System overheads, On-line operator inputs, Standby processor – Rockwell Automation T8110B/T8110 Trusted TMR Processor User Manual

Trusted

TM

TMR Processor T8110B/T8110

Issue 18 Feb 08

PD-T8110B/T8110

24

4.1.1. System Overheads

In addition to running application programs, the Trusted

TM

TMR Processor takes care of system

overheads, (such as background diagnostics), including voter tests, read tests of the EPROMs and
read-write tests of the RAM.

4.1.2. On-Line Operator Inputs

On-line adjustment of system operating parameters, e.g. set points, loop tuning and time delays, and
operator commands, e.g. reset and override, within defined safe operational limits, is available during
the ‘Maintenance’ mode of the Trusted

TM

TMR Processor using the Engineering Workstation.

4.2. Standby Processor

A second Trusted

TM

TMR Processor can be installed in a system to act as the standby processor in a

Companion Slot configuration, this would have to have been inserted twice in this slot to pre-educate
as explained in the previous section. This option allows an additional Trusted

TM

TMR Processor to be

available for use should the active module need to be functionally replaced. The standby module runs
its normal internal diagnostic tests in the ‘Standby’ mode, and is constantly updated by the active
Trusted

TM

TMR Processor. Transition from standby to active mode is triggered by the active module.

4.3. Module Management

The system firmware is loaded via the bootstrap monitor. The Trusted

TM

TMR Processor configuration

information is held in the non-volatile memory.

The Trusted

TM

TMR Processor can be configured by one of two methods:

1. Engineering Workstation via the front panel diagnostics port.

2. Engineering Workstation via the Trusted

TM

Communication Interface.

Where both active and standby Trusted

TM

TMR Processors are installed, a bumpless changeover

between the modules is performed automatically. Any changeover is logged in the system event log.

When a new module is inserted, it is automatically synchronised and educated by the two ‘good’
channels of the faulted module to be replaced.

Two interlock switches are provided on the top and bottom module latches to detect removal of the
module. Switch actuation generates an interrupt for each processor.

Note: Releasing the active Trusted

TM

TMR Processor’s ejector levers in an active/standby

configuration, will cause an automatic changeover between the active and standby Trusted

TM

TMR Processors to occur.

4.4. Security

IEC1131 TOOLSET password protection, with corresponding level of access permission, and the front
panel keyswitch is used to prevent unauthorised access to the system.