TOPIC 2: SCADA SYSTEMS, HARDWARE AND

FIRMWARE
COURSE: SUPERVISORY CONTROL AND DATA ACQUISITION
 OVERVIEW

 A SCADA (or supervisory control and data acquisition) system means a system consisting of several
remote terminal units (or PLCs) collecting field data connected back to a master station via a
communications system.

 The master station displays the acquired data and allows the operator to perform remote control tasks.

 The accurate and timely data allows for optimization of the operation of the plant and process. A further
benefit is more efficient, reliable and most importantly, safer operations.

 A successful SCADA installation depends on utilizing proven and reliable technology, with adequate and
comprehensive training of all personnel in the operation of the system.
INTRODUCTION AND
BRIEF HISTORY OF
SCADA

 A diagram of a typical
SCADA system is given in the
figure:
 SCADA HARDWARE LEVELS
 On a more complex SCADA system there are essentially five levels or hierarchies:
MAIN HARDWARE COMPONENTS

 The RTU (PLC) provides an interface to the field analog and digital signals situated at each remote site.
 The communications system provides the pathway for communications between the master station and the
remote sites.
 This communication system can be radio, telephone line, microwave and possibly even satellite.
 Specific protocols and error detection philosophies are used for efficient and optimum transfer of data.
 The master station (and submasters) gather data from the various RTUs and generally provide an operator
interface for display of information and control of the remote sites.
 In large telemetry systems, submaster sites gather information from remote sites and act as a relay back to
the control master station
SUB-MASTER
STATIONS IN
SCADA SYSTEMS
PROGRAMMABLE
LOGIC CONTROLLER
(PLC)

o Since the late 1970s, PLCs have

replaced hardwired relays with a
combination of ladder–logic
software and solid-state electronic
input and output modules.
o They are often used in the
implementation of a SCADA RTU
as they offer a standard hardware
solution, which is very
economically priced.
o Another device that should be
mentioned for completeness is the
smart instrument which both PLCs
and DCS systems can interface to.
 SMART INSTRUMENT

o Although this term is

sometimes misused, it
typically means an intelligent
(microprocessor based)
digital measuring sensor
(such as a flow meter) with
digital data communications
provided to some diagnostic
panel or computer-based
system.
CONSIDERATIONS OF SCADA SYSTEMS

Typical considerations when putting a SCADA system together are:

 Overall control requirements
 Sequence logic
 Analog loop control
 Ratio and number of analog to digital points
 Speed of control and data acquisition
 Master/operator control stations
 Type of displays required
CONSIDERATIONS OF SCADA SYSTEMS

Typical considerations when putting a SCADA system together are:

 Historical archiving requirements
 System consideration
 Reliability/availability
 Speed of communications/ update time/system scan rates
 System redundancy
 Expansion capability
 Application software and modeling
BENEFITS OF SCADA SYSTEMS

Obviously, a SCADA system’s initial cost must be justified. A few typical reasons for implementing a SCADA
system are:
 Improved operation of the plant or process resulting in savings due to optimization of the system
 Increased productivity of the personnel
 Improved safety of the system due to better information and improved control
 Protection of the plant equipment
 Safeguarding the environment from a failure of the system
 Improved energy savings due to optimization of the plant
 Improved and quicker receipt of data so that clients can be invoiced more quickly and accurately
 Government regulations for safety and metering of gas (for royalties & tax etc)
REMOTE
TERMINAL UNITS
An RTU (sometimes referred to as a
remote telemetry unit) as the title implies,
is a standalone data acquisition and
control unit, generally microprocessor
based, which monitors and controls
equipment at some remote location from
the central station.
o Its primary task is to control and
acquire data from process equipment
at the remote location and to transfer
this data back to a central station.
o It generally also has the facility for
having its configuration and control
programs dynamically downloaded
from some central station.
o A typical RTU configuration is shown
in Figure 2.6:
RTU/PLC
HARDWARE
COMPONENTS
CONTROL PROCESSOR (CPU)
 ANALOG INPUT MODULES

These have various numbers of inputs.

Typically there are:
 8 or 16 analog inputs
 Resolution of 8 or 12 bits
 Range of 4–20 mA (other possibilities
are 0–20 mA/±10 volts/0–10 volts)
 Input resistance typically 240 kΩ to 1
MΩ
 Conversion rates typically 10
microseconds to 30 milliseconds
ANALOG INPUT
MODULES

 A block diagram of a typical

analog input module is shown
in the figure:
AMPLIFIERS

o Where low-level voltages need to be digitized, they must be amplified to match the input range of the
board’s A/D converter.
o If a low-level signal is fed directly into a board without amplification, a loss of precision will be the result.
SAMPLE-AND-HOLD CIRCUIT

o Most A/D converters require a fixed time during which the input signal remains constant (the aperture
time) in order to perform an A/D conversion.
o If the input were to change during this time, the A/D would return an inaccurate reading.
o Therefore, a sample-and-hold device is used on the input to the A/D converter.
A/D CONVERTERS

o The A/D converter is the heart of the module. Its function is to measure an input analog voltage and to
output a digital code corresponding to the input voltage.
o There are two main types of A/D converters used:
 Integrating (or dual slope) A/Ds - These are used for very low frequency applications (a few hundred hertz
maximum) and may have very high accuracy and precision (e.g. 22 bit). They are found in thermocouple and RTD
modules. Other advantages include very low cost, noise and mains pickup tend to be reduced by the integrating
and dual slope nature of the A/D converter.
 Successive approximation A/Ds - Successive approximation A/Ds allow much higher sampling rates (up to a
few hundred kHz with 12 bits is possible) while still being reasonable in cost.
The conversion algorithm is similar to that of a binary search, where the A/D starts by comparing the input with a
voltage (generated by an internal D/A converter), corresponding to half of the full-scale range.
CONNECTION METHODS

There are two methods of connecting signal sources to the data acquisition board: Singleended and differential.
o In general, differential inputs should be used for maximum immunity.
o Single-ended inputs should only be used where it is impossible to use either of the other two methods.
SINGLE-ENDED INPUTS

 Boards that accept single-ended inputs have a

single input wire for each signal, the source’s HI
side.
All the LO sides of the sources are commoned
and connected to the analog ground AGND pin.
This input type suffers from loss of common
mode rejection and is very sensitive to noise
DIFFERENTIAL INPUTS

True differential inputs provide the maximum noise

immunity.
o This method must also be used where the signal
sources have different ground points and cannot
be connected.
o Referring to the figure, we see that each
channel’s individual common mode voltage is fed
to the amplifier negative terminal, the individual
VCMn voltages are thus subtracted on each
reading.
ANALOG OUTPUTS

Typically the analogue output module has the following features:

 8 analogue outputs
 Resolution of 8 or 12 bits
 Conversion rate from 10 µ seconds to 30 milliseconds
 Outputs ranging from 4–20 mA/± 10 volts/0 to 10 volts
DIGITAL INPUTS

These are used to indicate items such as

status and alarm signals.
o Status signals from a valve could
comprise two limit switches with
contact closed indicating valve -
open status and the other contact
closed indicating valve – closed
status.
o When both open and closed status
contacts are closed, this could
indicate the valve is in transit.
o A typical circuit and its operation
are indicated in the figure.
DIGITAL INPUTS

o The two main approaches of

setting the input module up
as a sink or source module
are as indicated in the Figure.
DIGITAL OUTPUT MODULE

Typical digital output modules:

 8/16/32 digital outputs
 240 V AC/24 V DC (0.5 amp to 2.0 amp) outputs
 Associated LED indicator for each output to indicate current status
 Optical isolation or dry relay contact for each output.
TYPICAL DIGITAL OUTPUT MODULE
TYPICAL REQUIREMENTS FOR AND RTU/PLC HARDWARE

 Individual RTU expandability (typically up to 200 analog and digital points)

 Off the shelf modules
 Maximum number of RTU sites in a system shall be expandable to 255
 Modular system – no particular order or position in installation (of modules in a rack)
 Robust operation – failure of one module will not affect the performance of other modules
 Minimization of power consumption
TYPICAL REQUIREMENTS FOR AND RTU/PLC HARDWARE
 Heat generation minimized
 Rugged and of robust physical construction
 Maximization of noise immunity (due to harsh environment)
 Temperature of –10 to 65°C (operational conditions)
 Relative humidity up to 90%
 Clear indication of diagnostics
 Visible status LEDs
 Local fault diagnosis possible
 Remote fault diagnostics option
 Status of each I/O module and channel (program running/ failed/communications OK/failed)
 Modules all connected to one common bus
 Physical interconnection of modules to the bus shall be robust and suitable for use in harsh environments
 Ease of installation of field wiring
 Ease of module replacement
 Removable screw terminals for disconnection and reconnection of wiring
TYPICAL REQUIREMENTS FOR AND RTU/PLC SOFTWARE

 Compatibility checks of software configuration of hardware against actual hardware available

 Log kept of all errors that occur in the system both from external events and internal faults
 Remote access of all error logs and status registers
 Software operates continuously despite powering down or up of the system due to loss of power supply or other faults
 Hardware filtering provided on all analog input channels
 Application program resides in non-volatile memory

Configuration and diagnostic tools for:

 System setup
 Hardware and software setup
 Application code development/management/operation
 Error logs
 Remote and local operation
TYPICAL REQUIREMENTS FOR AND RTU/PLC SOFTWARE

 Each module should have internal software continuously testing the systems I/O and hardware.
 Diagnostic LEDs should also be provided to identify any faults or to diagnose failure of components.
 It is important that all these conditions are communicated back to the central station for indication to
the operator.
APPLICATION PROGRAMS

Typical application programs that can run in the RTU/PLC are:

PLC USED AS RTU

PLCs are popular for the following reasons:

 Economic solution. PLCs are a more economic solution than a hardwired relay solution manufactured RTU
 Versatility and flexibility. PLCs can easily have their logic or hardware modified to cope with modified
requirements for control
 Ease of design and installation. PLCs have made the design and installation of SCADA systems easier because
of the emphasis on software
 More reliable. When correctly installed, PLCs are a far more reliable solution than a traditional hardwired
relay solution or short run manufactured RTUs.
 Sophisticated control. PLCs allow for far more sophisticated control (mainly due to the software capability)
than RTUs.
 Physically compact. PLCs take up far less space than alternative solutions.
 Easier troubleshooting and diagnostics. Software and clear-cut reporting of problems allows easy and swift
diagnosis of hardware/firmware/software problems on the system as well as identifying problems with the
process and automation system.
PLC SOFTWARE

o The ladder-logic approach to

programming is popular
because of its perceived
similarity to standard
electrical circuits.
o Two vertical lines supplying
the power are drawn at each
of the sides of the diagram
with the lines of logic drawn
in horizontal lines.
BASIC RULES OF LADDER LOGIC

The basic rules of ladder-logic can be stated to be:

 The vertical lines indicate the power supply for the control system (12 V DC to 240 V AC). The ‘power flow’
is visualized to move from left to right.
 Read the ladder diagram from left to right and top to bottom.
 Electrical devices are normally indicated in their normal de-energized condition. This can sometimes be
confusing and special care needs to be taken to ensure consistency.
 The contacts associated with coils, timers, counters and other instructions have the same numbering
convention as their control device.
BASIC RULES OF LADDER LOGIC

Devices that indicate a start operation for

a particular item are normally wired in
parallel (so that any of them can start or
switch the item on):
BASIC RULES OF LADDER LOGIC

Devices that indicate a stop operation for a

particular item are normally wired in
series (so that any of them can stop or
switch the particular items off):
BASIC RULES OF LADDER LOGIC

 Latching operations are used, where a momentary start input signal latches the start signal into the on
condition, so that when the start input goes into the OFF condition, the start signal remains energized ON.
 The latching operation is also referred to as olding or maintaining a sealing contact. See the previous two
diagrams for examples of latching.
 Interactive logic: Ladder-logic rungs that appear later in the program often interact with the earlier
ladder-logic rungs.
This useful feed back mechanism can be used to provide feed back on successful completion of a sequence of
operations (or protect the overall system due to failure of some aspect).
LAD LOGIC
INSTRUCTIONS
STANDARD RELAY TYPE

There are three main instructions in this category. These are:

 Normally open contact. (Sometimes also referred to as ‘examine if closed’ or ‘examine on’).
 Normally closed contact. (Sometimes also referred to as ‘examine if open’ or ‘examine if off’)
 When the complete ladder-logic rung is set to a ‘TRUE’ or ‘ON’ condition, the output energize instruction
sets its memory location to an ‘ON’ condition; otherwise if the ladder-logic rung is set to a ‘FALSE’ or
‘OFF’ condition, the output energize coil sets its memory location to an ‘OFF’ condition.
TIMERS

There are two types of timers:

 Timer ON delay
 Timer OFF delay

There are three parameters associated with each timer:

 The preset value (Which is the constant number of seconds the timer times to, before being energized or de-
energized)
 The accumulated value (Which is the number of seconds which records how long the timer has been actively
timing)
 The time base (Which indicated the accuracy in seconds to which the timer operates e.g. 1 second, 0.1
seconds and even 0.01 seconds)
TIMER ON DELAY
TIMER OFF DELAY
COUNTER

There are two types of counters, Count up and Count down. The operation of these counters is very similar to
the timer ON and timer OFF timers.
There are two values associated with counters:
 Accumulated value
 Preset value
ARITHMETIC
INSTRUCTIONS
LOGICAL OPERATIONS
MOVE

This instruction moves the source value at the defined address to the destination address every time this
instruction is executed.
COMPARISON
INSTRUCTIONS
SUB ROUTINES AND JUMP INSTRUCTIONS

There are two main ways of transferring control of the ladder-logic program from the standard sequential path
in which it is normally executed. These are:
 Jump to part of the program when a rung condition becomes true (sometimes called jump to a label)
 Jump to a separate block of ladder-logic called a sub routine. Some users unwittingly run into problems
with entry of a ladder-logic rung into the PLC due to limitations in the reporting of incorrect syntax by the
relevant packages.
 The central site/master station can be pictured as having one
or more operator stations (tied together with a local area
network) connected to a communication system consisting of
modem and radio receiver/transmitter.
 It is possible for a landline system to be used in place of
the radio system, in this case the modem will interface
directly to the landline.
THE MASTER  Normally there are no input/output modules connected
STATION directly to the master stations although there may be an
RTU located near the master control room.
THE MASTER STATION

The features that should be available are:

 Operator interface to display status of the RTUs and enable operator control
 Logging of the data from the RTUs
 Alarming of data from the RTU

As discussed earlier, a master station has two main functions:

 Obtain field data periodically from RTUs and submaster stations
 Control remote devices through the operator station
VARIOUS
APPROACHES
FOR MASTER
STATION
 SUBMASTER STATIONS

 It may also be necessary to set up a

submaster station.
 This is to control sites within a specific
region.
TYPICAL STRUCTURE OF THE MASTER STATION
TYPICAL FUNCTIONS OF THE MASTER STATION
MASTER STATION SOFTWARE
SYSTEM SCADA SOFTWARE
System SCADA software consists of four main modules:
LOCAL AREA NETWORKS

The central site/master station can be pictured as having one or more operator stations (tied together with a
local area network) connected to a communication system consisting of modem and radio receiver/transmitter.
There are commonly three types of LANs:
ETHERNET

This is generally implemented as a 10 Mbps baseband coaxial cable network.

 Carrier Sense Multiple Access with Collision Detection (or CSMA/CD) is the media access control(or MAC)
method used by Ethernet.
 This is the more popular approach with LANs and hence will be discussed in more detail than the
alternative approaches.
 The philosophy of Ethernet originated from radio transmission experiments with multiple stations
endeavoring to communicate with each other at random times.
ETHERNET

There are three types of Ethernet cabling, standard Ethernet, coaxial Ethernet or 10BASE2 and the 10BASET
standard.
 Standard Ethernet is referred to in the ISO 8802.3 standard as 10BASE5.
 This is understood to mean 10 Mb/sec giving baseband transmission with a maximum segment length of 500
m (with each segment having up to 100 MAUs).
 There is a maximum of five segments allowed in the complete Ethernet system.
PHYSICAL LAYOUT FOR 10BASE5 ETHERNET
TOKEN RING LAN

The second type of network is the token ring

system, which was developed by IBM in the early
eighties.
 It is common in the office type environment but
not as popular for industrial type systems.
 It uses a token message to pass control from one
node to another.
The figure indicates a typical problem with the ring
type network where a node fails (or is switched off)
but does not disrupt the operation of the network,
due to bypass relays acting to ensure there is a
continuous signal path between nodes 2 and 4.
TOKEN BUS NETWORK

The token bus network is becoming increasingly

popular in industrial systems due to its philosophy
that all nodes will receive access to a bus with a
guaranteed maximum time.
The philosophy is similiar to that of the token ring
network with the use of a token to pass control from
node to node.
SYSTEM RELIABILITY AND AVAILABILITY

The individual component of the SCADA system contributed to the overall reliability of the system.
As the master station is a strategic part of the entire SCADA system, it is important that the system reliability
and availability are carefully considered.

Master station components that are critical are:

 Control processing unit (CPU)
 Main memory and buffer reprinters
 Disk drive and associated controller card
 Communications interface and channel
 REDUNDANT MASTER STATION CONFIGURATION

Two approaches possible are shown in the figure below.  Hot standby configuration with dual ported
 The simplest approach is to have a cold standby peripherals is given in the following figure.
changeover where a switch is generated to change
over from primary to secondary.
COMMUNICATION ARCHITECTURES AND PHILOSOPHIES

There are three main physical communication architectures possible.

The approaches can be combined in one communication system.
However, it is useful to consider each one in isolation for the purposes of this discussion.

Point-to-point (two stations). This is the simplest configuration where data is exchanged between two stations.
COMMUNICATION ARCHITECTURES AND PHILOSOPHIES

 Multipoint (or multiple stations). In this configuration, there is generally one master and multiple slaves.
COMMUNICATION ARCHITECTURES AND PHILOSOPHIES

 Relay station. There are two possibilities here:

Store and forward relay operation:

COMMUNICATION ARCHITECTURES AND PHILOSOPHIES

 Relay station. There are two possibilities here:

Talk through repeaters. This is the generally preferred way of increasing

the radio system’s range :
POLLED (MASTER SLAVE) COMMUNICATION

This can be used in a point to point or multipoint configuration and is probably the simplest philosophy to use.
 The master is in total control of the communication system and makes regular (repetitive) requests for data
and to transfer data, to and from each one of several slaves.
 The slaves do not initiate the transaction but rely on the master.
 It is essentially a half-duplex approach where the slave only responds on a request from the master.

The advantages of this approach are:

 Software is easily written and is reliable due to the simplicity of the philosophy.
 Link failure between the master and a slave node is detected fairly quickly.
 No collisions can occur on the network; hence the data throughput is predictable and constant.
 For heavily loaded systems with each node having constant data transfer requirements, as this gives a
predictable and efficient system.
POLLED (MASTER SLAVE) COMMUNICATION

The disadvantages are:

 Variations in the data transfer requirements of each slave cannot be handled.
 Interrupt type requests from a slave requesting urgent action cannot be handled (as the master may be
processing some other slave).
 Systems, which are lightly loaded with minimum data changes from a slave, are quite inefficient and
unnecessarily slow.
 Slaves needing to communicate with each other must do so through the master with added complexity in the
design of the master station.
POLLED (MASTER
SLAVE)
COMMUNICATION

Two applications of the polled

(or master slave) approach are
given in the following two
implementations.
This is possibly the most used
technique and is illustrated in
the diagram:
POLLED (MASTER SLAVE) COMMUNICATION

There are certain considerations to refine the polling scheme beyond what is indicated in the diagram above.
These are:
CSMA/CD SYSTEM (PEER-TO-PEER)

RTU to RTU communication. In a situation where an RTU wants to communicate with another, a solution
would be to respond to a poll by the master station having a message with a destination address other than that
of the master station’s.
 The master station will then examine the destination address field of the message received from the RTU
and if it does not, mark its own, retransmit onto the appropriate remote station.
 This approach can be used in a master slave network or a group of stations all with equal status.

Exception reporting (or event reporting). A technique to reduce the unnecessary transfer of data is to use some
form of exception reporting.
 This approach is popular with the CSMA/CD philosophy, but it could also offer a solution for the polled
approach where there is a considerable amount of data to transfer from each slave.
 The remote station monitors its own inputs for a change of state or data.
 When there is a change of state, the remote station writes a block of data to the master station when the
master station polls the remote.
TYPICAL CONSIDERATIONS FOR MASTER STATION

 A few factors to bear in mind when designing the system are: