Kongsberg ACC20 Engine Safety Unit: Redundant Guardian of Industrial Power

Kongsberg ACC20 Engine Safety Unit: Redundant Guardian of Industrial Power

In the operation of industrial engines, compressors, and critical power equipment, safety monitoring and emergency shutdown systems are the last line of defense to ensure the safety of equipment and personnel. Any monitoring failure or misoperation could lead to catastrophic consequences. The ACC20 Engine Safety Unit (ESU) is a highly integrated and multi redundant safety monitoring module designed for this purpose. It can not only monitor engine speed and sensor status in real-time, but also reliably execute shutdown commands in emergency situations.

This article is based on the technical specifications of ACC20 ESU, and deeply analyzes the core architecture, redundancy design concept, input-output characteristics, communication capabilities, and strict environmental adaptability of this device. It provides a comprehensive technical reference for engineers and technicians in fields such as ocean engineering, generator sets, and industrial compressors.

Chapter 1 Overview: What is an Engine Safety Unit?

1.1 Equipment positioning

ACC20 ESU (Engine Safety monitoring and Emergency Shutdown Unit) is a control module specifically designed for engine safety monitoring and emergency shutdown. Its core task is to continuously monitor the key operating parameters of the engine and reliably cut off the fuel or ignition system of the engine when abnormalities are detected or manual shutdown commands are received, ensuring its safe stop.

1.2 Core Functions

The main monitoring input groups of ESU include:

Engine sensor monitoring: Connect various sensors (such as temperature, pressure, vibration, etc.) to real-time evaluate the health status of the engine.

Speed monitoring: Monitor the engine speed through a dedicated channel to prevent mechanical damage caused by overspeed operation.

Manual emergency stop: Provides a dedicated digital input channel for connecting emergency stop buttons in the control room or nearby.

1.3 Preset Parameters

All key monitoring parameters and circuit definitions are pre-set according to the specifications of the engine supplier before leaving the factory. This preset mechanism simplifies on-site configuration work, ensuring that the equipment meets the protection requirements of specific engine models from the beginning of installation, reducing the complexity and possibility of errors in on-site debugging.

Chapter 2: Redundant Architecture and Failure Safety Design

2.1 Redundant power input

ACC20 ESU has designed two independent power input channels and built-in automatic switching function. This means that when a power supply fails, the module can seamlessly switch to the backup power supply, ensuring the uninterrupted operation of the monitoring system itself. This is crucial for long-term continuous operation of generator sets or ship engines.

Voltage range: 18 to 32 VDC

Power consumption: The rated power consumption is only 7.5W, and the maximum power consumption does not exceed 10W (including the power of the solenoid valve)

2.2 Built in multiple redundancies

Redundancy "is the core keyword of ACC20 ESU design. The device achieves redundancy through various means:

Line redundancy: Most input channels are equipped with line detection function, which can promptly detect open or short circuit faults in sensor lines.

Communication redundancy: Dual CAN bus interfaces are used as the main communication line. When one bus fails, the system can automatically switch to the other bus.

Functional redundancy: The most critical redundancy is reflected in the "hard wire bypass" function. If the microcontroller (CPU) of the module fails, the internal logic will automatically hard wire specific digital input channels (20 to 22) directly to output channels (5 to 13), ensuring that emergency stop instructions can still be executed even if the main control chip fails.

2.3 Comprehensive internal self inspection

ACC20 ESU has a powerful built-in self-test (BIST) function. The self inspection scope covers most critical circuits, including:

Module temperature monitoring: Real time monitoring of internal working temperature to prevent overheating.

Power overload detection: Check whether the power supply exceeds the load.

Input/output line inspection: Periodically or continuously check the health status of input/output channels, and promptly report disconnection or short circuit faults.

CAN bus status detection and error handling: Monitor bus communication status, identify and handle communication errors.

Chapter 3: Detailed Explanation of Input/Output Architecture

ACC20 ESU provides multiple types of digital input and output channels, each with its specific functions and fault handling logic.

3.1 Output Channel

3.1.1 Relay output

Number of channels: 4 channels

Contact type: Conversion contact (normally open/normally closed/common terminal)

Load capacity: 3 A at 230 VAC inductive load

Purpose: It can be used to drive alarm lights, control other logic circuits, or serve as a status indicator.

3.1.2 Electromagnetic valve driver

Number of channels: 9 channels

Function: Directly drive the shutdown solenoid valve. These channels have built-in line detection function (only for wire breakage detection).