PLC and SCADA summer training report- government engineering college ajmer
Automation is the use of control systems and information technologies to reduce the need for
human work in the production of goods and services. In the scope of industrialization,
automation is a step beyond mechanization. Whereas mechanization provided human operators
with machinery to assist them with the muscular requirements of work, automation greatly
decreases the need for human sensory and mental requirements as well. Automation plays an
increasingly important role in the world economy and in daily experience.
FIG-1.1: AUTOMATION SYSTEM
1.1 TYPES OF AUTOMATION
1. Discrete Control (on/off)
2. Continuous control
3. Open and closed loop
4. Sequential control and logical sequence or system state control
6. Computer control
1.2 AUTOMATION TOOLS
Engineers can now have numerical control over automated devices. The result has been a
rapidly expanding range of applications and human activities. Computer-aided technologies
(or CAx) now serve as the basis for mathematical and organizational tools used to create
complex systems. Notable examples of CAx include Computer-aided design (CAD software)
and Computer-aided manufacturing (CAM software). The improved design, analysis, and
manufacture of products enabled by CAx has been beneficial for industry
Different types of automation tools exist:
1. ANN - Artificial neural network
2. DCS - Distributed Control System
3. HMI - Human Machine Interface
4. SCADA - Supervisory Control and Data Acquisition
5. PLC - Programmable Logic Controller
7. Motion control
1.3 AUTOMATION IMPACTS
1. It increases productivity and reduces cost.
2. Replacing human operators in tasks that involve hard physical or monotonous work.
3. Replacing humans in tasks done in dangerous environments (i.e. fire, space, volcanoes,
nuclear facilities, underwater, etc.)
4. Performing tasks that are beyond human capabilities of size, weight, speed, endurance, etc.
5. Automation is often applied primarily to increase quality in the manufacturing process,
where automation can increase quality substantially.
6. Automation reduces power consumption and reduces man power requirement.
7. Automation improves production quality.
8. Automation provides safer working conditions.
1.4 LIMITATIONS TO AUTOMATION
1. Current technology is unable to automate all the desired tasks.
2. Many operations using automation have large amounts of invested capital and produce high
volumes of product, making malfunctions extremely costly and potentially hazardous.
Therefore, some personnel are needed to insure that the entire system functions properly
and that safety and product quality are maintained.
3. As a process becomes increasingly automated, there is less and less labor to be saved or
quality improvement to be gained. This is an example of both diminishing returns and
the logistic function.
4. As more and more processes become automated, there are fewer remaining non-automated
processes. This is an example of exhaustion of opportunities. New technological paradigms
may however set new limits that surpass the previous limits.
PROGRAMMABLE LOGIC CONTROLLER (PLC)
A programmable logic controller (PLC) or programmable controller is a digital computer
used for automation of electromechanical processes, such as control of machinery on factory
assembly lines, amusement rides, or light fixtures. PLCs are used in many industries and
machines. Unlike general-purpose computers, the PLC is designed for multiple inputs and
output arrangements, extended temperature ranges, immunity to electrical noise, and
resistance to vibration and impact. Programs to control machine operation are typically stored
in battery-backed or non-volatile memory. A PLC is an example of a hard real time system
since output results must be produced in response to input conditions within a bounded time,
otherwise unintended operation will result.
2.1.1 What does ‘PLC’ mean
A PLC (Programmable Logic Controllers) is an industrial computer used to monitor inputs,
and depending upon their state make decisions based on its program or logic, to control (turn
on/off) its outputs to automate a machine or a process.
2.1.2 NEMA defines a PROGRAMMABLE LOGIC CONTROLLER as
“A digitally operating electronic apparatus which uses a programmable memory for the internal
storage of instructions by implementing specific functions such as logic sequencing, timing,
counting, and arithmetic to control, through digital or analog input/output modules, various
types of machines or processes”.
2.1.3 Traditional PLC Applications
1. In automated system, PLC controller is usually the central part of a process control system.
2. To run more complex processes it is possible to connect more PLC controllers to a central
2.1.4 Disadvantages of PLC control
1. Too much work required in connecting wires.
2. Difficulty with changes or replacements.
3. Difficulty in finding errors; requiring skilful work force.
4. When a problem occurs, hold-up time is indefinite, usually long.
2.1.5 Advantages of PLC control
1. Rugged and designed to withstand vibrations, temperature, humidity, and noise.
2. Have interfacing for inputs and outputs already inside the controller.
3. Easily programmed and have an easily understood programming language.
2.1.6 Major Types of Industrial Control Systems
Industrial control system or ICS comprise of different types of control systems that are
currently in operation in various industries. These control systems include PLC, SCADA and
DCS and various others:
They are based on the Boolean logic operations whereas some models use timers and some
have continuous control. These devices are computer based and are used to control various
process and equipments within a facility. PLCs control the components in the DCS and
SCADA systems but they are primary components in smaller control configurations.
Distributed Control Systems consists of decentralized elements and all the processes are
controlled by these elements. Human interaction is minimized so the labor costs and injuries
can be reduced.
2.1.9 Embedded Control
In this control system, small components are attached to the industrial computer system with
the help of a network and control is exercised.
Supervisory Control and Data Acquisition refers to a centralized system and this system is
composed of various subsystems like Remote Telemetry Units, Human Machine Interface,
Programmable Logic Controller or PLC and Communications.
2.2 THE HISTORY OF PLCS
First Programmable Logic Controllers were designed and developed by Modicon as a relay
replacer for GM and Landis.
These controllers eliminated the need for rewiring and adding additional hardware for each
new configuration of logic.
The first commercial successful PLC, the 184, was introduced in 1973 and was designed by
2.3 ADVANTAGE OF PLC
PLCs not only are capable of performing the same tasks as hard-wired control, but are also
capable of many more complex applications. In addition, the PLC program and electronic
communication lines replace much of the interconnecting wires required by hard-wired control.
Therefore, hard-wiring, though still required to connect field devices, is less intensive. This
also makes correcting errors and modifying the application easier.
Some of the additional advantages of PLCs are as follows:
1. Smaller physical size than hard-wire solutions
2. Easier and faster to make changes.
3. PLCs have integrated diagnostics and override functions.
4. Diagnostics are centrally available.
5. Applications can be immediately documented.
6. Applications can be duplicated faster and less expensively.
2.4 AREAS OF APPLICATION
1. Manufacturing / Machining
2. Food / Beverage
6. Petrochemical / Chemical
2.5.1 inside A PLC
The Central Processing Unit (CPU) contains an internal program that tells the PLC how to
perform the following functions:
Execute the Control Instructions contained in the User's Programs. This program is stored in
"nonvolatile" memory, meaning that the program will not be lost if power is removed
Communicate with other devices, which can include I/O Devices, Programming Devices,
Networks, and even other PLCs.
Perform Housekeeping activities such as Communications, Internal Diagnostics, etc.
Fig-2.1: Major component of common plc.
Fig-2.2: Typical PLC control panel
2.5.2 Central Processing Unit (CPU)
The microprocessor or processor module is the brain of a PLC system. It consists of the
microprocessor, memory integrated circuits, and circuits necessary to store and retrieve
information from memory. It also includes communications ports to other peripherals, other
PLC's or programming terminals. Today's processors vary widely in their capabilities to control
real world devices. Some control as few as 6 inputs and outputs (I/O) and others 40,000 or
more. One processor can control more than one process or manufacturing line. Processors are
often linked together in order to provide continuity throughout the process.
The number of inputs and outputs PLCs can control are limited by the overall capacity of the
PLC system hardware and memory capabilities. The job of the processor is to monitor status
or state of input devices, scan and solve the logic of a user program, and control on or off state
of output devices.
RAM or Random Access Memory is a volatile memory that would lose its information if power
were removed. This is why some processor units incorporate a battery back-up. The type of
RAM normally used is CMOS or Complementary Metal Oxide Semiconductor.
ROM or Read Only Memory is a non-volatile type of memory. This means you don't need an
external power source to keep information. In this type of memory, information can be read,
but not changed. For this reason the manufacture sometimes calls this firmware.
EEPROM or Electrically Erasable Programmable Read Only Memory is usually an add-on
memory module that is used to back up the main program in CMOS RAM of the processor. In
many cases, the processor can be programmed to load the EEPOM's program to RAM if RAM
is lost or corrupted.
2.5.4 I/O SECTIONS
188.8.131.52 Input Module
FIG-2.3: INPUT MODULE OF PLC
There are many types of input modules to choose from. The type of input module used is
dependent upon what real world input to the PLC is desired. Some examples of inputs are limit
switches, electric eyes, and pushbuttons. DC inputs, such as thumbwheel switches, can be used
to enter integer values to be manipulated by the PLC. DC input cards are used for this
application. Since most industrial power systems are inherently noisy, electrical isolation is
provided between the input and the processor. Electromagnetic interference (EMI) and Radio
Frequency Interference (RFI) can cause severe problems in most solid state control systems.
The component used most often to provide electrical isolation within I/O cards is called an
optical isolator or optocoupler. The wiring of an input is not complex. The object is to get a
voltage at a particular point on the card. Typically there are 8 to 32 input points on any one
input module. Each point will be assigned a unique address by the processor. Analog input
modules are special input cards that use analog to digital conversion (A to D) to sense variables
such as temperature, speed, pressure, and position. The external device normally is connected
to a controller (transducer) producing an electrical signal the analog input card can interpret.
This signal is usually 4 to 20 Ma or a 0 to 10 volt signal.
184.108.40.206 Output Module
FIG-2.4: OUTPUT MODULE OF PLC
Output modules can be for used for ac or dc devices such as solenoids, relays, contractors, pilot
lamps, and LED readouts. Output cards usually have from 6 to 32 output points on a single
module. The output device within the card provides the connection from the user power supply
to the load. Usually silicon controlled rectifiers (SCR), triac, or dry contact relays are use for
this purpose. Individual outputs are rated most often at 2 to 3 amperes. Output cards, like input
cards have electrical isolation between the load being connected and the PLC. Analog output
cards are a special type of output modules that use digital to analog conversion (D to A). The
analog output module can take a value stored in a 12 bit file and convert it to an analog signal.
Normally this signal is 0 -10 volts dc or 4 to 20 Ma. This analog signal is often used in
equipment such as motor operated valves and pneumatic position control devices.
2.5.5 System Busses
The internal paths along which the digital signals flow within the PLC are called busses.
The system has four busses:
1. The CPU uses the data bus for sending data between the different elements,
2. The address bus to send the addresses of locations for accessing stored data,
3. The control bus for signals relating to internal control actions,
4. The system bus is used for communications between the I/O ports and the I/O unit.
2.5.6 Power Supply
Most PLC controllers work either at 24 VDC or 220 VAC. Some PLC controllers
have electrical supply as a separate module, while small and medium series already contain the
2.5.7 Programming Device
The programming device is used to enter the required program into the memory of the
The program is developed in the programming device and then transferred to the memory unit
of the PLC.
2.6 PLC OPERATION
There are four basic steps in the operation of all PLCs: which continually take place in a
1 Input Scan
2 Program Scan
3 Output Scan
1. Input Scan: Detects the state of all input devices that are connected to the PLC
2. Program Scan: Executes the user created program logic.
Fig-2.5: Block diagram of control system
Fig-2.6: PLC operation cycle
3. Output Scan: Energizes or de-energize all output devices that are connected to the PLC.
4. Housekeeping: This step includes communications with programming terminals, internal
2.6.1 CHECK INPUT STATUS:
First the PLC takes a look at each input to determine if it is on or off. In other words, is the
sensor connected to the first input on? Then the second input? Then the third and so on…. It
records this data into its memory to be used during the next step.
2.6.2 EXECUTE PROGRAM:
Next the PLC executes your program one instruction at a time. Maybe the program says that if
the first input was on then it should turn on the first output. Since it already knows which inputs
are on/off from the previous step it will be able to decide whether the first output should be
turned on based on the state of the first input. It will store the execution results for use later
during the next step.
2.6.3 UPDATE OUTPUT STATUS:
Finally the PLC updates the status of the outputs. It updates the outputs based on which inputs
were on during the first step and the results of executing your program during the second step.
Based on the example in step 2 it would now turn on the first
Output because the first input was on and your program said to turn on the first output when
this condition is true.
After the third step the PLC goes back to step one and repeats the steps continuously. One scan
time is defined as the time it takes to execute the 3 steps listed above
2.6.4 OUTPUT RELAYS:
These are connected to the outside world. They physically exist and send on/off signals to
solenoids , lights ,etc.
They can be transistors, relays, or tries depending upon the model chosen.
2.6.5 DATA STORAGE
Typically there are registers assigned to simply store data. Usually used as temporary storage
for math or data manipulation.
They can also typically be used to store data when power is removed from the
FIG-2.7: COMMUNICATION MODULE
There are several methods to communicate between a PLC and a programmer or even between
two PLCs. Communications between a PLC and a programmer (PC or Hand held) are provided
by the makers and you only have to plug in a cable from your PC to the programming port on
the PLC. This communication can be RS232; RS485 or TTY. Communications between two
PLCs can be carried out by dedicated links supplied/programmed by the makers (RS232 etc)
or via outputs from one PLC to the inputs on another PLC. This direct link method of
communication can be as simple as, if an output on the first PLC is on then the corresponding
input on the second PLC will be on and then this input is used within the program on the second
If a word of input/outputs (16 bits) are used then numerical data can be transferred from one
PLC to the other (refer back to the section on numbering systems). There are many other
methods of communication between PLCs and also from PLC to PC. Refer to the manuals
supplied with the PLC that you are using for full details on communications.
2.7.1 Extension modules
PLC I/O number can be increased through certain additional modules by system extension
through extension lines. Each module can contain extension both of input and output lines.
Extension modules can have inputs and outputs of a different nature from those on the PLC
controller. When there are many I/O located considerable distances away from the PLC an
economic solution is to use I/O modules and use cables to connect these, over the long
distances, to the PLC.
2.7.2 Remote I/O connections
When there are many I/O located considerable distances away from
the PLC an economic solution is to use I/O modules and use cables to
connect these, over the long distances, to the PLC.
2.7.3 Remote PLCs
In some situations a number of PLCs may be linked together with a master PLC unit sending
and receiving I/O data from the other units.
Twisted-pair cabling, often routed through steel conduit. Coaxial cable enables higher data
rates to be transmitted and does not require the shielding of steel conduit.
Fiber-optic cabling has the advantage of resistance to noise, small size and flexibility.
2.7.5 Parallel communication
Parallel communication is when all the constituent bits of a word are
simultaneously transmitted along parallel cables. This allows data to be transmitted over short
distances at high speeds. Might be used when connecting laboratory instruments to the system.
2.7.6 Parallel standards
The standard interface most commonly used for parallel communication is IEEE-488, and now
termed as General Purpose Instrument Bus (GPIB). Parallel data communications can take
place between listeners , talkers , and controllers. There are 24 lines: 8 data (bidirectional), 5
status & control, 3 handshaking, and 8 ground lines.
2.7.7 Serial communication
Serial communication is when data is transmitted one bit at a time. A data word has to be
separated into its constituent bits for transmission and then reassembled into the word when
received. Serial communication is used for transmitting data over long distances. Might be used
for the connection between a computer and a PLC.
2.7.8 Serial standards
RS-232 communications is the most popular method of plc to external device communications.
RS 232 is a communication interface included under SCADA applications. Other standards
such as RS422 and RS423 are similar to RS232 although they permit higher transmission rates
and longer cable distances.
2.7.9 There are 2 types of RS-232 devices:
DTE – Data Terminal Equipment and a common example is a computer.
DCE – Data Communications Equipment and a common example is a modem.
PLC may be either a DTE or DCE device.
ASCII is a human-readable to computer-readable translation code (each letter/number is
translated to 1’s and 0’s). It’s a 7-bit code, so we can translate 128 characters (2^7 is 128).
It is necessary to exercise control of the flow of data between two devices so what constitutes
the message, and how the communication is to be initiated and terminated, is defined. This is
termed the protocol.
One device needs to indicate to the other to start or stop sending data.
Interconnecting several devices can present problems because of compatibility problems.
In order to facilitate communications between different devices the International Standard
Organization (ISO) in 1979 devised a model to be used for standardization for Open System
2.8 PLC Programming Software
1. Allen-Bradley – Rockwell Software RSLogix500
2. Mitsubishi – GX DEVELOPER MELSEC QnA/QnAS/System Q and FX PLCs
Restrictions: 1000 steps
3. Siemens: Step 7 Micro/win, Step 7 Professional Trial Software: S7-300, S7-400 and S7-
Restrictions: Link explains how to request a trial version
4. Modicon: Unity Pro: M340 PACs and Premium and Quantum PLCs
5. ABB: CoDeSys Software:AC500 and S500 PLCs
6. OMRON: CX One: CJ1, CJ2, CP1, CPM, CQM1H and CS1 PLCs
7. DELTA ELECTRONICS: DVP & DVP-PM: Delta Electronics Software: DVP & DVP-
2.9 PLC PROGRAMMING
Various languages are used for programming of PLCs:
2.9.1 Programming Devices
1. PLC can be reprogrammed through an appropriate programming device:
2. Programming Console
4. Hand Programmer
2.9.2 Introduction to Ladder Logic
Ladder logic uses graphic symbols similar to relay schematic circuit diagrams.
Ladder diagram consists of two vertical lines representing the power rails. Circuits are
connected as horizontal lines between these two verticals.
2.9.3 Ladder diagram features
Power flows from left to right.
1. Output on right side can not be connected directly with left side.
2. Contact can not be placed on the right of output.
3. Each rung contains one output at least.
4. Each output can be used only once in the program.
5. A particular input a/o output can appear in more than one rung of a ladder.
6. The inputs a/o outputs are all identified by their addresses, the notation used depending on
the PLC manufacturer.
2.9.4 Ladder diagram (LD)
Ladder diagram is a graphic programming language derived from the circuit diagram of directly
wired relay controls. The ladder diagram contains contact rails to the left and the right of the
diagram; these contact rails are connected to switching elements (normally open / normally
closed contacts) via current paths and coil elements.
Fig-2.8: Ladder diagram of PLC
2.9.5 Function block diagram (FBD)
In the function block diagram, the functions and function blocks are represented graphically
and interconnected into networks. The function block diagram originates from the logic
diagram for the design of electronic circuits
Fig-2.9: Logical operation in PLC
2.9.6 Sequential function chart (SFC)
The sequential function chart is a language resource for the structuring of sequence-oriented
control programs. The elements of the sequential function chart are steps, transitions,
alternative and parallel branching. Each step represents a processing status of a control
program, which is active or inactive. A step consists of actions which, identical to the
transitions, are formulated in the IEC 1131-3 languages. Actions themselves can again contain
sequence structures. This feature permits the hierarchical structure of a control program. The
sequential function chart is therefore an excellent tool for the design and structuring of control
2.9.7 Instruction list (IL)
Statement list is a textual assembler-type language characterized by a simple machine model
(processor with only one register). Instruction list is formulated from control instructions
consisting of an operator and an operand.
ST Sleeve in
With regard to language philosophy, the ladder diagram, the function block diagram and
instruction list have been defined in the way they are used in today’s PLC technology. They
are however limited to basic functions as far as their elements are concerned. This separates
them essentially from the company dialects used today. The competitiveness of these languages
is maintained due to the use of functions and function blocks.
2.9.8 Structured text (ST)
Structured text is high-level language based on Pascal, which consists of expressions and
instructions. An Instructions can be defined in the main as: Selection instructions such as
IF...THEN...ELSE etc., repetition instructions such as FOR, WHILE etc. and function block
Sleeve in: = (Part_TypeA OR Fig. B5.7: Part_TypeB) AND Part_present AND Drill_ok;
Structured text enables the formulation of numerous applications, beyond pure function
technology, such as algorithmic problems (high order control algorithms etc.) and data
handling (data analysis, processing of complex data structures etc.).
2.10 LADDER LOGIC
Ladder Logic or Ladder Diagrams is the most common programming language used to program
Fig-2.11: Block diagram of single ladder
Ladder logic was one of the first programming approaches used in PLCs because it borrowed
heavily from the Relay Diagrams that plant electricians already knew.
The symbols used in Relay Ladder Logic consist of a power rail to the left, a second power rail
to the right, and individual circuits that connect the left power rail to the right. The logic of
each circuit (or rung) is solved from left to right. The symbols of these diagrams look like a
ladder - with two side rails and circuits that resemble rungs on a ladder.
The picture above has a single circuit or "rung" of ladder.
If Input1 is ON (or true) - power (logic) completes the circuit from the left rail to the right rail
– and Output1 turns ON (or true).
If Output1 is OFF (or false) - then the circuit is not completed and logic does not flow to the
right – and Output 1 is OFF.
There are many logic symbols available in Ladder Logic - including Timers, Counters, Math,
and Data Moves-such that any logical condition or control loop can be represented in Ladder
Logic. With just a handful of basic symbols - a Normally Open Contact, Normally Closed
Contact, Normally Open Coil, Normally Closed
Coil, Timer, Counter - most logical conditions can be represented.
2.10.1 CONTACTS AND COILS
With just the Normally Open Contact and Normally Open Coil - a surprising array of basic
logical conditions can be represented.
Normally Open Contact. This can be used to represent any input to the control logic - a
switch or sensor, a contact from an output, or an internal output.
When "solved" the referenced input is examined for an ON (logical 1) condition. If it is ON,
the contact will close and allow power (logic) to flow from left to right. If the status is OFF
(logical 0), the contact is Open, power (logic) will NOT flow from left to right.
Normally Open Coil. This can be used to represent any discrete output from the control
logic. When "solved" if the logic to the left of the coil is TRUE, the referenced output is ON
2.10.2 Solving a Single Rung
Fig-2.12: Single Rung
Suppose a switch is wired to Input1, and a light bulb is wired through Output1 in such a way
that the light is OFF when Output1 is OFF, and ON when Output1 is ON.
When Input1 is OFF (logical 0) the contact remains open and power cannot flow from left to
right. Therefore, Output1 remains OFF (logical 0).
When Input1 is ON (logical 1) then the contact closes, power flows from left to right, and
Output1 becomes ON (the light turns ON).
220.127.116.11 The AND Rung
The AND is a basic fundamental logic condition that is easy to directly represent in Ladder
Fig-2.13: Block diagram of AND operation
Suppose a switch is wired to Switch1, a second switch is wired to Switch2, and a light bulb is
wired through Light1 in such a way that the light is OFF when Light1 is OFF, and ON when
Light1 is ON.
In order for Light1 to turn ON, Switch1 must be ON, AND Switch2 must be ON.
If Switch1 is OFF, power (logic) flow from the left rail, but stops at Switch1. Light1 will be
OFF regardless of the state of Switch2.
If Switch1 is ON, power makes it to Switch2. If Switch2 is OFF, power cannot flow any further
to the right, and Light1 is OFF.
If Switch1 is ON, AND Switch2 is ON - power flows to Light1 solving its state to ON.
18.104.22.168 The OR Rung
The OR is a logical condition that is easy to represent in Ladder Logic.
Fig-2.14: Block diagram of OR operation
Suppose a switch is wired to Switch1, a second switch is wired to Switch2, and a light bulb is
wired through Light1 in such a way that the light is OFF when Light1 is OFF, and ON when
Light1 is ON. In this instance, we want to the light to turn ON if either Switch1 OR Switch2 is
If Switch1 is ON - power flows to Light1 turning it ON.
If Switch2 is ON - power flows through the Switch2 contact, and up the rail to Light1 - turning
If Switch1 AND Switch 2 are ON - Light1 is ON.
The only way Light1 is OFF is if Switch1 AND Switch2 are OFF.
Another set of basic contacts and coils that can be used in Ladder Logic are the Normally
Closed Contact and the Normally Closed Coil. These work just like their normally open
counterparts - only in the opposite.
When "solved" the referenced input is examined for an OFF condition. If the status is
OFF (logical 0) power (logic) will flow from left to right. If the status is ON, power will not
When "solved" if the coil is a logical 0, power will be turned on to the device. If logical
1, power will be OFF.
2.11 TIMERS AND COUNTERS
Many times we will want to take action in a control program based on more than the states of
discrete inputs and outputs. Sometimes, we will want to turn something on after a delay, or
count the number of times a switch is hit. To do these simple tasks, we will need Timers &
2.11.1 Simple Timers (TIM)
A timer is simply a control block that takes an input and changes an output based on time.
There are two basic timer types we will deal with initially (there are other advanced timers, but
we will start with the basics first) - On-Delay Timer and the Off-Delay Timer.
2.11.2 On-Delay Timer
This timer takes an input, waits a specific amount of time, then turns ON an output (or allows
logic to flow after the delay).
2.11.3 OFF-DELAY TIMER
this timer takes turns ON an output (or allows logic to flow) and keeps that output ON until the
set amount of time has passed, then turns it OFF (hence off-delay)
2.11.4 SIMPLE COUNTER (CNT)
A counter simply counts the number of events that occur on an input. There are two basic types
of counters - Up counter and a Down counter.
2.11.5 UP COUNTER
As its name implies, whenever a triggering event occurs, an up counter increments the counter.
2.11.6 DOWN COUNTER
whenever a triggering event occurs, a down counter decrements the counter.
Fig-2.15: Block diagram of time counter operation
2.12 PLC APPLICATION EXAMPLE
2.12.1 AUTOMATION USING A PLC
PLCs are electronic devices that work on the basic principle of logic gates. It was a major leap
from sequencing automation with rotating cams or with series of electrical relay switches, to
using microprocessor based PLC sequencers. With microprocessors, the sequencers could be
programmed to follow different sequences under different conditions. The physical structure
of a PLC is as important as a feature as its computerized inwards. The central component, the
CPU, contains the digital computer and plugs into a bus or a rack. Other PLC modules can be
plugged into the same bus. Optional interface modules are available for just about any type of
sensor or actuator.
The PLC user buys only the modules needed, and thus avoids having to worry about
compatibility between sensors, actuators and the PLC. Most PLCs offer communication
modules now, so that the PLC can exchange data with at least other PLCs of the same make.
Fig -2.16: AUTOMATED CAR PARKING SYSTEM
2.12.2 AUTOMATED CAR PARKING SYSTEM
Automated parking is a method of automatically parking and retrieving cars typically using a
computerized system of lifts and carriers. As the system removes the need for driveways and
ramps, the floor area and the volume of the parking station itself can be more efficiently used.
For the driver, the process is very simple. They park their car at an entrance point then leave
the vehicle. From there, the car is automatically moved through the parking system. It's returned
to the driver in the same fashion using a signaling device (similar to a credit card) or for a
public car park a ticket and payment system in a designated waiting zone. Automated parking
systems can be designed to fit above or below ground, allowing for flexible usage of land space;
this means the footprint can be reduced to one-third of the land required by conventional car
parking solutions. Cost-effective on a number of fronts, automated parking also offers
significantly improved service to the customer.
Fig-2.17: AUTOMATED CAR PARKING SYSTEM
These automated car parking systems are suitable for installation in basements, open floors or
open spaces outside commercial buildings, residential buildings, shopping malls, and other
public places. Such multi-level automated car parking systems have been installed all around
the world, especially in Europe, Korea, Japan and some other parts of South-East Asia. There
is an overwhelming need for these systems because of increasing traffic and nonavailability of
adequate parking spaces, especially in urban cities. The most unique feature of such systems is
that they increase the parking space available on the ground by more than 30%, depending
upon the kind of system installed and the contours of the space available. Multi-level parking
systems require careful planning and assessment of the space available, traffic flows, and the
capacity utilization within that space. These systems can be integrated within concrete (RCC)
SCADA stands for Supervisory Control and Data Acquisition. It refers to an industrial control
system: a computer system monitoring and controlling a process. The process can be industrial,
infrastructure or facility based as described below:
3.1.1 Industrial Process
It includes those of manufacturing, production, power generation, fabrication and refining and
process may be in continuous, batch, repetitive or discrete modes.
3.1.2 Infrastructure Process
It may be public or private, and water treatment and distribution, wastewater collection and
treatment, oil and gas pipelines, electrical power transmission and distribution, and large
3.1.3 Facility Process
It occur both in public facilities and private ones, including buildings, airports, ships and space
stations. They monitor and control HVAC, access and energy consumption.
Fig-3.1: SCADA System
3.1.4 A SCADA System usually consists of the following Subsystems
1. A Human-Machine Interface (HMI) is the apparatus which presents process data to a
human operator, and through this, the human operator monitors and controls the process.
2. A supervisory (computer) system, gathering (acquiring) data on the process and sending
commands (control) to the process.
3. Remote Terminal Units (RTU) connecting to sensors in the process, converting sensor
signals to digital data and sending digital data to the supervisory system.
4. Programmable Logic Controller (PLC) used as field devices because they are more
economical, versatile, flexible, and configurable than special-purpose RTUs.
5. Communication infrastructure connecting the supervisory system to the Remote
3.2 SYSTEM CONCEPTS
The term SCADA usually refers to centralized systems which monitor and control entire sites,
or complexes of systems spread out over large areas (anything between an industrial plant and
a country). Most control actions are performed automatically by Remote Terminal Units
("RTUs") or by Programmable Logic Controllers ("PLCs"). Host control functions are usually
restricted to basic overriding or supervisory level intervention.
Ex: A PLC may control the flow of cooling water through part of an industrial process, but the
SCADA system may allow operators to change the set points for the flow, and enable alarm
conditions, such as loss of flow and high temperature, to be displayed and recorded. The
feedback control loop passes through the RTU or PLC, while the SCADA system monitors the
overall performance of the loop.
Data Acquisition begins at the RTU or PLC level and includes meter readings and equipment
status reports that are communicated to SCADA as required. Data is then compiled and
formatted in such a way that a control room operator using the HMI can make supervisory
decisions to adjust or override normal RTU (PLC) controls. Data may also be fed to a Historian,
often built on a commodity Database Management System, to allow trending and other
3.2.1 TAGS (POINTS)
SCADA systems typically implement a distributed database, commonly referred to as a tag
database, which contains data elements called tags or points. A point represents a single input
or output value monitored or controlled by the system. Points can be either "hard" or "soft". A
hard point represents an actual input or output within the system, while a soft point results from
logic and math operations applied to other points.
(Most implementations conceptually remove the distinction by making every property a "soft"
point expression, which may, in the simplest case, equal a single hard point.) Points are
normally stored as value time stamp pairs: a value, and the Time-Stamp when it was recorded
or calculated. A series of value time stamp pairs gives the history of that point. It's also common
to store additional metadata with tags, such as the path to a field device or PLC register, design
time comments, and alarm information.
3.3 HUMAN MACHINE INTERFACE
A Human Machine Interface or HMI is the apparatus which presents process
Human operator, and through which the human operator controls the process.
An HMI is usually linked to the SCADA system's Database and software programs, to provide
trending, diagnostic data, and management information such as scheduled maintenance
procedures, logistic information, detailed schematics for a particular sensor or machine, and
expert-system troubleshooting guides.
The HMI system usually presents the information to the operating personnel graphically, in the
form of a mimic diagram. This means that the operator can see a schematic representation of
the plant being controlled. For example, a picture of a pump connected to a pipe can show the
operator that the pump is running and how much fluid it is pumping through the pipe at the
moment. The operator can then switch the pump off. The HMI software will show the flow rate
of the fluid in the pipe decrease in real time. Mimic diagrams may consist of line graphics and
schematic symbols to represent process elements, or may consist of digital photographs of the
process equipment overlain with animated symbols.The HMI package for the SCADA system
typically includes a drawing program that the operators or system maintenance personnel use
to change the way these points are represented in the interface.
An important part of most SCADA implementations is alarm handling. The system monitors
whether certain alarm conditions are satisfied, to determine when an alarm event has occurred.
Once an alarm event has been detected, one or more actions are taken (such as the activation
of one or more alarm indicators, and perhaps the generation of email or text messages so that
management or remote SCADA operators are informed). In many cases, a SCADA operator
may have to acknowledge the alarm event; this may deactivate some alarm indicators, whereas
other indicators remain active until the alarm conditions are cleared. Alarm conditions can be
explicit - for example, an alarm point is a digital status point that has either the value
NORMAL or ALARM that is calculated by a formula based on the values in other analogue
and digital points - or implicit: the SCADA system might automatically monitor whether the
value in an analogue point lays outside high and low limit values associated with that point.
Examples of alarm indicators include a siren, a pop-up box on a screen, or a colored or flashing
area on a screen (that might act in a similar way to the "fuel tank empty" light in a car); in each
case, the role of the alarm indicator is to draw the operator's attention to the part of the system
'in alarm' so that appropriate action can be taken. In designing SCADA systems, care is needed
in coping with a cascade of alarm events occurring in a short time, otherwise the underlying
cause (which might not be the earliest event detected) may get lost in the noise. Unfortunately,
when used as a noun, the word 'alarm' is used rather loosely in the industry; thus, depending
on context it might mean an alarm point, an alarm indicator, or an alarm event.
3.5 REMOTE TERMINAL UNIT (RTU)
The RTU connects to physical equipment. Typically, an RTU converts the electrical signals
from the equipment to digital values such as the open/closed status from a Switch or a valve,
or measurements such as pressure, flow, voltage or current. By converting and sending these
electrical signals out to equipment the RTU can control equipment, such as opening or closing
a switch or a valve or setting the speed of a pump.
3.5.1 Characteristics of Quality SCADA RTUs:
22.214.171.124 Supervisory Station
The term "Supervisory Station" refers to the servers and software responsible for
communicating with the field equipment (RTUs, PLCs, etc.), and then to the HMI software
running on workstations in the control room, or elsewhere. In smaller SCADA systems, the
master station may be composed of a single PC. In larger SCADA systems, the master station
may include multiple servers, distributed software applications, and disaster recovery sites. To
increase the integrity of the system the multiple servers will often be configured in a dual
redundant or hot-standby formation providing continuous control and monitoring in the event
of a server failure.
126.96.36.199 Operational philosophy
For some installations, the costs that would result from the control system failing are extremely
high. Possibly even lives could be lost. Hardware for some SCADA systems is ruggedized to
withstand temperature, vibration, and voltage extremes, but in most critical installations
reliability is enhanced by having redundant hardware and communications channels, up to the
point of having multiple fully equipped control centers. A failing part can be quickly identified
and its functionality automatically taken over by backup hardware. A failed part can often be
replaced without interrupting the process. The reliability of such systems can be calculated
statistically and is stated as the mean time to failure, which is a variant of mean time between
failures. The calculated mean time to failure of such high reliability systems can be on the order
FIG-3.2: GENERAL SCADA SYSTEM
SCADA systems have traditionally used combinations of radio and direct serial or modem
connections to meet communication requirements, although Ethernet and IP over SONET /
SDH is also frequently used at large sites such as railways and power stations. The remote
management or monitoring function of a SCADA system is often referred to as telemetry. This
has also come under threat with some customers wanting SCADA data to travel over their pre-
established corporate networks or to share the network with other applications. The legacy of
the early low-bandwidth protocols remains, though. SCADA protocols are designed to be very
compact and many are designed to send information to the master station only when the master
station polls the RTU. Typical legacy SCADA protocols include Modbus RTU, RP-570,
Profibus and Conitel. These communication protocols are all SCADA-vendor specific but are
widely adopted and used. Standard protocols are IEC 60870-5-101 or 104, IEC 61850 and
DNP3. These communication protocols are standardized and recognized by all major SCADA
vendors. Many of these protocols now contain extensions to operate over TCP / IP. It is good
security engineering practice to avoid connecting SCADA systems to the internet so the attack
surface is reduced.
SCADA systems have evolved through 3 generations as follows:
3.7.1 First generation: "Monolithic"
In the first generation, computing was done by mainframe computers. Networks did not exist
at the time SCADA was developed. Thus SCADA systems were independent systems with no
connectivity to other systems. WAN were later designed by RTU vendors to communicate with
the RTU. The communication protocols used were often proprietary at that time. The first-
generation SCADA system was redundant since a back-up mainframe system was connected
at the bus level and was used in the event of failure of the primary mainframe system.
3.7.2 Second generation: "Distributed"
The processing was distributed across multiple stations which were connected through a LAN
and they shared information in real time. Each station was responsible for a particular task thus
making the size and cost of each station less than the one used in First Generation. The network
protocols used were still mostly proprietary, which led to significant security problems for any
SCADA system that received attention from a hacker. Since the protocols were proprietary,
very few people beyond the developers and hackers knew enough to determine how secure a
SCADA installation was. Since both parties had invested interests in keeping security issues
tight, the security of a SCADA installation was often badly overestimated, if it was considered
3.7.3 Third generation: "Networked"
These are the current generation SCADA systems which use open system architecture rather
than a vendor controlled proprietary environment. The SCADA system utilizes open standards
and protocols, thus distributing functionality across a WAN rather than a LAN. It is easier to
connect third party peripheral devices like printers, disk drives, and tape drives due to the use
of open architecture. WAN protocols such as Internet Protocol (IP) are used for communication
between the master station and communications equipment. Due to the usage of standard
protocols and the fact that many networked SCADA systems are accessible from the Internet;
the systems are potentially vulnerable to remote cyber-attacks. On the other hand, the usage of
standard protocols and security techniques means that standard security improvements are
applicable to the SCADA systems, assuming they receive timely maintenance and updates.
3.8 SECURITY ISSUES
The move from proprietary technologies to more standardized and open solutions
together with the increased number of connections between SCADA systems and office
networks and the Internet has made them more vulnerable to attacks - see references.
Consequently, the security of SCADA-based systems has come into question as they are
increasingly seen as extremely vulnerable to cyber warfare/cyber terrorism attacks.
In particular, security researchers are concerned about:
1. The lack of concern about security and authentication in the design, deployment and
operation of existing SCADA networks.
2. The belief that SCADA systems have the benefit of security through obscurity through the
use of specialized protocols and proprietary interfaces.
3. The belief that SCADA networks are secure because they are physically secured.
4. The belief that SCADA networks are secure because they are disconnected from the
SCADA systems are used to control and monitor physical processes, examples of which are
transmission of electricity, transportation of gas and oil in pipelines, water distribution, traffic
lights, and other systems used as the basis of modern society. The security of these SCADA
systems is important because compromise or destruction of these systems would impact
multiple areas of society far removed from the original compromise. For example, a blackout
caused by a compromised electrical SCADA system would cause financial losses to all the
customers that received electricity from that source. How security will affect legacy SCADA
and new deployments remains to be seen.
In June 2010, Virus BlokAda reported the first detection of malware that attacks SCADA
systems (Siemens' WinCC/PCS7 systems) running on Windows operating systems. The
malware is called stuxnet and uses four zero-day attacks to install a rootkit which in turn logs
in to the SCADA's database and steals design and control files. The malware is also capable of
changing the control system and hiding those changes. The malware was found by an antivirus
security company on 14 systems with the majority in Iran.
As an example, say a facility needs to store water in a tank. The water is drawn from the tank
by another system, as needed, and our example system must manage the water level in the tank
by controlling the valve that refills the tank. Shown is a "ladder diagram" which shows the
control system. A ladder diagram is a method of drawing control circuits which pre-dates PLCs.
The ladder diagram resembles the schematic diagram of a system built with electromechanical
relays. Shown are:
1. Two inputs (from the low and high level switches) represented by contacts of the float
2. An output to the fill valve, labelled as the fill valve which it controls
3. An "internal" contact, representing the output signal to the fill valve which is created in
4. A logical control scheme created by the interconnection of these items in software
In ladder diagram, the contact symbols represent the state of bits in processor memory,
which corresponds to the state of physical inputs to the system. If a discrete input is energized,
the memory bit is a 1, and a "normally open" contact controlled by that bit will pass a logic
"true" signal on to the next element of the ladder. Therefore, the contacts in the PLC program
that "read" or look at the physical switch contacts in this case must be "opposite" or open in
order to return a TRUE for the closed physical switches. Internal status bits, corresponding to
the state of discrete outputs, are also available to the program.
In the example, the physical state of the float switch contacts must be considered when
choosing "normally open" or "normally closed" symbols in the ladder diagram. The PLC has
two discrete inputs from float switches (Low Level and High Level). Both float switches
(normally closed) open their contacts when the water level in the tank is above the physical
location of the switch.
FIG-3.3: EXAMPLE OF SCADA
When the water level is below both switches, the float switch physical contacts are both closed,
and a true (logic 1) value is passed to the Fill Valve output. Water begins to fill the tank. The
internal "Fill Valve" contact latches the circuit so that even when the "Low Level" contact
opens (as the water passes the lower switch), the fill valve remains on. Since the High Level is
also normally closed, water continues to flow as the water level remains between the two switch
levels. Once the water level rises enough so that the "High Level" switch is off (opened), the
PLC will shut the inlet to stop the water from overflowing; this is an example of seal-in
(latching) logic. The output is sealed in until a high level condition breaks the circuit. After that
the fill valve remains off until the level drops so low that the Low Level switch is activated,
and the process repeats again.
A complete program may contain thousands of rungs, evaluated in sequence. Typically the
PLC processor will alternately scan all its inputs and update outputs, then evaluate the ladder
logic; input changes during a program scan will not be effective until the next I/O update. A
complete program scan may take only a few milliseconds, much faster than changes in the
Programmable controllers vary in their capabilities for a "rung" of a ladder diagram. Some only
allow a single output bit. There are typically limits to the number of series contacts in line, and
the number of branches that can be used. Each element of the rung is evaluated sequentially. If
elements change their state during evaluation of a rung, hard-to-diagnose faults can be
generated, although sometimes (as above) the technique is useful. Some implementations
forced evaluation from left-to-right as displayed and did not allow reverse flow of a logic signal
(in multi-branched rungs) to affect the output.
PLCs are at the forefront of manufacturing automation. An engineer working in a
manufacturing environment will at least encounter some PLCs, if not use them on a regular
basis. Electrical engineering students should have basic knowledge of PLCs because of their
widespread use in industrial applications.
This report has discussed the role that programmable logic controllers have in the efficient
design and control of mechanical processes. Also discussed was the understanding SCADA
and the programming involved with it. Finally, the report has discussed relay logic and the
evolution that ladder logic made from it.
1. Programmable Logic History: This section discussed the history and advancement of
controls technology, with a comparison of programmable logic controllers and hard-wired
2. PLC components: This section defined what programmable logic is and described all
hardware associated with it.
3. PLC Programming: This section covered various technique of PLC programming.
4. 4 SCADA: This section contain basic introduction of SCADA system.
 Kinner, Russell H., P.E. Designing Programmable Controller Application Programs Using
More than One Designer. 14th Annual International Programmable Controllers Conference
Proceedings, 1985, page (159 to 188) and (456 to 475)
 Robert Lemos (26 July 2006). "SCADA system makers pushed toward security". Security
Focus. Retrieved 9 May 2007. Page (43 to 47) and page (79 to 97)
 "Introduction to Industrial Control Networks" (PDF). IEEE Communications Surveys
and Tutorials. 2012