ect184.pdf

8/9/2019 ect184.pdf

1/24

n 184electricalinstallation

dependabilitystudies

E/CT 184 first issued September 1997

Sylvie LOGIACO

An ISTG Engineer (InstituteScientifique et Technique deGrenoble) graduating in 1987, shewas initially involved in risk analysisin the chemicals industry ; atPechiney, then at Atochem.With Schneider since 1991, she is

part of the centre of excellence forDependability for which she hascarried out a large number ofdependability studies on electricaland monitoring and controlinstallations.

8/9/2019 ect184.pdf

2/24

8/9/2019 ect184.pdf

3/24

Cahier Technique Merlin Gerin n 184 / p.3

electrical installationdependability studies

contents

1. Introduction General p. 4Dependability studies p. 6

2. How a study is carried out The chronological order ofphases p. 9Expression and analysis ofthe requirements p. 9Functional analysis of a system p. 10Failure mode analysis p. 11Reliability data p. 11Modelling p. 12Dependability criteriaassessment calculations p. 14

3. Examples of studies Comparing two electricalnetwork configurations ina factory p. 15

The interest of remotemonitoring and controlin an EHV substation p. 17

4. Dependability tools Dependability study packages p. 20Modelling tools p. 20

5. Conclusion p. 216. Bibliography p. 22

In both the industrial and tertiarysectors, the quality of power supply isof increasing importance. The quality ofthe electricity product, besidesimperfections such as variations involtage and harmonic distortion, isbasically characterised by theavailability of the electrical energy.Loss of power is always annoying, but itcan be particularly penalising forinformation systems (computing -monitoring and control); they can evenhave disastrous consequences forcertain processes and in certain casesendanger people's lives.

Dependability studies enable electricalavailability requirements to beincorporated in the choice of electricalnetwork to be installed. They alsoenable two different installationconfigurations to be compared ... themost expensive one is not alwaysbetter ...The aim of this Cahier Technique isshow how dependability studies areperformed: methodology and tools. Twoexamples of studies are given: that ofan electrical network in a factory andthat of the monitoring and controlsystem of a high voltage substation.These studies are becomingincreasingly easy to perform thanks to

computing tools.

8/9/2019 ect184.pdf

4/24


1. introduction

generalThe voltage at the terminals of a currentconsumer can be affected byphenomena originating in the distributor'snetwork, the electrical installation of asubscriber connected to that network orthe electrical installation of the user whois suffering the disturbance.

Disturbances in the electricityproductc the main characteristics of thevoltage supplied by both the MV andLV public distribution network are thosedefined by European standardEN 50160. This details the tolerancesthat must be guaranteed for bothvoltage and frequency as well as thedisturbance levels that are usuallyencountered; e.g. harmonic distortion.The table in figure 1 details thestandard's recommended values.At any moment in time therefore, thequality of the energy supplied to thecurrent consumers in an installation canbe affected by various disturbances,either imposed by the external supplynetwork or self-generated within theinternal distribution network.The operations of current consumersthat are either independent or federatedin systems are affected by thesedisturbances.c malfunctions and the type and cost ofthe damage incurred depend both onthe type of current consumers and onthe installation's criticality level. Thus, amomentary break in supply to a criticalcurrent consumer can have seriousconsequences on the installation's

operation without it being intrinsicallyaffected.c in all cases, a study detailing theeffects of the suspected disturbancesmust be performed. Measures must betaken to limit their consequences.c the table in figure 2 shows thedisturbances that can usually be foundin electrical networks, their causes andthe solutions that are possible toreduce their effects.c the reduction of the effects ofharmonics, Flicker, voltage imbalances,

standard EN 50160 low voltage supplyfrequency 50 Hz 1% for 95% of a week

50 Hz + 4%, - 6% for 100% of a weekvoltage amplitude for each one week period, 95% of the average effective values

over 10 minutes must be within the range of Un 10%rapid voltage from 5% to 10% of Unvariations (4 to 6% in medium voltage)

voltage drops c amplitude: between 10% and 99% of Un(indicative values) most voltage drops are

8/9/2019 ect184.pdf

5/24

Cahier Technique Merlin Gerin n 184 /p.5

disturbance possible causes main effects possible solutionsfrequency c supply network c variation in speed of motors c UPS

variations c

grouped operation of c

malfunctioning of electronicindependent generators equipmentrapid voltage c supply network c lighting flicker c increasing short circuit powervariations c arc furnace c variation in speed of motors c modifying the installation configuration

c welding machinec load surge

voltage drops c supply network c extinction of discharge lamps c UPSc high load c malfunctioning of regulators c increasing short circuit powerdemands c speed variation, stopping c modifying the installation configurationc external and of motorsinternal faults c switching of contactors

c disturbances in digital electronics systemsc malfunctioning of power electronics

brief and long c supply network c equipment stoppage c UPSloss of power c reclosing operations c installation stoppage c independent generators

c internal faults c loss of production c modifying the network configurationc source switching c switching of contactors c setting up of a maintenance policy

c various malfunctionsvoltage c supply network c overheating of motors and alternators c increasing short circuit powerimbalances c many single phase c modifying the network configuration

loads c balancing of single phase loadsc rebalancing devices

overvoltages c lightening c breakdown of equipment c lightening arrestorsc switchgear operation c choice of insulation levelc insulation fault c control of the resistance of earthing electrodes

harmonics c supply network c overheating and damaging of equipment, c increasing short circuit powerc a lot of non linear mainly motors and capacitors c modifying the installation configurationcurrent consumers c malfunctioning of power electronics c filtering

fig. 2: disturbances in networks, causes, effects and solutions.

failure, as soon as the voltage andfrequency of the generator set havestabilised,v power is restored to priority currentconsumers once the essential currentconsumers have been started up,v power is not restored to non-prioritycurrent consumers, which accept a longbreak in power supply, until the externalnetwork is functioning again.By appropriate selection of the

configuration and the automatic sourceswitching control devices (see. CahierTechnique n 161) we can optimise thepositioning and dimensioning of backup and replacement supplies in orderto meet operating constraints.It should be remembered that thechoice of neutral earthing arrangementis an important factor; it is clearlyestablished that for current consumersrequiring a high level of availability, it ishighly advisable to use the isolatedneutral arrangement since it enablescontinuity of supply on the occurrence

fig. 3: a reliable power supply. Simplified network diagram.

TRG

UPS

backed-up

sourcechangeover switch

no back-up

grid supply

independent source

load restorable

load shedding

several hours

non-priority

down time:

types:

several mins.

priority

several secs.

essential

none(high quality)

vital

8/9/2019 ect184.pdf

6/24


of an initial insulation fault (see.Cahiers Techniques n 172 andn173).

dependability studiesBefore looking at electricalnetwork dependability studies, it wouldbe useful to recap on several

dependability:Dependability is a generic idea thatmeasures the quality of service, providedby a system, so that the user can have

justified confidence in it. Justifiedconfidence is achieved through

quantitative and qualitative analyses of thevarious features of the service providedby the system. These features are basedon the probability parameters definedbelow.

reliability:the probability that a unit is able accomplisha required function, under given conditions,during a given interval of time [t1,t2] ; writtenR(t1, t2).

availability:the probability that a unit is in a state thatenables it to accomplish a required functionunder given conditions and at a givenmoment in time, t ; written D(t).

maintainability:the probability that a given maintenanceaction can be carried out within a given time[t1, t2].

safety:the probability of avoiding an event withhazardous consequences within a giventime [t1,t2].failure rate:the probability that a unit loses its ability

to accomplish a function during theinterval [t, t+dt], knowing that it has notfailed between [0, t] ; it is written (t).the equivalent failure rate:the value or a constant failure rate: eq forwhich the reliability of the system in time t isequal to R(t) - eq is a constantapproximation of (t).MTTF (Mean Time to Failure):the average time of correct operation beforethe first failure.MTBF (Mean Time Between Failure):the average time between two failures in arepairable system.MUT (Mean Up Time):the average time of correct operationbetween two failures in a repairable system.MTTR (Mean Time To Repair):the average time required to repair.

fig. 4: definitions.

definitions of the terms used by reliabilityspecialists, even if everyone knows thedefinitions of the words: reliable,available, maintenance and safety(see fig. 4 and 5).It is also necessary to detail theapplicational scope and generalfeatures of such studies.

Scope and features of studiesccccc applicational scope:studies are carried out on all types ofelectrical networks, from low voltage tohigh voltage, and on their monitoringand control systems.The networks may be:v single feeder

MDT (Mean Down Time):the average time for which the system isnot available. It includes the time to detectthe fault, the time for the maintenanceservice team to get to the fault, the time toget the replacement parts for theequipment to be repaired and the time torepair.

the repair rate:the inverse of the mean time to repair.

FMEA (Failure Modes and EffectsAnalysis):this enables the effects to be analysed of thefailure of components on the system.

model:graphical representation of the combinationof failures found during an FMEA and oftheir maintenance process.

undesirable event:system failure that must be analysed inorder for the user to feel justified confidencein the system. This system failure gaugesthe quality of service,

fig. 5: relations between the various values that characterise the reliability, maintainability and availability of a machine.

correct operation correct operationrepairing

MTTR

MDTMTTF

MTBF

MUT

waiting

initialfailure

secondfailure

startof work

restarting

time0

8/9/2019 ect184.pdf

7/24


preliminary study detailed studyaccuracy of 1 single failure type failures divided into familiesassumptions (1 frequency, 1 average duration) according to their effect on the system.

accuracy of the consequences of the failures the consequences of the failures aremodelling are combined into major families analysed in depth.

v double feeder (see fig. 6a),v double busbar (see fig. 6b),v loop (see fig 6c),v and with or without reconfiguration orload shedding.c characteristic features of studies:studies are tailor made to take

account of the expressedrequirements.They are set up in terms of:- accuracy of study,- type of analysis,- type of dependability criteria,v the accuracy of study(see fig. 7):- brief or preliminary study:

fig. 6: network configurations.

fig. 7: differences between a preliminary study and an in-depth study.dependability

criteria

simpleand minimalconfiguration

satisfyingof dependability

criteria

newconfiguration

no

yes

fig. 8: design assistance.

GG

turbo-alternator

a . double line feeder b . double busbars c . loop

this is a pessimistic study generallyused to quickly make technicalchoices- very detailed studies that takeaccount of as many factors aspossible.Taking account of all theoperating modes, detailed analysis ofpossible failure modes and theirconsequences, modelling themalfunctioning behaviour of thesystem.v the types of analysis- design assistance in assessingthe dependability criteria(see fig. 8),

8/9/2019 ect184.pdf

8/24


- comparison of configurations (seefig. 9),- qualitative configuration analysis.v the types of criteria to be quantified(see fig. 10)- the average number of hours that thesystem functions correctly (MUT):- the average number of hours that thesystem functions before not supplyingcertain current consumers for the firsttime (MTTF)- the probability of no longer supplyingpower to certain current consumers(availability),- the average number of failures perhour during a year ( eq ),- an average repair time (1/ eq ),- the optimal frequency of preventivemaintenance,- the calculation of replacement partkits.These criteria enable an assessment tobe made of the system's performancelevel and thus to determine theconfiguration that meets dependabilitycriteria without forgetting economicconstraints.

fig. 10 : illustration of dependability assessment criteria.

GE

UPS SC*

currentconsumer n 1

currentconsumer n 2

we can calculate:

- the probability that GEdoes not start when powersupply is lost.

- the optimum preventivemaintenance frequencyfor the GE.

- the number of minutesa year that current consumern 1 is not supplied.

- the average number of hoursbefore current consumern 2 will no longer have power.

* SC= Static contactor

generator setpublic network

fig. 9: configuration comparison.

dependabilitycriteria

choseconfiguration A

choseconfiguration B

no

yes

configuration

A

configuration

B

configurationA's dependability

criteria are nearer theobjectives

configuration B

8/9/2019 ect184.pdf

9/24


2. how a study is carried out

the chronological order ofphasesWhatever the requirement expressedby the designer or operator of anelectrical installation, a dependabilitystudy will include the following phases(see fig. 11):c expression and analysis of therequirements,c functional analysis of the system,c failure modes analysis,c modelling,c calculation or assessment ofdependability criteria.

In most cases, this procedure must beperformed several times:c twice if we want to compare twolayouts,c n times if we want to determine aconfiguration that is adapted torequirements taking account oftechnical and economic constraints.

expression and analysis ofrequirementsAs discussed at the end of the previouschapter, the study initiator must detail(see fig. 12):c what the study involves ; e.g:substation monitoring and control, andprovide the design elements that hehas in his possession.c the type of request (type of analysisrequired), e.g.:v a demonstration of the confidencelevel that we can assign to a powersupply for a critical process (orientingus towards a type of study, types ofcriteria to be assessed),v the search for objective criteriamaking technical and economicanalysis possible,v the determination of the most suitableconfiguration to meet requirements(orienting us towards a type ofanalysis),v support for a specific equipment design.These points can be combined ; inother words a company can search forthe configuration best suited to itsneeds to supply power to a criticalprocess as part of a technical andeconomic analysis.

fig. 11: the chronological order of phases in performing a dependability study.

analysis of the customer requirement

criteria to beassessed

network points where thecriteria wil be assessed

systemspecifications

functional analysis of the system

functions and componentsinvolved

failure mode analysis

possible systemfailures

search for data

- failure rate of components- time to repair- functional frequencies

modelling keydata

assessment ofdependability

criteria required

qualitativeanalysis

study phase

phaseconclusions

to perform thephase

data requiredto perform the

next phase

fig. 12: information required for the study.

expression of

requirementexpressed in terms of

type ofanalysis

studyaccuracy

criteria to beassessed

determination and classification

of the representative and/orstrategic current consumersin the system

leading to the carrying outof a customised study

to target the network pointsat which will be calculatedthe dependability criteria

8/9/2019 ect184.pdf

10/24


Faced with the questions: where, tosupply what, what is the criticality andthe admissible down time, the customermust think in terms of, for example,safety and loss of production orinformation.c the risk:for an insurance company the idea ofrisk corresponds to the seriousness(moral, social or economic) of the eventin question. In terms of loss ofproduction, the estimate of the risk isquite simple: the product of theprobability of the occurrence and thecost of an event gives a good idea ofcriticity. The assessment of the riskenables the price to pay to becalculated: loss of profits, insurance oroptimised electrical installation.c formalising of requirements(see fig. 13): a means of expressing therequirements involves classifying thevarious current consumers according tothe down time that they can withstand(none, a few seconds, a few minutes, afew hours).

functional analysis of thesystemFunctional analysis describes in bothgraphical and written terms the roleof the network and/or its constituentparts.

fig. 13: the availability specifications to be provided by the customer.

fig. 14: functional block diagrams.

monitoringand control

powersupply B powersupply A

MV electrical supply

normalsupply

GE

stand-by stand-by

MV

This analysis leads to two complemen-tary descriptions of the network:c one description using functionalblock diagrams (see fig. 14), whoseaim is to present the systemconfiguration and the functional linksbetween the various parts of thesystem.

c a behavioural description (see fig. 15)whose aim is to describe thesequence of the various possiblestates.The main purpose is to identify theevents that induce the system tochange. The model developed duringthe course of this analysis notably

the various current consumers in consideration

officeheating

minorevent

computersno breakgreater

than 20 msbeyond this:

criticalevent

tank cooling

stoppage possiblefor 1 hour max.

beyond this:loss of tank

contentsdisastrous event

oven n 1

process

oven n 2

stoppage possiblefor 3 mins max.


contentsdisastrous event

stoppage possiblefor 3 mins max.


contentscritical event

8/9/2019 ect184.pdf

11/24


equipment failure mode failure rate time torepair,frequency ofpreventivemaintenance

circuit breaker c blocked closed 1 1, c spuriously open 2

generator set c failure in operation 4 2, 6 monthsc failure on start-up 5

transformer c failure in operation 6 3, X months

highlights the various reconfigurationpoints in the system.

This second analysis enables account

to be taken of functional aspects whenthey interact with malfunctionalaspects.

failure mode analysisThis analysis aims to provide:c the list of possible failure modes foreach of the items identified in thefunctional analysis,c their causes of occurrence (onecause is enough),c the consequences of these failureson the system (also called single

events),c the failure rate associated with eachfailure mode as part of a quantitativestudy.The results are presented in table form(see fig. 16).This analysis can be considered as thefirst stage of modelling.

reliability dataAs part of a quantitative analysis, it isnecessary to have probability datafor the failure of the system'sequipment.The probability characteristics are thencombined with the failure modes.These are:c the failure rate and how it is brokendown according to the failure mode,c the average time to repair associatedwith the frequency of preventivemaintenance (see fig. 17).

Failure ratesRemember that this involvesquantifying the probability that there willbe a failure between [t, t+dt], knowingthat there has been no failure before t.Schneider Electric has a database builtup from several sources:c internal studies and analysis ofequipment returned to the factory afterfailure,c failure statistics observed by utilitiescompanies and other manufacturers,c reliability data,v for non-electronic components:- IEEE 500 (feedback of experiencefrom nuclear power stations in theUSA),

fig. 15: behavioural description in the form of a Petri network.

fig. 16: failure mode analysis.

functions failure mode causes effects on the systempower supply loss of normal mode c power supply failure switch over to stand-byfeeder c transformer failure

c spurious circuitbreaker tripping

stand-by loss of stand-by mode c failure of GE in loss of electricityin operation operation supply

c spurious circuitbreaker tripping

c transformer failurenormal mode failure and c GE does not start upstand-by mode is not c circuit breaker isavailable blocked open

fig. 17: fictive summary of the reliability data required for a study.

? loss of power supply A

! switch to power supply B

? loss of power supply B

! start-up of GE

This Petri network expressesthe fact that in the case of lossof power supply A, the networkis switched to the power supply B.If power supply B fails, then theGE start-up.

8/9/2019 ect184.pdf

12/24

8/9/2019 ect184.pdf

13/24


assessed and the assumptions takenaccount of in the model(s).

The main modelling techniques

ccccc combination:the combining of single events.This is the case of fault tree diagrams(see fig. 18).A fault tree diagram breaks downevents into single events.The immediate causes of the loss ofelectrical supply are therefore sought,these are intermediary events.The causes of these intermediaryevents are then sought in turn.The break-down continues in this wayuntil it becomes impossible or until itserves no further purpose.Terminal events are called basicevents.The breaking down of an event intocausal events is performed usinglogical operators or so called gates (theAND gate, the OR gate).The fault tree diagram in figure 18expresses the fact that in the givennetwork, there is a total loss ofelectrical power if there is a loss ofpower supply and loss of thegenerator sets.In this type of modelling exercise, no

account is taken of the fact that thefailure of the generator sets is onlysignificant if there is loss of powersupply beforehand.Networks with reconfigurationpossibilities and complex maintenancestrategies are difficult to model usingthe fault tree method.ccccc combination and sequential:the combining of single events whilsttaking account of the moment in timewhen the events occur.v Markovian type (see fig. 19).

This type of model is commonlyrepresented by a graph that showsthe various possible states in thesystem.The arrows that link the system statesare quantified by rates, which can bethe failure rates, the repair rates or therepresentative operating modefrequencies.These rates represent the probabilitythat the system changes status

fig. 19: modelling of malfunctions in the form of a Markov diagram a , b and are assumed to be constant.

status 1correct

operation

failure of power supply failure of GE's

repair

status 2power supplyfailure/start-up

of GE's

status 3failure of

power supplyGE's do not

start up

status 4loss of power

supply

2

repair1

repair3

ba

c lossof power

supply, GE's do not start up

a : frequency at which there is loss power supplyb: frequency of GE failure: frequency of repair

between time t and t+dt.The graph in figure 19 shows the factthat the system can have any one offour operating status:- status 1: correct operation,- status 2: failure of power supplyand the generator sets have started up,

- status 3: failure of power supplyand the generator sets have not startedup,- status 4: when the generator setshave failed in operation with the powersupply also failed.Markovian modelling assumes that thefrequencies (or rates), which enablepassage from one status to another,are constant.The calculating algorithms associated

with this modelling technique can onlybe applied under these conditions.This limit leads us to makeassumptions and therefore to representthe reality of the situation to a greateror lesser extent.v other types.

The procedure used is generally that ofa Petri network.The network is represented by places,transitions and tokens.The crossing of a transition via a tokencorresponds to a possible functional ormalfunctional system event.These transitions can be associatedwith any type of probability law.Simulation is the only way to enablecalculations to be resolved.

8/9/2019 ect184.pdf

14/24


selection criteria fault tree diagram Markov graph Ptri networkinteraction of the resolution impossible or false under certain conditions, suitableoperating mode in depending on the algorithms used resolution can be impossible or falsemodelling depending on the algorithm usednumerical dispersion resolution impossible or false under certain conditions, suitableof data depending on the algorithms used; resolution can be impossible or false

no problem if simulation depending on the algorithm usedthe timing of the failures no suitable suitableis importantestimate involving simulation time which can be suitable simulation time whichrare events prohibitive, no problem in the case can be prohibitive

of analytical resolution

estimate of:c MUT - suitable suitablec MTTF suitable suitable suitablec D(t) - suitable -c D() suitable (analytical calc.) suitable suitablec average D at t suitable (simulation) - suitablec MTTR - suitable suitablec eq - suitable suitable

fig. 21: criteria used to select the type of modelling used.

The Ptri network in figure 20represents the various failure modesthat the system may be subject to:- associated with transition n 1 is theprobability of power supply failure,- associated with transition n 2 is theprobability of the starting up and thenon starting up of the generator sets,- associated with transition n 3 is theprobability of failure of the generatorsets in operation.

Criteria used to select a modellingtype:figure 21 shows these modellingtechniques in table form.

dependability criteriaassessment calculationsTwo different techniques can be used.c analytical resolution:v for states graphs,v for fault tree diagrams.When systems are large or complex,analytical resolution may beimpossible.c system component behavioursimulation (operation or failure):v for Petri networks,v for fault tree diagrams.To achieve accuracy, a large number ofsimulations must be carried out and thecalculation time may be prohibitive if

the measurement estimate is related torare events.The modelling of a system using a Petrinetwork is the model most closely

representing the actual operation of thesystem being studied. But in view of thelimits related to simulation, thistechnique is not systematically used.

fig. 20: modelling using a Petri network.

powersupply failure

time torepair

time torepair

time torepair

P=probability ofGE's not starting up

1P=probability ofstart-up of GE's

1

2

failure of GE'sin operation

3

8/9/2019 ect184.pdf

15/24


3. examples of studies

comparing two electricalnetwork configurations in afactoryc presentation of the factory:A drinking water production plantsupplies 100 000 m 3 /day at off peaktimes, 300 jours/year and200 000 m 3 /day at peak times, 65 daysa year.Production of water is performed using4 production plants, each capable of

supplying 100 000 m 3 /day.Each plant is associated with sixtypes of current consumers : R 1, R 2,R3, R 4, R 5 and R 6 (pumps,disinfectors, etc.) which must worksimultaneously in order to ensureproduction (ref. fig. 22).The current consumers ensuring theoperation of each plant can bedistinguished in the following manner:R1a ,, R 6a for plant n 1

fig. 22: functional diagram of the original installation. Certain penalising common modes are not shown.

R1b ,, R 6b for plant n 2R1c ,, R 6c for plant n 3R1d ,, R 6d for plant n 4To ensure operation at off-peak times,only one plant is required ; during peaktimes, two plants are required.c analysis of the enquiry, therequirementsAfter two meetings with the customer,the specialists have determined:v that the following was required:- a proposal for a new LV electricalnetwork configuration, the configurationof the MV (5.5 kV) should change verylittle,- proof that the proposed layout was atleast as good as the old in terms ofcertain dependability criteria.v that the dependability criteria to beassessed were:- the probability of simultaneouslylosing electrical supply to currentconsumers n 1 and n 6,

- the probability of losing electricalsupply to current consumers n 3.c functional analysisGeneral considerations concerning thenetwork operation:v the site is supplied by twoindependent power supply feeders.Two generator sets are there on stand-by in the case of failure of the powersupply feeders,v in normal operation, the site issupplied by the power supply feeder A.If this feeder fails, then the systemswitches to power supply feeder B. Ifboth power supply feeders fail, thegenerator sets start up,v there are two levels of production, off-peak and peak. In the case of peakproduction, the power of the generatorsets is not sufficient to ensureproduction.v the power supply split between currentconsumers is such that the availability is

R6a ......R 6d R 5a ......R 5d

5,5 kV

400 V

JDB3

T3

R4a ......R 4d R 3a ......R 3d

5,5 kV

400 V

JDB4

T4

R2a ......R 2d R1a ......R 1d

5,5 kV

400 V

JDB5

T5

20 kV

MVswitchboard 1

MVswitchboard 2

power supply Bpower supply A G1 G2

5,5 kV

T220 kV

5,5 kV

T1

5,5 kV

400 V

JDB6

T6

8/9/2019 ect184.pdf

16/24


in the old network, there are failures thatcontribute directly to the loss of electricalpower supply.If this system only worked in off-peakconditions, this ratio would be virtuallythe same since the system works mostlyin off-peak conditions, thus explaining itspreponderance in the overall result.If the system only works in peakconditions, it is around 50 times moreprobable to lose electrical supply tocurrent consumers 1 and 6 with the oldnetwork. In the case of peak conditions,it is MV related faults that predominateand this part of the network cannot bechanged very much.v on the frequency of loss of supply tocurrent consumers n 1 and 6:- off-peak operation 22- peak operation 21- overall 21v on the frequency of loss of supply tocurrent consumers n 3:- off-peak operation 18- peak operation 21- overall 20The improved performance of the newnetwork is less pronounced in terms offrequency of failure.Calculation parameters used in aprobability of unavailability are thefrequency of failure and the time torepair. The failures which directlycontribute to the loss of power have aneffect on the unavailability time which isproportional to their time to repair.The new network makes it possible forbackground preventive maintenance tobe carried, in other words withoutinterrupting the plant's normaloperation.ccccc additional assessmentsIt seemed interesting to assess someadditional criteria to compare the twoconfigurations.v the relative probability of losing peakoperating conditionsIn the case of peak operatingconditions, the economic stakes arehigh. The criteria assessed above donot measure this risk. It is entirelyfeasible to lose peak production evenwith current consumers 1, 6 and 3supplied power.The probability of losing peak operationis four times less with the new network.The improvement is less pronouncedthan the other calculated criteria, sincethe main failures occur in the MV partwhich remains unmodified.

not very good. Thus, for example a faulton the busbar JDB3 knocks out allcurrent consumers of type R 5 and R 6.Production is stopped and no other plantcan operate,v the existing electrical network wassuch that that there were commonmode busbars. A short circuit acrossthese busbars made anyreconfigurations inoperative.The probability of a busbar short circuitis low, but since the system had highreconfiguring possibilities this failuremode becomes preponderant. Thecommon modes occur at coupling level,during reconfigurations involvingtransformer T4.v for the new network, the currentconsumers have been separated sothat it is possible to supply off-peakdemand with the current consumersassociated with one single transformerand peak demand with the currentconsumers associated with twotransformers.Figure 23 presents the proposednetwork layout and figure 24 itsfunctional analysis.c results analysisThe improvement in results obtainedwith the proposed network is

highlighted by giving the improvementratios, with the existing network beingused as a reference.Besides the probabilities of thesimultaneous loss of current consumers1 and 6 and the loss of currentconsumers 3, we have assessed theirfrequency of loss. Also calculated : theoptimum maintenance frequency for thegenerator sets and the contribution ofthe MV and LV networks to theundesirable events.Here are the obtained improvements :v on the relative probability of

simultaneously losing supply to currentconsumers n 1 and 6:- off-peak operation 110- peak operation 55- overall 105v on the relative probability of losingsupply to current consumers n 3:- off-peak operation 99- peak operation 54- overall 97Overall, the probability of losing electricalsupply to current consumers n 1 and 6 is100 times greater with the old networkthan with the proposed network. Indeed,

fig. 23: functional diagram of the new configuration.

GE1powersupply A

powersupply B

MVswitchboard 1

MVswitchboard 2

GE2

20 kV

T1 T2

5,5 kV

20 kV

5,5 kV

R1d R2d ...................R 6d

5,5 kV

plant n 4400 V

R1c R2c ...................R 6c

5,5 kV

plant n 3400 V

R1b R2b ...................R 6b

5,5 kV

plant n 2400 V

R1a R2a ...................R 6a

5,5 kV

plant n 1400 V

8/9/2019 ect184.pdf

17/24


v the optimum preventive maintenancefrequencyThe graph resulting from thecalculations (see fig. 25) shows theimpact of preventive maintenancefrequency of the generator sets on theprobability that they will be availablewhen they are required.For a maintenance frequency of6 months, the graph shows that there isa trough in the probability of unavailabilityin the event of a loss of power.v contribution of the MV and LV parts tothe undesirable events for the proposednetwork.The MV part has a much highercontribution than the LV part (around99.9% compared with 0.1%).Since the MV network has not beenmodified, its preventive maintenancemust be optimised ; moreover, it wouldbe greatly preferable to have a qualitymonitoring and control system on theMV network.

the interest of remotemonitoring and control inan EHV substationc analysis of the enquiry, therequirementsSchneider is carrying out preliminarydependability studies as part of anexport monitoring and control offer foran EHV substation. The following

fig. 24: functional analysis of the new configuration.

fig. 25: unavailability of a generator set when power is down as a function of the periodicity of maintenance.

preliminary study had to determinewhich configuration would enable theachievement of dependabilityobjectives that had been set by thecustomer in terms of the loss ofmonitoring and control.The objective was to determinewhether it was necessary toincorporate a stand-by remote workstation.

power supplyA

transformer20 kV/5.5 kV

currentconsumers

n 6a, 5a, 4a3a, 2a, 1a

power supplyB

generatorsets

transformer20 kV/5.5 kV

protectiondevices

protectiondevices

couplingcurrent

consumersn 7

currentconsumers

n 8

currentconsumers

n 8

currentconsumers

n 7

T5 T3

currentconsumers

n 6b, 5b, 4b3b, 2b, 1b

currentconsumersn 6c, 5c, 4c3c, 2c, 1c

currentconsumers

n 6d, 5d, 4d3d, 2d, 1d

T6 T4

1 month 6 months 1 year 2 years 5 years

P(failure whenpower down)

8/9/2019 ect184.pdf

18/24

8/9/2019 ect184.pdf

19/24


c functional analysisThe monitoring and control of the EHVsubstation in question includes:v four plc's which acquire datas on thestatus of the substation'selectrotechnical equipment and whichpass on the control orders (level 1),v a work station enabling visualisationof the substation's status and thesending of control orders (level 2),v and possibly, a remote work station.The remote workstation is therefore onstand-by with respect to thesubstation's own work station.Figure 26 shows the basic solutioncorresponding to one single level 2work station.Figure 27 shows the solution with a linkto a remote work station.c results analysisthe selected monitoring and controlsystem must have a probability ofunavailability of less than 10 -4 att=1200 hours. This means theequipment must be non-functional forless than 7 minutes over 1200 hours ofoperation (50 days).The undesirable event - loss ofmonitoring and control - has beenbroken down into three undesirableevents corresponding to calculations of:v the probability of totally losingmonitoring and control (common mode),v the probability of losing at least on/offinformation,v the probability of losing at leastanalogic information,or in other words three calculations foreach configuration.The equipment is divided into twoclasses:v equipment for which we havereplacement parts (n),v equipment for which we do not havereplacement parts (s).Two calculations are performed for eachundesirable event, to show the impact ofthe choice of the average repair time onthe end result (see fig. 28).Hypothesis 2 is the most realistic one;it is these times that will be taken intoaccount to choose between the twosolutions.

MDT for equipment of type n MDT for equipment of type shypothesis 1 1 hour 3 hours

hypothesis 2 4 hours 12 hours

fig. 28: two hypotheses for the average time to repair.

fig. 29: bar chart of the unavailability of the two solutions (the orange line corresponds to the

objective to be achieved, it is achieved if the bar chart is to the left of the line).

As figure 29 shows;v the solution without the remotestation does not enable the requiredavailability to be achieved,v the solution with remote monitoringand control enables the objectives to be

base solution:

analogic inputs

on/off inputs/outputs

common modes

solution with link to level 3:

analogic inputs

on/off inputs/outputs

common modes

hypothesis 1

hypothesis 2

0 1E-4 2E-4 3E-4 4E-4 5E-4 6E-4

unavailability at t = 1200 h

objective

achieved for on/off inputs and thecommon modes ; but the probability oflosing at least one analogic inputremains greater than the target objective.

8/9/2019 ect184.pdf

20/24


dependability studypackagesCertain tools automatically generate adependability study from the functionalanalysis of the system and the failuremodes of its components.A model is generated which enablesevaluation of the dependability criteria.These tools are useful for complexsystems and/or repetitive systems.They enable a database to be created

on the failure modes of the componentsand on the consequences of thesefailures when possible. (see. fig. 30).

modelling toolsTwo types of tools (see. fig. 31):c simulation tools,c analytical calculation tools.Comment: a Markov graph can veryeasily be transformed into a Ptrinetwork and be used for simulation. Asopposed to a Ptri network, a graphcan be associated, but in this case the

transitions must be Markovised: in aMarkov graph the frequency ofoccurrence of the transitions arenecessarily constant.Schneider currently has a PC graphicalinterface called PCDM whichautomatically generates the file definingthe Markov graph or the Ptri networkthat has been drawn (ref. fig. 32).This provides time savings andimproved reliability of data entry.The Petri network modelling techniqueis that which currently best approaches

the real behaviour of the system. Theacceleration of the simulation of Petrinetworks, notably using MOCA-RPsoftware, is the subject of a thesiswhose initial findings have beenpresented at the ESREL 96 congress(European Safety Reliability).In the near future, the use of Petrinetworks will no longer be limited bythe simulation time they require.

tool modelling calculation main featuresname technique resolution techniqueAdlia fault tree c analytical tool developed by Schneider Electric

c simulation to model the malfunctions inelectrical network components. Itintegrates an electrical networkmalfunction database. Thedescription of the network and of theundesirable event automaticallygenerates the correspondingfault tree.

Sofia fault tree c analytical tool developed by SGTE Sofrenten.(logical polynomial) Automatic generation of a fault

tree and associated FMEA, by afunctional description of the systemand the creation of an associatedmalfunction database.

fig. 30 : two types of tools regularly used by Schneider Electri for dependability study.

modelling type simulation tool analytical calculation toolMarkov graph super Cab

developed by ELF AQUITAINEPetri network MOCA-RD

developed by Microcab

fig. 31: the modelling tools.

fig. 32: PCDM graphical interface - Markov graph.

4. dependability tools

8/9/2019 ect184.pdf

21/24


5. conclusion

Requirements have progressed interms of quality of electricity supply.Taking account of the considerableimprovements that have been made inmethods and equipment, users areentitled today to demand a high level ofavailability.To achieve this objective with justifiedconfidence, dependability studies arenecessary.They enable optimisation ofc the configuration of the electrical

network,

c of the monitoring and control system,c of the maintenance policy.They enable solutions to be chosenthat are tailored to achieve the requiredavailability threshold as cost effectivelyas possible.Often the study can be limited to a keypoint in the installation, responsible forthe major part of the globalunavailability.In many cases, it is interesting to call ina specialist. The advice they may

provide could prove decisive.

Dependability can be broken down interms of:c safety,c reliability,c availability,c maintainability.Safety requirements initially imposeddependability studies on hazardousapplications : rail and air transport,nuclear power stations, etc. If we addthe requirements of reliability,availability and maintainability, many

other sectors are concerned.

8/9/2019 ect184.pdf

22/24


bibliography

Standardsc IEC 50: International electrotechnicalvocabulary - general index.c IEC 271/UTE C 20310: List of basicterms, definitions and relatedmathematics for reliability.c IEC 300: Reliability andmaintainability management.c IEC 305/UTE C20321 327:Characteristics of string insulator unitsof the cap and pin type.

c IEC 362: Guide for the collection ofreliability, availability and maintainabilitydata from field performance ofelectronic items.c IEC 671: Periodic tests andmonitoring of the protection system ofnuclear reactors.c IEC 706/X 60310 and 60312: Guideon maintainability of equipment.c IEC 812/X 60510: Analysistechniques for system reliability -Procedure for failure mode and effectsanalysis (FMEA).

c CEI 863/X 60520 : Prvision descaractristiques de fiabilit,maintenabilit et disponibilit.c IEC 880: Software for computers inthe safety systems of nuclear powerstations.c IEC 987: Programmed digitalcomputers important to safety fornuclear power stations.c IEC 1165: Application of Markovtechniques.c IEC 1226: Nuclear power plants ;instrumentation and control systems

important for safety ; classification.c NF C 71-011 : Sret defonctionnement des logiciels -Gnralitc NF C 71-012 : Sret defonctionnement des logiciels -Contraintes sur le logiciel.c NF C 71-013 : Sret defonctionnement des logiciels -Mthodes appropries aux analyses descurit.

Miscellaneous publications[1] Fiabilit des systmesA. Pags et M. GondranEyrolles 1983[2] Sret de fonctionnement dessystmes industrielsA. VillemeurEyrolles 1988[3] Recueils de donnes de fiabilit :c Military Handbook 217 FDepartment of Defense (US)

c Recueil de donnes de fiabilit duCNET(Centre National dEtudes desTlcommunications)1993c IEEE 493 et 500 (Institute ofElectrical and Electronics Engineers)1980 et 1984c IEEE Guide to the collection andpresentation of electronic sensingcomponent, and mechanical equipmentreliability data for nuclear-powergenerating stationsc Document NPRD91 (Nonelectronics

Parts Reliability Data)du Reliability Analysis Center(Department of Defense US)1991[4] Recommandations:c MIL-STD 882 Bc MIL-STD 1623

Merlin Gerin Cahier Techniquesc Mthode de dveloppement dunlogiciel de sretCahier Technique n 117 -

A. JOURDIL et R. GALERA 1982c Introduction to dependability design,Cahier Technique n 144P. BONNEFOIc Sret et distribution lectriqueCahier Technique n 148 - G. GATINEc High availability and LV switchboards,Cahier Technique n 156O. BOUJU

c Automatic transfering of powersupplies in HV and LV networksCahier Technique n 161G. THOMASSETc Energy-based discriminationfor LV protective devices,Cahier Technique n CT167R. MOREL, M. SERPINETc Dependability of MV and HVprotective devices,Cahier Technique n 175M. LEMAIRE

Schneider's participation in variousworking groupsc statistical group of IEC committee 56(reliability standards),c software dependability with theEuropean EWICS-T7 group : computerand critical applications,c groupe de travail de lAFCET sur lasret de fonctionnement dessystmes informatiques,c participation la mise jour du

recueil de fiabilit du CNET,c IFIP working group 10.4. Dependablecomputing.

8/9/2019 ect184.pdf

23/24


8/9/2019 ect184.pdf

24/24

ect184.pdf

Documents

Transcript of ect184.pdf