FAT & SAT in Automation System
FAT & SAT in Automation System
n), 
the protective circuit will dissolve and break the current. The relay must then be reset (usually 
manually) before the circuit begins to operate normally again. 
 
 
Figure 9. Modern earth fault relay, ABB 
(http://www.relayspec.com/Company_listings/a/Abb/news/2012/05_15a/05_15a.jpg) 
 
   
22 
 
Generator protection 
As  a  generator  is  a  major  component  in  a  power  system,  it  is  quite  necessary  to  take  all 
preventive measures possible for the protection of the generator. /4/ 
Both fault conditions and operating condition faults  may occur, and protection relays need to 
be able to protect the generator from both of these faults. 
When connecting the generator to the step-up transformer an isolated phase bus is used. This 
separated phase greatly reduces the possibility of a phase-to-phase fault at the terminals of the 
generator. /4/ 
 
Possible fault conditions for generators are: 
  Stator short circuits 
  Stator/rotor interturn faults 
  Stator earth faults 
  Rotor earth faults 
  External faults 
23 
 
Figure 10. Possible faults in generator windings /4/ 
 
Stator short-circuits 
Stator  short-circuits  are  often  caused  by  a  deterioration  of  insulation,  as  deterioration  occurs 
over time and usage.  
The consequences of a stator short circuit can be: 
  Insulation, windings and stator core can be damaged 
  Large forces caused by large fault currents may damage other components in the plant 
  Risk of explosion and fire 
  Mechanical stress on generator and turbine shafts 
24 
 
Because  the  risk  of  getting  large  fault  currents  when  short-circuits  do  occur,  a  fast  operating 
(instantaneous)  protection  function  is  needed  to  prevent  damages  to  the  generator  and  other 
parts in the power network.  
Fault current fed from the generator can trip the field breaker and interrupt the primary power 
to the turbine. 
 
Turn-to-turn (interturn) faults 
Generator differential protection will not detect these faults (even when 100% of the winding 
is  short  circuited!),  which  is  why  you  may  want  turn-to-turn  fault  protection.  However,  this 
protection  is  often  omitted  because  turn-to-turn  faults  are  quite  rare  and  they  will  sooner  or 
later evolve into stator earth-fault. /4/ 
 
Stator earth faults 
A stator core damage is dependent on the earth fault current, and to decrease the possible earth 
fault current (typically to less than 10A), different grounding methods are used, in order to: 
  Reduce the iron core damage and mechanical stress 
  Limit the transient voltages during the fault 
  Provide a means to detect a ground fault 
Causes for a stator ground fault can be: 
  Transient overvoltage 
-  Caused by e.g. lightning or switching overvoltages 
  Temporary overvoltage 
  Degraded insulation, caused by e.g. 
-  High temperature 
-  Aging 
-  Vibration / mechanical impact 
 
25 
 
The consequences of a ground fault are: 
  Damages to the stator iron 
  Increased voltage on healthy phases 
 
 
Rotor earth faults 
The  field  circuit  of  the  generator  is  normally  isolated  from  earth.  With  a  single  fault  in  the 
rotor circuit it is possible to continue operation without any generator damages. However, if a 
second rotor ground fault occurs, there will be unbalanced currents in the rotor poles and risk 
of severe damages due to high vibrations. The requirement of fast fault clearance is moderate 
but has to be done.  /4/ 
 
Possible operating condition faults are: 
  Overcurrent/overload 
  Unbalanced load/open phase 
  Overtemperature 
  Over- and undervoltage 
  Over- and underexcitation 
  Over- and underfrequency 
  Over-fluxing (excessive V/Hz) 
  Asynchronous running 
  Out of step 
  Generator motoring 
  Failures in the machine control system (e.g. AVR or governor failure) 
  Failures in the machine cooling system 
  Failures in the primary equipment (e.g. CBF, breaker head flashover) /4/ 
   
26 
 
Unbalanced load/open phase 
If  the  generator  load  becomes  unbalanced,  negative  phase  sequence  currents  flow.  This  will 
cause a magnetic field rotation in direct opposite to the direction of the rotor field. The relative 
speed between the two is double the rotor speed. Double frequencies are induced in the rotor, 
which causes severe heating of the rotor and can damage it. 
Unbalanced  stator  currents  also  cause  severe  vibrations  and  heating  of  the  stator.  Hence  it  is 
necessary to provide protection against unbalanced load condition. 
Overtemperature 
If  the  protection  relay  supports  overtemperature  protection,  it  can  be  configured  to  trip  the 
generator offline when the generators thermal limits are reached, or close an alarm contact to 
announce  the  operating  personnel  that  actions  need  to  be  taken  to  prevent  damage  to  the 
generator. 
 
 
Over- and undervoltage 
With faulty AVR, overvoltage can cause damage on the insulation system of stator  windings 
and  overexcitation  of  the  generator  transformer  block.  Measurement  is  done  over  all  three 
voltages and by phase-to-phase or phase-to-neutral conductor with selectable x out of 3 logic 
for tripping. /4/ 
Undervoltage is not critical for the generator-transformer block itself, but critical for auxiliary 
services. 
 
   
27 
 
Over- and underexcitation 
Overexcitation,  also  called  overfluxing,  can  be  caused  by  failure  of  the  voltage  feedback 
circuit  to  the  AVR,  which  may  ramp  up  the  generator  current  in  an  attempt  to  achieve  the 
desired voltage. 
However,  overexcitation  can  be  used  to  protect  the  generator  and  the  transformer  magnetic 
core from overheating, especially during start-up and shut-down. 
 
Underexcitation,  also  called  loss  of  field  protection,  can  like  overexcitation  be  caused  by 
faulty  AVR  operation  or  incorrect  handling  of  the  voltage  regulator.  This  can  also  be  caused 
by the generator running with too high a capacitive load.  
Other reasons for possible failures of excitation  may  be short circuit in the excitation circuit, 
or interruption in the excitation circuit. /4/, /6/ 
     
28 
 
Transformer protection 
Transformer theory 
A transformer is an electrical device designed to transfer energy from one circuit to another by 
means  of  a  magnetic  field.  There  is  no  direct  electrical  wiring  between  the  two  circuits, 
transformation is done over the magnetic field.  
When alternating current flows through a conductor, a magnetic field is generated around it. If 
a  second  conductor  is  placed  in  the  field  generated  by  the  first  conductor,  voltage  is  also 
induced in the second conductor. The use of a magnetic field from one coil to induce voltage 
into a second is the basics of transformer theory and application. /11/ 
 
Figure 11. Transformer example (http://wiki.4hv.org/images/e/e0/Transformerex.jpg) 
Air core transformer 
Normally an iron or steel core is used between the two coils, but it is also possible to use air 
core transformers. However, such transformers are quite inefficient since the percentage of the 
flux  from  the  first  coil  that  links  to  the  second  coil  is  small.  One  way  of  improving  the 
efficiency is to increase the number of turns in the coil, but this will increase the costs. 
 
 
29 
 
Iron or steel core transformer 
The efficiency of these kinds of transformers is much greater than  air core transformers.  The 
ability to carry flux is called permeability, and modern electrical steels have the permeabilities 
of around 1500, compared to 1 for air. This means that a steel core is able to carry a magnetic 
flux 1500 times greater than an air core. /11/  
Protection 
Transformer  failures  need  expensive  and  long  time  repairs.  Because  of  this,  good  protection 
against possible faults is needed.  
Although fuses can work in certain  situations, it is not recommended that transformers larger 
than  10  MVA  are  protected  with  fuses.  Larger  transformers  are  to  be  protected  with  more 
sensitive devices, such as differential relays. /11/ 
Transformer faults can be caused by: 
  Long time overheat caused by aging of the insulation 
  Dirty or bad quality oil in transformer 
  Overvoltages 
  Overcurrents 
  Short circuit forces at windings caused by external faults /16/ 
 
   
30 
 
Motor protection 
 
Induction AC motor 
This motor, often called the squirrel cage motor is the most common type of large motors used 
in  a  thermal  generating  plant.  These  motors  are  very  rugged  and  require  very  little 
maintenance.  The  induction  AC  motor  consists  of  two  main  components:  the  stator  and  the 
rotor. As the name implies, the stator is stationary and does not move and the rotor is thus the 
rotating part of the motor. 
The  stator  contains  a  pattern  of  coils  arranged  in  windings.  As  alternating  current  is  passed 
through  the  windings,  a  moving  magnetic  field  is  formed  near  the  stator.  A  more  thorough 
description of the induction phenomena can be found in chapter 2.3.8, excitation. 
 
  Figure 12. Rotor and stator /17/ 
 
Protection 
Protection  needs  to  be  able  to  handle  abnormal  conditions.  These  faults  can  be  internal  or 
external. 
  Internal: The cause of these faults may be insulation failure, bearing failure or  under-
excitation. 
  External: The cause of these faults may be due to insufficient cooling, reverse starting, 
over- and undervoltage, vibration etc. 
31 
 
Testing 
The  protection  relays  are  tested  at  FAT  and  SAT  with  Omicron  CMC  356  plus  High 
precision relay test set and universal calibrator. Omicrons high accuracy and flexibility make 
it ideal for testing and measuring. /5/ 
With  Omicron  Control  Center  you  can  create  automatically  generated  relay  specific  test 
reports.  These  automatically  generated  test  reports  are  often  too  long  to  have  people  reading 
through them in detail, thus besides Omicrons automatically generated test reports, a checklist 
containing the most vital data is also brought to the FAT or SAT. 
 
Omicron is connected to the protection relays, and a computer is then connected to the 
Omicron and tested with the omicron control center (OCC).
 
Figure 13. Omicron 356 Plus /5/ 
 
32 
 
2.3.8.  Excitation 
 
The magnetic field may be produced either by  permanent magnets or by field coils. If field 
coils  are  used,  a  current  must  flow  in  the  coils  to  generate  the  field,  otherwise  no  power  is 
transferred  to  or  from  the  rotor.  The  process  of  generating  a  magnetic  field  by  means  of  an 
electric current is called excitation. /9/ 
Electromagnetic  induction  is  the  basis  for  all  electric  motors.  When  a  conductor  moves 
relative  to  a  magnetic  field,  the  two  sides  of  the  coil  move  in  the  opposite  direction,  and 
voltage is induced at each side. The value of the resulting voltage is equal to the minus of the 
rate  of  change  in  magnetic  flux    times  the  number  of  turns  in  the  coil:     . 
This relationship has been found experimentally and is called Faradays law. /9/ 
 
Figure 14. End view of two rotor segments (magnetic interaction with stator) /16/ 
 
Permanent  magnet  synchronous  generators  are  usually  used  in  ABBs  excitation  systems, 
since  the  planned  power  plants  (usually  bigger  than  5MVA)  are  too  big  to  use  field  coil 
generators in.  In permanent magnet synchronous  generators the magnetic  field of the rotor is 
produced  by  permanent  magnets.  This  excitation  can  be  done  either  by  having  alternating 
north and south poles around the rotor diameter, or by having the same number of rotor poles 
as the stator poles. /15/, /11/ 
 
33 
 
Synchronous  generators  require  direct  current  field  excitation  to  the  rotor,  provided  by  the 
excitation system. /11/ 
The  main  functions  of  excitation  systems  are  to  provide  variable  DC  current  with  short  time 
overload capability, to control the generator terminal voltage with suitable accuracy, to ensure 
stable  operation  with  network  and/or  other  machines,  to  contribute  to  the  transient  stability 
subsequent  to  a  fault,  and  to  communicate  with  the  power  plant  control  system.  With  these 
functions met the system will have a high reliability. /10/   
34 
 
3.  The standard templates 
 
The  results  of  this  thesis  consist  of  an  investigation  of  old  FAT  and  SAT  documents  and  an 
attempt  to  get  good  standardized  documents  for  ABBs  various  automation  and  electrical 
system cabins.  
The standardization is divided into several smaller areas around the main topic FAT/SAT: 
  General 
  800xA + Panels 
  AC800 + S800 
  Turbine modules 
  Protection relays 
  Excitation 
 
3.1.  General 
 
This part covers vital information that needs to be checked and/or filled in before starting any 
measurements of the actual FAT or SAT. In this part there are tables for filling in what is to be 
tested  and  when,  the  participants  and  the  company  they  work  for,  the  system  structure  and 
other necessary points of preparation. This part of the standard in found in appendix 1. 
 
3.2.  AC800 + S800 
 
This  part  is  the  largest  one,  containing  controller  tests,  IP  address  configurations,  alarm 
configurations and signal test tables etc. After each successful test, the date and signature are 
noted in their respective fields.  
 
35 
 
3.3.  800xA and panel 
 
The control panels and the 800xA system are tested according to this template. Since different 
systems  contain  differently  programmed  systems  and  panels,  it  is  hard  to  create  a  standard 
template for this part. However, a basic template is found in the appendix 3. 
 
3.4.  Turbine modules 
 
Normal  turbine  modules  in  hydroelectric  power  plant  automation  are  the  valve  positioned 
module  VP800,  the  frequency  measurement  module  AS800  and  the  vibration  measuring 
module  MCM800.  These  are  to  be  tested  according  to  the  test  document  template  found  in 
appendix  4.  As  these  modules  follow  the  same  looking  template,  only  one  is  attached  in  this 
thesis.  
 
3.5.  Excitation 
 
The excitation part has not been dealt with at all in this thesis although this part also needs its 
own template. This is due to the fact that the standard documents are ready-made and finalized 
by ABB colleagues in Switzerland, and their standards have to be followed and used.  
Consequently,  when  testing  ABBs  excitation  systems,  the  Swiss  standard  documents  are 
used. 
Besides  these  Swiss  standard  documents,  there  are  boxes  for  filling  in  excitation  tests  in  the 
same appendix as the protection relay appendix 5. 
 
 
   
36 
 
3.6.  Protection relays 
 
As  mentioned  earlier,  protection  relays  are  tested  with  Omicron  CMC  356  Plus,  which  is 
connected  to  a  computer  with  the  Omicron  Control  Center  (OCC).  OCC  can  create 
automatically  generated  test  documents,  but  these  are  often  too  long  for  anyone  to  read. 
Therefore  a  checklist  of  necessary  information  is  good  to  bring  to  a  FAT  or  SAT.  This 
checklist has been created and can be found appendix 5. 
 
4.  Discussion 
 
I  got  the  assignment  in  the  autumn  of  2012  and  had  at  that  time  only  worked  at  the  service 
department  of  Power  Generation,  where  I  handled  after  sales  and  warranties.  Since  I  had  not 
been  involved  in  any  projects  at  all  other  than  looking  at  their  list  of  apparatus  to  determine 
what spare parts to offer, there were quite many parts and functionalities I didnt know much 
or anything about. 
When I started out with the thesis work I didnt really know where to start because it is such a 
wide  area.  Along  with  that  I  only  had  access  to  a  handful  of  old  test  documents,  and  they 
differed quite much compared to one another. Consequently, the first thing I had to do was to 
make  sure  I  would  get  access  to  the  different  network  places  where  I  could  find  the  old 
documents.  After  getting  access  to  the  different  network  places  where  I  could  find  the  test 
documents  I  started  digging  through  these  places  to  get  a  good  handful  of  them.  While 
investigating the documents I then had gathered, a tip was given to sort the documents I had in 
different plant types and inside the plant types also in different systems. When this was done, a 
meeting was held and at that meeting decided that my work would be restricted to hydropower 
plants only. 
   
37 
 
With the restriction done I started reading about hydropower theory along with trying to figure 
out  what  to  add  in  the  standard  test  documents,  by  investigating  old  hydro  FAT  and  SAT 
documents. From the old documents I chose the best summarized parts, with both instructions 
and ease of use in mind. These documents were then tidied up and translated into English. 
While  doing  this  work  I  have  learned  a  lot  about  both  how  a  hydropower  plant  works, 
functions  of  ABBs  electrical  and  automation  cabinets  although  I  havent  actually  been 
involved in any project or done any testing myself. 
To succeed even better with the thesis work, better starting conditions would have been good. 
If I would have been able to participate in at a few FATs and SATs before I started, or while 
doing  the  work  would  have  helped  a  lot.  Furthermore,  better  planning  from  the  start  would 
have  been  good,  since  e.g.  the  hydropower  restriction  came  quite  late.  However,  the  extra 
search and investigation of other power plant type tests is not wasted time. 
Finally I want to thank my supervisors and all people that have helped me at ABB ,  and  also 
my supervisor at Novia University of Applied Sciences. 
 
 
 
   
38 
 
5.  List of references 
 
/1/  The ABB Group 
  http://www.abb.com 
  (Read 11.01.2013) 
/2/  FK10-7-1S Relskydd.pdf 
  ABB internal document 
  (Read 12.01.2013) 
/3/  System 800xA introduction 
  http://www.abb.com 
  (Read 20.01.2013) 
/4/  SEP661 Generator protection REG670/650 
  ABB internal document 
  (Read 31.01.2013) 
/5/  CMC 256 Plus 
  http://www.omicron.at/en/products/pro/secondary-testing-calibration/cmc-356/ 
  (Read 30.01.2013) 
/6/  Under Excitation Protection 
  http://www.scribd.com/doc/8690902/Under-Excitation-Protection 
  (Read 31.01.2013) 
/7/  System 800xA  Modules and Termination Units 
  ABB internal document 
  (Read 04.02.2013) 
/8/  AC 800M  Controller Hardware 
  ABB internal document 
  (Read 04.02.2013) 
/9/  How a Generator Works 
  http://www.generatorguide.net/howgeneratorworks.html 
  (Read 13.02.2013) 
/10/  Excitation Basics Theory UNITROL 1000 
  ABB internal document 
  (Read 13.02.2013)  
/11/  Grigsby, L.L. (2001). The Electric Power Engineering Handbook, chapter 2.4 
  Auburn, Alabama: CRC Press LLC 
  (Read 13.03.2013) 
/12/  Hydroelectricity 
  http://en.wikipedia.org/wiki/Hydroelectricity 
  (Read 19.02.2013) 
39 
 
/13/  Crispin,  A.J  (1997).  Programmable  Logic  Controllers  and  their  Engineering 
  Applications, pages 9-10. London: McGraw-Hill 
/14/  How the PLC works? 
  http://masterplc.blogspot.fi/2010/01/how-plc-work.html 
  (Read 28.02.2013) 
/15/  Permanent magnet synchronous generator 
  http://en.wikipedia.org/wiki/Permanent_magnet_synchronous_generator 
  (Read 01.03.2013)  
/16/  MV Protection Relay Applications 
  ABB internal document 
  (Read 04.03.2013) 
/17/  AC and DC Motors  AC Motors: AC Induction Motor 
  http://www.globalspec.com/reference/10791/179909/chapter-3-ac-and-dc-motors-ac-
  motors-ac-induction-motor 
  (Read 05.03.2013) 
/18/  Hackworth,  J.R  &  Hackworth  F.D  (2004).  Programmable  Logic  Controllers: 
  Programming Methods and Applications, chapter 2 and 8. Pearson Education. 
/19/  Standard processbilder Vattenkraftverk 
  ABB internal document 
  (Read 15.03.2013) 
 
 
Appendices 
Appendix 1  General 
Appendix 2  AC800 + S800 
Appendix 3 800xA/Panel PP846 
Appendix 4  Turbine Modules 
Appendix 5  Protection relays & excitation 
 
APPENDIX 1  
1 (6) 
 
General 
 
  Scheme 
Date    Time  Tests  Responsible 
       
       
       
       
       
 
 
  Place: 
 
 
 
  Participants 
 
Name  Company  Title 
     
     
     
     
     
     
     
     
 
   
APPENDIX 1  
2 (6) 
 
Intention 
 
The document describes the goal with FAT, what should be tested and approved after completion. This 
is done to get the delivery accepted by the customer and thereby minimize commissioning time at site. 
 
 
Functions 
 
-  All functions meet given requirements and comply with given descriptions of the systems that 
are included. This applies to both standard features and specially developed ones. 
 
-  Functions cooperate globally as intended for the various systems that are interconnected. 
 
Database content 
 
-  Input data is consistent with requirements according to scope of delivery. Includes all relevant 
types of data, images, I/O signals etc. 
 
Performance and use of capacity 
 
-  Performance and capacity of individual systems and performance for functions meet given 
requirements for different operating conditions 
 
Hardware included in the tests 
 
-  Verification that the hardware used in tests is the same as in final delivery 
 
 
Conditions 
 
Equipment at FAT should consist of the system that will be delivered as closely as possible. 
System documentation is available in either electronic and or paper form. 
At FAT, all errors, deviations and eventual wishes is to be noted down. When the decided measure 
is taken, it is controlled and the form is signed again.  
Signed FAT-description by purchaser and supplier is the record of an executed FAT. 
 
   
APPENDIX 1  
3 (6) 
 
System configuration 
 
FAT connection 
At FAT configurations will be made as closely as possible according to delivery system with correct IP 
addresses. 
 
System structure  *Project* 
 
   
APPENDIX 1  
4 (6) 
 
Preparations 
Make sure, that: 
  Hardware is delivered 
  Hardware is correctly installed 
  Test equipment and tools are available 
  Necessary documentation is available 
 
 
FAT-layout 
Items: 
1.  Control that all test equipment is present, correctly installed and that FAT can be 
performed safely. 
2.  Control the systems general layout. 
3.  Control hardware grounding. 
4.  Control voltage feeds and their connections. 
5.  Control bus interface. 
 
Expected results: 
1.  All equipment that will be tested is delivered and installed correctly. 
2.  The system layout is in accordance with latest, approved documents. FAT area must be 
clean and cabinets must be placed clearly. 
3.  Cabinets that will be tested are connected to earth. 
4.  Voltage feeds are connected to switching device in accordance to drawings. 
5.  Bus connection should if possible, be connected to the corresponding hardware 
according to final form. 
   
APPENDIX 1  
5 (6) 
 
Documentation 
 
Ensure that the following documents are available: 
1.  FAT document 
2.  Drawings and layout 
3.  I/O-lists 
4.  Application program (Control builder) 
5.  Progress reports 
6.  Manuals 
   
Expected results: 
Documentation is available in either paper- or electronic form. 
APPENDIX 1  
6 (6) 
 
Test equipment and tools 
 
Items: 
Control that the following equipment is available: 
1.  Programming tools 
2.  Multimeter 
3.  Synchronization simulator 
4.  I/O-test simulator 
 
 
Expected results: 
  Test equipment and tools are available.
APPENDIX 2  
1 (35) 
 
AC800 controller test 
 
Configuration of AC800 controller 
IP addresses for the system is as follows: 
(Note: this is just an example of a configuration) 
Description  IP address  Node 
no. 
IP address 
configurated 
Controller 
commissioned 
AC800 Unit G1 (PM861) Primary  172.16.80.10  10     
AC800 Unit G1 (PM861) Secondary  172.17.80.10  10     
AC800 Unit G2 (PM861) Primary  172.16.80.20  20     
AC800 Unit G2 (PM861) Secondary  172.17.80.20  20     
AC800 Station computer (PM851) Primary  172.16.80.40  40     
AC800 Station computer (PM851) Secondary  172.16.80.40  40     
         
Excitation processor module G1  172.16.80.11  11     
Excitation process panel PP836 G1  172.16.80.12  12     
Excitation communication interface G1  172.16.80.13  13     
         
Vibration monitoring MCM G1  172.16.80.17  17     
Vibration monitoring MCM G2  172.16.80.18  18     
         
APPENDIX 2  
2 (35) 
 
Excitation processor module G2  172.16.80.21  21     
Excitation process panel PP836 G2  172.16.80.22  22     
Excitation communication interface G2  172.16.80.23  23     
         
PCU400 (Ethernet kort 1)  172.16.80.5  5     
PCU400 (Ethernet kort 2)         
         
Station computer AK-A95D01 (800xA) 
(Ethernet card 1) primary control network 
172.16.80.2  2     
(Ethernet card 2) secondary control network  172.17.80.2  2     
(Ethernet card 3) primary server network  172.16.4.2  2     
(Ethernet card 4) secondary server network  172.17.4.2  2     
(Ethernet card 5) RAP network  Dynamic IP       
(Ethernet card 6) IEC61850 network  172.16.20.2       
         
Station computer AK-A92D01 (PGIM) 
(Ethernet card 1) primary server network 
172.16.4.3  3     
(Ethernet card 2) secondary server network  172.17.4.3  3     
(Ethernet card 3) primary server network  Dynamic IP       
(Ethernet card 4) spare network  Dynamic IP       
(Ethernet card 5) spare network  Dynamic IP       
APPENDIX 2  
3 (35) 
 
(Ethernet card 6) spare network  Dynamic IP       
         
(PP846 process panel unit G1)  (172.16.4.45)  (15)     
         
Printer  172.16.4.16  16     
 
         
Unit G1 protection relay sub 1  172.16.20.191  191     
Unit G1 protection relay sub 2  172.16.20.192  192     
         
Unit G2 protection relay sub 1  172.16.20.193  193     
Unit G2 protection relay sub 2  172.16.20.194  194     
         
Line L115 protection relay  172.16.20.195  195     
Line L116 protection relay  172.16.20.196  196     
50A rail NUS protection  172.16.20.197  197     
         
Synchrotact synchronization  172.16.20.200  200     
Synchrotact powering  172.16.20.201  201     
         
   
APPENDIX 2  
4 (35) 
 
         
Switch EDS-408 control network  172.16.80.200  200     
Switch EDS-405 excitation G1  172.16.80.201  201     
Switch EDS-405 excitation G2  172.16.80.202  202     
Switch EDS-308  N/A       
Switch EDS-308  N/A       
Switch EDS-316  N/A       
         
Switch RuggendCom RS900 Unit G1  N/A       
Switch RuggendCom RS900 Unit G2  N/A       
         
Switch 1 RuggendCom RS900 (Fortum Dist.)  N/A       
Switch 2 RuggendCom RS900 (Fortum Dist.)  N/A       
 
Description 
Date  Sign 
G1 & Station, system monitoring list completed for all components regarding HMI system. 
(Service tags noted, MAC addresses noted). 
   
The system is connected according to system layout, layout is controlled. Cable markings 
for all communication units that are connected are also controlled. 
   
All MAC addresses for switches noted down (following page).     
 
APPENDIX 2  
5 (35) 
 
(NOTE: IP gateway address is set to 172.16.80.255, this is necessary to get communication to 
the switch online after a power failure. In case the IP gateway is set to 172.16.80.0, the 
operator control station wont get contact after a power failure). 
 
Screenshots of MAC addresses for switches: 
 
Switch EDS-408 Station 
 
 
 
 
Switch EDS-405 Unit G1 
 
 
APPENDIX 2  
6 (35) 
 
 
Switch EDS-405 Unit G2 
 
 
 
Switch RuggendCom RS900 Unit G1 
-N/A- 
 
Switch RuggendCom RS900 Unit G2 
-N/A- 
 
Switch 1 RuggendCom RS900 (Fortum Dist.) 
-N/A- 
 
Switch 2 RuggendCom RS900 (Fortum Dist.) 
-N/A- 
 
Switch EDS-405 
-N/A- 
 
Switch EDS-308 
APPENDIX 2  
7 (35) 
 
-N/A- 
 
Switch EDS-308 
-N/A- 
 
Switch EDS-316 
-N/A- 
 
 
APPENDIX 2  
8 (35) 
 
Controller load and capacity 
Processor  load  (Cyclic  load  and  Total  System  Load)  is  controlled  for  all  controllers  in  the 
system.  Processor  load  is  controlled  by  the  programming  tool  (Control  Builder)  set  to  on-line 
mode  by  choosing System  Diagnostics  for  all  controllers. The  observed  results  are  inserted 
in the table below: 
 
Data  N10 FAT  N10 SAT  N40 FAT  N40 SAT 
  IO  Appl  IO  Appl  IO  Appl  IO  Appl 
Exectime act    13  31  16  35  14  31  16  73 
Exectime max  14  32  16  36  14  32  17  76 
Intervaltime req  130  260  130  260  50  250  130  260 
Intervaltime max  370  468  447  671  467  619  431  591 
Modulebus scan   100ms  100ms  100ms  100ms 
Cyclic load  %  %  %  % 
Total system load  %  %  %  % 
Used memory  %  %  %  % 
Max used 
memory 
17%  17%  66%  65% 
         
Max used 
memory at stop 
17%  17%  66%  65% 
Warmstart stop 
time 
ms  ms  ms  ms 
FAT: __.__.____ / __________________  (Completed with all I/Os connected) 
Sitetest __.__.____ / __________________  (Completed with all I/Os connected) 
APPENDIX 2  
9 (35) 
 
Control that expected load is lower than recommended load / total load (max 70%). 
Data  N10 FAT  N10 SAT  N40 FAT  N40 SAT 
Max allowed 
cyclic load = 70%   
       
Max allowed total 
system load = 70% 
       
AC800 power supply monitoring 
 
Monitoring of power supply to controller and remote I/O modules. 
Tests are done at both FAT and SAT. 
 
No.   Description  Node  FAT  SAT  Sign 
1  Disconnect 24V power supply A F1 (from DC 
distribution panel) for controller. Alarm to alarm list and 
remote. 
10 
     
2  Disconnect 24V power supply B F2 (from DC 
distribution panel) for controller. Alarm to alarm list and 
remote. 
10 
     
3  Disconnect power supply for both F1 and F2 (from DC 
distribution panel). So that controller becomes 
powerless. STALL alarm is activated immediately and 
alarm is generated at station computer. 
10 
     
4  Disconnect 24V power supply A F1 for remote I/O panel 
(Panel MP1-G1), alarm to alarm list and remote. 
10 
     
APPENDIX 2  
10 (35) 
 
5  Disconnect 24V power supply B F2 for remote I/O panel 
(Panel MP1-G1), alarm to alarm list and remote. 
10 
     
6  Disconnect 24V power supply A and B for I/O cabinet 
(Panel MP1-G1), this gives DI/DO alarm after 2min and 
STALL alarm after 10s 
10 
     
7  Disconnect 24V power supply A F1 (from DC 
distribution panel) for controller. Alarm to alarm list and 
remote. 
40       
8  Disconnect 24V power supply B F2 (from DC 
distribution panel) for controller. Alarm to alarm list and 
remote. 
40       
9  Disconnect power supply for both F1 and F2 (from DC 
distribution panel). So that controller becomes 
powerless. STALL alarm is activated immediately and 
alarm is generated at unit 1 & 2. 
40       
10  Disconnect 24V power supply A F1 for remote I/O panel 
(Panel LU1), alarm to alarm list and remote. 
40       
11  Disconnect 24V power supply B F2 for remote I/O panel 
(Panel LU1), alarm to alarm list and remote. 
40       
12  Disconnect 24V power supply A and B for I/O cabin 
(Panel LU1), This gives DI/DO alarm after 2min and 
STALL alarm after 10s 
40       
 
 
   
APPENDIX 2  
11 (35) 
 
All controllers have their own DO which is normally high. This shows that the controllers 
have normal status (no critical fault). 
At critical fault this DO goes down and activates DI in another controller (alarm from the 
other controller) and STALL alarm to protection relay sub 1 & sub 2. 
 
        Date  Sign 
N10  DO124.15  =G1-A91.A01.XH11 
UNIT G1 STALL (OFFLOAD STOP) 
Alarm from own controller and offload stop 
to protection relay sub 1 & 2 
   
N10  DO124.16  =G1-A91.A01.XH12 
UNIT G1 STALL (SNABBSTOPP) 
Alarm from station computer and fast stop 
from protection relay 1 & 2 
   
N40  DI125.15  =AK-A91.A10.XG01  UNIT G1 STALL STATION COMPUTER     
N10  DO124.14  =G1-A91.A01.XH10  UNIT G1 STALL STATION COMPUTER     
N40  DO129.5  =AK-A91.A01.YH01  STATION COMPUTER STALL TO G1     
N10  DI103.4 
=AK-A91.A01.XG01 
STATION COMPUTER STALL ALARM 
TO G1 
   
           
 
   
APPENDIX 2  
12 (35) 
 
Monitoring test of AC800 STALL 
Tests are done at both FAT and SAT. 
 
No.   Description  AllUnitStatus   
1  Take out an S800 I/O card (DI/DO/AI) 
After 2min STALL alarm occurs 
  All nodes 
2  Take out an S800 I/O kort (DI/DO/AI) 
Put it back within a minute, only gives alarm, 
no STALL alarm. 
  All nodes 
3  Disconnect fiber/profibus between controller 
and CI801. Put it back within 1min. Only 
gives alarm (in case no STALL alarm is on 
remote I/O. Critical fault (STALL) if 
controller doesnt manage to update within 
2min. 
  All nodes 
4  Disconnect AO card from runner control, 
gives STALL alarm instantly and station 
computer assumes combining. 
  All nodes 
       
 
 
   
APPENDIX 2  
13 (35) 
 
 
  Description  Date  Sign 
5  Test that alarm is generated at communication fault 
against controller. Disconnect both Ethernet cables to 
unit G1 controller. Activate an alarm in controller for 
G1. Reconnect both Ethernet cables and verify that 
alarm is generated in correct time. 
 
(Note. alarm to panel846 will not be generated (no 
event conf). But alarm to 800xA and remote will be 
generated). 
   
7  Test that alarm is generated at communication fault 
against controller. Disconnect both Ethernet cables to 
station controller. Activate an alarm in controller for 
station. Reconnect Ethernet cables and verify that 
alarm is generated in correct time. 
 
(Note. alarm to panel846 will not be generated (no 
event conf). But alarm to 800xA and remote will be 
generated). 
   
   
   
   
   
 
 
 
APPENDIX 2  
14 (35) 
 
Tests are done for the following controllers: 
Node  Description  FAT Date  SAT Date  Sign 
N10  Unit G1 controller 
     
N40  Station controller 
     
         
 
Test of communication monitoring 
 
Nr   Description  Date  Sign 
1  Separate scheme available for communication 
(system layout). Mark controlled 
communication units with green, also control 
that cable numbers are available on all 
communication cables. 
   
2  Disconnect ethernet cable to excitation for unit 
G1, control that alarm is generated and that 
start conditions are no longer fulfilled. 
   
3  Disconnect ethernet cable to PCU400, control 
that alarm is generated and remote access is 
connected automatically and alarm is sent 
through reserve alarm sender. 
   
4.  Disconnect communication cable to operating 
center, control that alarm is generated and 
remote access is connected automatically and 
alarm is sent through reserve alarm sender. 
   
APPENDIX 2  
15 (35) 
 
5  Disconnect profibus to VP800, control that 
control signal becomes 0V 
(In case turbine regulator tries to control the 
throttle control error occurs after 10s and 
mechanical stop is enforced. (Alarm is 
generated immediately for the communication 
fault).  
Start disable is activated. 
   
6.  Disconnect profibus to AS800 (frequency 
measurement), control that turbine regulator 
transitions to RPM regulation. (Alarm is 
generated immediately for communication 
fault). 
   
7  Disconnect profibus to MCM800. Alarm is 
generated immediately for communication 
fault, (Start conditions still ok!) 
   
8  Disconnect profibus to remote I/O (+DA11), 
Start conditions not fulfilled and alarm is 
generated for communication fault, in case 
STALL DO is on remote I/O the unit trips 
STALL. A-Alarm is generated. 
   
9  Disconnect one profibus fiber to remote I/O 
(MP1-G1), alarm is generated but 
communication is still OK! (Both ways 
tested). 
   
   
APPENDIX 2  
16 (35) 
 
10  Disconnect the second fiber to remote I/O 
(MP1-G1), start conditions not fulfilled and 
alarm is generated for communication fault, in 
case no STALL DO is on remote I/O 
everything works normally, after 2min STALL 
alarm will be generated. 
A-Alarm is generated. 
   
   
   
14  Disconnect one profibus to remote I/O 
(+DA1), alarm is generated for 
communication fault, STALL alarm is 
generated to unit computers. A-Alarm to alarm 
list and remote. 
   
15  Disconnect one profibus fiber to remote I/O 
(LU1), alarm is generated but communication 
is still OK! (both ways tested) 
   
16  Disconnect the other fiber to remote I/O 
(LU1), alarm is generated for communication 
fault. 
A-Alarm is generated. 
   
   
   
 
 
APPENDIX 2  
17 (35) 
 
Test of communication monitoring RNRP  
(primary/secondary ethernet communication) 
 
Nr   Description  AllUnitStatus   
1  Disconnect primary ethernet cable from 
AC800M controller for unit G1, control 
system alarm list (network connection lost). 
Alarm should trip as D-Alarm to remote! 
Communication is still operational. 
   
2  Disconnect secondary ethernet cable from 
AC800M controller for unit G1, control 
system alarm list (network connection lost). 
Alarm should trip as D-Alarm to remote! 
Communication is still operational. 
   
3  Disconnect primary and secondary ethernet 
cables from AC800M controller for unit G1, 
control system alarm list (communication 
error). Alarm should be generated as A-Alarm 
to remote! 
   
       
7  Disconnect primary Ethernet cable from 
AC800M controller for station computer, 
control system alarm list (network connection 
lost). Alarm should trip as D-Alarm to remote! 
Communication is still operational. 
   
APPENDIX 2  
18 (35) 
 
8  Disconnect secondary ethernet cable from 
AC800M controller for station computer, 
Control system alarm list (network connection 
lost). Alarm should be generated as D-Alarm 
to remote! 
Communication is still operational. 
   
9  Disconnect primary and secondary Ethernet 
cables from AC800M controller for station 
computer, control system alarm list 
(communication error). Alarm should be 
generated as A-Alarm to remote! 
   
       
10  Disconnect primary control network cable 
from AK-A95D01 (800xA workplace) control 
system alarm list (network connection lost). 
Alarm should be generated as D-Alarm to 
remote! Communication is still operational. 
   
11  Disconnect secondary control network cable 
from AK-A95D01 (800xA workplace) control 
system alarm list (network connection lost) 
Alarm should be generated as D-Alarm to 
remote! Communication is still operational. 
   
12  Disconnect primary & secondary control 
network cables from AK-A95D01 (800xA 
workplace) Control system alarm list (network 
connection lost) Port fault in switch generates 
D-Alarm. 
   
APPENDIX 2  
19 (35) 
 
13  Disconnect primary server network cable from 
AK-A95D01 (800xA workplace) Control 
system alarm list (network connection lost) 
Alarm should be generated as D-Alarm to 
remote! Communication is still operational. 
   
14  Disconnect secondary server network cable 
from AK-A95D01 (800xA workplace) control 
system alarm list (network connection lost). 
Alarm should be generated as D-Alarm to 
remote! Communication is still operational. 
   
15  Disconnect primary & secondary server 
network cables from AK-A95D01 (800xA 
workplace) Control system alarm list (network 
connection lost). 
Alarm should be generated as A-Alarm to 
remote! 
   
       
16  Disconnect primary server network cable from 
AK-A95D02 (PGIM workplace) Control 
system alarm list (network connection lost). 
Alarm should be generated as D-Alarm to 
remote! Communication is still operational. 
   
17  Disconnect secondary server network cable 
from AK-A95D02 (PGIM workplace) control 
system alarm list (network connection lost). 
Alarm should trip as D-Alarm to remote! 
Communication is still operational. 
   
APPENDIX 2  
20 (35) 
 
18  Disconnect primary & secondary server 
network cables from AK-A95D02 (PGIM 
workplace) Control system alarm list (network 
connection lost). 
Alarm should trip as A-Alarm to remote! 
   
   
   
19  Disconnect primary control network cable 
from PCU400 control system alarm list 
(network connection lost). 
Alarm should trip as D-Alarm to remote! 
Communication is still operational. 
   
20  Disconnect secondary control network cable 
from PCU400 control system alarm list 
(network connection lost). 
Alarm should trip as D-Alarm to remote! 
Communication is still operational. 
   
21  Disconnect primary & secondary server 
network cables from PCU400 (PGIM 
workplace) control system alarm list (network 
connection lost). 
Alarm should trip as A-Alarm to remote! 
   
   
   
 
APPENDIX 2  
21 (35) 
 
 Communication 
Test of fiber/copper ring station communication: Test is done at FAT. 
 
In case 2 switches are connected as a ring-connection. 
Testing will confirm that communication still works if failure in the ring occurs, and that 
alarm is generated from every Ethernet switch in case a port is not connected. 
Continued communication at fiber failure is controlled from OPC server in 800xA workplace 
and that screenshots have delivered values. 
1  Ring configuration between RuggedCom for unit is tested. 
In case the ring is broken, alarm is generated to unit computer 1 
& 2. 
   
2  Control that communication works after power failure, is tested 
for: 
   
  Switch RuggedCom RS900 (IEC61850 G1) 
   
  Switch RuggedCom RS900 (IEC61850 G2) 
   
  Switch 1 RuggedCom RS900 (Fortum Distribution) 
   
  Switch 2 RuggedCom RS900 (Fortum Distribution) 
   
  Switch primary Control Network, EDS-408 (+DA1) 
   
  Switch primary Control Network, EDS-405 (Excitation G1) 
   
  Switch secondary Control Network, EDS-316 
   
  Switch primary server/client network, EDS-308 
   
  Switch secondary server/client network, EDS-308 
   
   
APPENDIX 2  
22 (35) 
 
3  Control that alarm occurs when an Ethernet cable is disconnected 
from the switch, is tested for: 
   
  Switch RuggedCom RS900 (IEC61850 G1) 
   
  Switch RuggedCom RS900 (IEC61850 G2) 
   
  Switch 1 RuggedCom RS900 (Fortum Distribution) 
   
  Switch 2 RuggedCom RS900 (Fortum Distribution) 
   
  Switch primary control network, EDS-408 (+DA1) 
   
  Switch primary controlNetwork, EDS-405 (Excitation G1) 
   
  Switch secondary control network, EDS-316 
   
  Switch primary server/client network, EDS-308 
   
  Switch secondary server/client network, EDS-308 
   
 
APPENDIX 2  
23 (35) 
 
Test of communication between AC800 controllers 
 
The testing should verify that controllers can communicate with each other and that 
communication stop generates alarm to alarm list. Communication alarm occurs after 
controller has not been updated within 30s.  
 
 
No.   Description  Date  sign 
1  Disconnect Ethernet cables to unit computer G1. Observe alarm from station computer.     
2  Disconnect Ethernet cables to station computer. Observe alarm from unit computer G1.     
       
APPENDIX 2  
24 (35) 
 
STALL Alarm and OSP configuration 
Stall alarm gives start blockage. 
OSP (output set as predetermined) configuration, stall alarm signals are configurated to give 
low signal instantly at communication fault, other DO maintain their actual value. OSP value 
is to maintain actual value, except for STALL alarm, switch on brakes and hatch 
closing/opening where OSP value should become a low signal. 
 
No.   Description  Date  sign 
  Control and mark controlled logic schemes with green for G1 
STALL (mechanical and electrical stop) 
   
  Disconnect fiber during operation to G1 remote I/O cabinet, 
control DO status that these dont change status at 
communication fault. In case communication is gone more than 
2min, STALL alarm will occur. 
Note. Interlocks of pumps are hardwired. 
   
  Disconnect profibus to G1 remote I/O which contains a STALL 
output. Output signal will immediately go low (doesnt wait 
2min) 
   
  At unit G1 stall alarm brakes wont activate! OSP value = 0. 
   
   
   
  Disconnect profibus for station remote I/O, outputs maintain 
actual value. 
   
  OSP configuration for open/close hatch 2 OSP value = 0, input 
goes low at communication fault to remote I/O. 
   
  OSP configuration for open/close hatch 4 OSP value = 0,  input 
goes low at communication fault to remote I/O. 
   
       
APPENDIX 2  
25 (35) 
 
Signaltest 
Test of signals to alarm/event list for PP846, 800xA and remote control. 
DI signals are activated from process where it is possible or from simulated I/O card (FAT, at 
SAT all signals are controlled according to circuit diagram). Calculated signals are controlled 
from process and PLC-program. 
No.  Description  Date  sign 
  DI signals unit G1 
   
  Calculated signals unit G1 
   
  PT100 signals unit G1 
   
  AI signals unit G1 
   
  DO signals unit G1 
   
  AO signals unit G1 
   
   
   
  DI signals station computer 
   
  Calculated signals station computer 
   
  PT100 signals station computer 
   
  AI signals station computer 
   
  DO signals station computer 
   
  AO signals station computer 
   
   
   
  Remote control (PCU400) 
   
See green marked I/O lists for documentation. 
APPENDIX 2  
26 (35) 
 
 
No.   Description  Date  sign 
  Visual check I/O list to hardware configuration in controller unit 
G1 
   
  Unit G1, control mA measurements with account for correct 
scaling hardware configuration. Jmfr mot panelinstrument. 
   
  Unit G1, visual check of signal list for calculated analogue signals 
to PLC program. Control that all are printed in program. 
   
       
  Visual check I/O list to hardware configuration in station 
computer. 
   
  Station computer, control mA measurements with account for 
correct scaling in hardware configuration. Compare to panel 
instrument. 
   
  Station computer, visual check of signal list for calculated 
analogue signals to PLC program. Control that all are printed in 
program. 
   
 
APPENDIX 2  
27 (35) 
 
Function test sequences G1 
Sequences 
Whole sequence FAT simulation. Activate simulation mode for all objects that will be run 
from sequence. For turbine regulator a separate simulator is built. 
 
No.   Description  Unit 1  sign 
  Start to idle running without voltage 
   
  Start to idle running with voltage 
   
   
   
  Start to operation synchronization G1-S 
   
  Start from idle running without voltate to idle running with 
voltage 
   
  Start from idle running without voltage to operation 
   
  Start from idle running with voltage to operation 
   
  From operation; Disconnection to idle running with 
voltage 
   
  From operation; Disconnection to idle running without 
voltage 
   
  From operation; to quick stop  
   
  From operation; to mechanical stop 
   
  From operation; to normal stop 
   
   
   
APPENDIX 2  
28 (35) 
 
  Verify the following function: 
In case T1-50-S breaker opens when unit is in operation, 
sequence will go to idle running with voltage, turbine 
regulator goes to idle mode.  
Operator now has 2 possibilities, synchronize T1-50-S or 
open G1-S and then switch T1-50-S breaker and 
afterwards pressing start operation. 
   
  Verify the following function: 
Unit is idle running with voltage, operator switches field 
breaker off, excitation is de-excited and field breaker is 
turned off. 
   
  Verify the following function: 
Unit is operational, operator tries to switch off field 
breaker, this is not possible because G1-S blocks off 
switching of field breaker. 
   
  Verify the following function: 
At synchronization of G1-S operator switches off G1-S 
(cancel synchronization). Sequence is cancelled and jumps 
to idle running with voltage. It is now possible to give a 
new start sequence. 
   
       
 
   
APPENDIX 2  
29 (35) 
 
Sequence interrupts 
Simulation of faults that interrupts the sequence.  
No.   Description  Unit 1  sign 
1  Long start time  step 1,2,3, and 4 
Start time set to 10s/step. Press start, sequence starts. Sequence 
step is blocked and after 10s stop sequence is activated. 
Alarm for actual step is generated with the message STOP 
   
2  Long excitation time  step 5 and 6 
Set step time to 10s/step and block that field breaker goes 
to/excitation starts. After 10s stop sequence is activated. 
Alarm for actual step is generated with the message STOP 
   
3  Long synchronization time  step 7 and commanded phasing 
of G1-S 
Step time is changed to 10s/step. 
After 10s sequence is cancelled and unit indicates idle running 
with voltage. 
Press G1-S phasing and change max synchronization time in 
faceplate to 10s. Control that cancel phasing occurs after 10s. 
   
   
   
4  Long mechanical stop time  stop step 1 
Change step time so that mechanical stop wont occur, stop 
sequence goes on to step 2. Control that alarm is generated (long 
stop time step 1). 
   
APPENDIX 2  
30 (35) 
 
5  Long disconnection time  G1-S  
Block output for G1-S switching off. At long step time STALL 
alarm will activate and switch off breaker through SUB2. 
Control that alarm is generated (long stop time step 2). 
   
6  Long disconnection time/de-excitation time  G1-FB 
Block output for G1-FB switch off. At long step time STALL 
alarm will be activated and disconnect breaker through SUB2. 
Control that alarm is generated (long stop time step 3/4). 
   
7  Long closing time  D/S-valve 
Block output for D/S valve. At long step time intake hatch will 
close. (sequence will not continue before D/S-valve is in stop 
mode or throttle closed) 
   
   
   
8  Long stop time  step 9 
In case any object is in manual mode these will not be stopped 
from stop sequence. After step time has expired, sequence jumps 
to next step and unit doesnt go to start blockage. (Unit is still 
start ready). 
   
   
   
 
   
APPENDIX 2  
31 (35) 
 
Stop/Electrical stop/Mechanical stop Unit G1 
Test of function 
 
Nr   Description  Unit 1  sign 
1  Control that all stops generate stops, control against logic 
schemes.  
   
2  Control that all quick stops generate quick stops, control 
against logic schemes. 
   
3  Control that all mechanical stops generate mechanical stops, 
control against logic schemes. 
   
   
   
 
APPENDIX 2  
32 (35) 
 
Control of blocking interlocks  
Test of function from logic schemes. 
 
No.   Description  Date  sign 
1  Control all logic schemes to real process. Interlocks stops 
pumps according to logic scheme. G1 Control. 
   
2  Control all logic schemes to real process. Interlocks breaker 
according to logic scheme. G1 Control. 
   
3  Go through all start blockings for unit G1. 
   
   
   
7  Control all logic schemes to real process. Interlocks stop pumps 
as they should. Station control. 
   
8  Control all logic schemes to real process. Interlocks stop 
breakers according to logic scheme. Station control. 
   
   
   
 
APPENDIX 3  
1 (8) 
 
Test of panel 800xA/PP846 process pictures 
 
Panel for station, unit 1 and unit 2 
 
No.   Description  Unit G1  Unit G2  Station 
  Panel pictures controlled. Breaker positions and 
measurements done.  
     
  Commands and setpoints tested (see controller part). 
     
  Alarm/event list controlled to I/O list. 
     
         
         
 
Panel pictures for station, unit G1 and unit G2 
Process panel is backup control for 800xA system, from which one can see the objects that 
are criteria to be able to start unit. It is possible to see start criteria/start blockings, alarm and 
event list. It is not possible to control from this (breaker control is in adjacent panel, 
start/stop of unit is also in adjacent panels). There are setpoints that can be changed from 
process panel. 
 
No.  Process picture: 
Symbols  Signals 
Date  sign 
  Main (object switch) 
       
  Electrical line diagram 
       
   
       
  Unit G1, Start/Stop 
       
APPENDIX 3  
2 (8) 
 
  Unit G1, Start blockings 
       
  Unit G1, Start conditions page 1 
       
  Unit G1, Start conditions page 2 
       
  Unit G1, Turbine_SP 
       
  Unitt G1, Voltageregulator_SP 
       
  Unitt G1, Temperature/Vibration 
       
   
       
  Unit G2, Start/Stop 
       
  Unit G2, Start blockings 
       
  Unit G2, Start conditions page 1 
       
  Unit G2, Start conditions page 2 
       
  Unit G2, Turbine_SP 
       
  Unit G2, Voltagereg_SP 
       
  Unit G2, Temperature/Vibration 
       
   
       
 
APPENDIX 3  
3 (8) 
 
800xA process pictures for station, Unit 1 and Unit 2 
 
Following pictures defined and controlled, control all links by clicking diagnostics for every 
process picture, no conflicts may occur. Max time for picture change until all objects are 
loaded is 3s (for analogue signals and 1s for digital signals) 
 
 
 
 
No.  Process picture: 
Diagno
stics 
Timing 
(subscrip
tion) 
Errors & 
Warnings 
Date  sign 
  Stationssida contains information about 
object switch and production. In case 
PCU400 is used for remote control there is 
a link to remote control PCU400 at the 
right side of process picture. Links to 
various plant parts is also at start page. 
         
  Aggregatversikt contains information 
about all units operation status, MW, RPM, 
ongoing start/stop, start ready etc. 
         
  Aggregat shows submenu for chosen unit. 
         
  Station shows submenu for station. 
         
  Vattenversikt contains station control, 
unit flow, wicket flows and water levels. 
         
  Dokumentation contains links to 
documentation folders. 
         
 
APPENDIX 3  
4 (8) 
 
800xA process pictures for station 
 
 
 
No.  Process picture 
Diagno
stics 
Timing 
(subscrip
tion) 
Errors 
& 
Warnin
gs 
Date  sign 
  Station contains station overview, flows, 
power, MWh, object switch. 
         
  Enlinjeschema contains information about 
switchgear: breaker, disconnector and 
measurement values. 
         
  Lokalkraft 400V contains information 
about local power, switching automation 
and backup power. 
         
  Lokalkraft DC contains information about 
distribution, battery voltage, rectifiers and 
inverters. 
         
  Ventilation contains information about 
ventilation, fire dampers etc. 
         
  Systemversikt contains overview over 
control system like status for PC/Server 
and PLC system. 
         
   
         
APPENDIX 3  
5 (8) 
 
800xA process pictures, unit G1 
 
 
No.  Process picture: 
Diagno
stics 
Timing 
(subscrip
tion) 
Errors 
& 
Warnin
gs 
Date  sign 
  Aggregat contains information about unit 
status, MW, RPM, ongoing start/stop, start 
ready etc. 
         
  Generator contains information about 
generator, excitation and auxiliary 
equipment like brakes and lubrication oil 
pumps. 
         
  Turbin contains oil system regulation, 
turbine signals and auxiliary equipment for 
turbine control. 
         
  Start/stoppsekvens contains sequence for 
stop and start. And also trend for start-up 
containing throttle setpoint/actual value 
runner position and effect. 
         
  Startfrigivning contains all of the starting 
approvals. 
         
  Startblockering contains all of the start 
blockings. 
         
APPENDIX 3  
6 (8) 
 
  Kylvatten contains coolant water system 
and drainage system. 
         
  Temperatur contains all temperatures for 
actual unit and all stations temperatures. 
         
  Drifttider contains operating times for 
actual units objects and all station objects. 
         
   
         
 
APPENDIX 3  
7 (8) 
 
800xA process pictures, unit G2 
 
 
No.  Process picture: 
Diagno
stics 
Timing 
(subscrip
tion) 
Errors 
& 
Warnin
gs 
Date  sign 
  Aggregat contains information about unit 
status, MW, RPM, ongoing start/stop, start 
ready etc. 
         
  Generator contains information about 
generator, excitation and auxiliary 
equipment like brakes and lubrication oil 
pumps. 
         
  Turbin contains oil system regulation, 
turbine signals and auxiliary equipment for 
turbine control. 
         
  Start/stoppsekvens contains sequence for 
stop and start. And also trend for start-up 
containing throttle setpoint/actual value 
runner position and effect. 
         
  Startfrigivning contains all of the starting 
approvals. 
         
  Startblockering contains all of the start 
blockings. 
         
APPENDIX 3  
8 (8) 
 
  Kylvatten contains coolant water system 
and drainage system. 
         
  Temperatur contains all temperatures for 
actual unit and all stations temperatures. 
         
  Drifttider contains operating times for 
actual units objects and all station objects. 
         
   
         
 
800xA screenshots of process pictures 
 
No.   Description  Unit G1  Unit G2  Station 
1 
800xA, take a screenshot of every process picture, and copy these into an 
excel document. 
     
2 
800xA, take a screenshot of every process picture, and copy these into an 
excel document. 
     
   
     
 
 
APPENDIX 4  
1 (3) 
 
Temperature monitoring Test Report 
STATION :  
Project Name 
Functunal Structure : 
=Gx-A73 
EQUIPMENT : 
800xA Trends 
Idle Mode, bearing temperatures: 
N/A 
Full load, bearing temperatures: 
 Full load, temperature stator windings/core: 
APPENDIX 4  
2 (3) 
 
 
APPENDIX 4  
3 (3) 
 
Full load, temperature stator air: 
 
 
 
 
 
REMARKS: 
 
 
 
 
 
 
 
Inspected by :  Date :   
 
Approved by :  Date :   
  Signature of the Engineer or Client
APPENDIX 5  
1 (3) 
 
 
APPENDIX 5  
2 (3) 
 
 
APPENDIX 5  
3 (3)