Installation of a new PLC between machine and existing PLC to improve reliability


We have an important booster compressor installed at our plant site. The control system to run the machine is an Allen Bradley based PLC-5/40C. We want to implement Triple Modular Redundancy (TMR)on our machine. This means that we need to install two more transmitters alongside each already existing single transmitter.

We are not willing to modify anything in the existing PLC logic. Our plan is to install another Allen Bradley based control Logix PLC with TMR. The three signals for each point on the compressor will come to this new Control Logix PLC. The median value will then be sent to the existing PLC-5/40C. In this way, we'll be able to increase reliability of our system. Of course, signals related to anti surge will be directly routed to the existing PLC and will not be changed.
I would welcome comments/suggestions to improve this proposal. Please do also mention if you know of any standard that supports or opposes such a topology. I do know that this will increase the scan time for each signal because of the addition of a new PLC. Suggestions to improve/modify the proposal are urgently needed.
If the ControlLogix supports TMR, and your sensors are going to it anyway, is there a reason you can't replace the 5/40 outright?


Yes, control Logix does support TMR. But the logic implemented on PLC-5/40C is way too complex. And we are not in a position to develop the complete logic on a new PLC and re test everything from the beginning. Addition of a new PLC in between will let us calculate the median value and send it to PLC-5/40. The intent is to keep the existing PLC-5/40's logic untouched. Can it be done? Does it violate any standard.

This seems like a really simple thing to do. I would be inclined to add the new transmitters to the existing PLC5, on different channels and comm links, and handle the median value selection inside the PLC5. I can't think of any good reason to complicate things by adding
another PLC into the mix.


I'd like to point out that whatever you design is not TMR, you just put two more tx, average them on plc, and then reroute them back to another one. From tx side it looks like TMR, but you have two PLCs actually connected in series.

Basically, in case of plc 5/40c failure, your system is down with no redundancy. I think you should reconsider your design.