WO2020135530A1 - Man-machine interface system having power loss protection mechanism, and distributed control system - Google Patents

Man-machine interface system having power loss protection mechanism, and distributed control system Download PDF

Info

Publication number
WO2020135530A1
WO2020135530A1 PCT/CN2019/128436 CN2019128436W WO2020135530A1 WO 2020135530 A1 WO2020135530 A1 WO 2020135530A1 CN 2019128436 W CN2019128436 W CN 2019128436W WO 2020135530 A1 WO2020135530 A1 WO 2020135530A1
Authority
WO
WIPO (PCT)
Prior art keywords
server
human
machine interface
interface system
shutdown
Prior art date
Application number
PCT/CN2019/128436
Other languages
French (fr)
Chinese (zh)
Inventor
薛栋
张寅�
Original Assignee
西门子电站自动化有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 西门子电站自动化有限公司 filed Critical 西门子电站自动化有限公司
Publication of WO2020135530A1 publication Critical patent/WO2020135530A1/en

Links

Images

Classifications

    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B19/00Programme-control systems
    • G05B19/02Programme-control systems electric
    • G05B19/418Total factory control, i.e. centrally controlling a plurality of machines, e.g. direct or distributed numerical control [DNC], flexible manufacturing systems [FMS], integrated manufacturing systems [IMS], computer integrated manufacturing [CIM]
    • G05B19/41845Total factory control, i.e. centrally controlling a plurality of machines, e.g. direct or distributed numerical control [DNC], flexible manufacturing systems [FMS], integrated manufacturing systems [IMS], computer integrated manufacturing [CIM] characterised by system universality, reconfigurability, modularity
    • GPHYSICS
    • G05CONTROLLING; REGULATING
    • G05BCONTROL OR REGULATING SYSTEMS IN GENERAL; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS OR ELEMENTS
    • G05B2219/00Program-control systems
    • G05B2219/30Nc systems
    • G05B2219/33Director till display
    • G05B2219/33273DCS distributed, decentralised controlsystem, multiprocessor
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/02Total factory control, e.g. smart factories, flexible manufacturing systems [FMS] or integrated manufacturing systems [IMS]

Definitions

  • the present disclosure generally relates to the field of power plants, and more specifically, to a man-machine interface system and a distributed control system for power plants with a power loss protection mechanism.
  • FIG. 1 shows a schematic diagram of a standard distributed control system 1.
  • the DCS system 1 includes a management terminal bus network 10, a human-machine interface system 20, and a factory bus network 30.
  • the human-machine interface system 20 includes at least one work server and a terminal bus network 21.
  • the at least one working server is, for example, a data processing server (Processing Unit, PU) 22, a service server (Service Unit, SU) 23, an operating workstation (Operating Terminal, OT) 24, an extension server (Extension unit, XU), an engineering server (Engineer Server , ES), etc., and at least one server is connected together through the terminal bus network 21.
  • the work servers for example, data processing server (Processing Unit, PU), service server (Service Unit, SU), operating workstation (Operating Terminal, OT),
  • the extension server Extension unit, XU
  • engineering server Engineer Server , ES
  • This kind of server has high requirements for the stability of the external power supply. If the external power supply suddenly loses power, it is likely that the system will crash or the hardware will be damaged, which will cause many problems for the subsequent operation of the unit.
  • each server in Figure 1 is equipped with a UPS power supply separately. After detecting that the external power supply is lost, the UPS power supply will issue a shutdown command to the corresponding server to shut down the operating system of the server one by one to avoid unnecessary losses.
  • FIG. 2 shows a schematic diagram of an example of a man-machine interface system 20 with a power loss protection mechanism in the prior art.
  • three network switches 211, 212, and 213 are connected by a network cable 240 to form a terminal bus network 210.
  • the network switch may be, for example, SCALANCE X307 produced by Siemens, or may be a network switch of another brand commercially available.
  • the human-machine interface server 221, PU server 222, OT server 223, SU server 224, ESDBA server 225, XU server 226, and ES server 227 are respectively connected to a network switch in the terminal bus network 210 via a network cable 240.
  • Each of the human-machine interface server 221, the PU server 222, the OT server 223, the SU server 224, the ESDBA server 225, the XU server 226, and the ES server 227 is connected to a UPS power supply 230 through a power cord 250, whereby the external power supply passes Each UPS power supply supplies power to each server in the system.
  • the present disclosure provides a man-machine interface system and a DCS system with a power loss protection mechanism for power plants.
  • the UPS power supply detects a power failure signal, it can shut down all servers in sequence through the terminal bus network according to the established shutdown strategy, thereby ensuring that the entire system can be shut down in a timely and effective manner.
  • a man-machine interface system for a power plant with a power failure protection mechanism including: at least one UPS power supply, at least one work server, a human-computer interaction server, a power failure protection server, and a connection A terminal bus network with at least one network switch, wherein the at least one working server, the human-computer interaction server, the power failure protection server, and at least one network switch and the at least one UPS in the terminal bus network
  • One UPS power supply in the power supply is connected through a power cord, so that the external power supply supplies power to each server in the human-machine interface system through the at least one UPS power supply, the at least one work server, the human-computer interaction server, and
  • the power failure protection server is connected to the terminal bus network through a network cable, and the power failure protection server is connected to one or more UPS power sources of the at least one UPS power source through a network cable, and the power failure
  • the electrical protection server is provided with a UPS power management client, which is configured to perform power outage monitoring on the connected UPS power
  • the power failure protection server has a passwordless access function for other servers in the human-machine interface system, and the power failure protection server is configured to:
  • a shutdown strategy is to sequentially perform a shutdown operation on the at least one work server, the human-computer interaction server, and the power failure protection server via the terminal bus network.
  • the power failure protection server does not have a passwordless access function for other servers in the man-machine interface system, and there is a man-machine interface for the man-machine interface system
  • Other servers in the system have a specific server with no password access function
  • the specific server is one of the at least one work server, the human-computer interaction server
  • the power failure protection server is configured to: The specific server sends the current shutdown policy, so that the specific server executes the at least one work server, the human-computer interaction server, and the power failure protection server via the terminal bus network according to the current shutdown policy Shutdown operation.
  • sequentially performing shutdown operations on the at least one work server, the human-computer interaction server, and the power failure protection server according to the current shutdown strategy via the terminal bus network includes: Send a shutdown instruction to the corresponding server in turn according to the shutdown sequence in the current shutdown strategy, and the shutdown instruction for each server waits for the corresponding waiting time after sending the shutdown instruction to the previous server in the shutdown sequence issued.
  • the power failure protection server and the human-computer interaction server are Windows-based servers.
  • the power failure protection server and the human-computer interaction server are the same server.
  • the power failure protection server is configured to monitor the power failure of the external power supply for a predetermined period of time, and then via the terminal bus network according to the current shutdown strategy At least one work server, the human-computer interaction server, and the power failure protection server perform a shutdown operation.
  • the power failure protection server is further configured to: obtain a current working condition of each server in the human-machine interface system and a communication failure linkage relationship between each server; and According to the current working condition of each server in the human-machine interface system and the communication failure linkage relationship between each server, the current shutdown strategy is formulated.
  • the current shutdown strategy is a predetermined shutdown strategy stored in the power failure protection server.
  • each of the at least one UPS power supply is configured to supply power to at least two servers in the human-machine interface system.
  • the at least one work server includes at least one of the following servers: at least one operation server, at least one data processing server, at least one expansion server, at least one management server, and At least one business server.
  • the human-machine interface system may further include: at least one simulation server configured to obtain working conditions and setting models of each work server; and at least one simulation server configured To simulate on-site input data and on-site output data of each working server in the human-machine interface system, wherein each simulated server in the at least one simulated server is powered by one UPS power supply in the at least one UPS power supply, And connected to the terminal bus network through a network cable.
  • a distributed control system for a power plant including the human-machine interface system described above.
  • the UPS power supply when the UPS power supply detects a power failure signal, it can sequentially shut down all servers in the system through the terminal bus network according to the formulated shutdown strategy, thereby ensuring that the entire system can be timely And effectively shut down steadily.
  • the power failure protection server when the power failure protection server has a password-less access function for other servers in the human-machine interface system, if the power failure protection server detects that an external power supply has lost power, the power failure The electrical protection server sequentially shuts down all servers in the system via the terminal bus network according to the current shutdown strategy, thereby ensuring that the entire system can be shut down in a timely and effective manner.
  • the power failure protection server when the power failure protection server does not have a passwordless access function for other servers in the man-machine interface system, if the power failure protection server detects that the external power supply has a power failure, it can be The power failure protection server sends the current shutdown strategy to a specific server in the human-machine interface system that has password-less access to other servers in the human-machine interface system, and the specific server sequentially responds via the terminal bus network according to the current shutdown strategy. All servers in the system are shut down in sequence, ensuring that the entire system can be shut down in a timely and effective manner.
  • the shutdown instruction for each server is to send shutdown to the previous server in the shutdown sequence It is issued after waiting for the corresponding waiting time after the instruction, which can ensure that the shutdown operation for the next server is started after the previous server completes the shutdown operation, so as to ensure that the entire system can be shut down in a timely and effective and stable manner without
  • the shutdown operation of the next server may adversely affect the shutdown operation of the previous server.
  • the power failure protection server can have a better human-computer interaction interface, thereby facilitating operations performed by operators.
  • the cost of the human-machine interface system can be reduced.
  • the power failure protection server starts to perform the shutdown operation for all servers in the system, it is possible to avoid the occurrence of short due to the external power supply Unnecessary power failure protection operation caused by time power failure.
  • the human-machine interface system by acquiring the current operating conditions of each server in the human-machine interface system and the fault linkage relationship between each server; and according to the current operating conditions and each of the servers in the human-machine interface system According to the fault linkage relationship between the servers, the current shutdown strategy is formulated, and then the shutdown operation for all servers in the system is performed according to the formulated current shutdown strategy, which can make the formulated current shutdown strategy more in line with the current status of the system, thereby More effectively ensure that the entire system is shut down steadily.
  • Figure 1 shows a schematic diagram of a standard DCS system
  • FIG. 2 shows a schematic diagram of an example of a man-machine interface system with a power loss protection mechanism in the prior art
  • FIG. 3 shows a schematic diagram of an example of a man-machine interface system with a power loss protection mechanism according to an embodiment of the present disclosure
  • FIG. 4 shows a schematic diagram of an example of a human-machine interface system with a power loss protection mechanism according to an embodiment of the present disclosure
  • FIG. 5 shows a schematic diagram of an example of a human-machine interface system with a power loss protection mechanism according to an embodiment of the present disclosure
  • FIG. 6 shows a schematic diagram of an example of a human-machine interface system with a power loss protection mechanism according to an embodiment of the present disclosure.
  • the term “including” and its variations represent open terms, meaning “including but not limited to.”
  • the term “based on” means “based at least in part on.”
  • the terms “one embodiment” and “an embodiment” mean “at least one embodiment”.
  • the term “another embodiment” means “at least one other embodiment”.
  • the terms “first”, “second”, etc. may refer to different or the same objects. The following may include other definitions, whether explicit or implicit. Unless the context clearly indicates otherwise, the definition of a term is consistent throughout the specification.
  • FIG. 3 shows a schematic diagram of an example of a man-machine interface system 30 with power loss protection according to an embodiment of the present disclosure.
  • the human-machine interface system 30 includes a terminal bus network 310 connected with at least one network switch (for example, network switches 311, 312 and 313 ), the at least one network switch 311, 312 and 313 passing through a network cable 340 Connected.
  • the network switch may be, for example, Siemens' SCALANCE X307 or other commercially available network switches suitable for power station applications.
  • the human-machine interface system 30 further includes a human-machine interaction server 321, at least one PU server 322, at least one OT server 323, at least one SU server 324, at least one management server (ESDBA server 325, and ES server 325'), at least one XU Server 326 and power failure protection server 327.
  • the human-computer interaction server 321 is a Windows-based server.
  • the power failure protection server 327 may also be a server based on a Windows system or a server based on other operating systems. In other examples of the present disclosure, the power failure protection server 327 and the human-machine interaction server 321 may also be the same server.
  • At least one PU server 322, at least one OT server 323, at least one SU server 324, at least one management server (ESDBA server 325, and ES server 325') and at least one XU server 326 are collectively referred to as a human-machine interaction system 30 working servers.
  • the work server of the human-machine interaction system 30 may include some or all of the above servers.
  • the human-machine interface server 321, a PU server 322, and a power failure protection server 327 are connected to the network switch 311 through the network cable 340, and thus connected to the terminal bus network 310.
  • the OT server 323 and the SU server 324 are connected to the network switch 312 through a network cable 340.
  • the ESDBA server 325, XU server 326 and ES server 325' are connected to the network switch 313.
  • the above servers can be connected to a network switch of the terminal bus network 310 through the network cable 340, respectively, so that each server can perform information exchange and communication through the terminal bus network 310.
  • each work server only shows one server device, and in practical applications, each work server may also be equipped with two or more server devices.
  • the human-machine interface system 30 further includes at least one UPS power supply 330, and in the example shown in FIG. 3, two UPS power supplies 330 are included.
  • each UPS power supply 330 can be connected to and powered by an external power supply (not shown).
  • the UPS power supply 330 can also be connected to at least one of the following server devices using the power cord 350 to supply power to these devices, including human-machine interaction server 321, PU server 322, OT server 323, SU server 324, and ESDBA server 325 , At least one network switch 311, 312, 313 in the XU server 326, the ES server 325' and the power failure protection server 327 and the terminal bus network 310.
  • one UPS power supply 330 is connected to two or more of the above server devices through a power cord 350.
  • the power failure protection server 327 is also connected to one or more UPS power sources 330 of the at least one UPS power source 330 through a network cable 340.
  • the power failure protection server 327 can be connected to the plurality of UPS power sources 230 in the at least one UPS power source 330 through the network cable 340 and perform power loss monitoring on the plurality of UPS power sources 330, the multiple UPS When any external power supply fails in any one of the power supplies 330, the external power supply loss signal can be monitored, so that the power loss protection server 327 can prevent the power loss protection server 327 from being connected to a single UPD power supply 330 due to the The failure of the UPS power supply causes the situation that the external power supply power failure signal cannot be monitored.
  • the power failure protection server 327 is also provided with a UPS power management client.
  • the UPS power management client may be configured to manage the connected UPS power supply 330, for example, perform external power supply outage monitoring on the connected UPS power supply 330. Therefore, after a power failure occurs on the UPS power supply 230, the UPS power management client on the power failure protection server 327 can monitor the power failure signal of the external power supply.
  • the power failure protection server 327 is also provided with a power failure protection program or power failure protection device. After detecting the power loss of the external power supply, the power loss protection program or power loss protection device is activated, so that the human-machine interaction server 321, at least one PU server 322, at least one The OT server 323, at least one SU server 324, at least one ESDBA server 325, at least one XU server 326, at least one ES server 325', and power failure protection server 327 perform a shutdown operation.
  • the power failure protection server 327 may send the shutdown instruction to the corresponding server in sequence according to the shutdown order in the current shutdown strategy via the shutdown instruction transmission line 360 shown in FIG. 3.
  • the UPS power supply connected to each network switch is used to supply power to the network switch to ensure that the terminal is executed during the shutdown operation
  • the bus network 310 keeps working normally.
  • the current shutdown strategy may include the shutdown sequence and waiting time of each server in the human-machine interface system.
  • the shutdown sequence and waiting time of each server may be determined according to the working conditions of each server in the human-machine interface system 30 and the communication failure linkage relationship between each server.
  • the working condition of each server refers to the working condition of the server, that is, how many programs are currently running and the current execution status of each program.
  • the communication failure linkage relationship refers to a communication failure that occurs if server B is not shut down due to the shutdown of server A. For example, if server A is shut down, if server B is not shut down, server B will have a communication failure due to the shutdown of server A, for example, the data of server B will be lost. In this case, Server A is considered to have a communication failure linkage relationship with Server B, and in the shutdown policy, the shutdown sequence of Server A is set after the shutdown sequence of Server B.
  • the power failure protection server 327 may be set to have a password-less access function for other servers in the human-machine interface system, and the current shutdown policy may be stored in the power failure protection server 327 Scheduled shutdown strategy.
  • the power failure protection server 327 is configured as follows: The stored predetermined shutdown strategy to the human-computer interaction server 321, at least one PU server 322, at least one OT server 323, at least one SU server 324, at least one ESDBA server 325, at least one XU server 326, at least one via the terminal bus network 310
  • An ES server 325' and a power failure protection server 327 perform a shutdown operation.
  • the human-machine interaction server 321, at least one PU server 322, at least one OT server 323, at least one SU server 324, at least one ESDBA server 325, at least One XU server 326, at least one ES server 325' and the power failure protection server 327 performing the shutdown operation may include: sequentially sending a shutdown instruction to the corresponding server according to the shutdown sequence in the current shutdown strategy, and preferably, shutting down for each server The instruction is issued after waiting for a corresponding waiting time after sending a shutdown instruction to the previous server in the shutdown sequence.
  • PU322, OT323, SU324, ESDBA325 are servers of Linux operating system
  • power failure protection server 327 and human-computer interaction server 321 are the same server based on Windows operating system Eng-server
  • ES325' (for example, (ES680) is a server of the Solaris operating system
  • the UPS power management client and the power failure protection program ie, execution script
  • a power failure protection program ie, execution script
  • the power failure protection server 327 ie, Windows server Eng-server
  • the shutdown sequence of OT and SU is before PU.
  • the current shutdown sequence can be OT->SU->PU->ES>ESDBA->Eng-server, and the waiting time of OT is 20s, the waiting time of SU is 20s, the waiting time of PU is 30s, and the waiting of ES The time is 20s and the waiting time of ESDBA is 20s.
  • the execution sequence flow of the power failure protection program script may be, for example: After detecting the failure of the external power supply, the server Eng-server runs the server shutdown script "remote_shutdownt2k.sh" to perform the shutdown operation on each server according to the current shutdown strategy. Specifically, first, send the first shutdown instruction to the server OT to cause the server OT to stop its operation monitoring (OM) service and perform shutdown, and wait 20s after issuing the first instruction, and then send the second instruction to the server SU The shutdown instruction causes the server SU to stop its OM service and perform shutdown. Then, after issuing the second instruction, wait 20s, and then send a third shutdown instruction to the server PU, so that the server PU stops its OM service and performs shutdown.
  • the server Eng-server runs the server shutdown script "remote_shutdownt2k.sh” to perform the shutdown operation on each server according to the current shutdown strategy. Specifically, first, send the first shutdown instruction to the server OT to cause the server OT to stop its operation monitoring
  • the power failure protection server 327 may also be set to have no password-less access function for other servers in the human-machine interface system.
  • Fig. 4 shows a schematic diagram of an example of a human-machine interface system 30' with a power loss protection mechanism according to an embodiment of the present disclosure.
  • the human-machine interface system 30′ shown in FIG. 4 includes a specific server having a password-less access function for other servers in the human-machine interface system, the specific server being the at least one working server and the human-machine One of the interaction servers 321, for example, the human-computer interaction server 321 or the server ESDBA325.
  • the shutdown operation instruction for each server in the system is issued by the server ESDBA, not by the power failure protection server 327.
  • the power failure protection server 327 is configured to: send a shutdown instruction to a specific server (server ESDBA), so that the specific server (server ESDBA) ) Perform shutdown operations on at least one operation server, at least one data processing server, at least one expansion server, at least one service server, human-computer interaction server, and power failure protection server via the terminal bus network according to the current shutdown strategy.
  • server ESDBA server ESDBA
  • the execution sequence of the power failure protection program script is: after detecting the failure of the external power supply, the power failure protection server 327 runs "shutdownall.cmd” and sends a shutdown instruction to the server ESDBA. Then the server ESDBA runs "remote_shutdownt2k.sh” to perform the server shutdown operation according to the server shutdown sequence. Specifically, first, send the first shutdown instruction to the server OT to cause the server OT to stop its OM service and perform shutdown, and wait 20s after issuing the first instruction, and then send a second shutdown instruction to the server SU to stop the server SU Its OM service and perform shutdown.
  • the power-off protection server 327 may not store a predetermined shutdown policy in advance.
  • the power failure protection server 327 may also be configured to: obtain the current working conditions of each server in the human-machine interface system and the fault linkage relationship between each server; and based on each server in the acquired human-machine interface system The current working conditions and the fault linkage relationship between each server, formulate the current shutdown strategy.
  • the power failure protection server 327 may determine the time required for the system on each server to shut down based on the acquired current operating conditions of each server, that is, the waiting time corresponding to the server.
  • the power failure protection server 327 may determine the shutdown sequence of each server based on the acquired fault linkage relationship between each server.
  • the power failure protection server 327 responds to the human-machine interaction server 321, at least one PU server 322, at least one OT server 323, at least one SU server 324, and at least one ESDBA server 325 via the terminal bus network 310 according to the established current shutdown strategy , At least one XU server 326, at least one ES server 325', and power failure protection server 327 perform a shutdown operation.
  • the power failure protection server 327 may also be configured to start the shutdown according to the current shutdown via the terminal bus network 310 after detecting that the external power supply has been powered off for a predetermined time (for example, for a predetermined minute).
  • the policy is to the human-computer interaction server 321, at least one PU server 322, at least one OT server 323, at least one SU server 324, at least one ESDBA server 325, at least one XU server 326, at least one ES server 325' and power failure protection server 327 Perform shutdown operation.
  • the power failure protection program or power failure protection program of the power failure protection server 327 may also be implemented in the UPS power management client.
  • each of the at least one UPS power supply may be configured to supply power to at least two servers in the human-machine interface system.
  • a 1500VA UPS power supply can guarantee the short-term power supply of 4 servers, thereby greatly saving the corresponding project cost.
  • FIG. 5 shows a schematic diagram of an example of a human-machine interface system 30" with a power loss protection mechanism according to an embodiment of the present disclosure.
  • the human-machine interface system 30" shown in FIG. 5 is shown in FIG. 3.
  • the improved human-machine interface system is suitable for a simulation machine system, for example, the SPPA-S2000 (FSS) system of Siemens.
  • the human-machine interface system 30" shown in FIG. 5 further includes: at least one simulation server 328 and at least one simulation server 329.
  • At least one simulation server 328 is Configured to obtain the current working conditions and set models of each server; and at least one simulation server 329 is configured to simulate the field input data and field output data of each server in the human-machine interface system.
  • the at least one simulation Each simulated server in the server 329 is powered by one of the at least one UPS power supply, and is connected to the terminal bus network 310 through a network cable 340.
  • the power failure protection server 327 in the human-machine interface system 30" shown in FIG. 5 has a passwordless access function for other servers in the human-machine interface system, and the server shutdown operation is performed by the power failure protection server 327.
  • the server shutdown operation of the power failure protection server 327 in FIG. 5 may be similar to the server shutdown operation described above with reference to FIG. 3.
  • the shutdown sequence of each server may be OT->SU ->PU->ES>ESDBA->SimServer (simulation server)->EmuServer (simulation server)->Eng-server.
  • FIG. 6 shows a schematic diagram of an example of a human-machine interface system 30”′ with power loss protection according to an embodiment of the present disclosure.
  • the structure in FIG. 6 is completely the same as that in FIG. 5, except that FIG. 6
  • the power failure protection server in the human-machine interface system 30 ′′ shown in FIG. 3 does not have a passwordless access function for other servers in the human-machine interface system, and the server shutdown operation is performed by the server ESDBA325.
  • the server shutdown operation of the power failure protection server 327 in FIG. 6 may refer to the server shutdown operation described above with reference to FIG. 4.
  • the shutdown sequence of each server may be OT->SU->PU->ES>ESDBA->SimServer->EmuServer->Eng-server.

Landscapes

  • Engineering & Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Manufacturing & Machinery (AREA)
  • Quality & Reliability (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Automation & Control Theory (AREA)
  • Power Sources (AREA)

Abstract

Provided is a man-machine interface system having a power loss protection mechanism, comprising: at least one UPS power source, at least one work server, a man-machine interaction server, a power loss protection server, and a terminal bus network consisting of at least one network switch. An external power source supplies power for each server in the man-machine interface system by means of the at least one UPS power source. Each server in the man-machine interface system is connected to the terminal bus network by means of a network cable, and the power loss protection server is connected with one or more UPS power sources by means of the network cable. A UPS power source management client used for performing power loss monitoring on the connected UPS power source is provided on the power loss protection server. When the power loss of the external power source is monitored, the power loss protection server performs a shutdown operation on each server in the man-machine interface system according to the current shutdown policy by means of the terminal bus network, and the current shutdown policy comprises the shutdown sequence and the wait time of the servers in the man-machine interface system.

Description

具有失电保护机制的人机接口系统及分布式控制系统Human-machine interface system and distributed control system with power failure protection mechanism 技术领域Technical field
本公开总体涉及发电厂领域,更具体地,涉及用于发电厂的具有失电保护机制的人机接口系统及分布式控制系统。The present disclosure generally relates to the field of power plants, and more specifically, to a man-machine interface system and a distributed control system for power plants with a power loss protection mechanism.
背景技术Background technique
比如西门子公司出品的分布式控制系统(Distributed Control System,DCS)已经被作为成熟的控制系统成功地应用于国内外的多个大型火电和核电项目中。图1示出了一种标准的分布式控制系统1的示意图。如图1所示,DCS系统1包括管理终端总线网络10、人机接口系统20以及工厂总线网络30。人机接口系统20包括至少一个工作服务器和终端总线网络21。所述至少一个工作服务器比如是数据处理服务器(Processing Unit,PU)22,业务服务器(Service Unit,SU)23,操作工作站(Operating Terminal,OT)24,扩展服务器(Extension unit,XU),工程服务器(Engineer Server ES)等,并且至少一个服务器通过终端总线网络21连接在一起。 For example, the distributed control system (Distributed Control System, DCS) produced by Siemens has been successfully used as a mature control system in many large-scale thermal and nuclear power projects at home and abroad. FIG. 1 shows a schematic diagram of a standard distributed control system 1. As shown in FIG. 1, the DCS system 1 includes a management terminal bus network 10, a human-machine interface system 20, and a factory bus network 30. The human-machine interface system 20 includes at least one work server and a terminal bus network 21. The at least one working server is, for example, a data processing server (Processing Unit, PU) 22, a service server (Service Unit, SU) 23, an operating workstation (Operating Terminal, OT) 24, an extension server (Extension unit, XU), an engineering server (Engineer Server , ES), etc., and at least one server is connected together through the terminal bus network 21.
在图1中示出的人机接口系统20中,绝大多数工作服务器(比如,数据处理服务器(Processing Unit,PU),业务服务器(Service Unit,SU),操作工作站(Operating Terminal,OT),扩展服务器(Extension unit,XU),工程服务器(Engineer Server ES))都是基于Unix和/或Linux平台的。这种服务器对外部电源的稳定性要求很高,如果外部电源发生突然断电的情况,则很有可能会发生系统崩溃或者硬件损坏的情况,给机组的后续运行带来很多的问题。 In the human-machine interface system 20 shown in FIG. 1, most of the work servers (for example, data processing server (Processing Unit, PU), service server (Service Unit, SU), operating workstation (Operating Terminal, OT), The extension server (Extension unit, XU) and engineering server (Engineer Server , ES) are all based on Unix and/or Linux platforms. This kind of server has high requirements for the stability of the external power supply. If the external power supply suddenly loses power, it is likely that the system will crash or the hardware will be damaged, which will cause many problems for the subsequent operation of the unit.
基于此情况,业内提出了一种具有失电保护机制的人机接口系统。在该人机接口系统中,为图1中每台服务器都单独配备了UPS电源。UPS电源检测到外部电源供电丢失后,会一对一地向相应的服务器发出关机指令来关闭该服务器的操作系统,从而避免发生不必要的损失。Based on this situation, the industry has proposed a man-machine interface system with a power loss protection mechanism. In this human-machine interface system, each server in Figure 1 is equipped with a UPS power supply separately. After detecting that the external power supply is lost, the UPS power supply will issue a shutdown command to the corresponding server to shut down the operating system of the server one by one to avoid unnecessary losses.
图2示出了现有技术中的一种具有失电保护机制的人机接口系统20的 示例的示意图。如图2所示,三个网络交换机211、212和213通过网络线缆240相连来形成终端总线网络210。所述网络交换机比如可以是西门子公司出品的SCALANCE X307,也可以是市售的其他品牌的网络交换机。人机接口服务器221、PU服务器222、OT服务器223、SU服务器224、ESDBA服务器225、XU服务器226和ES服务器227分别经由网络线缆240与终端总线网络210中的一个网络交换机相连。人机接口服务器221、PU服务器222、OT服务器223、SU服务器224、ESDBA服务器225、XU服务器226和ES服务器227中的每一个与一个UPS电源230通过电源线250相连,由此,外部电源通过各个UPS电源来向系统中的各个服务器供电。FIG. 2 shows a schematic diagram of an example of a man-machine interface system 20 with a power loss protection mechanism in the prior art. As shown in FIG. 2, three network switches 211, 212, and 213 are connected by a network cable 240 to form a terminal bus network 210. The network switch may be, for example, SCALANCE X307 produced by Siemens, or may be a network switch of another brand commercially available. The human-machine interface server 221, PU server 222, OT server 223, SU server 224, ESDBA server 225, XU server 226, and ES server 227 are respectively connected to a network switch in the terminal bus network 210 via a network cable 240. Each of the human-machine interface server 221, the PU server 222, the OT server 223, the SU server 224, the ESDBA server 225, the XU server 226, and the ES server 227 is connected to a UPS power supply 230 through a power cord 250, whereby the external power supply passes Each UPS power supply supplies power to each server in the system.
在图2中示出的人机接口系统20中,在UPS电源检测到外部电源供电丢失后,会一对一地向相应的服务器发出关机指令来关闭该服务器的操作系统。然而,在人机接口系统20中,由于每台服务器都需要配备专用UPS电源,大大增加了系统的成本,而在国产DCS大步前进的今天,成本会对产品的适用性带来决定性的因素,尤其是在一些中小项目上的应用。In the human-machine interface system 20 shown in FIG. 2, after the UPS power supply detects that the external power supply is lost, it will issue a shutdown command to the corresponding server one by one to shut down the operating system of the server. However, in the human-machine interface system 20, since each server needs to be equipped with a dedicated UPS power supply, the cost of the system is greatly increased, and today, with the domestic DCS striding forward, the cost will bring a decisive factor to the applicability of the product , Especially in some small and medium projects.
另外,由于UPS电源长期处于工作状态,如果出现UPS电源自身不稳定,则极有可能无法正常触发服务器上的操作系统自动关机。In addition, because the UPS power supply has been working for a long time, if the UPS power supply itself is unstable, it is very likely that the operating system on the server will not be automatically shut down.
此外,在该种人机接口系统中,在外部电源供电丢失后,整个上层网络(例如,终端总线网络)就会失电,从而彻底失去了通过上层网络来对服务器进行比如关机操作的远程操作的可能性。In addition, in this kind of human-machine interface system, after the external power supply is lost, the entire upper layer network (for example, the terminal bus network) will lose power, thereby completely losing the remote operation such as shutting down the server through the upper layer network. Possibility.
发明内容Summary of the invention
鉴于上述,本公开提供了一种用于发电厂的具有失电保护机制的人机接口系统及DCS系统。利用该系统,当UPS电源检测到失电信号后,可以按照所制定的关机策略来通过终端总线网络对所有服务器依次进行关机操作,从而保证整个系统可以被及时且有效地稳定关闭。In view of the above, the present disclosure provides a man-machine interface system and a DCS system with a power loss protection mechanism for power plants. With this system, when the UPS power supply detects a power failure signal, it can shut down all servers in sequence through the terminal bus network according to the established shutdown strategy, thereby ensuring that the entire system can be shut down in a timely and effective manner.
根据本公开的一个方面,提供了一种用于发电厂的具有失电保护机制的人机接口系统,包括:至少一个UPS电源、至少一个工作服务器、人机交互服务器、失电保护服务器以及连接有至少一个网络交换机的终端总线网络,其中,所述至少一个工作服务器、所述人机交互服务器、所述失电保护服务器以及所述终端总线网络中的至少一个网络交换机与所述至少一 个UPS电源中的一个UPS电源通过电源线相连,以使得外部电源通过所述至少一个UPS电源来向所述人机接口系统中的各个服务器供电,所述至少一个工作服务器、所述人机交互服务器和所述失电保护服务器通过网络线缆连接到所述终端总线网络,以及所述失电保护服务器通过网络线缆与所述至少一个UPS电源中的一个或多个UPS电源相连,以及所述失电保护服务器上设置有UPS电源管理客户端,所述UPS电源管理客户端被配置为对所连接的UPS电源进行失电监测,其中,在监测到外部电源失电时,所述失电保护服务器被配置为经由所述终端总线网络来根据当前关机策略对所述至少一个工作服务器、所述人机交互服务器和所述失电保护服务器执行关机操作,所述当前关机策略包括所述人机接口系统中的各个服务器的关机顺序和等待时间。According to an aspect of the present disclosure, there is provided a man-machine interface system for a power plant with a power failure protection mechanism, including: at least one UPS power supply, at least one work server, a human-computer interaction server, a power failure protection server, and a connection A terminal bus network with at least one network switch, wherein the at least one working server, the human-computer interaction server, the power failure protection server, and at least one network switch and the at least one UPS in the terminal bus network One UPS power supply in the power supply is connected through a power cord, so that the external power supply supplies power to each server in the human-machine interface system through the at least one UPS power supply, the at least one work server, the human-computer interaction server, and The power failure protection server is connected to the terminal bus network through a network cable, and the power failure protection server is connected to one or more UPS power sources of the at least one UPS power source through a network cable, and the power failure The electrical protection server is provided with a UPS power management client, which is configured to perform power outage monitoring on the connected UPS power supply, wherein, when it is detected that the external power supply is out of power, the power outage protection server Configured to perform a shutdown operation on the at least one work server, the human-machine interaction server, and the power failure protection server according to a current shutdown strategy via the terminal bus network, the current shutdown strategy includes the human-machine interface The shutdown sequence and waiting time of each server in the system.
可选地,在上述方面的一个示例中,所述失电保护服务器针对所述人机接口系统中的其他服务器具有无密码访问功能,以及所述失电保护服务器被配置为:按照所述当前关机策略来经由所述终端总线网络来依次对所述至少一个工作服务器、所述人机交互服务器和所述失电保护服务器执行关机操作。Optionally, in an example of the above aspect, the power failure protection server has a passwordless access function for other servers in the human-machine interface system, and the power failure protection server is configured to: A shutdown strategy is to sequentially perform a shutdown operation on the at least one work server, the human-computer interaction server, and the power failure protection server via the terminal bus network.
可选地,在上述方面的一个示例中,所述失电保护服务器针对所述人机接口系统中的其他服务器不具有无密码访问功能,所述人机接口系统中存在针对所述人机接口系统中的其他服务器具有无密码访问功能的特定服务器,所述特定服务器是所述至少一个工作服务器、所述人机交互服务器中之一,以及所述失电保护服务器被配置为:向所述特定服务器发送所述当前关机策略,以使得所述特定服务器按照所述当前关机策略来经由所述终端总线网络对所述至少一个工作服务器、所述人机交互服务器和所述失电保护服务器执行关机操作。Optionally, in an example of the above aspect, the power failure protection server does not have a passwordless access function for other servers in the man-machine interface system, and there is a man-machine interface for the man-machine interface system Other servers in the system have a specific server with no password access function, the specific server is one of the at least one work server, the human-computer interaction server, and the power failure protection server is configured to: The specific server sends the current shutdown policy, so that the specific server executes the at least one work server, the human-computer interaction server, and the power failure protection server via the terminal bus network according to the current shutdown policy Shutdown operation.
可选地,在上述方面的一个示例中,经由所述终端总线网络来根据当前关机策略依次对所述至少一个工作服务器、所述人机交互服务器和所述失电保护服务器执行关机操作包括:按照所述当前关机策略中的关机顺序依次向对应的服务器发送关机指令,并且针对每个服务器的关机指令是在向所述关机顺序中的上一服务器发送关机指令后等待对应的等待时间后才发出的。Optionally, in an example of the above aspect, sequentially performing shutdown operations on the at least one work server, the human-computer interaction server, and the power failure protection server according to the current shutdown strategy via the terminal bus network includes: Send a shutdown instruction to the corresponding server in turn according to the shutdown sequence in the current shutdown strategy, and the shutdown instruction for each server waits for the corresponding waiting time after sending the shutdown instruction to the previous server in the shutdown sequence issued.
可选地,在上述方面的一个示例中,所述失电保护服务器和所述人机交互服务器是基于Windows系统的服务器。Optionally, in an example of the above aspect, the power failure protection server and the human-computer interaction server are Windows-based servers.
可选地,在上述方面的一个示例中,所述失电保护服务器和所述人机交互服务器是同一服务器。Optionally, in an example of the above aspect, the power failure protection server and the human-computer interaction server are the same server.
可选地,在上述方面的一个示例中,所述失电保护服务器被配置为在监测到外部电源失电并持续预定时间后,经由所述终端总线网络来根据所述当前关机策略对所述至少一个工作服务器、所述人机交互服务器和所述失电保护服务器执行关机操作。Optionally, in an example of the above aspect, the power failure protection server is configured to monitor the power failure of the external power supply for a predetermined period of time, and then via the terminal bus network according to the current shutdown strategy At least one work server, the human-computer interaction server, and the power failure protection server perform a shutdown operation.
可选地,在上述方面的一个示例中,所述失电保护服务器还被配置为:获取所述人机接口系统中的各个服务器的当前工况和各个服务器之间的通讯故障联动关系;以及根据所述人机接口系统中的各个服务器的当前工况和各个服务器之间的通讯故障联动关系,制定所述当前关机策略。Optionally, in an example of the above aspect, the power failure protection server is further configured to: obtain a current working condition of each server in the human-machine interface system and a communication failure linkage relationship between each server; and According to the current working condition of each server in the human-machine interface system and the communication failure linkage relationship between each server, the current shutdown strategy is formulated.
可选地,在上述方面的一个示例中,所述当前关机策略是存储在所述失电保护服务器中的预定关机策略。Optionally, in an example of the above aspect, the current shutdown strategy is a predetermined shutdown strategy stored in the power failure protection server.
可选地,在上述方面的一个示例中,所述至少一个UPS电源中的各个UPS电源被配置为向所述人机接口系统中的至少两个服务器供电。Optionally, in an example of the above aspect, each of the at least one UPS power supply is configured to supply power to at least two servers in the human-machine interface system.
可选地,在上述方面的一个示例中,所述至少一个工作服务器包括下述服务器中的至少一种:至少一个操作服务器,至少一个数据处理服务器,至少一个扩展服务器,至少一个管理服务器,和至少一个业务服务器。Optionally, in an example of the above aspect, the at least one work server includes at least one of the following servers: at least one operation server, at least one data processing server, at least one expansion server, at least one management server, and At least one business server.
可选地,在上述方面的一个示例中,所述人机接口系统还可以包括:至少一个仿真服务器,被配置为获取各个工作服务器的工况和设定模型;以及至少一个模拟服务器,被配置为模拟所述人机接口系统中的各个工作服务器的现场输入数据和现场输出数据,其中,所述至少一个模拟服务器中的每个模拟服务器由所述至少一个UPS电源中的一个UPS电源供电,并且通过网络线缆连接到所述终端总线网络。Optionally, in an example of the above aspect, the human-machine interface system may further include: at least one simulation server configured to obtain working conditions and setting models of each work server; and at least one simulation server configured To simulate on-site input data and on-site output data of each working server in the human-machine interface system, wherein each simulated server in the at least one simulated server is powered by one UPS power supply in the at least one UPS power supply, And connected to the terminal bus network through a network cable.
根据本公开的另一方面,提供一种用于发电厂的分布式控制系统,包括如上所述的人机接口系统。According to another aspect of the present disclosure, there is provided a distributed control system for a power plant, including the human-machine interface system described above.
利用根据本公开的人机接口系统,当UPS电源检测到失电信号后,可以按照所制定的关机策略来通过终端总线网络对系统中的所有服务器依次进行关机操作,从而保证整个系统可以被及时且有效地稳定关闭。With the human-machine interface system according to the present disclosure, when the UPS power supply detects a power failure signal, it can sequentially shut down all servers in the system through the terminal bus network according to the formulated shutdown strategy, thereby ensuring that the entire system can be timely And effectively shut down steadily.
利用根据本公开的人机接口系统,在失电保护服务器针对人机接口系统中的其他服务器具有无密码访问功能时,如果该失电保护服务器监测到外部电源发生失电,则可以由该失电保护服务器按照当前关机策略来经由终端总线网络对系统中的所有服务器依次进行关机操作,从而保证整个系统可以被及时且有效地稳定关闭。With the human-machine interface system according to the present disclosure, when the power failure protection server has a password-less access function for other servers in the human-machine interface system, if the power failure protection server detects that an external power supply has lost power, the power failure The electrical protection server sequentially shuts down all servers in the system via the terminal bus network according to the current shutdown strategy, thereby ensuring that the entire system can be shut down in a timely and effective manner.
利用根据本公开的人机接口系统,在失电保护服务器针对人机接口系统中的其他服务器不具有无密码访问功能时,如果该失电保护服务器监测到外部电源发生失电,则可以由该失电保护服务器将当前关机策略发送给人机接口系统中的针对人机接口系统中的其他服务器具有无密码访问功能的特定服务器,并由该特定服务器按照当前关机策略来经由终端总线网络依次对系统中的所有服务器依次进行关机操作,从而保证整个系统可以被及时且有效地稳定关闭。With the man-machine interface system according to the present disclosure, when the power failure protection server does not have a passwordless access function for other servers in the man-machine interface system, if the power failure protection server detects that the external power supply has a power failure, it can be The power failure protection server sends the current shutdown strategy to a specific server in the human-machine interface system that has password-less access to other servers in the human-machine interface system, and the specific server sequentially responds via the terminal bus network according to the current shutdown strategy. All servers in the system are shut down in sequence, ensuring that the entire system can be shut down in a timely and effective manner.
利用根据本公开的人机接口系统,通过按照当前关机策略中的关机顺序依次向对应的服务器发送关机指令,并且针对每个服务器的关机指令是在向所述关机顺序中的上一服务器发送关机指令后等待对应的等待时间后才发出的,可以确保在上一服务器完成关机操作后,才开始执行针对下一服务器的关机操作,从而保证整个系统可以被及时且有效地稳定关闭,而不会发生由于下一服务器的关机操作而对上一服务器的关机操作产生不利的影响。With the human-machine interface system according to the present disclosure, by sequentially sending shutdown instructions to the corresponding servers according to the shutdown sequence in the current shutdown strategy, and the shutdown instruction for each server is to send shutdown to the previous server in the shutdown sequence It is issued after waiting for the corresponding waiting time after the instruction, which can ensure that the shutdown operation for the next server is started after the previous server completes the shutdown operation, so as to ensure that the entire system can be shut down in a timely and effective and stable manner without The shutdown operation of the next server may adversely affect the shutdown operation of the previous server.
利用根据本公开的人机接口系统,通过将失电保护服务器实现为基于Windows系统的服务器,可以使得失电保护服务器具有更好的人机交互界面,从而便于操作人员执行操作。By using the human-machine interface system according to the present disclosure, by implementing the power failure protection server as a Windows-based server, the power failure protection server can have a better human-computer interaction interface, thereby facilitating operations performed by operators.
利用根据本公开的人机接口系统,通过将失电保护服务器和人机交互服务器实现为同一服务器,可以降低人机接口系统的成本。With the human-machine interface system according to the present disclosure, by implementing the power failure protection server and the human-machine interaction server as the same server, the cost of the human-machine interface system can be reduced.
利用根据本公开的人机接口系统,通过在监测到外部电源失电并且持续预定时间后,失电保护服务器才开始执行针对系统中的所有服务器的关机操作,可以避免出现由于外部电源的较短时间失电而导致的不必要的失电保护操作。With the human-machine interface system according to the present disclosure, after the external power supply is monitored for power loss and lasts for a predetermined time, the power failure protection server starts to perform the shutdown operation for all servers in the system, it is possible to avoid the occurrence of short due to the external power supply Unnecessary power failure protection operation caused by time power failure.
利用根据本公开的人机接口系统,通过获取人机接口系统中的各个服务器的当前工况和各个服务器之间的故障联动关系;并且根据人机接口系 统中的各个服务器的当前工况和各个服务器之间的故障联动关系来制定当前关机策略,然后根据所制定的当前关机策略来执行针对系统中的所有服务器的关机操作,可以使得所制定的当前关机策略更符合系统的当前状况,由此更加有效地保证整个系统被稳定地关闭。Using the human-machine interface system according to the present disclosure, by acquiring the current operating conditions of each server in the human-machine interface system and the fault linkage relationship between each server; and according to the current operating conditions and each of the servers in the human-machine interface system According to the fault linkage relationship between the servers, the current shutdown strategy is formulated, and then the shutdown operation for all servers in the system is performed according to the formulated current shutdown strategy, which can make the formulated current shutdown strategy more in line with the current status of the system, thereby More effectively ensure that the entire system is shut down steadily.
附图说明BRIEF DESCRIPTION
通过参照下面的附图,可以实现对于本公开内容的本质和优点的进一步理解。在附图中,类似组件或特征可以具有相同的附图标记。By referring to the following drawings, a further understanding of the nature and advantages of the present disclosure can be achieved. In the drawings, similar components or features may have the same reference label.
图1示出了一种标准的DCS系统的示意图;Figure 1 shows a schematic diagram of a standard DCS system;
图2示出了现有技术中的一种具有失电保护机制的人机接口系统的示例的示意图;2 shows a schematic diagram of an example of a man-machine interface system with a power loss protection mechanism in the prior art;
图3示出了根据本公开的实施例的具有失电保护机制的人机接口系统的一个示例的示意图;3 shows a schematic diagram of an example of a man-machine interface system with a power loss protection mechanism according to an embodiment of the present disclosure;
图4示出了根据本公开的实施例的具有失电保护机制的人机接口系统的一个示例的示意图;4 shows a schematic diagram of an example of a human-machine interface system with a power loss protection mechanism according to an embodiment of the present disclosure;
图5示出了根据本公开的实施例的具有失电保护机制的人机接口系统的一个示例的示意图;和5 shows a schematic diagram of an example of a human-machine interface system with a power loss protection mechanism according to an embodiment of the present disclosure; and
图6示出了根据本公开的实施例的具有失电保护机制的人机接口系统的一个示例的示意图。FIG. 6 shows a schematic diagram of an example of a human-machine interface system with a power loss protection mechanism according to an embodiment of the present disclosure.
附图标记Reference number
1 DCS系统1 DCS system
10 管理终端总线网络10 Management terminal bus network
20,30,30’,30”,30”’ 人机接口系统20, 30, 30’, 30”, 30”’ human-machine interface system
21 终端总线网络21 Terminal bus network
22 PU服务器22 PU server
23 SU服务器23 SU server
24 OT服务器24 OT server
30 工厂总线网络30 Factory bus network
40 桥接器40 Bridge
41 自动控制设备41 Automatic control equipment
210 终端总线网络210 terminal bus network
211,212,213 网络交换机211, 212, 213 network switches
221 人机接口服务器221 Human-machine interface server
222 PU服务器222 PU server
223 OT服务器223 OT server
224 SU服务器224 SU server
225 ESDBA服务器225 ESDBA server
226 XU服务器226 XU server
227 ES服务器227 ES server
230 UPS电源230 UPS power supply
240 网络线缆240 network cable
250 电源线250 power cord
310 终端总线网络310 terminal bus network
311,312,313 网络交换机311, 312, 313 network switches
321 人机接口服务器321 human-machine interface server
322 PU服务器322 PU server
323 OT服务器323 OT server
324 SU服务器324 SU server
325 ESDBA服务器325 ESDBA server
325’ ES服务器325’ES server
326 XU服务器326 XU server
327 失电保护服务器327 Power loss protection server
328 仿真服务器328 Simulation server
329 模拟服务器329 simulation server
330 UPS电源330 UPS power supply
340 网络线缆340 network cable
350 电源线350 power cord
360 关机指令传送线路360 Shutdown command transmission line
具体实施方式detailed description
现在将参考示例实施方式讨论本文描述的主题。应该理解,讨论这些实施方式只是为了使得本领域技术人员能够更好地理解从而实现本文描述的主题,并非是对权利要求书中所阐述的保护范围、适用性或者示例的限制。可以在不脱离本公开内容的保护范围的情况下,对所讨论的元素的功能和排列进行改变。各个示例可以根据需要,省略、替代或者添加各种过程或组件。例如,所描述的方法可以按照与所描述的顺序不同的顺序来执行,以及各个步骤可以被添加、省略或者组合。另外,相对一些示例所描述的特征在其它例子中也可以进行组合。The subject matter described herein will now be discussed with reference to example embodiments. It should be understood that the discussion of these embodiments is merely to enable those skilled in the art to better understand and implement the subject matter described herein, and is not intended to limit the scope of protection, applicability, or examples set forth in the claims. Changes can be made in the function and arrangement of the elements in question without departing from the scope of protection of this disclosure. Various examples may omit, substitute, or add various processes or components as needed. For example, the described methods may be performed in a different order than the described order, and various steps may be added, omitted, or combined. In addition, the features described with respect to some examples can also be combined in other examples.
如本文中使用的,术语“包括”及其变型表示开放的术语,含义是“包括但不限于”。术语“基于”表示“至少部分地基于”。术语“一个实施例”和“一实施例”表示“至少一个实施例”。术语“另一个实施例”表示“至少一个其他实施例”。术语“第一”、“第二”等可以指代不同的或相同的对象。下面可以包括其他的定义,无论是明确的还是隐含的。除非上下文中明确地指明,否则一个术语的定义在整个说明书中是一致的。As used herein, the term "including" and its variations represent open terms, meaning "including but not limited to." The term "based on" means "based at least in part on." The terms "one embodiment" and "an embodiment" mean "at least one embodiment". The term "another embodiment" means "at least one other embodiment". The terms "first", "second", etc. may refer to different or the same objects. The following may include other definitions, whether explicit or implicit. Unless the context clearly indicates otherwise, the definition of a term is consistent throughout the specification.
图3示出了根据本公开的实施例的具有失电保护的人机接口系统30的一个示例的示意图。FIG. 3 shows a schematic diagram of an example of a man-machine interface system 30 with power loss protection according to an embodiment of the present disclosure.
如图3所示,人机接口系统30包括连接有至少一个网络交换机(例如,网络交换机311,312和313)的终端总线网络310,该至少一个网络交换机311,312和313通过网络线缆340相连。在本公开中,所述网络交换机比如可以是西门子的SCALANCE X307或市售的适于电站应用的其他网络交换机。As shown in FIG. 3, the human-machine interface system 30 includes a terminal bus network 310 connected with at least one network switch (for example, network switches 311, 312 and 313 ), the at least one network switch 311, 312 and 313 passing through a network cable 340 Connected. In the present disclosure, the network switch may be, for example, Siemens' SCALANCE X307 or other commercially available network switches suitable for power station applications.
人机接口系统30还包括人机交互服务器321、至少一个PU服务器322、至少一个OT服务器323、至少一个SU服务器324、至少一个管理服务器(ESDBA服务器325、和ES服务器325’)、至少一个XU服务器326和失电保护服务器327。在图3中示出的示例中,人机交互服务器321是基于Windows系统的服务器。失电保护服务器327也可以是基于Windows系统的服务器,也可以是基于其它操作系统的服务器。在本公开的其它示例中,失电保护服务器327和人机交互服务器321也可以是同一服务器。The human-machine interface system 30 further includes a human-machine interaction server 321, at least one PU server 322, at least one OT server 323, at least one SU server 324, at least one management server (ESDBA server 325, and ES server 325'), at least one XU Server 326 and power failure protection server 327. In the example shown in FIG. 3, the human-computer interaction server 321 is a Windows-based server. The power failure protection server 327 may also be a server based on a Windows system or a server based on other operating systems. In other examples of the present disclosure, the power failure protection server 327 and the human-machine interaction server 321 may also be the same server.
在本公开中,至少一个PU服务器322、至少一个OT服务器323、至 少一个SU服务器324、至少一个管理服务器(ESDBA服务器325、和ES服务器325’)和至少一个XU服务器326被统称为人机交互系统30的工作服务器。在本公开的其它示例中,人机交互系统30的工作服务器可以包括上述服务器中的部分或全部。In the present disclosure, at least one PU server 322, at least one OT server 323, at least one SU server 324, at least one management server (ESDBA server 325, and ES server 325') and at least one XU server 326 are collectively referred to as a human-machine interaction system 30 working servers. In other examples of the present disclosure, the work server of the human-machine interaction system 30 may include some or all of the above servers.
如图3所示的例子中,例如人机接口服务器321、一个PU服务器322和一个失电保护服务器327通过网络线缆340连接到网络交换机311,从而连接到终端总线网络310。类似地,OT服务器323和SU服务器324通过网络线缆340连接到网络交换机312。ESDBA服务器325、XU服务器326和ES服务器325’连接到网络交换机313。由此,上述各个服务器可以通过网络线缆340分别连接到终端总线网络310的一个网络交换机,从而使得各个服务器能够通过终端总线网络310来执行信息交换和通信。在图3中,简便起见,每种工作服务器仅仅示出了一个服务器设备,而在实际应用中每种工作服务器还可能配备成具有两个或两个以上的服务器设备。In the example shown in FIG. 3, for example, the human-machine interface server 321, a PU server 322, and a power failure protection server 327 are connected to the network switch 311 through the network cable 340, and thus connected to the terminal bus network 310. Similarly, the OT server 323 and the SU server 324 are connected to the network switch 312 through a network cable 340. The ESDBA server 325, XU server 326 and ES server 325' are connected to the network switch 313. Thus, the above servers can be connected to a network switch of the terminal bus network 310 through the network cable 340, respectively, so that each server can perform information exchange and communication through the terminal bus network 310. In FIG. 3, for simplicity, each work server only shows one server device, and in practical applications, each work server may also be equipped with two or more server devices.
人机接口系统30还包括至少一个UPS电源330,如图3中所示的例子中包括2个UPS电源330。在图3所示的例子中,每个UPS电源330能够连接到一个外部电源(未示出)且由这个外部电源供电。同时,UPS电源330还可以利用电源线350连接到以下服务器设备中的至少一个,以为这些设备供电,这些设备包括人机交互服务器321、PU服务器322、OT服务器323、SU服务器324、ESDBA服务器325、XU服务器326、ES服务器325’和失电保护服务器327以及终端总线网络310中的至少一个网络交换机311、312、313。在图3中,一个UPS电源330通过电源线350连接到两个或两个以上的上述服务器设备。The human-machine interface system 30 further includes at least one UPS power supply 330, and in the example shown in FIG. 3, two UPS power supplies 330 are included. In the example shown in FIG. 3, each UPS power supply 330 can be connected to and powered by an external power supply (not shown). At the same time, the UPS power supply 330 can also be connected to at least one of the following server devices using the power cord 350 to supply power to these devices, including human-machine interaction server 321, PU server 322, OT server 323, SU server 324, and ESDBA server 325 , At least one network switch 311, 312, 313 in the XU server 326, the ES server 325' and the power failure protection server 327 and the terminal bus network 310. In FIG. 3, one UPS power supply 330 is connected to two or more of the above server devices through a power cord 350.
此外,失电保护服务器327还通过网络线缆340与至少一个UPS电源330中的一个或多个UPS电源330相连。在本公开中,由于失电保护服务器327可以通过网络线缆340与至少一个UPS电源330中的多个UPS电源230相连并且对该多个UPS电源330进行失电监测,从而在该多个UPS电源330中的任何一个发生外部电源失电时,能够监测到外部电源失电信号,由此失电保护服务器327可以防止发生在失电保护服务器327仅仅与单个UPD电源330相连的情况下由于该UPS电源自身的故障而导致不能监测到外部电源失电信号的情形。In addition, the power failure protection server 327 is also connected to one or more UPS power sources 330 of the at least one UPS power source 330 through a network cable 340. In the present disclosure, since the power failure protection server 327 can be connected to the plurality of UPS power sources 230 in the at least one UPS power source 330 through the network cable 340 and perform power loss monitoring on the plurality of UPS power sources 330, the multiple UPS When any external power supply fails in any one of the power supplies 330, the external power supply loss signal can be monitored, so that the power loss protection server 327 can prevent the power loss protection server 327 from being connected to a single UPD power supply 330 due to the The failure of the UPS power supply causes the situation that the external power supply power failure signal cannot be monitored.
失电保护服务器327上还设置有UPS电源管理客户端。UPS电源管理客户端可以被配置为对所连接的UPS电源330进行管理,例如,对所连接的UPS电源330进行外部电源失电监测。由此,在UPS电源230上发生外部电源失电后,失电保护服务器327上的UPS电源管理客户端可以监测到外部电源失电信号。The power failure protection server 327 is also provided with a UPS power management client. The UPS power management client may be configured to manage the connected UPS power supply 330, for example, perform external power supply outage monitoring on the connected UPS power supply 330. Therefore, after a power failure occurs on the UPS power supply 230, the UPS power management client on the power failure protection server 327 can monitor the power failure signal of the external power supply.
失电保护服务器327上还设置有失电保护程序或失电保护装置。在监测到外部电源失电后,失电保护程序或失电保护装置被启用,从而经由所连接的终端总线网络310来根据当前关机策略对人机交互服务器321、至少一个PU服务器322、至少一个OT服务器323、至少一个SU服务器324、至少一个ESDBA服务器325、至少一个XU服务器326、至少一个ES服务器325’和失电保护服务器327执行关机操作。例如,失电保护服务器327可以经由图3中所示的关机指令传送线路360,将关机指令按照当前关机策略中的关机顺序依序发送到对应的服务器。The power failure protection server 327 is also provided with a power failure protection program or power failure protection device. After detecting the power loss of the external power supply, the power loss protection program or power loss protection device is activated, so that the human-machine interaction server 321, at least one PU server 322, at least one The OT server 323, at least one SU server 324, at least one ESDBA server 325, at least one XU server 326, at least one ES server 325', and power failure protection server 327 perform a shutdown operation. For example, the power failure protection server 327 may send the shutdown instruction to the corresponding server in sequence according to the shutdown order in the current shutdown strategy via the shutdown instruction transmission line 360 shown in FIG. 3.
这里要说明的是,在监测外部电源失电的情况下,在根据当前关机策略执行关机操作期间,利用各个网络交换机所连接的UPS电源来对网络交换机进行供电,以确保在执行关机操作期间终端总线网络310保持正常工作。It should be explained here that, in the case of monitoring the external power loss, during the shutdown operation according to the current shutdown strategy, the UPS power supply connected to each network switch is used to supply power to the network switch to ensure that the terminal is executed during the shutdown operation The bus network 310 keeps working normally.
在本公开中,所述当前关机策略可以包括人机接口系统中的各个服务器的关机顺序和等待时间。在本公开中,所述各个服务器的关机顺序和等待时间可以是根据人机接口系统30中的各个服务器的工况和各个服务器之间的通讯故障联动关系来确定的。这里,各个服务器的工况是指服务器的工作状况,即,当前运行多少个程序以及各个程序的当前执行情况。所述通讯故障联动关系是指因为服务器A的关闭而导致如果服务器B未关闭则会产生通讯故障。例如,假如服务器A被关闭时,如果服务器B未被关闭,则服务器B会因为服务器A的关闭而发生通讯故障,比如,服务器B的数据会发生丢失等。在这种情况下,服务器A被认为是与服务器B之间存在通讯故障联动关系,并且在关机策略中,服务器A的关机顺序被设置为在服务器B的关机顺序之后。In the present disclosure, the current shutdown strategy may include the shutdown sequence and waiting time of each server in the human-machine interface system. In the present disclosure, the shutdown sequence and waiting time of each server may be determined according to the working conditions of each server in the human-machine interface system 30 and the communication failure linkage relationship between each server. Here, the working condition of each server refers to the working condition of the server, that is, how many programs are currently running and the current execution status of each program. The communication failure linkage relationship refers to a communication failure that occurs if server B is not shut down due to the shutdown of server A. For example, if server A is shut down, if server B is not shut down, server B will have a communication failure due to the shutdown of server A, for example, the data of server B will be lost. In this case, Server A is considered to have a communication failure linkage relationship with Server B, and in the shutdown policy, the shutdown sequence of Server A is set after the shutdown sequence of Server B.
此外,在图3中示出的示例中,失电保护服务器327可以被设置为针对人机接口系统中的其他服务器具有无密码访问功能,以及当前关机策略 可以是存储在失电保护服务器327中的预定关机策略。在这种情况下,在失电保护服务器327上的UPS电源管理客户端监测到一个UPS电源330上发生外部电源失电后,失电保护服务器327被配置为:按照在失电保护服务器327中存储的预定关机策略,来经由终端总线网络310对人机交互服务器321、至少一个PU服务器322、至少一个OT服务器323、至少一个SU服务器324、至少一个ESDBA服务器325、至少一个XU服务器326、至少一个ES服务器325’和失电保护服务器327执行关机操作。In addition, in the example shown in FIG. 3, the power failure protection server 327 may be set to have a password-less access function for other servers in the human-machine interface system, and the current shutdown policy may be stored in the power failure protection server 327 Scheduled shutdown strategy. In this case, after the UPS power management client on the power failure protection server 327 detects an external power failure on a UPS power supply 330, the power failure protection server 327 is configured as follows: The stored predetermined shutdown strategy to the human-computer interaction server 321, at least one PU server 322, at least one OT server 323, at least one SU server 324, at least one ESDBA server 325, at least one XU server 326, at least one via the terminal bus network 310 An ES server 325' and a power failure protection server 327 perform a shutdown operation.
在本公开的一个示例中,经由终端总线网络310来根据当前关机策略对人机交互服务器321、至少一个PU服务器322、至少一个OT服务器323、至少一个SU服务器324、至少一个ESDBA服务器325、至少一个XU服务器326、至少一个ES服务器325’和失电保护服务器327执行关机操作可以包括:按照当前关机策略中的关机顺序依次向对应的服务器发送关机指令,并且优选地,针对每个服务器的关机指令是在向所述关机顺序中的上一服务器发送关机指令后等待一段对应的等待时间后才发出的。In an example of the present disclosure, the human-machine interaction server 321, at least one PU server 322, at least one OT server 323, at least one SU server 324, at least one ESDBA server 325, at least One XU server 326, at least one ES server 325' and the power failure protection server 327 performing the shutdown operation may include: sequentially sending a shutdown instruction to the corresponding server according to the shutdown sequence in the current shutdown strategy, and preferably, shutting down for each server The instruction is issued after waiting for a corresponding waiting time after sending a shutdown instruction to the previous server in the shutdown sequence.
例如,假设PU 322,OT 323,SU 324,ESDBA 325是Linux操作系统的服务器,失电保护服务器327和人机交互服务器321是基于Windows操作系统的同一服务器Eng-server,ES 325’(例如,ES680)是Solaris操作系统的服务器,并且UPS电源管理客户端和失电保护程序(即,执行脚本)都配置在失电保护服务器327上。For example, suppose PU322, OT323, SU324, ESDBA325 are servers of Linux operating system, power failure protection server 327 and human-computer interaction server 321 are the same server based on Windows operating system Eng-server, ES325' (for example, (ES680) is a server of the Solaris operating system, and the UPS power management client and the power failure protection program (ie, execution script) are both configured on the power failure protection server 327.
当发生比如失去外部供电这类的事件时,为了保护所有服务器安全停机。在失电保护服务器327(即,Windows服务器Eng-server)上执行失电保护程序(即,执行脚本),该执行脚本将按照所制定的当前关机策略来关闭各个服务器。When an event such as loss of external power supply occurs, in order to protect all servers to shut down safely. A power failure protection program (ie, execution script) is executed on the power failure protection server 327 (ie, Windows server Eng-server), and the execution script will shut down each server in accordance with the current shutdown policy that has been formulated.
例如,在上述情况下,由于OT和SU都需要PU正常运行才能正常工作。若PU停止运行,则OT和SU会自动进入故障状态,所以在停止服务器时,需要先停止OT和SU,然后再停止PU。由此,在所制定的关机策略中,OT和SU的关机顺序在PU之前。例如,当前关机顺序可以是OT->SU->PU->ES>ESDBA->Eng-server,并且OT的等待时间是20s,SU的等待时间是20s,PU的等待时间是30s,ES的等待时间是20s以及ESDBA的等待时间是20s。For example, in the above case, since both the OT and SU require the PU to operate normally to work properly. If the PU stops running, the OT and SU will automatically enter the fault state, so when stopping the server, you need to stop the OT and SU first, and then stop the PU. Therefore, in the formulated shutdown strategy, the shutdown sequence of OT and SU is before PU. For example, the current shutdown sequence can be OT->SU->PU->ES>ESDBA->Eng-server, and the waiting time of OT is 20s, the waiting time of SU is 20s, the waiting time of PU is 30s, and the waiting of ES The time is 20s and the waiting time of ESDBA is 20s.
失电保护程序脚本的执行顺序流程例如可以是:在检测到外部电源供电故障后,服务器Eng-server运行服务器关机脚本“remote_shutdownt2k.sh”以按照当前关机策略来对各个服务器执行关机操作。具体地,首先,向服务器OT发送首条关机指令以使得服务器OT停止其操作监控(Operation Monitoring,OM)服务并执行关机,并且在发出首条指令后等待20s,接着向服务器SU发送第二条关机指令以使得服务器SU停止其OM服务并执行关机。接着,在发出第二条指令后等待20s,然后向服务器PU发送第三条关机指令,以使得服务器PU停止其OM服务并执行关机。在发出第三条指令后等待30s,向服务器ES发出第四条关机指令,以使得服务器ES停止其OM服务并执行关机。在发出第四条指令后等待20s,向服务器ESDBA发出第五条关机指令,以使得服务器ESDBA停止其OM服务并执行关机。在发出第五条指令后等待20s,向服务器Eng-server发出第六条关机指令,以使得服务器停止Eng-server其OM服务并执行关机。The execution sequence flow of the power failure protection program script may be, for example: After detecting the failure of the external power supply, the server Eng-server runs the server shutdown script "remote_shutdownt2k.sh" to perform the shutdown operation on each server according to the current shutdown strategy. Specifically, first, send the first shutdown instruction to the server OT to cause the server OT to stop its operation monitoring (OM) service and perform shutdown, and wait 20s after issuing the first instruction, and then send the second instruction to the server SU The shutdown instruction causes the server SU to stop its OM service and perform shutdown. Then, after issuing the second instruction, wait 20s, and then send a third shutdown instruction to the server PU, so that the server PU stops its OM service and performs shutdown. After issuing the third instruction, wait 30 seconds, and issue a fourth shutdown instruction to the server ES, so that the server ES stops its OM service and performs shutdown. After issuing the fourth instruction, wait 20s, and issue a fifth shutdown instruction to the server ESDBA, so that the server ESDBA stops its OM service and performs shutdown. After issuing the fifth instruction, wait for 20s and issue the sixth shutdown instruction to the server Eng-server, so that the server stops the Eng-server OM service and performs shutdown.
此外,在本公开的一个示例中,失电保护服务器327还可以被设置为针对所述人机接口系统中的其他服务器不具有无密码访问功能。图4示出了根据本公开的实施例的具有失电保护机制的人机接口系统30’的一个示例的示意图。与图3不同,图4中示出的人机接口系统30’包括针对人机接口系统中的其他服务器具有无密码访问功能的特定服务器,所述特定服务器是所述至少一个工作服务器和人机交互服务器321中之一,比如,人机交互服务器321或者服务器ESDBA 325。相应地,针对系统中的各个服务器的关机操作指令是由服务器ESDBA来发出的,而不是由失电保护服务器327发出的。In addition, in an example of the present disclosure, the power failure protection server 327 may also be set to have no password-less access function for other servers in the human-machine interface system. Fig. 4 shows a schematic diagram of an example of a human-machine interface system 30' with a power loss protection mechanism according to an embodiment of the present disclosure. Unlike FIG. 3, the human-machine interface system 30′ shown in FIG. 4 includes a specific server having a password-less access function for other servers in the human-machine interface system, the specific server being the at least one working server and the human-machine One of the interaction servers 321, for example, the human-computer interaction server 321 or the server ESDBA325. Correspondingly, the shutdown operation instruction for each server in the system is issued by the server ESDBA, not by the power failure protection server 327.
在失电保护服务器327上的UPS电源管理客户端监测到外部电源失电信号后,失电保护服务器327被配置为:向特定服务器(服务器ESDBA)发送关机指令,以使得该特定服务器(服务器ESDBA)按照当前关机策略来经由终端总线网络对至少一个操作服务器、至少一个数据处理服务器、至少一个扩展服务器、至少一个业务服务器、人机交互服务器和失电保护服务器执行关机操作。After the UPS power management client on the power failure protection server 327 detects an external power failure signal, the power failure protection server 327 is configured to: send a shutdown instruction to a specific server (server ESDBA), so that the specific server (server ESDBA) ) Perform shutdown operations on at least one operation server, at least one data processing server, at least one expansion server, at least one service server, human-computer interaction server, and power failure protection server via the terminal bus network according to the current shutdown strategy.
具体地,失电保护程序脚本的执行顺序流程是:在检测到外部电源供电故障后,失电保护服务器327运行“shutdownall.cmd”并且发送关闭指令 到服务器ESDBA。然后服务器ESDBA运行“remote_shutdownt2k.sh”来按照服务器关机顺序来执行服务器关机操作。具体地,首先,向服务器OT发送首条关机指令以使得服务器OT停止其OM服务并执行关机,并且在发出首条指令后等待20s,接着向服务器SU发送第二条关机指令以使得服务器SU停止其OM服务并执行关机。接着,在发出第二条指令后等待20s,然后向服务器PU发送第三条关机指令,以使得服务器PU停止其OM服务并执行关机。在发出第三条指令后等待30s,向服务器ES发出第四条关机指令,以使得服务器ES停止其OM服务并执行关机。在发出第四条指令后等待20s,使得服务器ESDBA停止其OM服务并执行关机。然后,在失电保护服务器327发出关闭指令后等待110s,使得失电保护服务器327停止其OM服务并执行关机。Specifically, the execution sequence of the power failure protection program script is: after detecting the failure of the external power supply, the power failure protection server 327 runs "shutdownall.cmd" and sends a shutdown instruction to the server ESDBA. Then the server ESDBA runs "remote_shutdownt2k.sh" to perform the server shutdown operation according to the server shutdown sequence. Specifically, first, send the first shutdown instruction to the server OT to cause the server OT to stop its OM service and perform shutdown, and wait 20s after issuing the first instruction, and then send a second shutdown instruction to the server SU to stop the server SU Its OM service and perform shutdown. Then, after issuing the second instruction, wait 20s, and then send a third shutdown instruction to the server PU, so that the server PU stops its OM service and performs shutdown. After issuing the third instruction, wait 30 seconds, and issue a fourth shutdown instruction to the server ES, so that the server ES stops its OM service and performs shutdown. After issuing the fourth instruction, wait 20s, so that the server ESDBA stops its OM service and performs shutdown. Then, after the power-off protection server 327 issues a shutdown instruction, it waits for 110 s, so that the power-off protection server 327 stops its OM service and performs shutdown.
在本公开的另一示例中,失电保护服务器327中也可以没有预先存储预定关机策略。相应地,失电保护服务器327还可以被配置为:获取人机接口系统中的各个服务器的当前工况和各个服务器之间的故障联动关系;以及基于所获取的人机接口系统中的各个服务器的当前工况和各个服务器之间的故障联动关系,制定当前关机策略。例如,失电保护服务器327可以基于所获取的各个服务器的当前工况来确定各个服务器上的系统关闭所需要的时间,即,该服务器所对应的等待时间。此外,失电保护服务器327可以基于所获取的各个服务器之间的故障联动关系来确定各个服务器的关机顺序。In another example of the present disclosure, the power-off protection server 327 may not store a predetermined shutdown policy in advance. Correspondingly, the power failure protection server 327 may also be configured to: obtain the current working conditions of each server in the human-machine interface system and the fault linkage relationship between each server; and based on each server in the acquired human-machine interface system The current working conditions and the fault linkage relationship between each server, formulate the current shutdown strategy. For example, the power failure protection server 327 may determine the time required for the system on each server to shut down based on the acquired current operating conditions of each server, that is, the waiting time corresponding to the server. In addition, the power failure protection server 327 may determine the shutdown sequence of each server based on the acquired fault linkage relationship between each server.
然后,失电保护服务器327按照所制定的当前关机策略来经由终端总线网络310对人机交互服务器321、至少一个PU服务器322、至少一个OT服务器323、至少一个SU服务器324、至少一个ESDBA服务器325、至少一个XU服务器326、至少一个ES服务器325’和失电保护服务器327执行关机操作。Then, the power failure protection server 327 responds to the human-machine interaction server 321, at least one PU server 322, at least one OT server 323, at least one SU server 324, and at least one ESDBA server 325 via the terminal bus network 310 according to the established current shutdown strategy , At least one XU server 326, at least one ES server 325', and power failure protection server 327 perform a shutdown operation.
在本公开的另一示例中,失电保护服务器327也可以被配置为在监测到外部电源失电并持续预定时间(比如,持续预定分钟)后,才开始经由终端总线网络310来根据当前关机策略对人机交互服务器321、至少一个PU服务器322、至少一个OT服务器323、至少一个SU服务器324、至少一个ESDBA服务器325、至少一个XU服务器326、至少一个ES服务器 325’和失电保护服务器327执行关机操作。In another example of the present disclosure, the power failure protection server 327 may also be configured to start the shutdown according to the current shutdown via the terminal bus network 310 after detecting that the external power supply has been powered off for a predetermined time (for example, for a predetermined minute). The policy is to the human-computer interaction server 321, at least one PU server 322, at least one OT server 323, at least one SU server 324, at least one ESDBA server 325, at least one XU server 326, at least one ES server 325' and power failure protection server 327 Perform shutdown operation.
此外,可选地,在本公开的一个示例中,失电保护服务器327的失电保护程序或失电保护程序也可以被实现在UPS电源管理客户端中。In addition, optionally, in one example of the present disclosure, the power failure protection program or power failure protection program of the power failure protection server 327 may also be implemented in the UPS power management client.
此外,可选地,在本公开的一个示例中,至少一个UPS电源中的每个UPS电源可以被配置为向人机接口系统中的至少两个服务器供电。例如,一台1500VA的UPS电源可以保证4台服务器的短期供电,从而大大节省了相应的项目成本。In addition, optionally, in one example of the present disclosure, each of the at least one UPS power supply may be configured to supply power to at least two servers in the human-machine interface system. For example, a 1500VA UPS power supply can guarantee the short-term power supply of 4 servers, thereby greatly saving the corresponding project cost.
图5示出了根据本公开的实施例的具有失电保护机制的人机接口系统30”的一个示例的示意图。图5中示出的人机接口系统30”是对图3中示出的人机接口系统30的改进,该改进的人机接口系统适用于模拟机系统,例如,西门子的SPPA-S2000(FSS)系统。5 shows a schematic diagram of an example of a human-machine interface system 30" with a power loss protection mechanism according to an embodiment of the present disclosure. The human-machine interface system 30" shown in FIG. 5 is shown in FIG. 3. The improvement of the human-machine interface system 30. The improved human-machine interface system is suitable for a simulation machine system, for example, the SPPA-S2000 (FSS) system of Siemens.
与图3相比,除了图3中示出的组件之外,图5中示出的人机接口系统30”还包括:至少一个仿真服务器328和至少一个模拟服务器329。至少一个仿真服务器328被配置为获取各个服务器的当前工况和设定模型;以及至少一个模拟服务器329被配置为模拟所述人机接口系统中的各个服务器的现场输入数据和现场输出数据。此外,所述至少一个模拟服务器329中的每个模拟服务器由至少一个UPS电源中的一个UPS电源供电,并且通过网络线缆340连接到终端总线网络310。Compared with FIG. 3, in addition to the components shown in FIG. 3, the human-machine interface system 30" shown in FIG. 5 further includes: at least one simulation server 328 and at least one simulation server 329. At least one simulation server 328 is Configured to obtain the current working conditions and set models of each server; and at least one simulation server 329 is configured to simulate the field input data and field output data of each server in the human-machine interface system. In addition, the at least one simulation Each simulated server in the server 329 is powered by one of the at least one UPS power supply, and is connected to the terminal bus network 310 through a network cable 340.
与图3类似,图5中的示出的人机接口系统30”中的失电保护服务器327针对人机接口系统中的其他服务器具有无密码访问功能,并且服务器关机操作是由失电保护服务器327来执行的。图5中的失电保护服务器327的服务器关机操作可以类似于上述参照图3中描述的服务器关机操作。例如,在一个示例中,各个服务器的关机顺序可以是OT->SU->PU->ES>ESDBA->SimServer(模拟服务器)->EmuServer(仿真服务器)->Eng-server。Similar to FIG. 3, the power failure protection server 327 in the human-machine interface system 30" shown in FIG. 5 has a passwordless access function for other servers in the human-machine interface system, and the server shutdown operation is performed by the power failure protection server 327. The server shutdown operation of the power failure protection server 327 in FIG. 5 may be similar to the server shutdown operation described above with reference to FIG. 3. For example, in one example, the shutdown sequence of each server may be OT->SU ->PU->ES>ESDBA->SimServer (simulation server)->EmuServer (simulation server)->Eng-server.
图6示出了根据本公开的实施例的具有失电保护的人机接口系统30”’的一个示例的示意图。图6中的结构与图5中完全相同,其不同之处在于,图6中的示出的人机接口系统30”’中的失电保护服务器针对人机接口系统中的其他服务器不具有无密码访问功能,并且服务器关机操作是由服务器ESDBA 325来执行的。图6中的失电保护服务器327的服务器关机操作可 以参考上述参照图4中描述的服务器关机操作。例如,在一个示例中,各个服务器的关机顺序可以是OT->SU->PU->ES>ESDBA->SimServer->EmuServer->Eng-server。FIG. 6 shows a schematic diagram of an example of a human-machine interface system 30”′ with power loss protection according to an embodiment of the present disclosure. The structure in FIG. 6 is completely the same as that in FIG. 5, except that FIG. 6 The power failure protection server in the human-machine interface system 30 ″ shown in FIG. 3 does not have a passwordless access function for other servers in the human-machine interface system, and the server shutdown operation is performed by the server ESDBA325. The server shutdown operation of the power failure protection server 327 in FIG. 6 may refer to the server shutdown operation described above with reference to FIG. 4. For example, in an example, the shutdown sequence of each server may be OT->SU->PU->ES>ESDBA->SimServer->EmuServer->Eng-server.
上面结合附图阐述的具体实施方式描述了示例性实施例,但并不表示可以实现的或者落入权利要求书的保护范围的所有实施例。在整个本说明书中使用的术语“示例性”意味着“用作示例、实例或例示”,并不意味着比其它实施例“优选”或“具有优势”。出于提供对所描述技术的理解的目的,具体实施方式包括具体细节。然而,可以在没有这些具体细节的情况下实施这些技术。在一些实例中,为了避免对所描述的实施例的概念造成难以理解,公知的结构和装置以框图形式示出。The specific embodiments described above in conjunction with the drawings describe exemplary embodiments, but do not represent all embodiments that can be implemented or fall within the scope of protection of the claims. The term "exemplary" used throughout this specification means "used as an example, instance, or illustration" and does not mean "preferred" or "advantageous" over other embodiments. For the purpose of providing an understanding of the described technology, the detailed description includes specific details. However, these techniques can be implemented without these specific details. In some instances, in order to avoid making the concept of the described embodiments difficult to understand, well-known structures and devices are shown in block diagram form.
本公开内容的上述描述被提供来使得本领域任何普通技术人员能够实现或者使用本公开内容。对于本领域普通技术人员来说,对本公开内容进行的各种修改是显而易见的,并且,也可以在不脱离本公开内容的保护范围的情况下,将本文所定义的一般性原理应用于其它变型。因此,本公开内容并不限于本文所描述的示例和设计,而是与符合本文公开的原理和新颖性特征的最广范围相一致。The above description of the present disclosure is provided to enable any person of ordinary skill in the art to implement or use the present disclosure. For those of ordinary skill in the art, various modifications to the present disclosure are obvious, and the general principles defined herein may also be applied to other variations without departing from the scope of protection of the present disclosure . Therefore, this disclosure is not limited to the examples and designs described herein, but is consistent with the broadest scope consistent with the principles and novel features disclosed herein.

Claims (13)

  1. 一种用于发电厂的具有失电保护机制的人机接口系统(30),包括:至少一个UPS电源(330)、至少一个工作服务器、人机交互服务器(321)、失电保护服务器(327)以及连接有至少一个网络交换机的终端总线网络(310),A man-machine interface system (30) with power failure protection mechanism for power plants includes: at least one UPS power supply (330), at least one work server, human-machine interaction server (321), and power failure protection server (327) ) And a terminal bus network (310) connected with at least one network switch,
    其中,所述至少一个工作服务器、所述人机交互服务器(321)、所述失电保护服务器(327)以及所述终端总线网络(310)中的至少一个网络交换机与所述至少一个UPS电源(330)中的一个UPS电源(330)通过电源线(350)相连,以使得外部电源通过所述至少一个UPS电源(330)来向所述人机接口系统(30)中的各个服务器和网络交换机供电,Wherein, the at least one working server, the human-computer interaction server (321), the power failure protection server (327) and the terminal bus network (310) at least one network switch and the at least one UPS power supply One UPS power supply (330) in (330) is connected through a power cord (350), so that an external power supply passes through the at least one UPS power supply (330) to each server and network in the human-machine interface system (30) Switch power supply,
    所述至少一个工作服务器、所述人机交互服务器(321)和所述失电保护服务器(327)通过网络线缆(340)连接到所述终端总线网络(310),以及所述失电保护服务器(327)通过网络线缆(340)与所述至少一个UPS电源(330)中的一个或多个UPS电源(330)相连,以及The at least one working server, the human-computer interaction server (321) and the power failure protection server (327) are connected to the terminal bus network (310) through a network cable (340), and the power failure protection The server (327) is connected to one or more UPS power supplies (330) of the at least one UPS power supply (330) through a network cable (340), and
    所述失电保护服务器(327)上设置有UPS电源管理客户端,所述UPS电源管理客户端被配置为对所连接的UPS电源(330)进行外部电源失电监测,A UPS power management client is provided on the power failure protection server (327), the UPS power management client is configured to perform external power failure monitoring on the connected UPS power supply (330),
    其中,在监测到外部电源失电时,所述失电保护服务器(327)被配置为经由所述终端总线网络(310)来根据当前关机策略对所述至少一个工作服务器、所述人机交互服务器(321)和所述失电保护服务器(327)执行关机操作,所述当前关机策略包括所述人机接口系统(30)中的各个服务器的关机顺序和等待时间。When it is detected that the external power supply loses power, the power failure protection server (327) is configured to interact with the at least one working server and the human-computer interaction according to the current shutdown strategy via the terminal bus network (310) The server (321) and the power failure protection server (327) perform a shutdown operation, and the current shutdown strategy includes the shutdown sequence and waiting time of each server in the human-machine interface system (30).
  2. 如权利要求1所述的人机接口系统(30),其中,所述至少一个UPS电源(330)中的各个UPS电源(330)被配置为向所述人机接口系统(30)中的至少两个服务器供电。The human-machine interface system (30) of claim 1, wherein each of the at least one UPS power supply (330) is configured to provide at least one of the human-machine interface systems (30) Both servers are powered.
  3. 如权利要求1所述的人机接口系统(30),其中,所述失电保护服务器(327)针对所述人机接口系统(30)中的其他服务器具有无密码访问 功能,以及所述失电保护服务器(327)被配置为:The human-machine interface system (30) according to claim 1, wherein the power failure protection server (327) has a passwordless access function for other servers in the human-machine interface system (30), and the lost The electrical protection server (327) is configured to:
    按照所述当前关机策略来经由所述终端总线网络(310)来对所述至少一个工作服务器、所述人机交互服务器(321)和所述失电保护服务器(327)执行关机操作。According to the current shutdown strategy, a shutdown operation is performed on the at least one work server, the human-computer interaction server (321), and the power failure protection server (327) via the terminal bus network (310).
  4. 如权利要求1所述的人机接口系统(30),其中,所述失电保护服务器(327)针对所述人机接口系统(30)中的其他服务器不具有无密码访问功能,所述人机接口系统(30)中存在针对所述人机接口系统中的其他服务器具有无密码访问功能的特定服务器,所述特定服务器是所述至少一个工作服务器、所述人机交互服务器(321)中之一,以及所述失电保护服务器(327)被配置为:The human-machine interface system (30) according to claim 1, wherein the power failure protection server (327) does not have a passwordless access function for other servers in the human-machine interface system (30), the person There is a specific server in the machine interface system (30) that has a password-less access function for other servers in the man-machine interface system, and the specific server is the at least one work server and the human-computer interaction server (321) One, and the power failure protection server (327) is configured to:
    向所述特定服务器发送所述当前关机策略,以使得所述特定服务器按照所述当前关机策略来经由所述终端总线网络(310)对所述至少一个工作服务器、所述人机交互服务器(321)和所述失电保护服务器(327)执行关机操作。Sending the current shutdown strategy to the specific server, so that the specific server responds to the at least one working server and the human-computer interaction server (321) via the terminal bus network (310) according to the current shutdown strategy ) And the power failure protection server (327) perform a shutdown operation.
  5. 如权利要求1到4中任一所述的人机接口系统(30),其中,经由所述终端总线网络(310)来根据当前关机策略对所述至少一个工作服务器、所述人机交互服务器(321)和所述失电保护服务器(327)执行关机操作包括:The human-machine interface system (30) according to any one of claims 1 to 4, wherein the at least one work server and the human-machine interaction server are processed according to the current shutdown strategy via the terminal bus network (310) (321) and the power-off protection server (327) performing the shutdown operation includes:
    按照所述当前关机策略中的关机顺序依次向对应的服务器发送关机指令,并且针对每个服务器的关机指令是在向所述关机顺序中的上一服务器发送关机指令后等待对应的等待时间后才发出的。Send a shutdown instruction to the corresponding server in turn according to the shutdown sequence in the current shutdown strategy, and the shutdown instruction for each server waits for the corresponding waiting time after sending the shutdown instruction to the previous server in the shutdown sequence issued.
  6. 如权利要求1所述的人机接口系统(30),其中,所述失电保护服务器(327)和所述人机交互服务器(321)是基于Windows系统的服务器。The human-machine interface system (30) according to claim 1, wherein the power failure protection server (327) and the human-computer interaction server (321) are Windows-based servers.
  7. 如权利要求6所述的人机接口系统(30),其中,所述失电保护服务器(327)和所述人机交互服务器(321)是同一服务器。The human-machine interface system (30) according to claim 6, wherein the power failure protection server (327) and the human-machine interaction server (321) are the same server.
  8. 如权利要求1所述的人机接口系统(30),其中,所述失电保护服务器(327)被配置为在监测到外部电源失电并持续预定时间后,经由所述终端总线网络(310)来根据所述当前关机策略对所述至少一个工作服务器、所述人机交互服务器(321)和所述失电保护服务器(327)执行关机操作。The human-machine interface system (30) according to claim 1, wherein the power failure protection server (327) is configured to pass the terminal bus network (310) after detecting the power failure of the external power supply for a predetermined time ) To perform a shutdown operation on the at least one work server, the human-computer interaction server (321), and the power failure protection server (327) according to the current shutdown strategy.
  9. 如权利要求1所述的人机接口系统(30),其中,所述失电保护服务器(327)还被配置为:The human-machine interface system (30) according to claim 1, wherein the power failure protection server (327) is further configured to:
    获取所述人机接口系统(30)中的各个服务器的当前工况和各个服务器之间的通讯故障联动关系;以及Acquiring the current working condition of each server in the human-machine interface system (30) and the communication failure linkage relationship between each server; and
    根据所述人机接口系统(30)中的各个服务器的当前工况和各个服务器之间的通讯故障联动关系,制定所述当前关机策略。According to the current working condition of each server in the human-machine interface system (30) and the communication failure linkage relationship between each server, the current shutdown strategy is formulated.
  10. 如权利要求1所述的人机接口系统(30),其中,所述当前关机策略是存储在所述失电保护服务器(327)中的预定关机策略。The human-machine interface system (30) of claim 1, wherein the current shutdown strategy is a predetermined shutdown strategy stored in the power failure protection server (327).
  11. 如权利要求1所述的人机接口系统(30),其中,所述至少一个工作服务器包括下述服务器中的至少一种:The human-machine interface system (30) of claim 1, wherein the at least one work server comprises at least one of the following servers:
    至少一个数据处理服务器(322),At least one data processing server (322),
    至少一个操作服务器(323),At least one operation server (323),
    至少一个业务服务器(324),At least one business server (324),
    至少一个管理服务器(325,325’),和At least one management server (325, 325’), and
    至少一个扩展服务器(326)。At least one expansion server (326).
  12. 如权利要求11所述的人机接口系统(30),还包括:The human-machine interface system (30) according to claim 11, further comprising:
    至少一个仿真服务器(328),被配置为获取各个工作服务器的工况和设定模型;At least one simulation server (328) configured to obtain the working conditions and setting models of each working server;
    至少一个模拟服务器(329),被配置为模拟所述人机接口系统中的各个工作服务器的现场输入数据和现场输出数据,At least one simulation server (329) configured to simulate field input data and field output data of each working server in the human-machine interface system,
    其中,所述至少一个模拟服务器(329)中的每个模拟服务器由所述至少一个UPS电源(330)中的一个UPS电源(330)供电,并且通过网络线 缆(340)连接到所述终端总线网络(310)。Wherein, each simulation server in the at least one simulation server (329) is powered by one UPS power supply (330) in the at least one UPS power supply (330), and is connected to the terminal through a network cable (340) Bus network (310).
  13. 一种用于发电厂的分布式控制系统,包括如权利要求1到12中任一所述的人机接口系统(30)。A distributed control system for a power plant includes the human-machine interface system (30) according to any one of claims 1 to 12.
PCT/CN2019/128436 2018-12-26 2019-12-25 Man-machine interface system having power loss protection mechanism, and distributed control system WO2020135530A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201811601846.5 2018-12-26
CN201811601846.5A CN109656213B (en) 2018-12-26 2018-12-26 Man-machine interface system with power-loss protection mechanism and distributed control system

Publications (1)

Publication Number Publication Date
WO2020135530A1 true WO2020135530A1 (en) 2020-07-02

Family

ID=66116670

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/128436 WO2020135530A1 (en) 2018-12-26 2019-12-25 Man-machine interface system having power loss protection mechanism, and distributed control system

Country Status (2)

Country Link
CN (1) CN109656213B (en)
WO (1) WO2020135530A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109656213B (en) * 2018-12-26 2020-09-29 西门子电站自动化有限公司 Man-machine interface system with power-loss protection mechanism and distributed control system
CN111343016B (en) * 2020-02-21 2021-01-26 北京京东尚科信息技术有限公司 Cloud server cluster management method and device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1390008A (en) * 2002-07-15 2003-01-08 廖正钢 Interlligent power supply managing system based on network and uninterrupted power source and its management method
CN203825101U (en) * 2013-11-13 2014-09-10 中国能源建设集团广东省电力设计研究院 On-line monitoring system for all electrical devices at power plant
CN104238714A (en) * 2013-06-09 2014-12-24 上海梅山钢铁股份有限公司 Method for protecting computer systems after outage of uninterrupted power supply (UPS)
CN107544655A (en) * 2016-09-30 2018-01-05 河南众联云科工程技术有限公司 Computer system protection method after UPS power-off
CN109656213A (en) * 2018-12-26 2019-04-19 西门子电站自动化有限公司 Man-machine interface system and dcs with loss protecting mechanism

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH11155243A (en) * 1997-11-25 1999-06-08 Shin Kobe Electric Mach Co Ltd Uninterruptible power equipment and computer system with the uninterruptible power equipment
JP4277627B2 (en) * 2003-08-28 2009-06-10 富士電機システムズ株式会社 Communication system using uninterruptible power supply
US7296172B2 (en) * 2004-08-24 2007-11-13 Inventec Corporation Power control and management method for uninterruptible power system and servers
CN103885411B (en) * 2014-03-13 2017-07-11 中国能源建设集团广东省电力设计研究院有限公司 Power plant complex automatic system
US9748799B2 (en) * 2015-02-12 2017-08-29 Eaton Corporation Adaptable external battery modules and related systems
EP3379351B1 (en) * 2017-03-22 2020-04-29 Siemens Aktiengesellschaft Method for operating an automation device and automation device
CN109669374A (en) * 2018-12-20 2019-04-23 长沙新材料产业研究院有限公司 A kind of MPCVD synthesis device circuit breaking protective system and control method
CN111176749B (en) * 2019-12-17 2022-07-08 苏州浪潮智能科技有限公司 High-performance computing cluster closing method and device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1390008A (en) * 2002-07-15 2003-01-08 廖正钢 Interlligent power supply managing system based on network and uninterrupted power source and its management method
CN104238714A (en) * 2013-06-09 2014-12-24 上海梅山钢铁股份有限公司 Method for protecting computer systems after outage of uninterrupted power supply (UPS)
CN203825101U (en) * 2013-11-13 2014-09-10 中国能源建设集团广东省电力设计研究院 On-line monitoring system for all electrical devices at power plant
CN107544655A (en) * 2016-09-30 2018-01-05 河南众联云科工程技术有限公司 Computer system protection method after UPS power-off
CN109656213A (en) * 2018-12-26 2019-04-19 西门子电站自动化有限公司 Man-machine interface system and dcs with loss protecting mechanism

Also Published As

Publication number Publication date
CN109656213B (en) 2020-09-29
CN109656213A (en) 2019-04-19

Similar Documents

Publication Publication Date Title
CN103064382B (en) Optical proximity correction (OPC) embedded-type remote data collecting system and method based on ARM framework
CN101902491A (en) Remote management system and control device
WO2020135530A1 (en) Man-machine interface system having power loss protection mechanism, and distributed control system
CN103135732B (en) Server cabinet system
CN102571498A (en) Fault injection control method and device
KR20190137665A (en) Method and device for controlling solar energy system, central controller and solar energy system
CN201467145U (en) Remote management system and control device
CN103345952B (en) A kind of operator's auxiliary computing system based on model
CN104598346A (en) Monitoring and management device and method for quick fault positioning in server system
TW591434B (en) A method for automatically saving application programs in the devices connecting UPS
WO2016197856A2 (en) Method and device for managing active ethernet terminal power source
CN105179156B (en) Pump-storage generator controls program off-line test system and method
CN106407081B (en) Case management system and server
US20100131643A1 (en) Remotely managed device
WO2023125702A1 (en) Cloud management method and system for battery swapping station, server, and storage medium
CN112732311B (en) BMS program hot updating method, system and medium for large energy storage system
CN109525436A (en) Application program main/standby switching method and system
JP2008003735A (en) Automatic stop system of information processing system connected to uninterruptible power supply
CN102023887A (en) Power supply management method of computer system and computer system
CN114095343A (en) Disaster recovery method, device, equipment and storage medium based on double-active system
CN114138567A (en) Substrate management control module maintenance method, device, equipment and storage medium
CN107423113B (en) Method for managing virtual equipment, out-of-band management equipment and standby virtual equipment
CN111030297A (en) Method and device for monitoring power failure of machine room commercial power
CN113806012B (en) System for integrating functions of embedded equipment of power system and operation method of system
CN103795738A (en) Acquisition terminal and remote monitoring system applying acquisition terminal

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19904062

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19904062

Country of ref document: EP

Kind code of ref document: A1