System overheads, On-line operator inputs, Standby processor – Rockwell Automation T8110B/T8110 Trusted TMR Processor User Manual
Page 24: Module management, Security, Trusted
Trusted
TM
TMR Processor T8110B/T8110
Issue 18 Feb 08
PD-T8110B/T8110
24
4.1.1. System Overheads
In addition to running application programs, the Trusted
TM
TMR Processor takes care of system
overheads, (such as background diagnostics), including voter tests, read tests of the EPROMs and
read-write tests of the RAM.
4.1.2. On-Line Operator Inputs
On-line adjustment of system operating parameters, e.g. set points, loop tuning and time delays, and
operator commands, e.g. reset and override, within defined safe operational limits, is available during
the ‘Maintenance’ mode of the Trusted
TM
TMR Processor using the Engineering Workstation.
4.2. Standby Processor
A second Trusted
TM
TMR Processor can be installed in a system to act as the standby processor in a
Companion Slot configuration, this would have to have been inserted twice in this slot to pre-educate
as explained in the previous section. This option allows an additional Trusted
TM
TMR Processor to be
available for use should the active module need to be functionally replaced. The standby module runs
its normal internal diagnostic tests in the ‘Standby’ mode, and is constantly updated by the active
Trusted
TM
TMR Processor. Transition from standby to active mode is triggered by the active module.
4.3. Module Management
The system firmware is loaded via the bootstrap monitor. The Trusted
TM
TMR Processor configuration
information is held in the non-volatile memory.
The Trusted
TM
TMR Processor can be configured by one of two methods:
1. Engineering Workstation via the front panel diagnostics port.
2. Engineering Workstation via the Trusted
TM
Communication Interface.
Where both active and standby Trusted
TM
TMR Processors are installed, a bumpless changeover
between the modules is performed automatically. Any changeover is logged in the system event log.
When a new module is inserted, it is automatically synchronised and educated by the two ‘good’
channels of the faulted module to be replaced.
Two interlock switches are provided on the top and bottom module latches to detect removal of the
module. Switch actuation generates an interrupt for each processor.
Note: Releasing the active Trusted
TM
TMR Processor’s ejector levers in an active/standby
configuration, will cause an automatic changeover between the active and standby Trusted
TM
TMR Processors to occur.
4.4. Security
IEC1131 TOOLSET password protection, with corresponding level of access permission, and the front
panel keyswitch is used to prevent unauthorised access to the system.