The TRICONEX system, in full compliance with IEC61508/61511 standards, uses today’s state-of-the-art TMR microprocessor hardware technology and reliable TRISTATION 1131 software for triple redundancy fault-tolerant control. The system has high reliability and high utilization rate, and is widely used in petrochemical, oil refining, oil and gas, chemical industry, electric power, rail transit, aerospace, nuclear industry and other industries. It has a wide range of achievements in the installation safety interlock system ESD, steam turbine control, gas turbine control, compressor anti-surge control, offshore oil platform, fire gas monitoring protection (F&G).
The TRICONEX system features fault-tolerant controls that combine high reliability with high availability. In order to ensure the high reliability and availability of the system, the controller, I/O module and communication are triple designed. The control system can recognize the fault of the control system components, automatically eliminate the faulty components, and allow the continuous completion of the specified task at the same time, the fault components online repair without interrupting the process operation. Any faults and related data are stored in NVRAM, and if any channel fails in the I/O module, the system guarantees that the module can run for 1500 hours and still meet the TUV AK6 level.

The TRICONEX security control system is a state-of-the-art fault-tolerant controller based on a triple module redundancy (TMR) architecture. TMR are integrated three-way isolated, parallel working control systems, and perform a wide range of diagnostics in each independent control system. The system adopts the three-two logical voting mode to provide highly complete, error-free and uninterrupted process operation, which will not cause system failure due to a single point of failure.

MP controller adopts three independent channels, each channel and the other two channels in parallel independent execution of the application program, from the field all digital input/output signals through the patented hardware to vote, and the analog signal is the intermediate value selection processing. Because each channel is isolated from the others, a single point of failure of any channel does not affect the others. If one channel has a hardware failure and the other channels ignore it. During this period, you can easily insert, remove, and replace a faulty module online if the controller performs uninterrupted processing.

The system is simple to use because, from the user’s point of view, the TMR system operates the same as a single-channel control system. The user can connect the sensor and the actuator to a single terminal, only need to write a set of application logic, the rest of the work is managed and handled by the control system.

The system makes extensive diagnosis for each independent sub-circuit, each module and each functional circuit, and monitors and reports operational errors. All diagnostic information for application and operation is stored. This diagnostic data can be used by programmers to modify the execution of controllers or to perform process maintenance directly.

The IPS TRICONEX safety control system features are summarized as follows:
· SMT surface packaging technology is applied to all parts, sealing installation, strong anti-corrosion ability, suitable for more demanding industrial environment
· Suitable for medium scale applications
· Remote and distributed I/O support
· Can operate correctly with 3, 2 or 1 main processor intact
· Complete and transparent triplex structure
· HDLC and AISC technologies are adopted to improve controller processing speed, I/O response time and system response capability
· Adopt comprehensive logic comparative diagnosis (including FPGAs) technology to improve the coverage of system fault self-diagnosis
· A full series of I/O modules
· Unmatched reliability and availability (99.9998%)
· When the controller is online, the module can be installed and adjusted on site, and the terminal can be connected on site
· On-line configuration and debugging
· Optional redundant MODBUS communication and redundant high-speed Ethernet communication
· Scalable multiple TRICONEX safety control systems

The TRICONEX control system is enabled through ports on the main processor (MP) and communication modules. Communication ports Support MODBUS slave, master, and master/slave protocols, Tristation, TSAA(including DDE and OPC), and dot dot communication protocols.

The TRISTATION 1131 development platform is an integrated tool for application development, programming debugging, and data compilation of TRICONEX control systems. The programming method, user interface and function of self-file are much better than traditional engineering development tools. TRISTATION 1131 complies with IEC 61805/61131 International standards. Tristation 1131 is development software running on the WINDOWS 2000 operating system and follows the guidelines for the Microsoft Windows graphical user interface.

Typical application of IPS TRICONEX security control system

Safe emergency shutdown (ESD)
The safety system provides continuous protection for safety-critical units in refining, petroleum, chemical and other industrial processes, such as reactors and compressor units, monitors various trip signals – pressure, product feed, expander pressure balance and temperature, and safely stops if necessary. The traditional emergency stop system uses mechanical or electronic relay to realize stop protection, but it often causes dangerous false trip. The TRICONEX system has parking and control capabilities that allow on-site sensors to be temporarily tested and verified, and can be directly connected to DCS or other upper computers for continuous monitoring.

Boiler monitoring protection protection
Steam boilers are critical equipment in most refineries and industrial processes. Boiler protection under various disturbances, safety interlocking for normal on/off operation, and flame monitoring and protection can be centralized in one TRICONEX system. These tasks are traditionally performed with single, non-integrated components. With fault-tolerant, pragmatic, and safe controllers, boiler operators can further increase efficiency at or above the level of the electro-mechanical protection system.

Turbine compressor control system
The control and protection of compressor units driven by gas or steam turbines require high reliability and safety. The TRICONEX controller’s capacity and continuous no-break operation provide maximum availability for turbine compressor units while maintaining the same level of safety. Speed control, air extraction control, compressor anti-surge control and starting and stopping sequence control can be realized in an integrated control system. Hot spare modules are available for all I / 0 modules. If the working module fails, the module can be replaced online.

Fire gas monitoring and protection
In order to avoid the threat of fire and toxic, harmful and combustible gas, the protection system requires high availability and reliability. The TRICONEX achieves high availability by reproducing faulty modules. Faults of each module, field signal line and sensor are detected through the built-in diagnostic function, and analog signals from the gas monitor are directly connected to the controller. The operator interface monitors fire and gas systems and diagnoses the sensors to which the TRICONEX controller is connected. Traditional fire and gas meters can be replaced with an integrated control system that saves installation space while maintaining a high degree of safety and availability.