 19.02.2013)
39
/13/ Crispin, A.J (1997). Programmable Logic Controllers and their Engineering
Applications, pages 9-10. London: McGraw-Hill
/14/ How the PLC works?
http://masterplc.blogspot.fi/2010/01/how-plc-work.html
(Read 28.02.2013)
/15/ Permanent magnet synchronous generator
http://en.wikipedia.org/wiki/Permanent_magnet_synchronous_generator
(Read 01.03.2013)
/16/ MV Protection Relay Applications
ABB internal document
(Read 04.03.2013)
/17/ AC and DC Motors AC Motors: AC Induction Motor
http://www.globalspec.com/reference/10791/179909/chapter-3-ac-and-dc-motors-ac-
motors-ac-induction-motor
(Read 05.03.2013)
/18/ Hackworth, J.R & Hackworth F.D (2004). Programmable Logic Controllers:
Programming Methods and Applications, chapter 2 and 8. Pearson Education.
/19/ Standard processbilder Vattenkraftverk
ABB internal document
(Read 15.03.2013)
Appendices
Appendix 1 General
Appendix 2 AC800 + S800
Appendix 3 800xA/Panel PP846
Appendix 4 Turbine Modules
Appendix 5 Protection relays & excitation
APPENDIX 1
1 (6)
General
Scheme
Date Time Tests Responsible
Place:
Participants
Name Company Title
APPENDIX 1
2 (6)
Intention
The document describes the goal with FAT, what should be tested and approved after completion. This
is done to get the delivery accepted by the customer and thereby minimize commissioning time at site.
Functions
- All functions meet given requirements and comply with given descriptions of the systems that
are included. This applies to both standard features and specially developed ones.
- Functions cooperate globally as intended for the various systems that are interconnected.
Database content
- Input data is consistent with requirements according to scope of delivery. Includes all relevant
types of data, images, I/O signals etc.
Performance and use of capacity
- Performance and capacity of individual systems and performance for functions meet given
requirements for different operating conditions
Hardware included in the tests
- Verification that the hardware used in tests is the same as in final delivery
Conditions
Equipment at FAT should consist of the system that will be delivered as closely as possible.
System documentation is available in either electronic and or paper form.
At FAT, all errors, deviations and eventual wishes is to be noted down. When the decided measure
is taken, it is controlled and the form is signed again.
Signed FAT-description by purchaser and supplier is the record of an executed FAT.
APPENDIX 1
3 (6)
System configuration
FAT connection
At FAT configurations will be made as closely as possible according to delivery system with correct IP
addresses.
System structure *Project*
APPENDIX 1
4 (6)
Preparations
Make sure, that:
Hardware is delivered
Hardware is correctly installed
Test equipment and tools are available
Necessary documentation is available
FAT-layout
Items:
1. Control that all test equipment is present, correctly installed and that FAT can be
performed safely.
2. Control the systems general layout.
3. Control hardware grounding.
4. Control voltage feeds and their connections.
5. Control bus interface.
Expected results:
1. All equipment that will be tested is delivered and installed correctly.
2. The system layout is in accordance with latest, approved documents. FAT area must be
clean and cabinets must be placed clearly.
3. Cabinets that will be tested are connected to earth.
4. Voltage feeds are connected to switching device in accordance to drawings.
5. Bus connection should if possible, be connected to the corresponding hardware
according to final form.
APPENDIX 1
5 (6)
Documentation
Ensure that the following documents are available:
1. FAT document
2. Drawings and layout
3. I/O-lists
4. Application program (Control builder)
5. Progress reports
6. Manuals
Expected results:
Documentation is available in either paper- or electronic form.
APPENDIX 1
6 (6)
Test equipment and tools
Items:
Control that the following equipment is available:
1. Programming tools
2. Multimeter
3. Synchronization simulator
4. I/O-test simulator
Expected results:
Test equipment and tools are available.
APPENDIX 2
1 (35)
AC800 controller test
Configuration of AC800 controller
IP addresses for the system is as follows:
(Note: this is just an example of a configuration)
Description IP address Node
no.
IP address
configurated
Controller
commissioned
AC800 Unit G1 (PM861) Primary 172.16.80.10 10
AC800 Unit G1 (PM861) Secondary 172.17.80.10 10
AC800 Unit G2 (PM861) Primary 172.16.80.20 20
AC800 Unit G2 (PM861) Secondary 172.17.80.20 20
AC800 Station computer (PM851) Primary 172.16.80.40 40
AC800 Station computer (PM851) Secondary 172.16.80.40 40
Excitation processor module G1 172.16.80.11 11
Excitation process panel PP836 G1 172.16.80.12 12
Excitation communication interface G1 172.16.80.13 13
Vibration monitoring MCM G1 172.16.80.17 17
Vibration monitoring MCM G2 172.16.80.18 18
APPENDIX 2
2 (35)
Excitation processor module G2 172.16.80.21 21
Excitation process panel PP836 G2 172.16.80.22 22
Excitation communication interface G2 172.16.80.23 23
PCU400 (Ethernet kort 1) 172.16.80.5 5
PCU400 (Ethernet kort 2)
Station computer AK-A95D01 (800xA)
(Ethernet card 1) primary control network
172.16.80.2 2
(Ethernet card 2) secondary control network 172.17.80.2 2
(Ethernet card 3) primary server network 172.16.4.2 2
(Ethernet card 4) secondary server network 172.17.4.2 2
(Ethernet card 5) RAP network Dynamic IP
(Ethernet card 6) IEC61850 network 172.16.20.2
Station computer AK-A92D01 (PGIM)
(Ethernet card 1) primary server network
172.16.4.3 3
(Ethernet card 2) secondary server network 172.17.4.3 3
(Ethernet card 3) primary server network Dynamic IP
(Ethernet card 4) spare network Dynamic IP
(Ethernet card 5) spare network Dynamic IP
APPENDIX 2
3 (35)
(Ethernet card 6) spare network Dynamic IP
(PP846 process panel unit G1) (172.16.4.45) (15)
Printer 172.16.4.16 16
Unit G1 protection relay sub 1 172.16.20.191 191
Unit G1 protection relay sub 2 172.16.20.192 192
Unit G2 protection relay sub 1 172.16.20.193 193
Unit G2 protection relay sub 2 172.16.20.194 194
Line L115 protection relay 172.16.20.195 195
Line L116 protection relay 172.16.20.196 196
50A rail NUS protection 172.16.20.197 197
Synchrotact synchronization 172.16.20.200 200
Synchrotact powering 172.16.20.201 201
APPENDIX 2
4 (35)
Switch EDS-408 control network 172.16.80.200 200
Switch EDS-405 excitation G1 172.16.80.201 201
Switch EDS-405 excitation G2 172.16.80.202 202
Switch EDS-308 N/A
Switch EDS-308 N/A
Switch EDS-316 N/A
Switch RuggendCom RS900 Unit G1 N/A
Switch RuggendCom RS900 Unit G2 N/A
Switch 1 RuggendCom RS900 (Fortum Dist.) N/A
Switch 2 RuggendCom RS900 (Fortum Dist.) N/A
Description
Date Sign
G1 & Station, system monitoring list completed for all components regarding HMI system.
(Service tags noted, MAC addresses noted).
The system is connected according to system layout, layout is controlled. Cable markings
for all communication units that are connected are also controlled.
All MAC addresses for switches noted down (following page).
APPENDIX 2
5 (35)
(NOTE: IP gateway address is set to 172.16.80.255, this is necessary to get communication to
the switch online after a power failure. In case the IP gateway is set to 172.16.80.0, the
operator control station wont get contact after a power failure).
Screenshots of MAC addresses for switches:
Switch EDS-408 Station
Switch EDS-405 Unit G1
APPENDIX 2
6 (35)
Switch EDS-405 Unit G2
Switch RuggendCom RS900 Unit G1
-N/A-
Switch RuggendCom RS900 Unit G2
-N/A-
Switch 1 RuggendCom RS900 (Fortum Dist.)
-N/A-
Switch 2 RuggendCom RS900 (Fortum Dist.)
-N/A-
Switch EDS-405
-N/A-
Switch EDS-308
APPENDIX 2
7 (35)
-N/A-
Switch EDS-308
-N/A-
Switch EDS-316
-N/A-
APPENDIX 2
8 (35)
Controller load and capacity
Processor load (Cyclic load and Total System Load) is controlled for all controllers in the
system. Processor load is controlled by the programming tool (Control Builder) set to on-line
mode by choosing System Diagnostics for all controllers. The observed results are inserted
in the table below:
Data N10 FAT N10 SAT N40 FAT N40 SAT
IO Appl IO Appl IO Appl IO Appl
Exectime act 13 31 16 35 14 31 16 73
Exectime max 14 32 16 36 14 32 17 76
Intervaltime req 130 260 130 260 50 250 130 260
Intervaltime max 370 468 447 671 467 619 431 591
Modulebus scan 100ms 100ms 100ms 100ms
Cyclic load % % % %
Total system load % % % %
Used memory % % % %
Max used
memory
17% 17% 66% 65%
Max used
memory at stop
17% 17% 66% 65%
Warmstart stop
time
ms ms ms ms
FAT: __.__.____ / __________________ (Completed with all I/Os connected)
Sitetest __.__.____ / __________________ (Completed with all I/Os connected)
APPENDIX 2
9 (35)
Control that expected load is lower than recommended load / total load (max 70%).
Data N10 FAT N10 SAT N40 FAT N40 SAT
Max allowed
cyclic load = 70%
Max allowed total
system load = 70%
AC800 power supply monitoring
Monitoring of power supply to controller and remote I/O modules.
Tests are done at both FAT and SAT.
No. Description Node FAT SAT Sign
1 Disconnect 24V power supply A F1 (from DC
distribution panel) for controller. Alarm to alarm list and
remote.
10
2 Disconnect 24V power supply B F2 (from DC
distribution panel) for controller. Alarm to alarm list and
remote.
10
3 Disconnect power supply for both F1 and F2 (from DC
distribution panel). So that controller becomes
powerless. STALL alarm is activated immediately and
alarm is generated at station computer.
10
4 Disconnect 24V power supply A F1 for remote I/O panel
(Panel MP1-G1), alarm to alarm list and remote.
10
APPENDIX 2
10 (35)
5 Disconnect 24V power supply B F2 for remote I/O panel
(Panel MP1-G1), alarm to alarm list and remote.
10
6 Disconnect 24V power supply A and B for I/O cabinet
(Panel MP1-G1), this gives DI/DO alarm after 2min and
STALL alarm after 10s
10
7 Disconnect 24V power supply A F1 (from DC
distribution panel) for controller. Alarm to alarm list and
remote.
40
8 Disconnect 24V power supply B F2 (from DC
distribution panel) for controller. Alarm to alarm list and
remote.
40
9 Disconnect power supply for both F1 and F2 (from DC
distribution panel). So that controller becomes
powerless. STALL alarm is activated immediately and
alarm is generated at unit 1 & 2.
40
10 Disconnect 24V power supply A F1 for remote I/O panel
(Panel LU1), alarm to alarm list and remote.
40
11 Disconnect 24V power supply B F2 for remote I/O panel
(Panel LU1), alarm to alarm list and remote.
40
12 Disconnect 24V power supply A and B for I/O cabin
(Panel LU1), This gives DI/DO alarm after 2min and
STALL alarm after 10s
40
APPENDIX 2
11 (35)
All controllers have their own DO which is normally high. This shows that the controllers
have normal status (no critical fault).
At critical fault this DO goes down and activates DI in another controller (alarm from the
other controller) and STALL alarm to protection relay sub 1 & sub 2.
Date Sign
N10 DO124.15 =G1-A91.A01.XH11
UNIT G1 STALL (OFFLOAD STOP)
Alarm from own controller and offload stop
to protection relay sub 1 & 2
N10 DO124.16 =G1-A91.A01.XH12
UNIT G1 STALL (SNABBSTOPP)
Alarm from station computer and fast stop
from protection relay 1 & 2
N40 DI125.15 =AK-A91.A10.XG01 UNIT G1 STALL STATION COMPUTER
N10 DO124.14 =G1-A91.A01.XH10 UNIT G1 STALL STATION COMPUTER
N40 DO129.5 =AK-A91.A01.YH01 STATION COMPUTER STALL TO G1
N10 DI103.4
=AK-A91.A01.XG01
STATION COMPUTER STALL ALARM
TO G1
APPENDIX 2
12 (35)
Monitoring test of AC800 STALL
Tests are done at both FAT and SAT.
No. Description AllUnitStatus
1 Take out an S800 I/O card (DI/DO/AI)
After 2min STALL alarm occurs
All nodes
2 Take out an S800 I/O kort (DI/DO/AI)
Put it back within a minute, only gives alarm,
no STALL alarm.
All nodes
3 Disconnect fiber/profibus between controller
and CI801. Put it back within 1min. Only
gives alarm (in case no STALL alarm is on
remote I/O. Critical fault (STALL) if
controller doesnt manage to update within
2min.
All nodes
4 Disconnect AO card from runner control,
gives STALL alarm instantly and station
computer assumes combining.
All nodes
APPENDIX 2
13 (35)
Description Date Sign
5 Test that alarm is generated at communication fault
against controller. Disconnect both Ethernet cables to
unit G1 controller. Activate an alarm in controller for
G1. Reconnect both Ethernet cables and verify that
alarm is generated in correct time.
(Note. alarm to panel846 will not be generated (no
event conf). But alarm to 800xA and remote will be
generated).
7 Test that alarm is generated at communication fault
against controller. Disconnect both Ethernet cables to
station controller. Activate an alarm in controller for
station. Reconnect Ethernet cables and verify that
alarm is generated in correct time.
(Note. alarm to panel846 will not be generated (no
event conf). But alarm to 800xA and remote will be
generated).
APPENDIX 2
14 (35)
Tests are done for the following controllers:
Node Description FAT Date SAT Date Sign
N10 Unit G1 controller
N40 Station controller
Test of communication monitoring
Nr Description Date Sign
1 Separate scheme available for communication
(system layout). Mark controlled
communication units with green, also control
that cable numbers are available on all
communication cables.
2 Disconnect ethernet cable to excitation for unit
G1, control that alarm is generated and that
start conditions are no longer fulfilled.
3 Disconnect ethernet cable to PCU400, control
that alarm is generated and remote access is
connected automatically and alarm is sent
through reserve alarm sender.
4. Disconnect communication cable to operating
center, control that alarm is generated and
remote access is connected automatically and
alarm is sent through reserve alarm sender.
APPENDIX 2
15 (35)
5 Disconnect profibus to VP800, control that
control signal becomes 0V
(In case turbine regulator tries to control the
throttle control error occurs after 10s and
mechanical stop is enforced. (Alarm is
generated immediately for the communication
fault).
Start disable is activated.
6. Disconnect profibus to AS800 (frequency
measurement), control that turbine regulator
transitions to RPM regulation. (Alarm is
generated immediately for communication
fault).
7 Disconnect profibus to MCM800. Alarm is
generated immediately for communication
fault, (Start conditions still ok!)
8 Disconnect profibus to remote I/O (+DA11),
Start conditions not fulfilled and alarm is
generated for communication fault, in case
STALL DO is on remote I/O the unit trips
STALL. A-Alarm is generated.
9 Disconnect one profibus fiber to remote I/O
(MP1-G1), alarm is generated but
communication is still OK! (Both ways
tested).
APPENDIX 2
16 (35)
10 Disconnect the second fiber to remote I/O
(MP1-G1), start conditions not fulfilled and
alarm is generated for communication fault, in
case no STALL DO is on remote I/O
everything works normally, after 2min STALL
alarm will be generated.
A-Alarm is generated.
14 Disconnect one profibus to remote I/O
(+DA1), alarm is generated for
communication fault, STALL alarm is
generated to unit computers. A-Alarm to alarm
list and remote.
15 Disconnect one profibus fiber to remote I/O
(LU1), alarm is generated but communication
is still OK! (both ways tested)
16 Disconnect the other fiber to remote I/O
(LU1), alarm is generated for communication
fault.
A-Alarm is generated.
APPENDIX 2
17 (35)
Test of communication monitoring RNRP
(primary/secondary ethernet communication)
Nr Description AllUnitStatus
1 Disconnect primary ethernet cable from
AC800M controller for unit G1, control
system alarm list (network connection lost).
Alarm should trip as D-Alarm to remote!
Communication is still operational.
2 Disconnect secondary ethernet cable from
AC800M controller for unit G1, control
system alarm list (network connection lost).
Alarm should trip as D-Alarm to remote!
Communication is still operational.
3 Disconnect primary and secondary ethernet
cables from AC800M controller for unit G1,
control system alarm list (communication
error). Alarm should be generated as A-Alarm
to remote!
7 Disconnect primary Ethernet cable from
AC800M controller for station computer,
control system alarm list (network connection
lost). Alarm should trip as D-Alarm to remote!
Communication is still operational.
APPENDIX 2
18 (35)
8 Disconnect secondary ethernet cable from
AC800M controller for station computer,
Control system alarm list (network connection
lost). Alarm should be generated as D-Alarm
to remote!
Communication is still operational.
9 Disconnect primary and secondary Ethernet
cables from AC800M controller for station
computer, control system alarm list
(communication error). Alarm should be
generated as A-Alarm to remote!
10 Disconnect primary control network cable
from AK-A95D01 (800xA workplace) control
system alarm list (network connection lost).
Alarm should be generated as D-Alarm to
remote! Communication is still operational.
11 Disconnect secondary control network cable
from AK-A95D01 (800xA workplace) control
system alarm list (network connection lost)
Alarm should be generated as D-Alarm to
remote! Communication is still operational.
12 Disconnect primary & secondary control
network cables from AK-A95D01 (800xA
workplace) Control system alarm list (network
connection lost) Port fault in switch generates
D-Alarm.
APPENDIX 2
19 (35)
13 Disconnect primary server network cable from
AK-A95D01 (800xA workplace) Control
system alarm list (network connection lost)
Alarm should be generated as D-Alarm to
remote! Communication is still operational.
14 Disconnect secondary server network cable
from AK-A95D01 (800xA workplace) control
system alarm list (network connection lost).
Alarm should be generated as D-Alarm to
remote! Communication is still operational.
15 Disconnect primary & secondary server
network cables from AK-A95D01 (800xA
workplace) Control system alarm list (network
connection lost).
Alarm should be generated as A-Alarm to
remote!
16 Disconnect primary server network cable from
AK-A95D02 (PGIM workplace) Control
system alarm list (network connection lost).
Alarm should be generated as D-Alarm to
remote! Communication is still operational.
17 Disconnect secondary server network cable
from AK-A95D02 (PGIM workplace) control
system alarm list (network connection lost).
Alarm should trip as D-Alarm to remote!
Communication is still operational.
APPENDIX 2
20 (35)
18 Disconnect primary & secondary server
network cables from AK-A95D02 (PGIM
workplace) Control system alarm list (network
connection lost).
Alarm should trip as A-Alarm to remote!
19 Disconnect primary control network cable
from PCU400 control system alarm list
(network connection lost).
Alarm should trip as D-Alarm to remote!
Communication is still operational.
20 Disconnect secondary control network cable
from PCU400 control system alarm list
(network connection lost).
Alarm should trip as D-Alarm to remote!
Communication is still operational.
21 Disconnect primary & secondary server
network cables from PCU400 (PGIM
workplace) control system alarm list (network
connection lost).
Alarm should trip as A-Alarm to remote!
APPENDIX 2
21 (35)
Communication
Test of fiber/copper ring station communication: Test is done at FAT.
In case 2 switches are connected as a ring-connection.
Testing will confirm that communication still works if failure in the ring occurs, and that
alarm is generated from every Ethernet switch in case a port is not connected.
Continued communication at fiber failure is controlled from OPC server in 800xA workplace
and that screenshots have delivered values.
1 Ring configuration between RuggedCom for unit is tested.
In case the ring is broken, alarm is generated to unit computer 1
& 2.
2 Control that communication works after power failure, is tested
for:
Switch RuggedCom RS900 (IEC61850 G1)
Switch RuggedCom RS900 (IEC61850 G2)
Switch 1 RuggedCom RS900 (Fortum Distribution)
Switch 2 RuggedCom RS900 (Fortum Distribution)
Switch primary Control Network, EDS-408 (+DA1)
Switch primary Control Network, EDS-405 (Excitation G1)
Switch secondary Control Network, EDS-316
Switch primary server/client network, EDS-308
Switch secondary server/client network, EDS-308
APPENDIX 2
22 (35)
3 Control that alarm occurs when an Ethernet cable is disconnected
from the switch, is tested for:
Switch RuggedCom RS900 (IEC61850 G1)
Switch RuggedCom RS900 (IEC61850 G2)
Switch 1 RuggedCom RS900 (Fortum Distribution)
Switch 2 RuggedCom RS900 (Fortum Distribution)
Switch primary control network, EDS-408 (+DA1)
Switch primary controlNetwork, EDS-405 (Excitation G1)
Switch secondary control network, EDS-316
Switch primary server/client network, EDS-308
Switch secondary server/client network, EDS-308
APPENDIX 2
23 (35)
Test of communication between AC800 controllers
The testing should verify that controllers can communicate with each other and that
communication stop generates alarm to alarm list. Communication alarm occurs after
controller has not been updated within 30s.
No. Description Date sign
1 Disconnect Ethernet cables to unit computer G1. Observe alarm from station computer.
2 Disconnect Ethernet cables to station computer. Observe alarm from unit computer G1.
APPENDIX 2
24 (35)
STALL Alarm and OSP configuration
Stall alarm gives start blockage.
OSP (output set as predetermined) configuration, stall alarm signals are configurated to give
low signal instantly at communication fault, other DO maintain their actual value. OSP value
is to maintain actual value, except for STALL alarm, switch on brakes and hatch
closing/opening where OSP value should become a low signal.
No. Description Date sign
Control and mark controlled logic schemes with green for G1
STALL (mechanical and electrical stop)
Disconnect fiber during operation to G1 remote I/O cabinet,
control DO status that these dont change status at
communication fault. In case communication is gone more than
2min, STALL alarm will occur.
Note. Interlocks of pumps are hardwired.
Disconnect profibus to G1 remote I/O which contains a STALL
output. Output signal will immediately go low (doesnt wait
2min)
At unit G1 stall alarm brakes wont activate! OSP value = 0.
Disconnect profibus for station remote I/O, outputs maintain
actual value.
OSP configuration for open/close hatch 2 OSP value = 0, input
goes low at communication fault to remote I/O.
OSP configuration for open/close hatch 4 OSP value = 0, input
goes low at communication fault to remote I/O.
APPENDIX 2
25 (35)
Signaltest
Test of signals to alarm/event list for PP846, 800xA and remote control.
DI signals are activated from process where it is possible or from simulated I/O card (FAT, at
SAT all signals are controlled according to circuit diagram). Calculated signals are controlled
from process and PLC-program.
No. Description Date sign
DI signals unit G1
Calculated signals unit G1
PT100 signals unit G1
AI signals unit G1
DO signals unit G1
AO signals unit G1
DI signals station computer
Calculated signals station computer
PT100 signals station computer
AI signals station computer
DO signals station computer
AO signals station computer
Remote control (PCU400)
See green marked I/O lists for documentation.
APPENDIX 2
26 (35)
No. Description Date sign
Visual check I/O list to hardware configuration in controller unit
G1
Unit G1, control mA measurements with account for correct
scaling hardware configuration. Jmfr mot panelinstrument.
Unit G1, visual check of signal list for calculated analogue signals
to PLC program. Control that all are printed in program.
Visual check I/O list to hardware configuration in station
computer.
Station computer, control mA measurements with account for
correct scaling in hardware configuration. Compare to panel
instrument.
Station computer, visual check of signal list for calculated
analogue signals to PLC program. Control that all are printed in
program.
APPENDIX 2
27 (35)
Function test sequences G1
Sequences
Whole sequence FAT simulation. Activate simulation mode for all objects that will be run
from sequence. For turbine regulator a separate simulator is built.
No. Description Unit 1 sign
Start to idle running without voltage
Start to idle running with voltage
Start to operation synchronization G1-S
Start from idle running without voltate to idle running with
voltage
Start from idle running without voltage to operation
Start from idle running with voltage to operation
From operation; Disconnection to idle running with
voltage
From operation; Disconnection to idle running without
voltage
From operation; to quick stop
From operation; to mechanical stop
From operation; to normal stop
APPENDIX 2
28 (35)
Verify the following function:
In case T1-50-S breaker opens when unit is in operation,
sequence will go to idle running with voltage, turbine
regulator goes to idle mode.
Operator now has 2 possibilities, synchronize T1-50-S or
open G1-S and then switch T1-50-S breaker and
afterwards pressing start operation.
Verify the following function:
Unit is idle running with voltage, operator switches field
breaker off, excitation is de-excited and field breaker is
turned off.
Verify the following function:
Unit is operational, operator tries to switch off field
breaker, this is not possible because G1-S blocks off
switching of field breaker.
Verify the following function:
At synchronization of G1-S operator switches off G1-S
(cancel synchronization). Sequence is cancelled and jumps
to idle running with voltage. It is now possible to give a
new start sequence.
APPENDIX 2
29 (35)
Sequence interrupts
Simulation of faults that interrupts the sequence.
No. Description Unit 1 sign
1 Long start time step 1,2,3, and 4
Start time set to 10s/step. Press start, sequence starts. Sequence
step is blocked and after 10s stop sequence is activated.
Alarm for actual step is generated with the message STOP
2 Long excitation time step 5 and 6
Set step time to 10s/step and block that field breaker goes
to/excitation starts. After 10s stop sequence is activated.
Alarm for actual step is generated with the message STOP
3 Long synchronization time step 7 and commanded phasing
of G1-S
Step time is changed to 10s/step.
After 10s sequence is cancelled and unit indicates idle running
with voltage.
Press G1-S phasing and change max synchronization time in
faceplate to 10s. Control that cancel phasing occurs after 10s.
4 Long mechanical stop time stop step 1
Change step time so that mechanical stop wont occur, stop
sequence goes on to step 2. Control that alarm is generated (long
stop time step 1).
APPENDIX 2
30 (35)
5 Long disconnection time G1-S
Block output for G1-S switching off. At long step time STALL
alarm will activate and switch off breaker through SUB2.
Control that alarm is generated (long stop time step 2).
6 Long disconnection time/de-excitation time G1-FB
Block output for G1-FB switch off. At long step time STALL
alarm will be activated and disconnect breaker through SUB2.
Control that alarm is generated (long stop time step 3/4).
7 Long closing time D/S-valve
Block output for D/S valve. At long step time intake hatch will
close. (sequence will not continue before D/S-valve is in stop
mode or throttle closed)
8 Long stop time step 9
In case any object is in manual mode these will not be stopped
from stop sequence. After step time has expired, sequence jumps
to next step and unit doesnt go to start blockage. (Unit is still
start ready).
APPENDIX 2
31 (35)
Stop/Electrical stop/Mechanical stop Unit G1
Test of function
Nr Description Unit 1 sign
1 Control that all stops generate stops, control against logic
schemes.
2 Control that all quick stops generate quick stops, control
against logic schemes.
3 Control that all mechanical stops generate mechanical stops,
control against logic schemes.
APPENDIX 2
32 (35)
Control of blocking interlocks
Test of function from logic schemes.
No. Description Date sign
1 Control all logic schemes to real process. Interlocks stops
pumps according to logic scheme. G1 Control.
2 Control all logic schemes to real process. Interlocks breaker
according to logic scheme. G1 Control.
3 Go through all start blockings for unit G1.
7 Control all logic schemes to real process. Interlocks stop pumps
as they should. Station control.
8 Control all logic schemes to real process. Interlocks stop
breakers according to logic scheme. Station control.
APPENDIX 3
1 (8)
Test of panel 800xA/PP846 process pictures
Panel for station, unit 1 and unit 2
No. Description Unit G1 Unit G2 Station
Panel pictures controlled. Breaker positions and
measurements done.
Commands and setpoints tested (see controller part).
Alarm/event list controlled to I/O list.
Panel pictures for station, unit G1 and unit G2
Process panel is backup control for 800xA system, from which one can see the objects that
are criteria to be able to start unit. It is possible to see start criteria/start blockings, alarm and
event list. It is not possible to control from this (breaker control is in adjacent panel,
start/stop of unit is also in adjacent panels). There are setpoints that can be changed from
process panel.
No. Process picture:
Symbols Signals
Date sign
Main (object switch)
Electrical line diagram
Unit G1, Start/Stop
APPENDIX 3
2 (8)
Unit G1, Start blockings
Unit G1, Start conditions page 1
Unit G1, Start conditions page 2
Unit G1, Turbine_SP
Unitt G1, Voltageregulator_SP
Unitt G1, Temperature/Vibration
Unit G2, Start/Stop
Unit G2, Start blockings
Unit G2, Start conditions page 1
Unit G2, Start conditions page 2
Unit G2, Turbine_SP
Unit G2, Voltagereg_SP
Unit G2, Temperature/Vibration
APPENDIX 3
3 (8)
800xA process pictures for station, Unit 1 and Unit 2
Following pictures defined and controlled, control all links by clicking diagnostics for every
process picture, no conflicts may occur. Max time for picture change until all objects are
loaded is 3s (for analogue signals and 1s for digital signals)
No. Process picture:
Diagno
stics
Timing
(subscrip
tion)
Errors &
Warnings
Date sign
Stationssida contains information about
object switch and production. In case
PCU400 is used for remote control there is
a link to remote control PCU400 at the
right side of process picture. Links to
various plant parts is also at start page.
Aggregatversikt contains information
about all units operation status, MW, RPM,
ongoing start/stop, start ready etc.
Aggregat shows submenu for chosen unit.
Station shows submenu for station.
Vattenversikt contains station control,
unit flow, wicket flows and water levels.
Dokumentation contains links to
documentation folders.
APPENDIX 3
4 (8)
800xA process pictures for station
No. Process picture
Diagno
stics
Timing
(subscrip
tion)
Errors
&
Warnin
gs
Date sign
Station contains station overview, flows,
power, MWh, object switch.
Enlinjeschema contains information about
switchgear: breaker, disconnector and
measurement values.
Lokalkraft 400V contains information
about local power, switching automation
and backup power.
Lokalkraft DC contains information about
distribution, battery voltage, rectifiers and
inverters.
Ventilation contains information about
ventilation, fire dampers etc.
Systemversikt contains overview over
control system like status for PC/Server
and PLC system.
APPENDIX 3
5 (8)
800xA process pictures, unit G1
No. Process picture:
Diagno
stics
Timing
(subscrip
tion)
Errors
&
Warnin
gs
Date sign
Aggregat contains information about unit
status, MW, RPM, ongoing start/stop, start
ready etc.
Generator contains information about
generator, excitation and auxiliary
equipment like brakes and lubrication oil
pumps.
Turbin contains oil system regulation,
turbine signals and auxiliary equipment for
turbine control.
Start/stoppsekvens contains sequence for
stop and start. And also trend for start-up
containing throttle setpoint/actual value
runner position and effect.
Startfrigivning contains all of the starting
approvals.
Startblockering contains all of the start
blockings.
APPENDIX 3
6 (8)
Kylvatten contains coolant water system
and drainage system.
Temperatur contains all temperatures for
actual unit and all stations temperatures.
Drifttider contains operating times for
actual units objects and all station objects.
APPENDIX 3
7 (8)
800xA process pictures, unit G2
No. Process picture:
Diagno
stics
Timing
(subscrip
tion)
Errors
&
Warnin
gs
Date sign
Aggregat contains information about unit
status, MW, RPM, ongoing start/stop, start
ready etc.
Generator contains information about
generator, excitation and auxiliary
equipment like brakes and lubrication oil
pumps.
Turbin contains oil system regulation,
turbine signals and auxiliary equipment for
turbine control.
Start/stoppsekvens contains sequence for
stop and start. And also trend for start-up
containing throttle setpoint/actual value
runner position and effect.
Startfrigivning contains all of the starting
approvals.
Startblockering contains all of the start
blockings.
APPENDIX 3
8 (8)
Kylvatten contains coolant water system
and drainage system.
Temperatur contains all temperatures for
actual unit and all stations temperatures.
Drifttider contains operating times for
actual units objects and all station objects.
800xA screenshots of process pictures
No. Description Unit G1 Unit G2 Station
1
800xA, take a screenshot of every process picture, and copy these into an
excel document.
2
800xA, take a screenshot of every process picture, and copy these into an
excel document.
APPENDIX 4
1 (3)
Temperature monitoring Test Report
STATION :
Project Name
Functunal Structure :
=Gx-A73
EQUIPMENT :
800xA Trends
Idle Mode, bearing temperatures:
N/A
Full load, bearing temperatures:
Full load, temperature stator windings/core:
APPENDIX 4
2 (3)
APPENDIX 4
3 (3)
Full load, temperature stator air:
REMARKS:
Inspected by : Date :
Approved by : Date :
Signature of the Engineer or Client
APPENDIX 5
1 (3)
APPENDIX 5
2 (3)
APPENDIX 5
3 (3)