• 专利附录
  • 专利说明
  • 权利要求
  • 类似技术
  • 同族专利
  • 引用文献
  • 法律状态
  • 优先权
    • 专利摘要:
    The invention relates to a method for the reliable transport of alarm messages in a distributed computer system comprising computer system components, in particular a plurality of components, wherein the components are node computers, distribution units, sensors, preferably intelligent sensors and actuators, preferably intelligent actuators and wherein all components have access to a global time of known precision, and wherein the node computers, smart sensors, and intelligent actuators exchange messages via the distribution units. It is envisaged that the computer system comprises intelligent alarm sensors or intelligent alarm sensors associated with the computer system, and wherein an intelligent alarm sensor emits two types of timed messages, alarm messages having an a priori predetermined alarm transport period, and error detection messages having an a priori predetermined error detection period, and wherein an alarm message containing the timestamps of the occurrence of alarm events in an alarm monitoring interval, the alarm monitoring interval ending immediately before the sending of the alarm message and being at least twice as long as the alarm transport period, and where an alarm message is only sent if at least one timestamp an alarm event is included in the alarm message, and wherein in the periodic error detection messages, the current states of all alarms that are active immediately before sending the error detection message d, are included.
    公开号:AT518280A4
    申请号:T50158/2016
    申请日:2016-03-01
    公开日:2017-09-15
    发明作者:
    申请人:Fts Computertechnik Gmbh;
    IPC主号:
    专利说明:

    PROCESS FOR THE RELIABLE TRANSPORT OF ALARM MESSAGES IN ONE
    DISTRIBUTED COMPUTER SYSTEM
    The invention relates to a method for the reliable transport of alarm messages in a distributed computer system comprising computer system components, in particular a plurality of components, wherein the components are node computers, distribution units, sensors, preferably intelligent sensors and actuators, preferably intelligent actuators and wherein all components have access to a global time of known precision, and wherein the node computers, smart sensors, and intelligent actuators exchange messages via the distribution units.
    Furthermore, the invention relates to a distributed computer system comprising computer system components, in particular a plurality of components, wherein the components are node computers, distribution units, sensors, preferably intelligent sensors and actuators, intelligent actuators, and wherein all components have access to one global time of known precision, and where the node computers, intelligent sensors, and intelligent actuators exchange messages through the distribution units.
    The invention is in the field of computer technology. It relates to a method and computer system for reliably transporting alarm messages in a distributed real-time computer system from intelligent alarm sensors to an alarm center.
    In a large industrial plant, a multitude of possible alarms, that is information about anomalies or errors, is captured by the existing instrumentation. Occurring alarms must be reliably and quickly transported from the distributed real-time computer system in alarm messages to an alarm center in order to be able to locate the cause of the alarms after an in-depth analysis and to initiate suitable measures for error handling.
    A distributed real-time computer system consists of a plurality of components, d.s. Node computers, distribution units and intelligent sensors / actuators.
    We refer to an intelligent sensor that can detect an alarm event as an intelligent alarm sensor. It is assumed that all components, i. even all alarm sensors have access to a global time known precision.
    The functional summary of a physical sensor with a node computer is called an intelligent sensor. In the market, intelligent sensors are often offered as compact units with an interface to a standardized real-time communication system.
    The functional summary of a physical actuator with a node computer is called an intelligent actuator. In the market, intelligent actuators are often offered as compact units, preferably with an interface to a standardized real-time communication system. While alarms are relatively infrequent during normal operation, a serious fault in a system can trigger a large amount (an alarm storm, see [1]) of near simultaneous alarm events.
    The technical challenge in designing an alarm system lies in the requirement to load the communication system as little as possible during normal operation and, in the event of an alarm storm, to be able to reliably report the exact times of all occurring alarms to the alarm center within a short predetermined real-time limit.
    It is an object of the invention to provide a solution to this problem.
    This object is achieved with a method and computer system mentioned in the introduction in that according to the invention the computer system comprises intelligent alarm sensors or intelligent alarm sensors are assigned to the computer system, and wherein an intelligent alarm sensor emits two types of timed messages, alarm messages with an a priori predetermined alarm transport period, and error detection messages with an a priori predetermined error detection period, and wherein in an alarm message, the timestamps of the occurrence of alarm events in a
    Alarm observation interval are included, wherein the alarm observation interval immediately before the sending of the alarm message ends and at least twice as long as the alarm transport period, and where an alarm message is sent only if at least one timestamp of an alarm event is included in the alarm message, and wherein in the periodic error detection messages, the current states of all alarms that are active immediately before sending the error detection message are included.
    According to the invention, it is determined that an intelligent alarm sensor emits two types of timed messages, alarm messages having an a priori predetermined alarm transport period and error detection messages having an a priori predetermined error detection period.
    The error detection period is preferably longer, in particular significantly longer than the alarm transport period.
    Advantageous embodiments of the method and computer system according to the invention, in particular real-time computer system, are described below, these features may be provided alone or in any combination with one or more of the other features: the position of the timestamp of an alarm event in an alarm message determines the Meaning of the alarm event; the time of sending an alarm message sets the epoch of the timestamps of the alarm events contained in this alarm message, expressing the timestamps of the alarm events relating to that epoch; the global time of the sending of a sporadic alarm message is contained in this alarm message; - The times of sending a plurality of alarm messages that are sent to the same distribution unit are synchronized so that the alarm messages arrive at the same time at the distribution unit, and wherein the contents of the multiple concurrent alarm messages from the distribution unit combined in a new alarm message and possibly further to be sent; the authenticity and integrity of the data content of an alarm message is protected by an electronic signature, and this signature is transmitted in the following alarm message; - The communication between the components is regulated by the TT-Ethernet protocol.
    An alarm message contains the timestamps of the occurrence of the alarm events in the immediately preceding alarm observation interval. The a priori set alarm observation interval defines a time interval in which alarm events are observed. The alarm observation interval ends immediately before the sending of an alarm message and is at least twice as long as the alarm transport period. This length requirement ensures that an occurring alarm event is contained in at least two alarm messages and thus the failure of an alarm message can be tolerated.
    The a priori scheduled time of sending an alarm message defines the epoch [2, p.56], which is the reference point for the time measurement for the timestamps of the alarm events contained in the alarm message. This determination of the epoch minimizes the required length of the timestamps of the alarm events contained in the alarm message.
    If e.g. the granularity of the global time is 1 psec, the alarm transport period is 1 msec, and the alarm observation interval is 3 msec, then the timestamp of an alarm event can be encoded into a 12-bit field.
    The meaning of a timestamp is derived from the given position of the timestamp of an alarm event in the alarm message.
    If e.g. an intelligent alarm sensor 100 can observe different alarms, then the data field of the corresponding alarm message has a length of 1200 bits, that is 150 bytes.
    Preferably, an alarm message is sent only if at least one timestamp of an alarm event is included in the alarm message. So if in the
    Alarm Watch Interrupt If no new alarm has occurred, no alarm message will be sent.
    If e.g. a TTEthernet protocol is used for data transmission, the unused bandwidth in normal operation, i. there are no alarms used to transport event-driven Ethernet messages.
    If an alarm message does not arrive in the alarm center during a longer time interval, it can not be decided whether no alarms have occurred during this time interval or if the intelligent alarm sensor has failed. For this reason, each intelligent alarm sensor periodically sends an error detection message with an a priori predetermined error detection period. A failure of the intelligent alarm sensor is thus detected in the alarm center within a given error latency. The data field of the error detection message indicates the state of each alarm observed before the transmission time.
    In the following the invention will be explained in more detail by way of example with reference to the drawing. In this shows
    1 shows the timing of an alarm signal,
    FIG. 2 shows a sequence of alarm messages and alarm observation intervals, and FIG
    3 shows the network topology of an exemplary distributed computer system.
    In the following, a distinction is made between the terms alarm, alarm event, alarm status and active interval of the alarm. The term alarm denotes a well-defined binary signal indicating a dangerous or abnormal condition. The beginning of an alarm state is called the alarm event, the duration of the alarm state is the active interval of the alarm. The minimum distance between two alarm events related to the same alarm is called MINT (Minimum Interval). One or more alarm events are transported in an alarm message from an intelligent alarm sensor to an alarm center.
    If e.g. If the pressure observed in a boiler rises above a defined limit at a certain time, this is called an alarm event of the pressure alarm in relation to this time and this concrete boiler. The alarm condition is maintained until either the pressure drops or the alarm is reset.
    The abscissa of Figure 1 illustrates the progression of time. The ticks of the global time are entered on the time axis 100 from 00 to 40. In FIG. 1, the alarm event 150 of an alarm occurs at the time 02. At time 27, this alarm is reset. In interval 120, that is between ticks 02 and 27, the activation interval of the alarm, this alarm is active in the state. Since the minimum time interval (MINT) 110 between two alarm events of this alarm is 30 ticks, the next alarm event of this alarm can not occur until after time 32 (line 111), e.g. as an alarm event 151 at time 37, occur.
    Figure 2 shows four times 05, 15, 25 and 35 to which the four alarm messages 211, 212, 213, 214 can be sent and the associated alarm monitoring intervals. At time 05, the alarm message 211 is sent at the end of the alarm observation interval 221. At time 15, the alarm message 212 is sent at the end of the alarm observation interval 222. At time 25 will be at the end of
    Alarm observation interval 223 the alarm message 213 sent. At time 35, the alarm message 214 is sent at the end of the alarm observation interval 224.
    The timestamp of the alarm event 251 occurring at time 17 is transported in the two alarm messages 213 and 214 sent at times 25 and 35. The alarm event 252 is included only in the alarm message sent at time 35. In the alarm message 213, the timestamp of the alarm event 251 is 8 ticks, in the alarm message 214 the timestamp is the alarm event 25118 ticks, and that of the alarm event 252 is 4 ticks. In the following alarm message (not shown in FIG. 2), which is sent at time 45, the alarm event 252 but not the alarm event 251 is included (since it is outside the observation interval of this alarm message). The alarm messages 211 and 212 do not contain an alarm event. Therefore, the alarm messages 211 and 212 are not sent.
    If the TT-Ethernet protocol [3] is used in the communication, the free bandwidth can be used as a result of unsent alarm messages for transporting event messages.
    Regardless of the alarm messages, periodic, e.g. with a fault detection period of 1 second, a timed fault detection message sent from an intelligent sensor to the alarm center to document the health of the intelligent alarm sensor. The error detection message contains the state of all alarms that are active immediately before sending the error detection message (1 bit per alarm).
    Fig. 3 shows a possible network topology of a distributed computer system. The black triangles 311 represent the alarm sources observed by four smart alarm sensors 321, 322, 323 and 324.
    The intelligent alarm sensor 321 sends its alarm messages via the distribution unit 331 and 341 to the alarm center 351. The intelligent alarm sensor 322 sends its alarm messages via the distribution unit 331 and 341 to the alarm center 351. The intelligent alarm sensor 323 sends its alarm messages via the distribution unit 333 and 341 the alarm center 351. The intelligent alarm sensor 324 sends its alarm messages via the distribution unit 333 and 341 to the alarm center 351.
    Preferably, the times of sending a plurality of alarm messages sent to the same distribution unit are synchronized so that the alarm messages arrive simultaneously at the distribution unit so that the distribution unit can copy the contents of a plurality of incoming messages into a single new message.
    For example, the alarm messages from the smart alarm sensors 321 and 322 arrive simultaneously at the distribution unit 331. The distribution unit 331 packs the contents of these two incoming messages into a new alarm message with a data field whose length is the sum of the data fields of the received alarm messages. The distributor unit 333 behaves analogously. As a result, the alarm messages from distribution units 331 and 333 arrive simultaneously at the distribution unit 341. Distribution unit 341 packs the contents of these two incoming messages into a new one
    Alarm message with a data field whose length is the sum of the data fields of the received alarm messages, and sends this message to the alarm center 351. Through this process, the number of alarm messages is reduced, resulting in a discharge of the communication system.
    The authenticity and integrity of the data content of an alarm message can be secured by an electronic signature. Preferably, the electronic signature is transmitted only in the following alarm message to avoid delaying the alarm message.
    Cited literature: [1] WO 2012085744. Aoun, M. et al. Device, system and method for handling messages in a communication network.
    [2] Kopetz, H. Real-Time Systems - Design Principles for Distributed Embedded Applications. Springer Verlag 2011.
    [3] SAE standard AS6802 from TT Ethernet. URL: http://standards.sae.org/as6802
    权利要求:
    Claims (14)
    [1]
    claims
    A method for reliable transport of alarm messages in a distributed computer system comprising computer system components, in particular a plurality of components, wherein the components are node computers, distribution units, sensors, preferably intelligent sensors and actuators, preferably intelligent actuators, and wherein all of the components have access to a global time of known precision, and wherein the node computers, intelligent sensors, and intelligent actuators exchange messages via the distribution units, characterized in that the computer system comprises intelligent alarm sensors or intelligent alarm sensors are associated with the computer system, and wherein a smart alarm sensor sends out two types of timed messages, alarm messages having an a priori predetermined alarm transport period, and error detection messages having an a priori predetermined error detection period, and wob an alarm message includes the timestamps of the occurrence of alarm events in an alarm monitoring interval, the alarm monitoring interval ending immediately before the sending of the alarm message and being at least twice as long as the alarm transport period, and where an alarm message is sent only if at least a timestamp of an alarm event is included in the alarm message, and wherein the periodic error detection messages include the current states of all alarms that are active immediately prior to sending the error detection message.
    [2]
    2. The method according to claim 1, characterized in that the position of the time stamp of an alarm event in an alarm message determines the meaning of the alarm event.
    [3]
    A method according to claim 1 or 2, characterized in that the sending time of an alarm message sets the epoch for the timestamps of the alarm events contained in this alarm message, the timestamps of the alarm events being expressed in relation to that epoch.
    [4]
    4. The method according to any one of claims 1 to 3, characterized in that the global time of the sending time of a sporadic alarm message is included in this alarm message.
    [5]
    5. The method according to any one of claims 1 to 4, characterized in that the times of sending a plurality of alarm messages that are sent to the same distribution unit are synchronized so that the alarm messages arrive simultaneously at the distribution unit, and wherein the contents of the plurality simultaneously arriving alarm messages are summarized by the distribution unit in a new alarm message and optionally sent on.
    [6]
    6. The method according to any one of claims 1 to 5, characterized in that the authenticity and integrity of the data content of an alarm message is secured by an electronic signature, and that this signature is transmitted in the following alarm message.
    [7]
    7. The method according to any one of claims 1 to 6, characterized in that the communication between the components is regulated by the TT-Ethernet protocol.
    [8]
    A distributed computer system comprising computer system components, in particular a plurality of components, wherein the components are node computers, distribution units, sensors, preferably intelligent sensors and actuators, preferably intelligent actuators, and wherein all components have access to a global time have known precision, and wherein the node computers, intelligent sensors and intelligent actuators exchange messages via the distribution units, characterized in that the computer system comprises intelligent alarm sensors or intelligent alarm sensors are associated with the computer system, and wherein for reliable transport of alarm messages, an intelligent alarm sensor two types of emits timed messages, alarm messages with an a priori predetermined alarm transport period, and error detection messages with an a priori predetermined error detection period, and wherein in a Alarmna The alarm monitoring interval ends immediately before the sending of the alarm message and is at least twice as long as the alarm transport period, and where an alarm message is sent only if at least one of the timestamps of an alarm message Alarm event is included in the alarm message, and wherein in the periodic error detection messages, the current states of all alarms that are active immediately before sending the error detection message, are included.
    [9]
    9. Computer system according to claim 8, characterized in that the position of the time stamp of an alarm event in an alarm message determines the meaning of the alarm event.
    [10]
    A computer system according to claim 8 or 9, characterized in that the sending time of an alarm message sets the epoch for the timestamps of the alarm events contained in this alarm message, the timestamps of the alarm events being expressed in relation to that epoch.
    [11]
    11. Computer system according to one of claims 8 to 10, characterized in that the global time of the transmission time of a sporadic alarm message is included in this alarm message.
    [12]
    The computer system of any one of claims 8 to 11, characterized in that the times of sending a plurality of alarm messages sent to the same distribution unit are synchronized such that the alarm messages arrive simultaneously at the distribution unit, and wherein the contents of the plurality simultaneously arriving alarm messages are summarized by the distribution unit in a new alarm message and optionally sent on.
    [13]
    13. Computer system according to one of claims 8 to 12, characterized in that the authenticity and integrity of the data content of an alarm message is secured by an electronic signature, and that this signature is transmitted in the following alarm message.
    [14]
    14. Computer system according to one of claims 8 to 13, characterized in that the communication between the components is regulated by the TT-Ethernet protocol.
    类似技术:
    公开号 | 公开日 | 专利标题
    EP3214804B1|2018-09-26|Method for secure transport of alarm data in a distributed computer system
    EP1915849B1|2011-04-27|Method for analyzing perturbations of a real-time data stream in a data network, communication system, and monitoring computer
    EP0067339A2|1982-12-22|Method and arrangement for disturbance detection in hazard signalling systems, especially fire signalling systems
    EP1950639B1|2013-05-29|Method for operating a process plant, process plant and computer program product
    EP2613463B1|2017-08-30|Method for monitoring a transmitter and corresponding transmitter
    WO2013096986A2|2013-07-04|Method for combining results of periodically operating edp components at the correct time
    EP1805567A1|2007-07-11|Method and automation system for operating and/or observing at least one field device
    WO2015042626A1|2015-04-02|Method for detecting a failure of a constituent system in a system-of-systems
    WO2015164897A1|2015-11-05|Method for flexibly controlling time-controlled data flows in a distributed computer system
    EP3620923A1|2020-03-11|Watchdog for monitoring a processor
    DE10161295A1|2003-07-03|Method for avoiding total failure of a processing unit for protocol information
    DE2126456C3|1979-09-06|Circuit arrangement for use in a data processing system
    EP1399818B1|2005-03-23|Method and device for communicating in a fault-tolerant distributed computer system
    EP2021922B1|2017-06-28|Method and device for the fault tolerance management of a software component
    DE102013204371B4|2016-12-08|Method and bus system for protocol-independent transmission of standard data packets with security data
    EP2196824B1|2012-04-18|Device and method for integrity communication in a satellite navigation system
    EP3651413A1|2020-05-13|System and method for fault detection and root cause analysis in a network of network components
    DE3634019A1|1988-04-14|DEVICE AND METHOD FOR SERIAL DATA EXCHANGE BETWEEN MORE THAN TWO PARTICIPANTS
    DE102016015757B4|2020-01-02|Method for operating a watchdog comprising pattern recognition for recurring load situations with resetting the event memory
    DE102017218531A1|2019-04-18|Method and device for non-reactive and integrity-protected synchronization of log data
    EP1535156A2|2005-06-01|Method and device for recognizing errors in a distributed real-time computer system
    DE102012001624A1|2013-08-01|Method for interference-tolerant safety-at-work system designed as specific version of standard safety-at-work system, involves tolerating disrupted and failed messages of safely aligned components in defined measurement and tolerance
    DE2148207C3|1977-01-20|Device for a computer-controlled process sequence, especially in the case of railways
    EP2767019B1|2021-04-28|Method for transmitting data in messages
    EP0874295B1|2003-01-29|Method and system for chronologically sorting process signals in a technical installation
    同族专利:
    公开号 | 公开日
    US20170256158A1|2017-09-07|
    AT518280B1|2017-09-15|
    US9898924B2|2018-02-20|
    EP3214804A1|2017-09-06|
    EP3214804B1|2018-09-26|
    引用文献:
    公开号 | 申请日 | 公开日 | 申请人 | 专利标题
    WO2007020182A1|2005-08-18|2007-02-22|Voipfuture Ltd.|Method for analyzing errors of a data stream, particularly a real-time data stream, in a data network, communication system, and monitoring computer|
    WO2012085744A2|2010-12-22|2012-06-28|Koninklijke Philips Electronics N.V.|Device, system and method for handling alarm message storms in a communications network|
    EP2145431B1|2007-04-11|2011-10-05|FTS Computertechnik GmbH|Communication method and device for efficient and secure transmission of tt ethernet messages|
    AU2008332565B2|2007-12-06|2012-07-19|Hochiki Corporation|Alarm device and alarm system|
    US8692665B2|2011-11-10|2014-04-08|At&T Intellectual Property I, L.P.|Methods, systems, and products for security services|
    AT512290B1|2011-12-19|2013-07-15|Fts Computertechnik Gmbh|PROCESS FOR TIMELY OBSERVING TTETHERNET MESSAGES|
    DE102012004854A1|2012-03-13|2013-09-19|Deutsche Telekom Ag|Method for operating monitored telecommunication network, involves computing similarity parameter having value above threshold, for interrupt messages based on compliance of other interrupt messages to alarm message|
    JP2014085685A|2012-10-19|2014-05-12|Hitachi Ltd|Maintenance device, maintenance system, maintenance program|
    WO2015164897A1|2014-05-02|2015-11-05|Fts Computertechnik Gmbh|Method for flexibly controlling time-controlled data flows in a distributed computer system|
    US9613507B2|2015-07-27|2017-04-04|Edwin Prugh Wilson|Alarm system and method|EP3467598B1|2017-10-04|2021-09-29|TTTech Computertechnik AG|Method and apparatus for the determination of the slot-duration in a time-triggered control system|
    US10827043B2|2018-04-04|2020-11-03|Hall Labs Llc|Normalization of communication between devices|
    WO2020000405A1|2018-06-29|2020-01-02|Microsoft Technology Licensing, Llc.|Multi-phase cloud service node error prediction|
    CN111462461A|2020-03-12|2020-07-28|深圳达温技术服务有限公司|Synchronous alarming and resetting method for receiving end in multi-transmitting and one-receiving internet of things|
    法律状态:
    2018-11-15| PC| Change of the owner|Owner name: TTTECH COMPUTERTECHNIK AG, AT Effective date: 20180926 |
    优先权:
    申请号 | 申请日 | 专利标题
    ATA50158/2016A|AT518280B1|2016-03-01|2016-03-01|Method for the reliable transport of alarm messages in a distributed computer system|ATA50158/2016A| AT518280B1|2016-03-01|2016-03-01|Method for the reliable transport of alarm messages in a distributed computer system|
    US15/445,224| US9898924B2|2016-03-01|2017-02-28|Method for the reliable transport of alarm messages in a distributed computer system|
    EP17158304.0A| EP3214804B1|2016-03-01|2017-02-28|Method for secure transport of alarm data in a distributed computer system|
    [返回顶部]