Mol, Belgium, 6-9 May 2007 Fifth International Workshop on the Utilisation and Reliability of High Power Proton Accelerators Reliability studies Reliability studies for a superconducting driver for an ADS linac for an ADS linac Paolo Pierini, Luciano Burgazzi Work supported by the EURATOM 6° framework program of the EC, under contract FI6W-CT-2004-516520
28
Embed
Reliability studiesReliability studies for a ...€¦ · reliability model of the driver superconducting linac o f High Power Pr reliability model of the driver superconducting linac
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Mol, Belgium, 6-9 May 2007
Fifth International Workshop on the Utilisation and Reliability of High Power Proton Accelerators
, g , y
Reliability studiesReliability studies for a superconducting driver
for an ADS linacfor an ADS linacPaolo Pierini, Luciano Burgazzig
Work supported by the EURATOM 6°framework program of the EC, under contract FI6W-CT-2004-516520
rs
The activityot
on A
ccel
erat
or • Starting with FP5 PDS-XADS we have started developing a qualitative FMEA + a lumped-component reliability model of the driver superconducting linac
of H
igh
Pow
er P
ro reliability model of the driver superconducting linac– preliminary “parts count” assessment presented at HPPA4
f f
and
Rel
iabi
lity
o • Extended study to variety of linac configurations» RESS 92 (2007) 449-463
– concentrate on design issues rather than component data
on th
e U
tilis
atio
n
– fault tolerance implementation– missing of a exhaustive and representative reliability parameter
database
onal
Wor
ksho
p o
• FP6 EUROTRANS assumes the same linac layout• Study extended to show sensitivity to component
Fifth
Inte
rnat
io
Mol, 6-9 May 2007 2
reliability characteristics
rs
Outcome of FP5 PDS-XADS activitiesot
on A
ccel
erat
or • Three project deliverables dedicated to reliability assessments– Qualitative FMEA
of H
igh
Pow
er P
ro
– RBD analysis– Assessment of (lack of) existing MTBF
database for components
and
Rel
iabi
lity
o – Identification of redundant and fault tolerant linac configurations intended to provide nominal reliability characteristics
on th
e U
tilis
atio
n characteristics
onal
Wor
ksho
p o
Fifth
Inte
rnat
io
Mol, 6-9 May 2007 3
rs
Definition of the reliability objectivesot
on A
ccel
erat
or • Define a Mission Time, the operation period for which we need to carry out estimations – Depends on design of subcritical assembly/fuel cycle
of H
igh
Pow
er P
ro Depends on design of subcritical assembly/fuel cycle
• Define parameter for reliability goal– Fault Rate, i.e. Number of system faults per mission
and
Rel
iabi
lity
o
– Availability– No concern on R parameter at mission time
• R is the survival probability
on th
e U
tilis
atio
n
y• relevant for mission critical (non repairable environments)
• Provide corrective maintenance “rules” on elementsComponents in the accelerator tunnel can be repaired only
onal
Wor
ksho
p o – Components in the accelerator tunnel can be repaired only
during system halt• Personnel protection issues in radiation areas
Redundant components in shielded areas can be repaired
Fifth
Inte
rnat
io
Mol, 6-9 May 2007 4
– Redundant components in shielded areas can be repaired immediately
rs
Reliability goalot
on A
ccel
erat
or • Assumed XT-ADS– 3 months of continuous operation with < 3 trips per period– 1 month of long shutdown
of H
igh
Pow
er P
ro 1 month of long shutdown– 3 operation cycles per year– 10 trips per year
and
Rel
iabi
lity
o
– no constraints on R
on th
e U
tilis
atio
n
Mission Time 2190 hoursG l MTBF 700 h
onal
Wor
ksho
p o Goal MTBF ~ 700 hours
Goal number of failures per mission ~ 3Reliability parameter Unconstrained
Fifth
Inte
rnat
io
Mol, 6-9 May 2007 5
y p
rs
RAMSot
on A
ccel
erat
or • Baseline idea: use a commercial available RAMS tool for formal accelerator reliability estimations– Powerful RBD analysis
– High energy linac: 43.5%– Beam line: 0.6%– Support systems: 2.7%
on th
e U
tilis
atio
n
pp y
• Of course, the highest number of components is in the li ( l 100 RF it h ith h RF it
onal
Wor
ksho
p o linac (nearly 100 RF units each, with each RF units
having an MTBF of 5700 h...• That already suggests where to implement strategies for
Fifth
Inte
rnat
io
Mol, 6-9 May 2007 15
y gg p gredundancy and fault tolerance implementation
rs
SubsystemsInjector
oton
Acc
eler
ator Injector
of H
igh
Pow
er P
ro
S t S t Standard support systems with MTBFs only moderately
and
Rel
iabi
lity
o Support Systems Standard support systems, with MTBFs only moderately tailored to mission time. Each system R(Mission time) = 0.48.
on th
e U
tilis
atio
n
RF Units
onal
Wor
ksho
p o
Fifth
Inte
rnat
io
Mol, 6-9 May 2007 16
RF Unit MTBF (full) ~ 5700 hours
RF Unit MTBF (in-tunnel) ~ 6100 hours
rs
Initial Scenario – All Series, no redundancyot
on A
ccel
erat
or • Worst possible case– similar to parts count
of H
igh
Pow
er P
ro
• All component failures lead to a system failure
and
Rel
iabi
lity
o
• Poor MTBF• Too many failures
per mission
on th
e U
tilis
atio
n per mission
• Mostly due to RF units5700/188 30 32 h
onal
Wor
ksho
p o • 5700/188 = 30.32 h
System MTBF 31.2 hours
Fifth
Inte
rnat
io
Mol, 6-9 May 2007 17
Number of failures 70.23
Steady State Availability 87.2 %
rs
Mitigating occurrence of faults by system designot
on A
ccel
erat
or • Clearly, in the region where we are driven by high number of moderately reliable components we don’t want a series connection (where each component fault
of H
igh
Pow
er P
ro want a series connection (where each component fault means a system fault)– Need to provide fault tolerance
and
Rel
iabi
lity
o
• Luckily, the SC linac has ideal perspectives for introducing tolerance to RF faults:
on th
e U
tilis
atio
n introducing tolerance to RF faults:– highly modular pattern of repeated components providing the
same functions (beam acceleration and focussing)individual cavity RF feed digital LLRF regulation with setpoints
onal
Wor
ksho
p o – individual cavity RF feed, digital LLRF regulation with setpoints
and tabulated procedures
Fifth
Inte
rnat
io
Mol, 6-9 May 2007 18
• In the injector low fault rates can be achieved by redundancy
rs
2 Sources - ∞ Fault Tolerant SC sectionot
on A
ccel
erat
or
Dream LinacDream Linac
of H
igh
Pow
er P
ro
• Double the injector
and
Rel
iabi
lity
o • Double the injector– Perfect switching– Repair can be
immediate
on th
e U
tilis
atio
n immediate• Assume infinite FT
in linac section• Reliability goal is
onal
Wor
ksho
p o
System MTBF 796.91 hours
• Reliability goal is reached!
Fifth
Inte
rnat
io
Mol, 6-9 May 2007 19
Number of failures 2.75
Steady State Availability 99.5 %
rs
2 Sources – Redundant RF Systemsot
on A
ccel
erat
or • Keep 2 sources• Assume that we can
deal at any moment with
of H
igh
Pow
er P
ro any 2 RF Units failing at any position in the SC sections
and
Rel
iabi
lity
o – Maintenance can be performed on the failing units while system is in operation
on th
e U
tilis
atio
n system is in operation– ideal detection and
switching
onal
Wor
ksho
p o
System MTBF 757.84 hours
• Still within goals
Fifth
Inte
rnat
io
Mol, 6-9 May 2007 20
Number of failures 2.89
Steady State Availability 99.5 %
rs
Realistic RF Unit correction provisionsot
on A
ccel
erat
or • When assuming parallelism and lumped components we should be consistent in defining repair provisions
• For example the components in the RF system that are
of H
igh
Pow
er P
ro • For example, the components in the RF system that are out of the main accelerator tunnel can be immediately repairable, but certainly not all RF power components
and
Rel
iabi
lity
o that are inside the protected-access tunnel– Even if the in-tunnel component can be considered in parallel
(we may tolerate failures to some degree), all repairs are
on th
e U
tilis
atio
n executed ONLY when the system is stopped– This greatly changes system MTBF
onal
Wor
ksho
p o
Fifth
Inte
rnat
io
Mol, 6-9 May 2007 21
rs
Final Scheme – Split RF Systemsot
on A
ccel
erat
or • Keep 2 sources• Split RF Units
– Out of tunnel
of H
igh
Pow
er P
ro
• Immediate repair• Any 2 can fail/section
– In tunnel
and
Rel
iabi
lity
o • 1 redundant/section• Repair @ system
failure
on th
e U
tilis
atio
n
System MTBF 550 hours
Number of failures 3.8
Steady State Availability 97.9 %
onal
Wor
ksho
p o
System MTBF 720 hours
• Increasing only MTBFx2 of support systems
Fifth
Inte
rnat
io
Mol, 6-9 May 2007 22
System MTBF 720 hours
Number of failures 2.80
Steady State Availability 99.1 %
rs
System MTBF “evolution”ot
on A
ccel
erat
or
# Inj. Fault Tolerance degree RF unit repair System MTBF
1 None, all in series At system stop 31
of H
igh
Pow
er P
ro
2 Infinite Immediate 797
2 94/96 in spoke, 90/92 in ell are needed Immediate 758
and
Rel
iabi
lity
o p ,
2 94/96 in spoke, 90/92 in ell are needed, more realistic correction provisions, by splitting the RF system
• Immediate for out of tunnel
• at system stop for
558
on th
e U
tilis
atio
n splitting the RF system • at system stop for in tunnel
2 94/96 in spoke, 90/92 in ell are needed, split RF
• Immediate for out of tunnel
720
onal
Wor
ksho
p o
SUPPORT SYSTEM MTBF * 2 • at system stop for in tunnel
2 94/96 in spoke, 90/92 in ell are needed, split RF
• Immediate for out of tunnel
760
Fifth
Inte
rnat
io
Mol, 6-9 May 2007 23
split RFIN-TUNNEL MTBF * 10
of tunnel• at system stop for
in tunnel
rs
Lesson learnedot
on A
ccel
erat
or • Type of connection & corrective maintenance provisions change dramatically the resulting system reliability, independently of the component reliability characteristics
of H
igh
Pow
er P
ro independently of the component reliability characteristics
• This analysis allows to identify choices of components f
and
Rel
iabi
lity
o for which we need to guarantee high MTBF, due to their criticality or impossibility of performing maintenance– in-tunnel components/more robust support systems
on th
e U
tilis
atio
n
p pp y
• Analysis here is still crude, while similar MTBF values t d i lit t th MTTR i t d i l
onal
Wor
ksho
p o are reported in literature, the MTTR are inserted mainly
for demonstration purposes– several issues ignored: decay times before repair, logistic
Fifth
Inte
rnat
io
Mol, 6-9 May 2007 24
issues, long times if cooldown/warmup is needed...
rs
Example: acting on in-tunnel componentsot
on A
ccel
erat
or
Here MTBF*10 in the in tunnel
of H
igh
Pow
er P
ro the in tunnel components
and
Rel
iabi
lity
o
• In terms of fault rates in mission (2.9 total)
on th
e U
tilis
atio
n – Injector contributes to 3%– Support systems amounts to 75%!– Linac is down to 5%
onal
Wor
ksho
p o
– BDS is 17%
• Clearly longer MTBF in the conventional support t i d i bl
Fifth
Inte
rnat
io
Mol, 6-9 May 2007 25
systems is desirable...
rs
Example: acting on support systemsot
on A
ccel
erat
or
Here MTBF*2 in the support systems
of H
igh
Pow
er P
ro
pp y
and
Rel
iabi
lity
o
• In terms of fault rates in mission (2.8 total)
on th
e U
tilis
atio
n – Injector contributes to 3%– Support systems amounts to 35%– Linac is 45%
onal
Wor
ksho
p o
– BDS is 16%
• More balanced share of fault areas
Fifth
Inte
rnat
io
Mol, 6-9 May 2007 26
• MTBF increase only in conventional support facilities
rs
Fault toleranceot
on A
ccel
erat
or • Still, analysis assumes a high degree of fault tolerance, where the failure of an RF unit is automatically recovered without inducing beam trips on target in timescales ~ 1 s
of H
igh
Pow
er P
ro without inducing beam trips on target in timescales 1 s– challenging technical issue in LLRF and beam control systems
and
Rel
iabi
lity
o
• Two tasks of the EUROTRANS accelerator program (Tasks 1.3.4 and 1.3.5) are dedicated to reliability analysis and LLRF issues for providing fault tolerance in
on th
e U
tilis
atio
n analysis and LLRF issues for providing fault tolerance in the high power linac
onal
Wor
ksho
p o
Fifth
Inte
rnat
io
Mol, 6-9 May 2007 27
rs
Conclusionsot
on A
ccel
erat
or • Even in the absence of a validated reliability database for accelerator components the standard reliability analysis procedures indicate where design effort should
of H
igh
Pow
er P
ro analysis procedures indicate where design effort should be concentrated:– providing large degree of fault tolerance whenever possible
M i f lt d t ti i l ti d ti d
and
Rel
iabi
lity
o • Meaning: fault detection, isolation and correction procedures– providing additional design effort aimed at longer MTBF only in
critical components
on th
e U
tilis
atio
n
• Study here is an illustration of how, with minimal “tweaking” of the component MTBF a simple model for
onal
Wor
ksho
p o tweaking of the component MTBF, a simple model for
an accelerator system can be altered (adding redundancy and fault tolerance capabilities) in order to