MMS Communication over telecom link
Voted best answer
I agree there is possible to set up conenction, but there is also necessary to add more definitions especially regarding "security" side for application / connection (we are on the most sensitive level - controller interconnection. Any issue can significantly influence operation / security / safety.
There is necessary to highlight this connection is strange especially in case of connection via "public" networks (public provider).
Vijay is it possible to provide description regarding inteconenction itself? Is it possible to clarify:
- Provider (your owned wires / public provider)
- planned type of connection (modem / routers / internet)
- how you would like to solve security side?
Radomir, maybe it is necessary to have a commissioning of at least one project where did you successfully implement such solution? :-))
I did, but no success. We had the similar situation: we need to control several solenoids in the PCS from level transmitters in the ESD. The PCS PLC and ESD PLC was located in the different subnetworks served by two independent connectivity servers. We did tried solution with xxxx router, we could ping one PLC from another but when we want to receive the data by MMSRead128BoolM CM it failed after 3-5 seconds with error (connection timeout). Changing the router didn't solved the problem (even make worse: connection lost immediately). Without routing (if we place ESD PLC to the same subnet and connectivity server) all worked perfect. Finally we decided to place splitter for signal from level transmitters and now it works fine for the 2 years already.
So please do not spread the theories "how is it possible". Do it once and give a practical answer with some steps "how-to".
I can't answer you anything about Emerson solutions because not familiar with their technoloy. Maybe you can give a link on that?
If you want to go back in time to the safety roots let's first remember normally closed contacts for gas beacons and emergency shutdown signals. Would you like to stop production if your router hanged for a couple of seconds due to the packet loss?
And also be sure that for SIL-3 applications it is not possible to transfer signals between controllera through MMS at all.
I am a person who rather say "not possible" than give a bad advise that finally won't work at the commissioning stage:)
@Linkinx64, You can study solution here (I am sorry I dont´t have so much time to find direct link for document):
Regarding your answer (and inputs we have)
- SIL level - no definition
- system on second side - no definition
- transport layer - no definition
- security side clarification - no definition
There is "offshore" application - there is very complicated to propose different solution than communication link (inteconnection). I am sure Vijay has to test solution from safety side and calculate several scenarios "what if" and based on outputs implement possible ways / solution. From my point of view 30s is too short in case of response to communication issue (to solve it), but I can´t give any advice without detailed information about application itself, whether there are available people on both sides who can switch to local monitoring (any bypass solution) in case of troubles with communication and so on. Sometimes we can´t provide detailed functional tested solution because never done before. We are here to help with looking for possibility (way) and from my point of view any idea / advice is important - because thru definition all possible ways you can make a list where is not possible to go.
I am happy you shared your experience in this area now (Vijay has more complex information now what is necessary to check) - thanks a lot.
I hope Vijay will share with us more detailed information regarding looking for solution and final implementation at the end to help other users with their possible "future" tasks regarding this thread. Maybe because of this we discuss here - to collaborate and help each other?
Technically, it is possible to have communication between HI controllers which are on different subnet. In a safety system, it is always recommended that communication link shall be dedicated and reliable, in order to ensure time bound communication. Being SIL communcation,any timeout will result in undersired shutdown.
As far as security is concerned, various measure are in place in safety frame to detect different types communication errors viz. - Corruption, Unintended Repetition, Incorrect Sequence, Loss, Unacceptable Delay, Insertion, Masquerade, Addressing etc.