Rockwell Automation ICS AADvance Controller

High demand architecture: dual input, dual processor, dual output, ensuring that faulty modules are replaced within MTTR to avoid SIF shutdown.

2. SIL 3 architecture

Fault safe I/O+fault-tolerant processor: single input/output, dual/triple processor (1oo2D/2oo3D), downgraded in case of processor failure, dual fault triggers safe state.

Fault tolerant I/O architecture: dual input/output, dual processors, both input/output modules support 1oo2D degradation, suitable for high safety requirements scenarios.

TMR architecture: three inputs, three processors (2oo3D), dual outputs, with the strongest fault tolerance. A single module failure does not affect system operation. When there are two failures, it will be downgraded, and when there are three failures, it will trigger a safe state.

3. Secure network communication

SNCP protocol: SIL 3 certified "Black Channel" protocol, supports Ethernet transmission of secure data, achieves data exchange between controllers through "variable binding", and can be configured as single network (fail safe) or dual network (fault-tolerant).

Peer to Peer communication: Supports SIL 3 data transmission between AADdistance and Trusted controllers, based on master-slave mode, and recommends using redundant networks to ensure availability.

Installation and environmental requirements

1. Non hazardous environment

Environmental conditions: temperature -25 ° C~+60 ° C, pollution level ≤ 2 (IEC 60664-1, only non-conductive pollution, occasional condensation); The burner management application requires an enclosure protection level of IP40 (indoor)/IP54 (outdoor).

Installation requirements: The module should be installed vertically (ensuring natural heat dissipation), DIN rail or wall mounted, without the need for forced air cooling.

2. Hazardous environment

Special requirements:

The enclosure protection level is ≥ IP54 (IEC 60079-0/7) and must be marked with "Do not open when powered on".

Grounding wire cross-sectional area ≥ 3.31mm ², wire temperature rating ≥ 85 ° C, only supports vertical installation.

The temperature range is the same as non hazardous environments, and the pollution level is ≤ 2.

Operations and Security Assurance

1. Key daily maintenance items

Fault handling: When the processor/input/output module fails, it needs to be replaced within MTTR; If not replaced in a timely manner, the relevant SIF needs to be shut down (unless there are compensatory measures in the SRS document).

Calibration and testing: Regularly calibrate sensors/actuators, test SIF response time (≤ 1/2 of process safety time PST), and archive test records.

Backup and Update: Regularly backup system configuration (AADvance Workbench/SIS Workstation project) and test backup effectiveness; Firmware updates require the use of the ControlFLASH tool.

2. System security measures

Network security: it is forbidden to connect to the unprotected Internet; Computers need to have firewalls, antivirus software, and password protection enabled; The software license USB key needs to be properly kept.

Port security: Some Ethernet ports (such as TCP 1132, UDP 2010) are open by default, and unused ports need to be closed through a firewall (refer to the configuration guide).

Program Security: The application requires password protection, and the controller needs to insert the "Program Enable Key" to modify the configuration; It is prohibited to force I/O points during operation, and it is recommended to use the program's "override" logic for maintenance.

Supporting documents and resources

1. Key related documents

Document Name Usage Description

AADvance Controller System Build Manual (ICSTT-RM448) System Assembly, Startup, and Operation Verification

AADvance PFH and PFDavg Data (ICSTT-RM449) Fault Probability (PFH/PFDavg) Data and Calculation Example

AADvance Troubleshooting and Maintenance Manual (ICSTT-RM406) System Maintenance, Troubleshooting, and Repair

2. Support channels

Technical support: Get help through rok.auto/support, register an account to subscribe to product security notifications.

Document download: Download the latest manuals and firmware from Rockwell Literature Library (rok.auto/iterative) or Product Compatibility and Download Center (rok.auto/pcdc).

Key Terminology (Glossary Simplified)

SIL (Safety Integrity Level): Safety Integrity Level, levels 1-4, with SIL 3 being the highest level supported by the manual.

PST (Process Safety Time): The maximum time for triggering a hazardous event when a hazardous state exists and there is no protection. The controller defaults to PST=2500ms and needs to be adjusted based on sensor/actuator delay.

MTTR (Mean Time To Repair): The average time to repair, during which faulty modules need to be replaced to maintain SIL.

1oo2D/2oo3D: Fault tolerant configuration, 1oo2D (2 out of 1 with diagnosis), 2oo3D (3 out of 2 with diagnosis).