Company history
The history of Triconex was published in the book The History of a Safer World by Gary L. Wilkinson. The company was founded in September 1983 by Jon Wimer in Santa Ana, California and began operations in March 1984. The business plan was written by Wimer and Peter Pitsker, an automation industry veteran and Stanford graduate. They presented the plan for a TMR (triple modular redundant) system named "Tricon" that would improve the safety and reliability of industrial applications. Among the customers they targeted were the petro-chemical giants, such as Exxon, Shell, Chevron, and BP.
Pitsker and Wimer presented the business plan to Los Angeles-based investor Chuck Cole, who was also a professor at USC. Cole was interested, so he contacted his personal attorney, future two-time Los Angeles Mayor Richard Riordan. Riordan agreed to invest $50,000 and Cole's venture capital team matched it, providing the seed money for Triconex. Wimer hired computer architect Ken Brody out of another computer manufacturer as Vice President of Research and Development and the number 2 employee. Ken Brody hired Wing N. Toy from Bell Labs. After two years, however, the company nearly failed due to the expense and complications of testing a new safety system. In February 1986, founder Wimer left the company and the board asked a seasoned executive, William K. Barkovitz, to become CEO; Barkovitz ended up leading the company for 9 years. At the end of his term, Triconex became the leading safety system in a market it largely created, made acquisitions, and completed an initial public offering. In January 1994, Triconex was acquired by British-based SIEBE for 90 million dollars.
The hardware architect of the company was Gary Hufton, and the software development manager was Glen Alleman. Along with Wing N. Toy (the lead engineer of the fault-tolerant ESS telephone switch), they led a small successful engineering team that built the first Tricon system, sold in June 1986. Soon after, Exxon became a customer and Honeywell agreed to distribute the Tricon. Among the software engineers who worked for Triconex were Phil Huber and Dennis Morin, who later left the company to found Wonderware.
System
The Triconex system is based on the TMR patented technology that supports up to Safety Integrity Level 3 (SIL 3) and is usually used as a safety rather than a control system. [1]
Operating theory
Fault tolerance in the Tricon is achieved by means of a Triple-Modular Redundant (TMR) architecture. The Tricon provides error-free, uninterrupted control in the presence of either hard failures of components, or transient faults from internal or external sources. The Tricon is designed with a fully triplicated architecture throughout, from the input modules through the Main Processors to the output modules. Every I/O module houses the circuitry for three independent legs. Each leg on the input modules reads the process data and passes that information to its respective Main Processor. The three Main Processors communicate with each other using a proprietary high-speed bus system called the TriBus. Once per scan, the three Main Processors synchronize and communicate with their two neighbors over the TriBus. The Tricon votes digital input data, compares output data, and sends copies of analog input data to each Main Processor. The Main Processors execute the userwritten application and send outputs generated by the application to the output modules. In addition to voting the input data, the TriBus votes the output data. This is done on the output modules as close to the field as possible to detect and compensate for any errors between the Tricon voting and the final output driven to the field.
Hardware
The Triconex system usually consists of the following typical modules: [2]
- Main Processor modules (triple).
- Communication module(s) .
- Input and output modules: can be analog and/or digital and work singularly or in hot-spare (standby).
- Power supply modules (redundant).
- Backplane(s) (chassis) that can hold the previous modules.
- System cabinet(s): can compact one or more chassis in one cabinet.
- Marshalling cabinets to adapt and standardize interface connections between the field instruments and the Triconex system cabinets.
- Human machine interface (HMI) to monitor the events.
- Engineering workstation (EWS) for programming. monitoring, troubleshooting, and updating.
Software
The Triconex main processors can communicate with the so-called TriStation 1131 application software to download, update and/or monitor programs. [3] These programs are either written in:
(Function Block Diagram, Ladder diagram and Structured Text are defined in IEC1131-3)
Besides, a Sequence of Events (SOE) recorder software and Diagnostic monitor software are implemented.
Triton malware
In December 2017, it was reported that the safety systems of an unidentified power station, believed to be in Saudi Arabia were compromised when the Triconex industrial safety technology made by Schneider Electric SE was targeted in what is believed to have been a state sponsored attack. The computer security company Symantec claimed that the malware, known as "Triton", exploited a vulnerability in computers running the Microsoft Windows operating system. [4]
A programmable logic controller (PLC) or programmable controller is an industrial computer that has been ruggedized and adapted for the control of manufacturing processes, such as assembly lines, machines, robotic devices, or any activity that requires high reliability, ease of programming, and process fault diagnosis.
An embedded system is a computer system—a combination of a computer processor, computer memory, and input/output peripheral devices—that has a dedicated function within a larger mechanical or electronic system. It is embedded as part of a complete device often including electrical or electronic hardware and mechanical parts. Because an embedded system typically controls physical operations of the machine that it is embedded within, it often has real-time computing constraints. Embedded systems control many devices in common use. In 2009, it was estimated that ninety-eight percent of all microprocessors manufactured were used in embedded systems.
Modular synthesizers are synthesizers composed of separate modules for different functions. The modules can be connected together by the user to create a patch. The outputs from the modules may include audio signals, analog control voltages, or digital signals for logic or timing conditions. Typical modules are voltage-controlled oscillators, voltage-controlled filters, voltage-controlled amplifiers and envelope generators.
Tandem Computers, Inc. was the dominant manufacturer of fault-tolerant computer systems for ATM networks, banks, stock exchanges, telephone switching centers, 911 systems, and other similar commercial transaction processing applications requiring maximum uptime and zero data loss. The company was founded by Jimmy Treybig in 1974 in Cupertino, California. It remained independent until 1997, when it became a server division within Compaq. It is now a server division within Hewlett Packard Enterprise, following Hewlett-Packard's acquisition of Compaq and the split of Hewlett-Packard into HP Inc. and Hewlett Packard Enterprise.
A distributed control system (DCS) is a computerised control system for a process or plant usually with many control loops, in which autonomous controllers are distributed throughout the system, but there is no central operator supervisory control. This is in contrast to systems that use centralized controllers; either discrete controllers located at a central control room or within a central computer. The DCS concept increases reliability and reduces installation costs by localising control functions near the process plant, with remote monitoring and supervision.
Serial Peripheral Interface (SPI) is a de facto standard for synchronous serial communication, used primarily in embedded systems for short-distance wired communication between integrated circuits.
Invensys Limited was a multinational engineering and information technology company headquartered in London, United Kingdom. At its height, the company had offices in more than 50 countries and its products were sold in around 180 countries.
In engineering and systems theory, redundancy is the intentional duplication of critical components or functions of a system with the goal of increasing reliability of the system, usually in the form of a backup or fail-safe, or to improve actual system performance, such as in the case of GNSS receivers, or multi-threaded computer processing.
Fault tolerance is the resilient property that enables a system to continue operating properly in the event of failure or major dysfunction in one or more of its components. If its operating quality decreases at all, the decrease is proportional to the severity of the failure, as compared to a naively designed system, in which even a small failure can lead to total breakdown. Fault tolerance is particularly sought after in high-availability, mission-critical, or even life-critical systems. The ability of maintaining functionality when portions of a system break down is referred to as graceful degradation.
Profinet is an industry technical standard for data communication over Industrial Ethernet, designed for collecting data from, and controlling equipment in industrial systems, with a particular strength in delivering data under tight time constraints. The standard is maintained and supported by Profibus and Profinet International, an umbrella organization headquartered in Karlsruhe, Germany.
Opto 22 is a manufacturing company specializing in hardware and software products for industrial automation, remote monitoring, and data acquisition. The company is based in Southern California and sells solid state relays and Ethernet-based input/output systems and controllers. It is based in Temecula, California.
In computer programming, flow-based programming (FBP) is a programming paradigm that defines applications as networks of black box processes, which exchange data across predefined connections by message passing, where the connections are specified externally to the processes. These black box processes can be reconnected endlessly to form different applications without having to be changed internally. FBP is thus naturally component-oriented.
An industrial control system (ICS) is an electronic control system and associated instrumentation used for industrial process control. Control systems can range in size from a few modular panel-mounted controllers to large interconnected and interactive distributed control systems (DCSs) with many thousands of field connections. Control systems receive data from remote sensors measuring process variables (PVs), compare the collected data with desired setpoints (SPs), and derive command functions that are used to control a process through the final control elements (FCEs), such as control valves.
In software engineering, structured analysis (SA) and structured design (SD) are methods for analyzing business requirements and developing specifications for converting practices into computer programs, hardware configurations, and related manual procedures.
Integrated modular avionics (IMA) are real-time computer network airborne systems. This network consists of a number of computing modules capable of supporting numerous applications of differing criticality levels.
Brake-by-wire technology in the automotive industry is the ability to control brakes through electronic means, without a mechanical connection that transfers force to the physical braking system from a driver input apparatus such as a pedal or lever.
In computing, triple modular redundancy, sometimes called triple-mode redundancy, (TMR) is a fault-tolerant form of N-modular redundancy, in which three systems perform a process and that result is processed by a majority-voting system to produce a single output. If any one of the three systems fails, the other two systems can correct and mask the fault.
In systems engineering, software engineering, and computer science, a function model or functional model is a structured representation of the functions within the modeled system or subject area.
AURIX is a 32-bit Infineon microcontroller family, targeting the automotive industry. It is based on multicore architecture of up to three independent 32-bit TriCore CPUs.
The AN/AYK-14(V) is a family of computers for use in military weapons systems. It is a general-purpose 16-bit microprogrammed computer, intended for airborne vehicles and missions. Its modular design provides for common firmware and support software. It is still in use on Navy fleet aircraft including the F/A-18, and the AV-8B. The AN/AYK-14(V) family of systems is designed to meet MIL-E-5400 (airborne) requirements.
