8.4 Batch Processes and Their Automation

A. GHOSH (1995, 2005)

INTRODUCTION sive objectives, and many possible solutions. Most real-life problems tend to be complex. The solution of a complex Batch automation and batch control are discussed in this problem involves its progressive decomposition into simpler section from both a process characteristics and a modeling functional modules and their proper integration. point of view. This discussion covers the various control This section deals with batch control problems and their functions, distributed control systems (DCS) capabilities, and solutions in general. Specific details on batch reactor control reliability aspects. Other sections in this chapter also deal can be found in Section 8.8. with the subject of batch control. Section 8.3 describes terminology, and Section 8.8 is devoted to the control of batch reactors. BATCH CONTROL STANDARDS In a continuous process, such as the distillation of crude oil or the manufacture of bulk chemicals and fertilizers, the The ANSI/ISA-88 (IEC 61512) batch control standard1Ð3 is product is manufactured on a continuous basis. In batch pro- providing significant benefits to users and suppliers of batch cesses, used in the food, pharmaceutical, and fine chemical control systems worldwide. The standard is in three published industries, products are manufactured in batches. Batch pro- parts, while the fourth part is under development (Table 8.4a). cesses are sequential, where the control functions (called phases), such as charging, mixing, heating, cooling, and test- Part 1: Models and Terminology ing, are performed in an ordered fashion. Each phase may require many process steps, such as the opening and closing Part 1 defines standard terminology and a number of models of valves, starting and stopping of pumps, and setting and for batch control. The key models are procedure, physical, resetting of control loops. In addition to the normal step-by- and control activity (Figure 8.4b). The terminology, struc- step control actions, batch process control requires many tures, and concepts used in the standard are affecting every- other functions; for example, responding to abnormal or fail- one in the batch control business. Most major suppliers have ure conditions, keeping batch records, maintaining recipes, adopted standard terminology and have designing batch con- and scheduling batches. trol systems with a modular set of functions and hierarchy Batch process control is a complex task rather than a based on the control activity model. This modularity allows difficult one. A difficult problem is one that is mathematically for easier integration of third party-packages to do functions or scientifically difficult to solve and usually has a single such as production planning, scheduling, and production solution. A complex problem, on the other hand, is logisti- information management. It also makes a control system cally more challenging. A batch process is characterized by easier to integrate with production management and business numerous interrelationships and constraints, mutually exclu- planning systems.

TABLE 8.4a Batch Control Standards

Batch Year International US standard Scope standard published standard

Part 1 1995 ANSI/ISA-88.00.01 IEC 61512-01 Models & terminology

Data structures & Part 2 2001 ANSI/ISA-88.00.02 IEC 61512-02 language guidelines

Part 3 2003ANSI/ISA-88.00.03 IEC 61512-03 General & site recipes

1544

Procedure Physical Control activity model model model Recipe Prod. planning Prod. info management & scheduling management

Recipe Process Process procedure cell management

Unit Unit Unit procedure supervision

Equipment Operation Process module control

Phase Control module

FIG. 8.4b Batch standard models. (Note: Arrows show relationships, not data ﬂow.)

The main benefits of Part 1 of the batch control standard nance and version upgrades. It is felt that PFC notation will are: soon become the common way for representing procedural elements in a recipe. ¥ Improved communication between suppliers and users of batch control Part 3: General and Site Recipes ¥ Easier identification of end-user needs ¥ Straightforward recipe development Recipes are of four types: general, site, master, and control ¥ Reduced cost of automating batch processes (Figure 8.4d). A general recipe contains generic information ¥ Reduced life-cycle engineering effort for the manufacture of a product and does not include equipment or site-specific information. This is the first recipe that Part 2: Data Structures and Language Guidelines may be generated when a new product has been developed in a pilot plant. The ISA-88 Part 2 standard is in three parts: data models, information exchange tables, and procedure function charts. The data model section provides formal representation of entities specified in Part 1 of the standard, such as recipe, equipment, planning and scheduling, and information management using Universal Modeling Language (UML) notation. The information exchange section uses SQL relational Initialize tables to specify exchange requirements between recipes, Implicit transition process equipment, schedules, and batch production. + + The final part of the standard deals with a graphical Charge “ ” indicates that representation of procedures, such as master and control rec- this operation has a procedure ipes and using Procedure Function Chart (PFC) notation + (Figure 8.4c). PFC is somewhat similar to Sequential Func- React Explicit tion Chart (SFC) notation as defined in IEC 61131-3 stan- transition dard.4 PFC notation addresses procedural control and execution, while SFC notation was developed primarily for state Transfer variable Transfer variable = storage = shipping machines. PFC notation meets the requirements of recipe ++ Transfer to Transfer to procedures better than SFCs. storage shipping PFC notation is intuitive and easy to follow. Users famil- iar with SFC notation will find many similarities between the Transfer Transfer complete complete two. However, explicit specification of functions such as process equipment allocation and synchronization of phases makes PFC easier to follow than SFC notation. Providing tools for information exchange, as specified in the standard, allows suppliers to design more modular batch FIG. 8.4c control systems. This will reduce the high cost of mainte- Unit procedure using procedure function chart (PFC) notation

Generic & transportable General/site Master/control GeneralGeneral Recipe recipe recipes recipes

Process Procedure

SiteSite Recipe recipe Process Unit stages procedures

MasterMaster Recipe recipe Process Operations operations

Process Phases ControlControl Recipe recipe actions Speciﬁc & local FIG. 8.4e FIG. 8.4d Mapping between general/site recipes and master/control recipes. Recipe model.

General and site recipes contain the same categories of In the increasing complexity of global manufacturing, information, such as header, formula, procedure, equipment many process manufacturers find it challenging to maintain requirements, and other information, as in master and control a single definition of a product in different manufacturing recipes. The procedure elements of general and site recipes facilities. General and site recipes provide an equipment- map well with master and control recipes (Figure 8.4e). independent means of describing batch manufacturing processes, accelerating both time to market and time to volume Part 4: Production Records production. A standardized general recipe meets this chal- lenge as a central repository for product manufacturing infor- This part of the batch control standard defines a logical data mation. General and site recipe functions were identified in model and means of data exchange for production records Part 1 of the ISA-88 batch control standard, however, little containing information about batches and other production was specified about them in either Part 1 or 2. segments. The standard is under development. Part 3 of the batch standard, which deals with these functions, was published in 2003. The Benefits of Standards A general recipe is an enterprisewide recipe for a manufactured product that serves as the basis for both site and The benefits of the ANSI/ISA-88 (IEC 61512) batch control master recipes. Chemists and chemical engineers with inti- standard reach beyond batch process control. Although the mate knowledge of both the product’s chemistry and process- standard is primarily designed for batch processes, it is also ing requirements are generally responsible for creating it. It being applied successfully in various manufacturing indus- identifies raw materials, their relative quantities, the required tries. This is because the standard is not just for software, processing, and the order of processing. It may define the equipment, or procedures. It is a way to conceptualize your processing capabilities required, such as cooling or heating, production processes that helps you better design your plants or the generalized equipment requirements, such as glass- and manufacture your products. lined reactors, but does not define the specific equipment that The data models and information exchange tables pro- may be used to manufacture the product. A general recipe vide significant advantage in the automation and modulariza- may also serve as input for corporate production planning tion of any manufacturing process. The shift from monolithic and standard costing procedures. It is usually the parent of centralized control architecture to a modular architecture site and master recipes. allows a process to be more flexible in manufacturing differ- A site recipe has the same structure as a general recipe, ent products and allows for easier maintenance and upgrade but the information in a site recipe is tailored for each target of control systems. It also facilitates the exchange of infor- location. A site recipe may be modified for the local language, mation between different systems. Other areas where batch units of measure, regulations, and raw material variability. A control standards and their underlying concepts may be used site recipe may include only a part of a general recipe that include: is actually implemented on the site. For example, a single product may have intermediate materials manufactured at one ¥ Start-up and shut-down of continuous processes site that are then shipped to a second site for final processing. ¥ Material handling In that case, each site recipe would be derived from only the ¥ Changing products and product grades portion of the general recipe actually required for the pro- ¥ Alarm and exception handling cessing to be done at that site. ¥ Product packaging

The PackML working group within the Open Modular PROCESS PARAMETERS: Variables, such as temperature, Architecture Controls (OMAC) Packaging Workgroup pressure, and time, which are set points and com- started using the batch control standard as the basis for defin- parison values that are needed for the production of ing a more flexible use of packaging systems, which will a batch. ensure consistency and quality. RECIPE: A set of procedures and formula variables that specify the production of a batch. There are four types of recipes: general, site, master, and control. DEFINITION OF BATCH TERMS SITE RECIPE: A recipe that includes site-specific information, such as local language and locally available Following are explanations of common batch control terms, raw materials. simplified for easier understanding. For more rigorous defi- UNIT: A major piece of process equipment with its asso- 1Ð3 nitions, refer to batch control standards. ciated equipment modules. Mixers, storage tanks, and reactors are examples of units. The associated BATCH: A quantity of material produced by the single equipment modules include pumps, valves, heat execution of a batch process. A batch also refers to exchangers, and agitators that are closely associated the intermediate materials during the manufacturing with the major process equipment. Units operate process. relatively independently of one another. CONTROL MODULE: A set of equipment and functions that UNIT RECIPE: A part of a recipe that defines a part of batch can carry out basic control. For example, a control production requirements within a unit. It usually loop consisting of one or more sensors, actuators, and includes a number of operations and phases. control functions is a control module. CONTROL RECIPE: An equipment-specific recipe that defines the production of a single batch. It is usually derived MODELS from a master recipe. EQUIPMENT MODULE: A group of equipment that can carry This subsection discusses briefly the main models that are out a finite number of specific minor processing activ- specified in Part 1 of the batch control standard. As stated ities. An equipment module may include one or more before, these models help modular decomposition of batch control modules. It is typically centered around a control problems and allow suppliers and users to maintain piece of process equipment, such as a weigh tank, a common view of batch control (Figure 8.4b). heat exchanger, filter, or weighing scale. EXCEPTION HANDLING: Procedures and functions that deal Physical Model with conditions that are outside the normal or desired behavior of a process. This model shows the physical hierarchy in a process industry. FORMULA: A part of the recipe that include process In this model, commands flow from higher to lower levels, and inputs, process parameters, and process outputs. information flows from lower to higher levels. This model gen- GENERAL RECIPE: A type of recipe that expresses equip- erally fits well with batch manufacturing processes. Each man- ment- and site-independent processing requirements. ufacturing area may be divided into a number of process cells, It is the highest level of recipes. where each process cell has the necessary equipment and LOT: Products produced by a set of similar batches, usu- resources to complete a batch. A process cell consists of a ally using the same master recipe. number of units, such as storage tanks, mixing tanks, or reactors. MASTER RECIPE: A recipe for producing a batch of products A unit may also include a number of process equipment or using a particular set of process equipment. equipment modules, such as agitators, heating systems, pumps, OPERATION: A procedure that controls the execution of a valves, and the like. However, an equipment module may exist number of phases in a batch. independently and may be used by multiple units. A control PHASE: A set of logic steps that completes a major pro- module, which is either a loop or a device, can be a part of an cessing function, such as charge, mix, heat, and reac- equipment module or can be directly associated with a unit. A tion. A batch is usually in a stable state at the end of control module may include measuring elements, such as ther- a phase. mocouples and orifice plates, and control elements that manip- PROCESS CELL: A set of equipment required for production ulate process variables, such as control and on/off valves. of one or more batches. It usually consists of one or A unit may not acquire another unit but may request its more units. service (for example, to supply a measured amount of ingre- PROCESS INPUTS: Identity and quantity of raw materials and dient or to accept its product). The control of a unit is carried other resources required to make a batch. Other out by the unit supervision function, which is responsible for resources include energy and personnel requirements. acquiring common resources, carrying out inter-unit commu- PROCESS OUTPUTS: Identity and quantity of products or nications, and performing the step-by-step control actions for energy produced at the end of a batch. the execution of a phase.

Control Activity Model Raw Unit Unit Unit Product materials 1 2 N storage The control activity model shows the hierarchy of batch control functions. This model shows the hierarchical nature of batch FIG. 8.4f control and thus allows a batch control problem to be broken Single-stream structure. up into multiple levels for analysis, specification, and design. The need and functional importance of these levels may vary A process cell that is set up to produce a single product between applications. It should be noted that the desired speed of the same grade requires only one order of processing of response of a control system changes as we move from the operations. There, a single recipe is required along with one lower to higher levels. Thus, the lower three levels, process set of formula variables. When a batch size is changed, the management, unit supervision, and process control, act in real raw materials are scaled accordingly. In many such applica- time while transactional-type processing is more appropriate tions, the formula variables may be embedded in instructions for the upper levels. Each of the functions in the control activity within the phases. A process that produces a single product model may be resolved into a number of subfunctions. in many different grades requires a single recipe with multiple sets of formula variables. For manufacturing many prod- Procedure Model ucts in multiple grades in the same process cell, multiple sets A master recipe, which may be derived from a general or site of recipes are required. There, the order of the operations and recipe, contains specifics of the units or unit types that are used phases and the formulas vary from product to product. in a production plant. Master recipes are stored and maintained in a control system and are used for generating control recipes. Physical Structure of a Plant A control recipe is used for the actual production of a batch Another way to classify batch processes is by their physical and is generated at the same time a batch is created. The control structure, such as: recipe is generally deleted at the completion of a batch. A master or control recipe specifies the data and proce- ¥ Single stream dure for manufacturing a batch of a given product. The data ¥ Parallel stream set is called a formula, which specifies process inputs, process ¥ Multiple-path parameters, and process outputs. Process inputs specify the quantity of raw materials and other resources required to In a single-stream structure, the units are ordered serially make a batch. Other resources may include energy and per- in a single train (Figure 8.4f). A batch moves from one unit sonnel requirements. Process parameters specify the vari- to another in the predetermined serial order. ables, such as temperature, pressure, and time, which are set A parallel-stream structure is like a multiple single- points and comparison values that are needed for the produc- stream configuration in which there may be common raw tion of a batch. Process outputs specify the quantity of prod- material and storage areas (Figure 8.4g), but otherwise each ucts or energy produced at the end of a batch. stream is isolated from the others. Additionally, a recipe contains a header and equipment In a multiple-path structure (Figure 8.4h), the movement requirements. The header may contain information such as of a batch is not along any fixed path. The choice of a product and grade identifiers, originator, and date of issue. downstream unit is based on the availability of a unit of the The equipment requirements specify the type and size of type required. The selection is made at the beginning of a process units, as well as other equipment-related constraints batch or as required by the operator, or by a predefined such as the materials of construction. algorithm. A recipe procedure may consist of a number of unit A piece of equipment or service that is used by more procedures. A unit procedure specifies the order of the func- than one unit is called a common resource. Common dis- tions (operations) that are to be carried out within a unit to charge pumps or common steam headers for multiple units manufacture a batch of product. An operation specifies the are examples of common resources. A resource that can be order of phases, such as charge, heat, mix, and store, that are carried out within a unit. Unit Unit Unit A1 A2 AN BATCH PROCESS CELL Raw Unit Unit Unit Product materials B1 B2 BN storage A cell in a batch process may be classified in a number of ways. One way is by product variation, such as: Unit Unit Unit M1 M2 MN ¥ Single product of same grade ¥ Single product in multiple grades FIG. 8.4g ¥ Multiple products in multiple grades Parallel-stream structure.

Unit Unit Unit 1 Initialize

Raw Unit Unit Unit Product materials storage Reactor empty

Unit Unit Unit 2 Fill

Filling complete FIG. 8.4h Multipath structure. used by only one unit at a time is called an exclusive-use 34Start agitator Add catalyst resource. A resource that can be used by several units at a time is called a shared-use resource. In the case of a shared-use resource, there may be limitations on its capacity to serve. Thus, the common steam header may not be able to heat more than a certain number FIG. 8.4i of units at the same time. In the case of an exclusive-use Illustration of a sequential function chart. resource, book and release mechanisms prevent its use by more than one unit at a time. A shared-use resource requires In a DCS system, the control is distributed into a number mechanisms to protect it from exceeding its capacity. of controller modules. There are a number of significant advantages of a DCS system over a centralized control system, such as increased availability, ease of incremental expansion, EQUIPMENT FOR BATCH AUTOMATION and ease of interfacing with foreign devices. The capabilities of a contemporary DCS include standard communications The types of control equipment commonly used for batch protocols, industry-standard operating systems, and open control are: information access throughout the system (Figure 8.4j). Such a system allows easy partitioning of a batch control 1. Programmable logic controllers (PLCs) task horizontally and vertically. The horizontal partitions, based 2. Personal computers (PCs) on physical model, are process cells, units, subunits, loops, and 3. Distributed control systems (DCS) devices. The vertical partitions, based on control activity, are process management, unit supervision, sequential/regulatory In a programmable logic controller the traditional pro- control, discrete control, and safety interlocking. gramming environment is ladder logic or other languages specified in the IEC 61131-3 standard.4 A ladder logic environment is well suited for safety interlocks, as these functions BATCH CONTROL FUNCTIONS do not change with the state of a batch or the product being manufactured. For sequential control functions, which Interlock Functions require step-by-step control actions, ladder logic can be obscure and difficult to follow. In addition, maintaining lad- Interlock functions enforce plant and personnel-related safety der logic for complicated processes can be expensive. and are generally not dependent on the product or the state Traditionally, PLCs excelled in logical control but were of the batch under manufacture. Thus, these interlocks, once weak in their continuous control capabilities. However, these set, are kept active all the time and are changed only when characteristics are changing with the addition of new functions changes to the plant configuration or personnel safety con- and programming environments, which include high-level siderations warrant it. These functions generally override procedure-oriented languages, block structures, and sequen- other interlocks that may be active only during certain pro- tial function chart representations (Figure 8.4i). In addition, cess phases or conditions. A simple example of such an personal computers are also increasingly used as front-end interlock is if a pump (P1) has two outlet valves (V1 and V2) devices to serve as programming and human interfaces. that are feeding two tanks. In that case, the pump should be A personal computer may also be used as a stand-alone switched off if both the valves are closed. This can be controller where it is directly connected to input/output mul- expressed by the Boolean equation tiplexers. Small batch systems may be controlled in this fashion. The Windows operating system is often used, but capa- = PV11off closed..AND V 2 closed 8.4(1) bilities of these systems are generally limited because of the size and throughput and also the limitations of the operating Another way to specify interlock functions is by ladder system. logic. Because of the importance of interlocks in terms of

Business logistics Production scheduling Operational management

DCOM/ CORBA

Enterprise network Ethernet Firewall HMI Batch applications server Expert systems, PIMS, LIMS etc. OPC

Foundation Fieldbus HSE (ethernet) Continuous, batch Plant network & discrete control Bridge Linking device Device networks FFB/H1 Linking device Sensor networks Direct I/O Linking device Other networks Device bus Fieldbus

FIG. 8.4j The main components of a typical DCS system for a batch control application. safety, many users implement them using distinct hardware all other possible states are considered abnormal and set off modules, either within or outside a DCS system. an alarm indicator. In a DCS system, the discrete control is usually done by a control block designed for this purpose, Regulatory Control such as device block or a valve block. Some systems allow users to create blocks with unique functions. Regulatory control serves to keep process variables as close In addition, some DCS systems allow ladder logic or as possible to their set points despite process and load dis- Boolean logic for configuring discrete control. When a large turbance. In a batch process, regulatory control is used exten- amount of discrete control is required, PLCs are commonly sively for controlling process variables, such as maintaining used. In a batch control environment, discrete control func- steady flow during charging, maintaining the agitator speed tions are usually directed by steps in phase logic. in a tank while mixing, or ramping up the temperature at a predetermined rate before reaction. CO Regulatory control is often done using PID algorithms, through in recent years many modifications to this algorithm have been proposed for improved performance. In a DCS system, the usual method for configuring control loops is by interconnecting inputs and outputs of PID and other blocks. ZS CI1 In a batch control system the activation, deactivation, setting O ZS CI2 of controller constants, and set points are usually carried out CL by steps in the phase logic.

Discrete Control State CO CI1 CI2 Discrete control is a term used for controlling process equip- Open On On Off Closed Off Off On ment that has only a limited number of stable states. On/off valves or manifolds are examples of such equipment. The on/off valve (Figure 8.4k) has only two states, which are CO - Contact output CI - Contact input manipulated by a contact output (CO). ZS - Limit switch The states of the two limit switches (ZS) specify the state of the valve. In the case of a manifold (Figure 8.4l), the three FIG. 8.4k states are no flow, Tank A to Tank B, and Tank A to Tank C; The operation of an on/off valve.

V2 “Minispec” For Weighing A Raw Material Using The Weigh Tank: Get the amount and type of raw material from the control recipe. Tank Open appropriate raw material tank outlet valve. B Open weigh tank inlet valve 100%. V1 Start charging pump. Wait until 90% of the raw material received. Tank Throttle weigh tank inlet valve to 10% open. A Wait until 100% of the raw material is received. V3 Close weigh tank inlet valve. Stop charging pump. Tank Close the raw material tank outlet valve. Store the weigh tank amount for batch record. C Inform mixer that weigh tank is ready to charge. End of “Minispec.”

State V1 V2 V3 FIG. 8.4n No ﬂow Closed Closed Closed Example of structured English as a means of specifying sequential Tank A to tank B Open Open Closed logic functions. Tank A to tank C Open Closed Open

FIG. 8.4l monitor function. Periodic checking of the state of the pump The discrete control states of a manifold. while a transfer of material is taking place is an example of a monitoring function. Unlike a safety interlock, which is active most of the time, a monitor function is activated by Sequential Control normal logic as and when required. When a monitoring function detects a failure condition, Sequential control functions perform real-time control at the it invokes the appropriate exception logic. Exception logic, equipment level to move a process through a succession of as the name implies, specifies control functions that are distinct states. Opening a valve and starting a pump to transfer required to take care of failure conditions. Exception logic material from one tank to another and then closing the valve and can be simple or elaborate. Sending an alarm to the operator stopping the pump after the transfer is complete is an example and waiting until the device is fixed manually is an example of sequential control. So, also, is the setting up of regulatory of simple exception logic. Shutting down a malfunctioning control loops or sending alarm messages to operators. equipment and starting up an available spare or initiating an The sequential control required to manufacture a batch emergency shut-down sequence for the whole unit are exam- is usually divided up into a number of phases, such as mixing, ples of more elaborate exception logic. heating, and reaction. A phase consists of a number of There are many ways of specifying sequential control sequential control steps and can manipulate equipment within functions, such as flow charts, state charts, Boolean equa- a unit boundary. When multiple units have to work in a tions, ladder logic, sequential function charts, and the like. synchronized fashion, for example, in the transfer of material Among these, the sequential function charts (Figure 8.4i) and from one unit to another, each unit will have its own phase. structured English form (Figure 8.4n) are gaining increased These phases may communicate with each other to set up the acceptance. required synchronization via the unit supervision function. In a DCS system, the normal and exception logic steps Batch control may be divided into three broad categories are usually implemented in a high-level procedural language (Figure 8.4m). The function that specifies the standard con- or in a tabular state chart format. In a PLC environment, trol actions is called normal logic. The function that checks ladder logic and function blocks are commonly used. Block- the plant and process conditions on a periodic basis is called oriented structures for sequence control are becoming increasingly common in DCS environments, where each phase is specified by a sequence block. Interblock communications are provided by connecting the inputs and outputs Monitor of these blocks. function The sequence logic steps are usually specified in a high- level Pascal-like language. Monitor blocks provide monitoring functions in a block-structured environment; otherwise, tables or Boolean equations are used. Block orientation provides modular structure and the ease of interblock communications. Normal Exception logic logic Unit, Batch, and Recipe Management

FIG. 8.4m The unit supervision function performs the control functions Sequential control functions. A. Monitor function is activated and in a unit. Each unit has a set of phases (like charge, mix, and deactivated by a normal logic. B. Monitor function calls an excep- heat) that includes normal logic, exception logic, and monitor tion logic when a failure condition is detected. functions. The recipe speciﬁes the order of these phases and

© 2006 by Béla Lipták 1552 Control and Optimization of Unit Operations the formula variables for a grade of product. Unit management also performs interunit communications and acquires RestartingRe- Held Holding the services of common resources when required. Complete Starting The process management function is responsible for the manufacture of a batch of product. It allows the selection of a batch identifier (name) and a master recipe, either manually Pausing by an operator or automatically by a higher-level function. Running It generates a control recipe from the specified master recipe Idle and maintains it during the course of a batch production. It directs the manufacturing of a batch by acquiring units as Paused required and executing unit procedures, operations, and Aborting Stopping phases in the order specified by the control recipe. It also supplies the formula variables to the pertaining phases via unit supervision function. Process management allows the scaling of a batch by Aborted Stopped proper proportioning of relevant formula variables. Process management is also responsible for creating and maintaining batch records during the production of a batch. FIG. 8.4o As stated before, there are four types of recipes: general, Typical unit states. site, master, and control. The recipe management function provides the facilities for generation and maintenance of the general, site, and master recipes. The creation of a control held state. However, such transitions are not usually possible recipe from a master recipe is a process management function. from states, such as stopped or aborted, which may require discarding the batch and starting anew. Unit Modes The operating conditions of a process unit are As stated, transitions may be automatic if specified in broadly divided into two different modes: manual and auto- procedures, such as steps phases or by safety interlock func- matic. In the manual mode, the procedural elements for the tions. However, an operator can also cause transitions by unit are executed manually. An operator may pause the pro- manual commands. Transitions from paused or held to the gression of a batch but may not force transitions from one running state usually require manual permissives. Detailed step to the next. While in this mode, the process inputs may analysis of conditions that may lead to state transitions need still be monitored by the control system. to be carried out when the normal operations of a unit are In the automatic (auto) mode, the control system controls specified. the production of a batch in the unit. The transitions within phase logic are carried out without manual interruption as appropriate conditions are met. In some situations, operator FROM ANALYSIS TO IMPLEMENTATION may pause the progression, but may not force the transition from one step to another. As stated before, the analysis, specification, design, and implementation of a batch control system are all complex Unit States Equipment entities such as units and equip- tasks. That is largely due to the multistate nature of a batch ment modules may have many different states. The number process, which makes it inherently more complicated than a of possible states of an entity varies with its complexity and single-state continuous process. Batch processes generally its application. A simple on/off valve usually has only a need more sophisticated human interface than continuous limited number of states, such as open and close when work- processes. ing normally. In the case of a unit a much larger number of Sharing of equipment and services can increase com- possible states have been specified in the batch standard1 plexities, and proper booking and releasing mechanisms are (Figure 8.4o). required where equipment or a service can only be used for Initially, a unit is in an idle state, which transitions to a single batch. Taking care of exception conditions can get running state at the start of a batch. The running state con- very complicated for a critical process where different tinues as long as the normal batch production continues. actions are needed for different alarm conditions and their Exception conditions can cause transition to a state, such as combinations. pause, held, stopped, or aborted depending on the type and However, the complexities vary significantly from one seriousness of the exception condition. The state transition batch process to another. They are typically based on plant could be automatic or manually initiated. Usually there are topology (e.g., single stream, parallel stream, or multiple path) transient states, such as pausing, holding, stopping, and abort- and the number of different products manufactured using the ing before the unit reaches paused, held, stopped, or aborted same equipment. In addition, complexities vary with the crit- state. The unit may return to running state from a paused or icality of the process, the amount of exception handling, and

© 2006 by Béla Lipták 8.4 Batch Processes and Their Automation 1553 the amount and the type of operator intervention required. The Control recipe = + + + amount and complexity of exception handling for a batch pro- Header Equip Requirement Formula Procedure Procedure = {Operation} cess is also of great signiﬁcance; unfortunately, this point is Operation = {Phase} often ignored at the initial design stage. Finally, complexity Phase = [Weigh, Charge, Mix, React, Cool, Transfer] depends also on the levels of control activity functions and the Formula = [Amount, Mix Time, React Temp, Ramp Rate, Prod Density] requirements of batch tracking and reporting. FIG. 8.4q The data names used are deﬁned in a data dictionary such as this Methods of Analysis one.

The analysis of a batch system requires resolving the problem into the various control levels and then, within each level, Encapsulation, or information hiding, allows for the cre- decomposing it into functional modules. The two common ation of an object with its set of data and procedures methods of analysis are structured analysis and object-oriented (Figure 8.4r). An object can be asked to do a certain function, analysis. but the user does not require the knowledge of the object’s Structured analysis involves starting from a high-level internals. Similar objects can be specified as a class so that their view and decomposing this into more detailed function.5Ð7 The data structure and procedures need to be defined only once. main components in this method are data flow diagrams, data Inheritance allows a subclass of objects to inherit the data dictionary, and minispecs. A data flow diagram consists of structure and procedures of its super-class (Figure 8.4s). one or more bubbles, each representing a function, and arrows However, a subclass object can have a data structure or pro- representing information or material flow (Figure 8.4p). cedures of its own, which are in addition to or instead of The storage of information and material is shown within those inherited. Message passing is telling an object what to parallel lines. Each bubble may be decomposed into a number do without specifying how to do it. Late binding allows of bubbles, each representing a subfunction. When a function resolving the address of an object at run time rather than at cannot be decomposed into a set of subfunctions, then a compile time. This allows the ease of adding, deleting, or minispec is generated for that function in structured English, moving objects without affecting the rest of the system. as was illustrated in Figure 8.4n. All data names used in these diagrams are defined in data dictionaries (Figure 8.4q). Project Application Specification In object-oriented analysis, all functions are defined as objects.8,9 An object mirrors a real-life entity or a function Batch control design and implementation problems often and contains the required procedure and data for carrying out arise because of the lack of clear and detailed definition up that function. The key concepts of object orientation are: front. This can be addressed by putting in enough effort at the beginning of a project by generating a project application specification (PAS). This document is in three parts:10 ¥ Encapsulation ¥ Inheritance ¥ Requirement specification ¥ Message passing ¥ System functional design ¥ Late binding ¥ System acceptance criteria

Raw material The requirement specification is the detailed narrative of receiving the requirements, with little consideration for the specifics of the control system to be used. The requirement specification Raw is ideally generated by the user organization before the selec- material tion of a particular system. This document can then be used Control storage recipe as a bid specification for the control system suppliers to generate quotations. Weigh

Mix Object: weigh tank

Data: max-weight React current-weight status Procedure: wait Product weigh storage deliver

FIG. 8.4p FIG. 8.4r Example of a data ﬂow diagram. Object representation of a weigh tank.

Process unit where R(t) = reliability Storage tank Weigh tank Mixer Reactor λ = failure rate t = time

Feed store Product store This deﬁnition, however, does not take into account that

Weigh tank 1 Weigh tank 2 a piece of equipment can be repaired and put back to service. The deﬁnition of availability takes care of that: FIG. 8.4s Example of an object class structure. A =+MTBF/(MTBF MTTR) 8.4(3)

where The system functional design, which is generated only A = availability after a specific control system has been selected, specifies the = detailed design based on the requirement specification and the MTBF mean time between failures = capabilities and constraints of the system chosen. The design MTTR mean time to repair part of the document is generated by the group responsible for integrating the system and doing the application engineering The above equation shows that the availability of a given (system developer) and must be approved by the user before system can be increased significantly by merely reducing its the actual implementation (configuration and coding) starts. mean time to repair. The final section of the PAS is the system acceptance cri- The degree of reliability needed for a batch control sys- teria, which defines the tests that are to be carried out during tem varies with the criticality of the process under control, and after the system’s construction to ensure its proper func- but more importantly, it varies with the different levels of tioning. The system acceptance criteria include detailed proce- control (Table 8.4t). Thus, the reliability at the device control dures for the systematic testing of all the significant functions. level is more critical than at the recipe control level. This section should preferably be written jointly by the user In a DCS, where these control levels are controlled by and the system developer. different hardware modules, this need for reliability is gen- A PAS is a single consistent document for the procure- erally taken care of by fault-tolerant pairs as required. In this ment and implementation of a batch control system. It is a arrangement, two identical processors are configured as a “living” document, which requires updating and modification married pair, where both the processors run in parallel using to accommodate changes in requirements. Appropriate mech- the same inputs, and the outputs of one of the modules is anisms for suggesting and approving modifications need to used for control at any given time. The outputs of both the be in place during the execution of a project. A PAS requires processors are periodically compared to ensure that they are considerable effort and financial investment up front, but the synchronized and are in good health. If they disagree, then return on investment is very significant in terms of the imple- diagnostics are invoked to allow the good partner to continue mentation efficiency and the quality of the product. the control, and appropriate messages are generated to fix the The solution of a batch control problem requires not only other. the selection of a suitable control system but also the creation In a dual-processor arrangement, the failure of the pri- or assembling of appropriate strategies for control. Object- mary module causes the backup to take over. Timely detec- oriented environments are changing the way a control system tion and exact synchronization of the two processors before is configured and programmed. In the future, the competitive the failure are important for an effective takeover. In a triple advantages of control companies will come more from modular redundant (TMR) system, these problems exploiting new software techniques rather than from the hard- are avoided. In such an arrangement (Figure 8.4u), three or ware employed. more identical processors run in parallel using the same set of inputs. The outputs are fed to a voting circuit, which allows the immediate detection of a faulty module. RELIABILITY AND AVAILABILITY The theoretical availability of a TMR system is lower than that of a fault-tolerant dual pair. However, it is claimed The reliability of a batch control system is of greater significance that a fault-tolerant pair with less-than-perfect failure detec- than is the reliability of a continuous control system. On failure, tion and takeover mechanism is actually less reliable.11 the fallback system needs to know the exact state of a batch in TMR systems are available for process control but are order to be able to continue the production or to bring the generally more expensive because of the need for three pro- process to a safe condition. Reliability is defined as the proba- cessors. The dual fault-tolerant pair arrangement is currently bility a piece of equipment is performing its required function more common in the DCS environment. for a specified time interval under stated condition: In evaluating the reliability of a batch control system, both hardware and software reliabilities should be taken into −λt Rt()= e 8.4(2) consideration. In recent years, the hardware has become more

TABLE 8.4t Requirements of Fault Tolerance

Fault Tolerance Control Level Requirements Ways of Achieving Fault Tolerance

Sensing elements + Minimal for most, crucial for a limited number. Manual backup for those not crucial. Double- or triple-redundant sensors for the most crucial Safety interlocks + + + Mostly by dedicated hardware modules, within or independent of the control system Continuous control + + Backup controller or manual control stations Device control + + + Backup controller Sequence control + + + Backup controller or triple-redundant system Batch management + + Backup controller where required Recipe management + Backup controller where required Scheduling management X Manual backup Information management + + Redundant bulk storage and backup processors where needed Human interface + Multiple human interface equipment (printers, CRTs, and keyboards) Interprocessor + + Redundant communication channels communications

Key: X: Little or no requirement +: Some requirement + +: Signiﬁcant requirement + + +: Crucial requirement

reliable and less expensive. This in turn has increased the The reliability of a piece of software is dependent on the demands for features and capabilities of the control system probability of its performance without fault for a given period and thus has made the software effort much larger and more of time and on the time to correct the fault after its detection. complex. The software reliability problem is not similar to While testing a piece of software, an error detection curve the hardware reliability problem, because software does not may be drawn (Figure 8.4v), which can provide some indi- degrade with use. Unreliability in software is caused by the cation of its reliability. presence of programming “bugs,” which may stay undetected The standard software modules, such as the operating even after rigorous testing. system, control packages, and utilities, are generally more reliable as they are used in multiple systems. When an error is reported, the system supplier usually generates a correction for all the installed systems. However, this is not the case Controller with application-speciﬁc software, as they tend to be unique 1 for each system. In addition, changes in control requirements require additions and modiﬁcations to existing software with Controller Voting 2 circuit

Controller 3 Error detection rate

Process Time

FIG. 8.4u FIG. 8.4v TMR system with voting circuit. Software error detection curve.

© 2006 by Béla Lipták 1556 Control and Optimization of Unit Operations the possibility of introducing new bugs. The ways for increas- or loss of very high-value product. The most common haz- ing the reliability and modifiability of software should be ardous processes involve very fast exothermic reactions in considered early in a project. These ways include: which all corrective actions need to be taken automatically to ensure a safe operation. 1. Detailed analysis of control problem, breaking it into The manufacture of PVC is an example of a fast exother- small manageable modules mic process, and pharmaceutical and biotech manufacturing 2. Specification and design of the modules with clear processes involve very high-value products. Critical applica- definition of their interrelations tions generally require a high level of fault tolerance, a high 3. Proper design reviews level of safety interlocking, and extensive exception handling 4. Modular programming using off-the-shelf software logic to take care of abnormal conditions. This combination wherever possible and generating common routines of requirements significantly increases the complexity of the for similar functions control solution. 5. Desk checking and walk-throughs for generated code PC-, PLC-, or DCS-based batch control systems perform 6. Rigorous testing of intramodule and intermodule func- similar functions, but some of their characteristics such as tions with appropriate simulations capacity, fault tolerance, and human interface, vary significantly. PC-based systems provide a lower-cost alternative to The object-oriented approach in specification, design, either a PLC- or DCS-based system, but offer little or no and implementation of software is gaining increased accep- fault tolerance, and thus are not generally well suited for tance. This forces a modular approach and reduces the dupli- critical applications. cation of common code to a minimum. Object-oriented PLCs are well suited for logic control, permissives, and programming environments also allow for maintaining librar- fast interlocking. PLCs also perform sequence control quite ies of objects, which may be used in many different projects, well and some continuous control. Some PLCs also provide thus reducing rework. good fault tolerance, making them suitable for critical applications. However, PLCs are generally not as good as DCS- based systems in the areas of expandability and flexibility. CONTROL SYSTEM SELECTION Modular programming is more difficult in PLCs, where only ladder logic is used for configuration. PLC-based systems For batch control system users, the most important criterion are well suited for small- to medium-sized batch control for supplier selection is the software and hardware function- applications and are generally not used for complex batch alities. Additional criteria in order of importance are services applications or those applications that require a high degree capability, knowledge of the industry and its processes, local of flexibility (Figure 8.4w). support, the cost of application services, and cost of hardware DCSs are well suited for continuous, sequential, and and software. some basic logic control. They are generally not as good as The selection of an appropriate control system for a man- PLCs at safety interlocking and other high-speed logic func- ufacturing plant is largely dependent on the type and com- tions. Most DCS controllers can be configured in a redundant plexity of the application. The complexity of an application manner, with automatic switchover for a high degree of fault is dependent on many factors such as the plant’s topology, tolerance. DCSs also offer more flexible programming facil- the number of different products and grades, the criticality ities than PLCs and easier-to-use human interfaces. However, of the application, and the size of the plant. the key strengths of many DCSs are their scalability, expand- Some batch processes are critical, because a control fail- ability, and the ability to interface seamlessly with PLCs and ure may result in a hazardous situation, equipment damage, other types of controllers and business systems.

Large scale PLC or Multi- PLC or DCS or DCS-based DCS-based production PC-based product PC-based PLC-based

Complexity Small scale DCS or Single PLC or DCS or PC-based PC-based production PLC-based product PC-based PLC-based

Non-critical Critical Single Multiple Network application application path path Complexity Complexity

FIG. 8.4w Recommended batch control systems based on process complexity.

These attributes make DCS-based batch control systems TMR: Triple Modular Redundant technically suitable for a wide range of batch applications. UML: Universal Modeling Language However, they are generally more expensive than PC or PLC systems, which make them less attractive for small- and medium-sized applications. Thus, DCS-based systems are References most ideally suited for flexible, large, complex applications. The lines that separate DCS- and PLC-based systems are 1. ANSI/ISA-88.00.01-1995, “Batch Control Part 1: Models and Termi- starting to blur. A new type of system, called a hybrid system, nology,” Research Triangle Park, NC: ISA. is now being targeted for batch and discrete control applica- 2. ANSI/ISA-88.00.02-2001, “Batch Control Part 2: Data Structures and Guidelines for Languages,” Research Triangle Park, NC: ISA. tions. A typical hybrid system has a DCS architecture but 3. ANSI/ISA-88.00.03-2003, “Batch Control Part 3: General and Site uses controllers that are similar to PLCs. The functionality Recipe Models and Representation,” Research Triangle Park, NC: and scalability of hybrid systems are similar to that of the ISA. DCSs. 4. IEC 61131-3, “International Standard, Programmable Controllers — Examples of these new hybrid control systems include Programming Languages,” IEC. 5. DeMarco, T., Structured Analysis and System Design, New York: the DeltaV from Fisher-Rosemount, PlantScape from Hon- Yourdon, 1978. eywell, and ProcessLogix from Rockwell. It is also important 6. Yourdon, E., and Constantine, L., Structured Design, Englewood to note that PC-based systems are beginning to acquire many Cliffs, NJ: Prentice Hall, 1979. DCS attributes. 7. Weinberg, V., Structured Analysis, New York: Yourdon Press, 1980. To meet users’ requirements in batch process automation, 8. Ghosh, A., “Object Lessons,” Chemical Engineering, June 1991. 9. Ghosh, A., “The Object Is Control,” Chemical Engineering, June 1991. suppliers must exhibit many important characteristics. These 10. Ghosh, A., “Project Application Specification — What Is It and Why include experience in batch process control, specific industry Do We Need It,” Canadian Conference on Industrial Computer Sys- applications, enterprisewide integration, project manage- tems, Montreal, May 1986. ment, and applying appropriate regulatory requirements. 11. Wensley, J. H., “Reliability in Batch Control Processes,” ISA/82 Successful batch process control solutions have been elu- Advances in Instrumentation, Part 3, October 1982. sive, and it is important to work with suppliers with proven records of accomplishment. Experience in your industry and Bibliography specific application area is also very important in the selection process. Knowledge of specific industry segment char- ARC Report, “Batch Process Automation Strategies,” ARC Advisory Group, acteristics, such as regulatory requirements, can be critical October 1999. to the success of the project. Bristol, E. H., “A Design Tool Kit for Batch Process Control: Terminology and a Structural Model,” InTech, October 1985. Coad, P., and Yourdon, E., Object-Oriented Analysis, Englewood Cliffs, NJ: ACRONYMS Prentice Hall, 1990. Cox, B. J., Object-Oriented Programming: An Evolutionary Approach, Reading, MA: Addison-Wesley, 1986. ANSI: American National Standards Institute Fisher, T. J., Batch Control Systems: Design, Application, and Implementa- DCS: Distributed Control System tion, Research Triangle Park, NC: Instrument Society of America, IEC: International Electrotechnical Commission 1990. Ghosh, A., “Why Batch Process Control is not Chemical Engineering,” ISA: Instrumentation, Systems, and Automation Society AIChE Annual Meeting, Los Angeles, November 1991. MTBF: Mean Time Between Failures Ghosh, A., “Batch Control State of Art,” in Instrument Engineers’ Hand- MTTR: Mean Time to Repair book, 3rd edition, Process Software and Digital Network, Sec 5.5, July OMAC: Open Modular Architecture Controls 2002. PAS: Project Application Specification Glass, R. L., Software Reliability Guidebook, Englewood Cliffs, NJ: Prentice Hall, 1979. PC: Personal Computer Kopetz, H., Software Reliability, New York: Springer-Verlag, 1979. PFC: Procedure Function Chart Rosenof, H. P., and Ghosh, A., Batch Process Automation: Theory & Prac- PID: Proportional, Integral, and Derivative tice, New York: Van Nostrand Reinhold, 1987. PLC: Programmable Logic Controller Smith, D. N., Concepts of Object-Oriented Programming, New York: McGraw-Hill, 1991. SFC: Sequential Function Chart Sommerville, I., Software Engineering, Reading, MA: Addison-Wesley, SQL: Sequential Query Language 1984.